MySQL Forums
Forum List  »  Data Recovery

Re: InnoDB corrupted by ransomware attack
Posted by: Aleksandr Kuzminsky
Date: June 27, 2018 12:49AM

There is a copy of table structure in the InnoDB dictionary (in ibdata1).

The sys_parser tool from Undrop-for-InnoDB (https://twindb.com/data-recovery-toolkit/) reads SYS_TABLES, SYS_INDEXES, SYS_COLUMNS, and SYS_FIELDS and reconstructs a CREATE TABLE statement.

After you compile the tool parse ibdata1 to generate SYS_* dumps:

./stream_parser -f /var/lib/mysql/ibdata1

There is a helper script ./recover_dictionary.sh that loads SYS_* tables in a local MySQL instance. Try to use it, but make sure mysql can connect w/o password.

Then you can generate table schema

# ./sys_parser -u root -p qwerty sakila/actor
CREATE TABLE `actor`(
`actor_id` SMALLINT UNSIGNED NOT NULL,
`first_name` VARCHAR(45) CHARACTER SET 'utf8' COLLATE 'utf8_general_ci' NOT NULL,
`last_name` VARCHAR(45) CHARACTER SET 'utf8' COLLATE 'utf8_general_ci' NOT NULL,
`last_update` TIMESTAMP NOT NULL,
PRIMARY KEY (`actor_id`)
) ENGINE=InnoDB;

See more detailed guide on
https://twindb.com/recover-table-structure-from-innodb-dictionary/

Now, having the CREATE statement you can generate the .frm file and replace it instead of the encrypted one.

Options: ReplyQuote


Subject
Views
Written By
Posted
Re: InnoDB corrupted by ransomware attack
241
June 27, 2018 12:49AM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.