| 1 |
On Friday 18 May 2007 15:11, Mick wrote: |
| 2 |
|
| 3 |
> On Friday 18 May 2007 13:25, Hans-Werner Hilse wrote: |
| 4 |
> > Did you try the recovery tools for the FS in question? |
| 5 |
> |
| 6 |
> I tried fsck.msdos but didn't fix it. |
| 7 |
> |
| 8 |
> Like most USB sticks I would assume that it is either FAT32 or FAT16. |
| 9 |
> Given that this is what I see when I dump the first few bytes, can you |
| 10 |
> please tell me where the fs data starts and how to dd that without inc |
| 11 |
> the initial partition table data? |
| 12 |
> ============================================== |
| 13 |
> 000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
| 14 |
> * |
| 15 |
> 0001f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 aa |
| 16 |
> 000200 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff |
| 17 |
> * |
| 18 |
> 020000 01 df 02 df 03 df 04 df 05 df 06 df 07 df 08 df |
| 19 |
> |
| 20 |
>[cut] |
| 21 |
> I assume that the asterisks indicate a new file starting there? |
| 22 |
|
| 23 |
Are you using hexdump to read the data? Does the above output come from |
| 24 |
hexdumping the actual device or the image file? |
| 25 |
|
| 26 |
The asterisks look strange. If you look carefully, you see that each |
| 27 |
asterisk does not merely replace a single line of output, but several |
| 28 |
lines. Look at the addresses of the lines before and after: for example, |
| 29 |
000200 -> asterisk -> 020000 in your output above. So, that asterisk |
| 30 |
represents 0x020000 - 0x000210 = 0x1fdf0 bytes, ie 130544 bytes. If the |
| 31 |
dump comes from the actual device (like I suppose), it could be that |
| 32 |
these bytes are skipped because they are somehow unreadable, so it's |
| 33 |
really difficult to compare this output with one from a working device, |
| 34 |
in either HD or superfloppy mode. In particular, there is an asterisk |
| 35 |
immediately after the first 16 bytes (line 000000), and the dump |
| 36 |
continues at byte 0x0001f0 (496 decimal), and this means that the very |
| 37 |
first sector (where the interesting stuff is) is almost entirely damaged |
| 38 |
or otherwise unreadable. |
| 39 |
Also, trying to dd the device to a file as you did would almost certainly |
| 40 |
insert unpredictable garbage in the file to represent the unreadable |
| 41 |
parts of the device. |
| 42 |
|
| 43 |
Chances are it was in HD mode (ie, with a partition table), because the |
| 44 |
signature at the end of the first 512 bytes (the "55 aa" at the end of |
| 45 |
the 0001f0 line) indicates a boot sector (the MBR). |
| 46 |
Within this boot sector, the partition table is 64 bytes long and usually |
| 47 |
lives from byte 446 to byte 509 of the sector (512 bytes long, numbered |
| 48 |
from 0 to 511; bytes 510 and 511 are the signature). Since a partition |
| 49 |
table is composed of four records, each 16 bytes long, this means you |
| 50 |
have only the last 14 bytes of the fourth partition table record. But, |
| 51 |
it's very very likely that there was only a single partition, and thus |
| 52 |
the fourth record is unused and set to all zeros. What you would need is |
| 53 |
the value of the bytes from 446 to 461 (the first partition table |
| 54 |
record, which has info about the first partition), but, as I said above, |
| 55 |
all this data seems to be lost in the asterisk, like tears in the rain |
| 56 |
(cit.). |
| 57 |
|
| 58 |
Bottom line: I would not bet on data recovery from that stick. |
| 59 |
It's also true that there might be some program I'm unaware of which |
| 60 |
could try or be able to recover things, but unfortunately I have no |
| 61 |
advice for you about this. |
| 62 |
-- |
| 63 |
gentoo-user@g.o mailing list |
Archives