A Real File Recovery Scenario On Ext4 Filesystem

I just pressed the Enter key on the file delete confirmation dialog, and removed my code which I was working on for 3 hours. In fact I had made such a mistake before and had no results searching “Ext3 Recovery / Ext4 Recovery …”. But this time, a new project named extundelete appeared which claims to extract file metadata from the file-system’s Journal.

I tried to extract and compile it by just typing “make” and found that ext2fs library is missing, so I installed ext2fs-dev package using the following command (I’m using Ubuntu 9.10) :

sudo apt-get install ext2fs-dev

Then typing “make” in the src folder, presents you the binary file named “extundelete”. You can run it like this :

ali@Velocity:~/tmp/extundelete-0.1.8/src$ ./extundelete
No action specified; implying --superblock.

Usage: ./extundelete [options] [--] device-file

--version, -[vV]       Print version and exit successfully.
--help,                Print this help and exit successfully.
--superblock           Print contents of superblock in addition to the rest.
                       If no action is specified then this option is implied.
--journal              Show content of journal.
--after dtime          Only process entries deleted on or after 'dtime'.
--before dtime         Only process entries deleted before 'dtime'.

--inode ino            Show info on inode 'ino'.
--block blk            Show info on block 'blk'.

--restore-inode ino     Restore the file(s) with known inode number 'ino'.
                        The restored files are created in ./RESTORED_FILES
                        with their inode number as extension (ie, inode.12345).

--restore-file 'path'  Will restore file 'path'. 'path' is relative to root of
                      the partition and does not start with a '/'
                      (it must be one of the paths returned by --dump-names).
                      The restored file is created in the current directory
                      as 'RECOVERED_FILES/path'.

--restore-files 'path'    Will restore files which are listed in the file 'path'.
                    Each filename should be in the same format as
                    an option to --restore-file, and there should be one per line.

--restore-all          Attempts to restore everything.
-j journal             Reads an external journal from the named file.
-b blocknumber         Uses the backup superblock at blocknumber when
                                opening the file system.
-B blocksize           Uses blocksize as the block size when opening fs.
                       The number should be the number of bytes.

It seems that running the program with –restore-all, should restore all possible files. Like this :

ali@Velocity$ ./extundelete /dev/sda6 --restore-all

But that option gave me some temporary, hidden and some useless config files over my home folder. I was thinking of rewriting the code …

Suddenly I found that, extundelete supports another option in which you can specify the inode number of your file, and it will bring it back … 🙂

Looking at manual of the “ls” command you’ll find that running “ls” with -i parameter will give you the inode number of files in a directory. I tried to find a range for inode files around the deleted file and search for all files in the range …

ali@Velocity:~/projects/Monko-MovieQuiz/Source/IMDBot/src$ ls -i
7824227 artists.db
7824222 google_spell_checker.py
7824220 merge_tool.py
7824214 movies-merged.db
7824219 movies-vahid.db
7824260 stuff.py
7824252 artists.py
7824211 IMDB.py
7824221 MovieDatabase.py
7824254 movies-sohrab.db
7824256 question_validator.py
7864492 tests
7864514 cache
7824305 lite_tool.py
7824208 MovieDatabase.pyc
7824207 movies-soroush.db
7824293 start.py
7962711 Tools

It seems that most of the files are in the range of 7824xxx, so searching the range of to 7824000 to 7824999 might be a good idea (take a look at the following bash code snippet) :

for((i=7824000; i<7824999; i++)); do
./extundelete /dev/sda6 --restore-inode $i ;

Viva !

I got 7 deleted files in this range (inside the RECOVERED_FILES directory), and one of them was my deleted python code ! And I spent my time on writing this article instead of rewriting the code 😉

Posted in Believe Me | Tagged , | 3 Comments

Nothing to say, Something to see

Beautiful Nature

Posted in Believe Me | Tagged , , | Leave a comment

The Story of Flashrom and My Lenovo V100

The fact that I always try to use open source softwares makes me to find new softwares and try them to see if they can solve my problems and do the job or not. Times ago, I had tried flashrom project to see if it can update my bios chip or not and the answer was NO ! Your chipset is not supported yet !

Later on, it was about May 2009 which I found a program which could change the boot logo of Phoenix bios images and I recalled flashrom. It was interesting that this time it said “Yeah, Your chip is now being supported! :)”. I made it to read my Bios image and the result was a real and valid phoenix image which I could change it. After making a new image, running flashrom to write it finished without any warnings or errors. I read the image again and Boom ! It was neither the original bios, nor the new one.

This is exactly where my first email went up online on the community’s mailing list and I knew that any invalid act which yields to rebooting the laptop is going to kill it. :

I tried the latest svn version (6 May 09) of flashrom and unlike older versions didn’t get a warning on my chipset. flashrom reads my chip successfully and outputs a fine Phoenix bios. After writing a new image into the chip

I found that writer is not fully functional and reading the chip again results in an image that is neither original one nor the new image. then I tried erase functionality and it resulted in some 0xFF and some unchanged bytes in the chip. Currently writing either images doesn’t change the chip and it remains in mostly 0xFF bytes.

Most of open source project maintainers use IRC as their collaboration and communication channel both with themselves and community. I went online and Peter one the maintainers was online but he wasn’t the person responsible for ICH7 series chipsets, So I had to wait for Carl to come online. It was midnight in Iran and I went to bed leaving the laptop up and running. Next morning I found Carl and after working with him to find the problem, he suggested to try AAI type of Chip-Programming. It was a time consuming task and I had to go for an important session, So I left home.

When I returned back, I got no good results of AAI. The wonderful part of story is that my little sister had played with my laptop, when I was out, and didn’t power it off, so that I don’t get noticed she touched my laptop without permission. 😀

Carl reviewed the data-sheets for my Bios chip and found that It doesn’t support writing multiple bytes at a time. Finally he sent me some patches and the last patch wrote the image successfully. I worked a few more hours to finalize the patch and sent some verification emails so that Carl can commit them to the main version tree (And got acknowledges for helping to track down the bug ! 😉 ).

It was an amazing experience of active community support and I should really thank Carl-Daniel Hailfinger, Peter Stuge and all other active maintainers of open source projects.

Posted in Believe Me | Tagged , | 2 Comments

AUT’s 2nd Linux Festival

Second Linux Festival - AUT

Second Linux Festival has been successfully held at Amirkabir University of Technology (AKA Polytechnic). It has been divided into three main levels of Beginner, Intermediate and Advanced. The topics has been presented inside Computer Site of CEIT department under a much better quality comparing to the last year’s festival. People installed, tasted and utilized a new operating system in a well mannered approach. During the installation process and most of other presentations, our local server and mirror of software packages (aka SSCLinuxBox) helped a lot and became the standard way of sharing files / installing software during the festival.

Topics and Schedule

One month ago, when we were planning for festival topics and schedule, Amir-Mohammad and I reviewed many Linux-related books and their contents. This resulted into a rich outline for the festival topics. Taking a look at topics and presentation quality this was the best and first festival in Iran covering this scope of topics. Here’s a summary of main subjects and presentations :

  • Beginner (1st Day)
    • Linux W5H2 ?
    • Distributions
    • Installing Ubuntu Linux
    • Package Management
    • Linux File System Structure
    • Desktop Environments
    • Useful Programs
  • Intermediate (2nd Day)
    • System Configuration
    • Introduction to command line
    • Linux and Network
    • Web Development in Linux
    • Installing software from source
    • GUI Development Using QT
  • Advanced (3rd Day)
    • Boot-up Process
    • Network concepts in Linux
    • Linux Servers
    • Scripting in Linux (Bash, Python, …)
    • The Linux Kernel
    • Linux Security

The complete program and schedule can be found here.

What I learned

Although it was the second experience on Linux Festival in our university and we fixed almost all of problems which could be seen in the last one, there are always problems and we can learn from them. One of the main points I got in the first few presentations, was the importance of coordination between presenters around the topics and details which is going to be presented. Lack of such synchronization and coordination before the festival, resulted into problems in presentation topics and contents since some of presenters did have a different idea about listener’s levels and prepared some extra stuff for those who where beginner. In addition none of us knew about the dependencies of subject that was going to be presented, whether they have been discussed up to now or not.

Yet another point on the art of presentation and teaching. In situations like this, where every presenter is a professional in a field and likes the topic and have chosen to teach it, hiding the unnecessary details is a very very hard task. A teacher should have the ability to place and simulate the thinking process of listeners and remove the details that might break this thinking process. On the other hand, he should analyze the required dependencies of current topic and explain them before anything.

I got many feedbacks regarding the presentation style and found that the estimation of listener’s level and correct decomposition of subject into the simplest form are keys to a successful presentation.


It was a cool and friendly atmosphere. The support team and technical team were both working hard to reach the best quality and it made it a real memory. Its notable that this was the first serious work/project of our new Scientific Committee and the results were incredible.

Second Linux Festival - AUT


Posted in Believe Me | Tagged , | 1 Comment

Best Treatment is to Avoid Vulnerabilities in First Place

The second agreement on serious programming errors have just taken place and computer science professionals reached to a formal agreement on top 25 programming errors. The main idea for such a list is to help and educate programmers to prevent kinds of vulnerabilities that are reason for almost all cyber attacks.

The 2010 CWE/SANS Top 25 Most Dangerous Programming Errors is a list of the most widespread and critical programming errors that can lead to serious software vulnerabilities. They are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all.

The list for 2010 bears a striking resemblance to last year’s list that SANS organization released. Note that Cross-site scripting (XSS) attack and SQL Injection are still listed as top pitfalls.

Posted in Believe Me | Tagged , , | Leave a comment

Topic to talk ?


What should we do, when the intersection of interests reaches zero among friends ?

Posted in Believe Me | Tagged , | Leave a comment

Narcis For Linux – Project

Narcis For Linux - Revision 3 - Screenshot

I’ve been playing around with the full-featured English-Persian dictionary named Narcis. Narcis has been provided as a Windows application and AFAIK the development has been stopped. Just found it useful to have their rich database, so wrote some python scripts to decode the character set and export it into C++ source code format. Now I’m writing my Linux port using QT, C++ and Sqlite :). For more information on the project, refer to the N4L wiki page.

Posted in Believe Me | Tagged , , , | 1 Comment

Post Mortem


Recently I took part in a group project. The time line was very severe and we were exhausted from our previous activity.

We started working with a rough design and split tasks. One day before the deadline we gathered to integrate our codes. My part included something unfamiliar, complex and tremendously unpleasant. After 5 hours of pulling out my hair off my head, I managed to do that. Now only a few lines and  it would be finished. As I was very tired, I decide to pair program this part to avoid errors. My partner and I did that in a few minutes we had and then released the code.

When I was preparing my code for the main event, I realized something was wrong. Some couple of hours led me to an obvious error. A single line that was placed 4 line above it’s correct location!

Well, this bug was found too late and rendered all our results based on the code unreliable and false. So the project failed.

Under the following circumstances, it’s not recommended to code:

1) After over 8 hours.

2) When you’re too tired or distracted.

3) Whenever you cant concentrate.

But it’s sometimes unavoidable to w0rk in some (or all) of these conditions specially when you can’t appoint the deadline yourself.

Then, what measures are to be applied to prevent errors and bugs that may result in a total failure?

I’ve come to the following methods:

1) Test each and every module you write.

2) Spare additional functionality in favor of reliability.

3) Have a firm and clear time line for testing.

What you pay vs. what you gain:

Testing is time consuming and requires extra effort. Most times you are writing parts that get input from other unfinished parts (e.g. written by other team mate). This means that to test them you need to provide test data. But the extra time pays off! Tested part lets you focus on other parts and give you a good idea where to NOT look for it, saving up some time debugging and probably prevents some undesirable results.

In the future posts I’m going to explore major testing methods as well as the ways proposed by some well-known SDK’s such as eclipse and Visual Studio.

Post Mortem is when you discuss what happened in a project after it’s finished. It literally means done after death or after an event (definition from merriam-webster).

Posted in Believe Me | Tagged , , | 1 Comment

Our Interests and Effect of advertisement on them

You know about effects of advertisements in business context. When a new product is born, the company not only needs to introduce the product, but also should make demands for it. You see lots of things we’re using on a daily basis which aren’t really necessary and our predecessors were living happily without most of them. I don’t ignore the technology and the simplicity of human life caused by it but have you ever noticed your status before and after an advertisement for a cool product ? You were living without it, but after you knew about the product and the way it was shown to you, You would think about it and the way you can reach it !
Yes, Its trivial and wise, a common property of human kind.

But I was thinking about the way of life we choose for ourselves, in most cases we don’t take decisions based on a predefined road-map. Evidently there are lots of advertisements around us for different kind of tasks we can choose to do. As an example when you meet a musician playing a really beautiful and nice music, what your eyes see and your ears hear is considered as an advertisement for the music art/task. In such a situation, if there doesn’t exist any predefined road-map, you’ll choose to become a musician, or at least you would think about it. Or when you meet a poet or a computer scientist or a professional doctor that have chosen their jobs based on interest and have devoted their life into what they really like.

The above sentence might seem wrong since when you meet the musicians you usually don’t sense any effects or interests. Probably you haven’t meet the one who can really introduce/advertise their fields of interests correctly. Profession in a task is not considered as a prerequisite for advertising it, but it does actually help and is important. The other reason you might be affected by already, is that your current way of life forces you to do an specific task to gain some goods and you don’t want to risk and leave the current one for a new and interesting field.

It seems odd, since you’re judging about your self and claim that you have an interesting predefined map, but have you ever asked yourself What way exactly you’ve chosen the current one. Or What other fields you have ignored to choose this one ? How did you decide ? There is a time frame in everybody’s life time, in which he or she is not forced to do something and he can select among the fields or interests that are being advertised around him.

I want mainly conclude about the parameters affecting a person while he or she is in such a situation. Normal people usually obey the “what comes best and first algorithm” (AKA Greedy algorithm in computer science), ignoring the long time effects and so. Wise people usually list the different factors in their mind and consider the long time effect of each one, Sum it up and decide. The interest might be considered as one the factors beside the others.

And finally the Exceptional group of people, look only at their interests and choose the way, they are really interested in right away, While ignoring other parameters such as monthly rate for the job, reputation and popularity and the reflections in people’s mind, and so. They only consider them selves (and yes, this means they’re very selfish in this case) and won’t let other people and parameters choose their way of life.

So idealistic ? No, they’re out there, take a look.

Posted in Believe Me | Tagged , , , , | 1 Comment

Depressing life?


Once I heard that if you put a frog in a glass of water and then heat it gently, it wont move till the water reaches boiling point, and the frog dies. But if you throw it right into the boiling water, it will jump out immediately, it will be hurt, but it will survive!

Change the routine now, it WILL hurt, but it’ll refresh.

Happy New life!

Posted in Believe Me | Tagged , | 2 Comments