I know that a LUKS partition has a plain-text header that stores many informations like master key (MK) digest, MK iterations of PBKDF2, information about the 8 key-slots etc. I also know that in the header there is the af-splitted and encrypted master key.
I'm asking if there is a way to recover that. I know I could simply use:
cryptsetup luksDump --dump-master-key /dev/whatever
However, this only give me the decrypted MK.
Only information I have are from header:
key-material-offset: 8 (start sector of key material)
number of stripes: 4000
My goal would be to manually decrypt the master key with the derived key from pbkdf2, do af-merge and then decrypt the whole data bulk with this candidate key.