All Articles

Recovering a RAID 1 Drive in Linux

I have an old NAS that I used to store a bit of old data on. Since I left Stockholm it’s been standing in my old home collecting dust, and I’ve been paranoid ever since that someone would access it as it was never encrypted or anything. So while I’ve gone back to Stockholm over the weekend I wanted to take a look at the data I kept on it. I want to check what I have, make a backup somewhere and finally clean and perhaps encrypt the disks.

This post I just want to write down the steps I took to get the data of the RAID1 disks. I decided to mount it on my laptop instead of just booting up the NAS and running it, because from what I remember from using the NAS was actually really, really terrible and unreliable performance.

To hook up the drive to my laptop, I used a simple SATA to USB adapter. I give thanks to the kernel gods that luckily this worked out of the box for me on Linux.

In my case Linux did recognize the disk as a RAID disk, but did not manage to mount it. I used good old trust gparted to look at the partitions of the drive. It tells me there’s a 2.7TiB partition, I assume that’s where most of the data is stored.

gparted showing that /dev/sdb2 contains the majority of the drive

Then following internet advise I used the mdadm command to mount it to a new /dev/md<> device. In my case /dev/md0 was already taken by something, probably some automated process that tried to mount the drive, so I used an unused one at /dev/md1.

> mdadm --assemble --readonly /dev/md1 /dev/sdb2
mdadm: /dev/md1 assembled from 1 drive - need all 2 to start it (use --run to insist)
> mdadm --assemble --readonly --run /dev/md1 /dev/sdb2
mdadm: /dev/md1 has been started with 1 drive (out of 2).

After which I mount it to a new directory.

> mkdir -p /mnt/nashdd
> mount /dev/md1 /mnt/nashdd/
mount: /mnt/nashdd: WARNING: device write-protected, mounted read-only.
You have mail in /var/mail/root

It tells me I have mail, but it’s just complaining that the RAID1 drive is mounted alone. The directory is now mounted under /mnt/nashdd.

I don’t find much interesting on the drive. A lot of old code that makes me nostalgic, but also some old pictures that my parents took.

When done copying over the data I wipe the disk using the following command to overwrite the disk with random data. This will take a while.

dd if=/dev/urandom of=/dev/sdc

Once the wipe is done I unmount the drive.

umount /mnt/nashdd
mdadm -S /dev/md1
# for safety reasons I clean up the old mount too.
mdadm -S /dev/md0

However, I can still feel and hear the drive spinning. So I find a script to safely shut down the USB device here:

Now with sudo suspend-usb-device /dev/sdb the adapter beeps twice and the harddrive spins down.

Published Aug 17, 2019

Security Engineer with a dash of software. Originally from Stockholm, now in Berlin. I like to hack things.