Data recovery technique from corrupted ext2/ext3 filesystem having bad superblock
NOTE : I do not take any responsibilty of any damage to your disk or data while trying my technique or any of my commands stated in this article. YOU HAVE BEEN WARNED!!!
1. Let's say our corrupted filesystem is at partition /dev/sdb3 of ext3 type. We will mount the partition under /mnt/sdb3, so create the directory structure if you dont have it already.
Also, create the following directory structure to keep backup data.
Note that ext3 filesystem is same as ext2, with only addition of journal. So our entire technique will use ext2 filesystem if even our corrupted filesystem is ext3 type. Because our aim is to recover data not journal recovery (which is unrecoverable as far as I know). So be carefull while you issue any of my commands, unless explicitly told dont add any ext3 filesystem type in any of our command. Use all my command as it is written below.
2. Before applying this technique be sure that your superblock is corrupt only not the entire disk or something else.
USE THE INSTRUCTION BELOW TO CHECK IT
A. Try to mount the disk read only using
OR
Check the message you are getting. it must be something like below :
B. Now try "dmesg | more" to actually verify if the superblock is really damaged. We will see a line like below :
Now we will first start to recover the data by mounting it then we will try to correct the filesystem.
3. Before doing that I'd recommend taking an image, something like
and then using the loop device to work on that. If the partition's bigger than 2 gig you will probably need to compress it first with something like
(note that if it's compressed the loop device won't work and you'll have to work on the bare hardware). If using an alternate superblock doesn't work a last ditch fix may be
This will rewrite the superblocks, you will then need to run e2fsck to clean up. This did the
trick for me on a drive that got a whole bunch of bad sectors that I had to get data off.
Hmm, if I'd only have a HDD to save the data, I would be happy :) ; then I could probably do
e2fsck would restore the first superblock and my problems were gone...but I have no second hard disk which is that big :(.
4. Linux file system writes backup of superblock in different locations. Find the backup superblocks using
4. Now please note the superblock backup blocks number at the last line and the block size(which is multiple of 1K=1024b). In our case the block size is 4096 that mean 4K (4096/1024=4)
While the block number which must be given to mount is based on the blocksize which is installed on the hard disk (4k in my case), the block number which must be given to mount is calculated on a 1k-block-basis, so I had to multiply 32768*4.
Now we will try to mount the corrupted filesystem partition. We have to tell mount command to use backup superblocks so we will calculate the first backup superblock (if it is OK) 32768*4 = 131072. Now mount with the command below :
Now imagine the backup at position 32768 was damaged too . . . then you just try again with the backup stored at position 98304, and 163840, and 229376 etc. etc. until you find an undamaged backup ( there are several backups so if at least one of those five is okay it´s bingo ! )
Use the formula below to calculate the backup superblock location :
5. If you successfully able to mount the partition, go to the mounted partion and copy data using
If any of the above steps fails. You need to consult a experienced data recovery experts.
In 90% case of damaged superblock this technique of data recovery works. Hope the above technique will help you too. Please post your result if you use the technique in this article.
And at last I would like to say "ALWAYS BACKUP YOUR DATA IN MULTIPLE / DISK OR MEDIA" so
if one fails you can restore from others.
Please post your comments, to let others know about the technique failure and success rate.
If you have any other sucessfull method to recover data, please post it.
Acknowledgement :
http://www.linuxforums.org/forum/misc/35926-cannot-boot-up-linux-unable-read-superblock.html
http://www.ussg.iu.edu/hypermail/linux/kernel/0104.2/1353.html
http://www.brunolinux.com/04-The_File_System/Damaged_Superblock.html
http://lists.debian.org/debian-user/2001/09/msg01200.html
1. Let's say our corrupted filesystem is at partition /dev/sdb3 of ext3 type. We will mount the partition under /mnt/sdb3, so create the directory structure if you dont have it already.
Also, create the following directory structure to keep backup data.
mkdir /sdb3-backup
mkdir /sdb3-backup/image
mkdir /sdb3-backup/copy
Note that ext3 filesystem is same as ext2, with only addition of journal. So our entire technique will use ext2 filesystem if even our corrupted filesystem is ext3 type. Because our aim is to recover data not journal recovery (which is unrecoverable as far as I know). So be carefull while you issue any of my commands, unless explicitly told dont add any ext3 filesystem type in any of our command. Use all my command as it is written below.
2. Before applying this technique be sure that your superblock is corrupt only not the entire disk or something else.
USE THE INSTRUCTION BELOW TO CHECK IT
A. Try to mount the disk read only using
mount -t ext2 /dev/sdb3 /mnt/sdb3 -o ro
OR
mount -t ext2 -o ro,errors=recover,errors=continue /dev/sdb3 /mnt/sdb3
Check the message you are getting. it must be something like below :
mount: wrong fs type, bad option, bad superblock on /dev/sdb3,
or too many mounted file systems
B. Now try "dmesg | more" to actually verify if the superblock is really damaged. We will see a line like below :
EXT2-fs: unable to read superblock
Now we will first start to recover the data by mounting it then we will try to correct the filesystem.
3. Before doing that I'd recommend taking an image, something like
dd if=/dev/sdb3 of=/sdb3-backup/image/backup
and then using the loop device to work on that. If the partition's bigger than 2 gig you will probably need to compress it first with something like
dd if=/dev/sdb3 | gzip > /sdb3-backup/image/backup.gz
(note that if it's compressed the loop device won't work and you'll have to work on the bare hardware). If using an alternate superblock doesn't work a last ditch fix may be
mke2fs -S /sdb3-backup/image/backup (or mke2fs -S /dev/sdb3 if the dd result was too big).
This will rewrite the superblocks, you will then need to run e2fsck to clean up. This did the
trick for me on a drive that got a whole bunch of bad sectors that I had to get data off.
Hmm, if I'd only have a HDD to save the data, I would be happy :) ; then I could probably do
dd if=/dev/hda2 of=/dev/xyz
and
e2fsck -b 32768 /dev/xyz
e2fsck would restore the first superblock and my problems were gone...but I have no second hard disk which is that big :(.
4. Linux file system writes backup of superblock in different locations. Find the backup superblocks using
mke2fs -n /dev/sdb3The above command will give you a result like below
mke2fs 1.35 (28-Feb-2004)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
14385152 inodes, 28754341 blocks
1437717 blocks (5.00%) reserved for the super user
First data block=0
878 block groups
32768 blocks per group, 32768 fragments per group
16384 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
4096000, 7962624, 11239424, 20480000, 23887872
4. Now please note the superblock backup blocks number at the last line and the block size(which is multiple of 1K=1024b). In our case the block size is 4096 that mean 4K (4096/1024=4)
While the block number which must be given to mount is based on the blocksize which is installed on the hard disk (4k in my case), the block number which must be given to mount is calculated on a 1k-block-basis, so I had to multiply 32768*4.
Now we will try to mount the corrupted filesystem partition. We have to tell mount command to use backup superblocks so we will calculate the first backup superblock (if it is OK) 32768*4 = 131072. Now mount with the command below :
mount -t ext2 -o sb=131072 /dev/sdb3 /mnt/sdb3
Now imagine the backup at position 32768 was damaged too . . . then you just try again with the backup stored at position 98304, and 163840, and 229376 etc. etc. until you find an undamaged backup ( there are several backups so if at least one of those five is okay it´s bingo ! )
Use the formula below to calculate the backup superblock location :
Superblock backups stored on blocks location * Block size in K(i.e.Block size/1024) = N
mount -t ext2 -o sb=N /dev/sdb3 /mnt/sdb3
(replace N with the result of the calculation)
5. If you successfully able to mount the partition, go to the mounted partion and copy data using
cd /mnt/sdb3
cp -R /mnt/sdb3/data /sdb3-backup/copy/.
If any of the above steps fails. You need to consult a experienced data recovery experts.
In 90% case of damaged superblock this technique of data recovery works. Hope the above technique will help you too. Please post your result if you use the technique in this article.
And at last I would like to say "ALWAYS BACKUP YOUR DATA IN MULTIPLE / DISK OR MEDIA" so
if one fails you can restore from others.
Please post your comments, to let others know about the technique failure and success rate.
If you have any other sucessfull method to recover data, please post it.
Acknowledgement :
http://www.linuxforums.org/forum/misc/35926-cannot-boot-up-linux-unable-read-superblock.html
http://www.ussg.iu.edu/hypermail/linux/kernel/0104.2/1353.html
http://www.brunolinux.com/04-The_File_System/Damaged_Superblock.html
http://lists.debian.org/debian-user/2001/09/msg01200.html
posted by Animesh Das at
3:19 PM
26 Comments:
I saw you listed as someone who does customization on wikimedia, if so please contact me.
jeffh@cigarexperience.com
By
Anonymous, at November 01, 2006 7:18 AM
i need a good trainner in delhi for perl , can you help in this only.
By
Anonymous, at January 08, 2007 11:47 AM
Yup. I was able to recover my entire MP3 collection and several key configuration files even though the drive suffered from a LOT of bad blocks.
There were only two files that I was unable to recover that were rather important, and, well, I guess I can re-build those.
By
Anonymous, at February 20, 2007 10:22 AM
Seeking you kind help. Sent email to jobs4ani@gmail.com
Hope to hear back.
Regards.
By
mudanoman, at June 14, 2007 6:39 PM
I went through hell with lost and corrupted data due to electric strike.. i now began running secure data backup with www.onlinebackupvault.com and sleep well...there are free services but my grandmother once told me that something that is to good to be true usually is and that no one works for free..i was screwed in 90's with all .com busts..rather pay and keep data secure
By
Anonymous, at July 29, 2007 9:15 AM
Photo Recovery vis-à-vis Ext3 Recovery - http://www.bestrecoverysoftware.com/index.php/data-recovery-software?cat=14
Data Recovery Blog
By
technodirty, at January 09, 2008 10:45 AM
Last month my PC's file system get corrupted and all my data get lost and its very difficult to manage my business.
Petter Smith
http://www.hdrconline.com
By
Anonymous, at February 01, 2008 4:35 PM
use gpart
http://www.stud.uni-hannover.de/user/76201/gpart/
By
PM, at March 17, 2008 11:23 AM
Thanks for the information. But the process is very long. I have read in magazine about Linux data recovery software.They provide Linux recovery software for Ext2, Ext3 & Reiser file system.
By
Jhon, at May 14, 2008 11:40 AM
I need a service of cutomization of a plugin in wordpress, its just about some theme adaptations please write me back or add me to skype: iguanna2
By
Anonymous, at June 08, 2008 2:57 AM
Hi nice blog! Keep it up. This blog gives very useful information.
By
Anonymous, at November 18, 2008 10:33 AM
Hi nice blog! keep it up. This blog provides most informatics information.
By
Anonymous, at November 18, 2008 3:13 PM
Interesting, I haven't tried it but I was trying to build a prototype using opensips, do you have any expertise in this area? let me know, may be you can help me, i'm new bee in this opensource area...
By
Khan, at December 08, 2008 9:25 AM
Hi nice blog! keep it up. This blog provides most informatics information.
By
Anonymous, at December 30, 2008 12:15 PM
Hi dear
Your blog really very nice. I like it.
Keep it up....
By
Anonymous, at January 19, 2009 5:12 PM
Sir you have nice work, specially for me.
thanx a lot
By
Anonymous, at January 27, 2009 10:45 AM
Hi
Good…….. No I should say very well.
Blog really containing a meaningful. Keep it up.
By
Anonymous, at January 30, 2009 3:23 PM
Well I know it's been 3 years, but I found your technique when I was at my wits end yesterday.
I have a little Debian install on a Cisco NSLU2 with a Western Digital My Book 500GB USB hard-drive attached. One day the largest partition on the external drive would not mount. I could see the partition in fdisk, but the ext3 filesystem type was not recognised any more. I used TestDisk to try to recover the partition, and it did, but it still would not mount and fsck will not clean it up.
I also used TestDisk to find the backup superblocks and tried to use e2fsck to recover the partition from the backup superblocks, but no joy. Getting some " error getting icount link information: Memory alloctation failed " - I think it's something to do with the tiny amount of memory available to the slug (NSLU2).
TestDisk allowed me to see my files, so I knew the data was there - very frustrating.
Anyway, I was giving up recovering my data and came across your post. Your little formula works for mounting from the backup superblock (my block size is 4096 so I multiply the backup block by 4). Now I can happily see my files. Only trouble is I need to find some space to recover the files before I reformat the big drive and away we go again, but nay bother.
Thanks so much Animesh,
Julian Roberts
Santa Cruz de Tenerife
Canary Islands
By
Unknown, at March 03, 2009 4:54 PM
I used Stellar Phoenix Linux recovery Software to recover the lost files
By
Unknown, at June 01, 2009 12:01 PM
Great post! I thought I had no hope for recovering my hard drive, but I was able to access my data again following your steps. Thanks!
By
Andrew, at June 01, 2009 8:46 PM
Nice article.Last week I have lost my linux data.One of my friend suggests me to use Stellar Linux Data Recovery software.This Linux data recovery software helps me to recover my lost data.Software supports ext2,ext3 and ext4 file system.Software demo version is free in which you can see the preview of your recoverable file.
By
Unknown, at October 01, 2009 10:42 AM
I read your complete blog and i am agree with great information data recovery techniques. Carry on like this lol!
By
Data Recovery, at March 26, 2010 3:10 PM
I am unable to understand the command "mount -t ext2 /dev/sdb3 /mnt/sdb3 -o ro".Can you please tell it in detail?
By
Data recovery, at May 20, 2010 5:05 PM
Great post... Keep on posting new stuff.
By
Steffi, at May 05, 2011 2:47 AM
Hello Animesh,
Thanks for this tutorial, which was very useful when I recently had a filesystem go bad, on a loop file. I have a bunch of Linux PDAs (Sharp SL-5500s) and I leave them on all the time. They clock up huge uptimes of half a year or so; if I need to reboot them then it's usually due to something that I did, rather than a fault on the device. Unfortunately, wear-and-tear to the SD cards that I am using (altboot, with OpenZaurus 3.5.4) took its toll and the filesystems are slowly failing; because I'm used to the devices just working, I hadn't done a backup for ages (really bad, I know) and I was worried that I might have lost 128MB of data (this probably doesn't seem like much in these days of 2TB hard drives, but the stuff on these cards was valuable to me, and quite unique). After thinking that I'd lost it all, I tried your 'backup superblock' method, and was able to restore most of the filesystem comments. Quite a lot of damage has been done, and this is due to me making a BIG mistake: I did 'fsck -y' on one of the loop files. I figured 'well, I don't know what 'Block bitmap for group 16 not in group' means, and thought I'd just get e2fsck to repair everything. BAD MOVE!
Thank you for this useful post, which helped me out.
By
Lex Landa, at May 21, 2011 7:52 AM
THANK YOU!
By
Your new best Friend, at September 29, 2011 7:06 AM
Post a Comment
<< Home