The last installment of this particular blog offered the basics of RAID 5 recovery technology and used a very simple truth table to illustrate the four (4) states of XOR mathematics. This week we will dig a little deeper into the technology and hopefully offer a clearer understanding of how the normal end user can in fact do RAID 5 recovery.
Once again, XOR mathematics offers four actions that work on a bitwise truth table. This truth table when used properly can in fact help one to not only recover their lost RAID data but find out critical facts like, drive order, stripe size, offset calculations, and RAID 5 symmetry. Let’s first take a look at what XOR math will do on actual live data. In order to do that, we must understand how data is stored on the computer in its most primitive state and how viewing that data in a certain way offers us a method for recovery.
We are going to start with a simple ASCII table which defines certain characters in an eight bit environment. Eight bit of course meaning the size of the data type. So each character has its own eight bit value and can be illustrated in several ways. As an example, let’s take the letter ‘A’. In the ACSII table the letter ‘A’ is represented by the decimal number 65. In binary, displaying all bits, the letter ‘A’ is represented by 01000001. Let’s now take the letter ‘Z’ and its ASCII table representation which is signified by the decimal number 90. The ‘Z’ in binary is expressed as 01011010. So, to explain this further, when the computer sees the number 65 it translates it into an ‘A’, and when it sees a 90, it translates that into a ‘Z’.
Now that we have the binary representation of the letter ‘A’, and the letter ‘Z’, let’s perform XOR operations on all eight bits and see what happens. Please refer to the previous blog on the XOR operation to see how the result was achieved.
From right to left, low bit to high bit.
- 1 XORed with 0 = 1
- 0 XORed with 1 = 1
- 0 XORed with 0 = 0
- 0 XORed with 1 = 1
- 0 XORed with 1 = 1
- 0 XORed with 0 = 0
- 1 XORed with 1 = 0
- 0 XORed with 0 = 0
So the result of XORing ‘A’ with ‘Z’, or 65, with 90 = 00011011 binary or 27 in decimal. As an aside, 27 is the Escape character in the ASCII table.
Now for the magic of XORing. Let’s say we only have the values of ‘Z’ (90) and Escape (27). What would happen if we XORed these two characters? What would the result be? Let’s see!
‘Z’ 01011010
‘Esc’ 00011011
========
Result 01000001 or the letter ‘A’
This is the crux, the very crucible of RAID 5 recovery and understanding this math is crucial before going on.
This particular instance illustrates that once a value is XORed and creates a new value, any combination of any of the two values will result in the third value. ‘Z’ and ‘A’ will give you Escape, ‘A’ and Escape will give you ‘Z’, and ‘Z’ and Escape will give you ‘A’.
In the next installment I will illustrate how you can find the drive order of your RAID 5 recovery using XOR math and a tool called WinHex.
Reference: http://dtidatarecovery.com/practical-raid-5-recovery-and-xor-mathematics-in-ntfs-5-part-2/
