Jaypack: recover images from corrupt filesystem

image_editor_compLosing your images can be costly. You’ll definitely miss those precious moments from your kid’s childhood lost due to a disk or filesystem failure. Here’s the good news – if the disk is still readable there’s a chance that you can recover the images, thanks to Jaypack. It is a small open source tool that scans your disk to recover the files.

Jaypack works on a simple algorithm. It bypasses the filesystem and scans the disk for the image signature. To be more accurate, it checks for the characteristical SOI signature: FF D8 FF, followed by a byte determining the type of the image (at the time of writing only for JPEG/JFIF, SPIFF and Exif images can be recovered) and then keeps track of these, as well as EOI signatures (FF D9).

The tool is still under development and has its limitations – it uses a linear algorithm, has a limit on the maximum size of a file (by default set to 10MB, but configurable) and a number of skip bytes, during which EOI byte sequences won’t be honored. It also tends to sacrifice smaller images for bigger ones.

Installation

You need to compile the tool to use it. Download the source archive, extract it, cd into the source code directory and run:

$ make

It will generate 3 binaries: jaypack, jaypack-server, jaypack-client.

Usage

1. The simplest form of usage is:

$ sudo dd if=/dev/sdXn bs=8192 | ./jaypack max_size skip
where
sdXn: device node (e.g. sda, sdb2)
max_size: maximum size (in bytes) of the file jaypack will consider
skip: number of bytes to skip at the beginning (default 0, ~16000 recommende

The output will be a sequence of lines in the following format:

<jpgtype> <offset> <size>

You can then use dd to recover the files.

2. Client server way

jaypack-client will take the output of jaypack from stdin, extract data at those offsets and then output this in an idiotical binary format to stdout. jaypack-server will be able to take that binary format from stdin and then save .jpg files in a folder of your choosing. Example:

$ sudo dd if=<device> skip=<offset> bs=<bs> | 
  ./jaypack - 16384 |
  sudo ./jaypack-client <device> <offset * bs> <extrasize> |
  ./jaypack-server <output-dir>/

3. Over the network

You can start the client on a computer where a live CD is booted, for instance, and pipe the recovered .jpgs over the network to another computer where you can safely stash them.

Run the following command on the server:

$ nc -l -p <server_port> | ./jaypack-server recovered-jpegs/

Run the following on the client (from which to recover images):

$ sudo dd if=/dev/sda1 skip=131072 bs=8192 |
  ./jaypack - 16384 |
  sudo ./jaypack-client /dev/sda1 1073741824 64 |
  nc <server_ip> <server_port>

Webpage: Jaypack

Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s