/* ext2scan:
 * Scans an input stream, sector by sector, for something that looks like an ext{2,3,4} partition.
 * It does this by looking for a magic WORD, 0xEF53, at a known offset into the sector.
 * For random data, this will occur by chance around once per 32MB of data, so we also
 * check whether the first two sectors are all zeros, which is commonly true for ext partitions.
 *
 * Compile with:
 * gcc ./ext2scan.c -o ./ext2scan
 *
 * Example usage:
 * dd if=/dev/sda [skip=$START_SECTOR] | ./ext2scan [$START_SECTOR]
 *
 * Or for more speed, use a larger block size:
 * dd if=/dev/sda bs=1M [iflag=skip_bytes skip=$(($START_SECTOR*512))] | ./ext2scan [$START_SECTOR]
 *
 * References:
 * - http://unix.stackexchange.com/questions/103919/how-do-i-find-the-offset-of-an-ext4-filesystem
 * - http://uranus.chrysocome.net/explore2fs/es2fs.htm
 */

#include <unistd.h>
#include <stdio.h>
#include <string.h>

int main(int arg_c, char **arg_v) {
  unsigned char const MAGIC[2] = {0x53, 0xef};
  unsigned char const ZEROS[512] = {0};

  char buf[4][512];
  int empty1, empty2;

  long long int sector = 0;
  long long int offset = 0;
  if (arg_c == 2) sscanf(arg_v[1], "%lld", &offset);

  while (read(STDIN_FILENO, buf[sector&3], 512) > 0) {
    if (!memcmp(buf[sector&3] + 0x38, MAGIC, 2)) {

      printf("Found a possible ext partition at sector %lld", offset+sector-2);

      empty1 = !memcmp(buf[(sector-2)&3], ZEROS, 512);
      empty2 = !memcmp(buf[(sector-1)&3], ZEROS, 512);

      if (empty1 && empty2) printf(" (first two sectors are empty :)\n");
      else if (empty1) printf(" (first sector only is empty)\n");
      else if (empty2) printf(" (second sector only is empty)\n");
      else printf(" (first two sectors are non-empty)\n");

    }
    sector++;
  }
}