search

Drive-Trust-Alliance / sedutil

DTA sedutil Self encrypting drive software
603 stars 233 forks source link

Different hashed passwords between Windows and Linux #377

Closed Uenoowl closed 2 years ago

Uenoowl commented 2 years ago

External hdd: Seagate Ultra Touch HDD 2TB encrypted by Seagate Toolkit, I think it comply with the TCG OPAL 2.00 standard.

Windows: Windows 10 Home

Linux: openSUSE Tumbleweed

sedutil: Both download from https://github.com/Drive-Trust-Alliance/sedutil/wiki/Executable-Distributions

I am using following commands to unlock my Seagate Ultra Touch HDD:

# sedutil-cli --setlockingrange 0 rw password drive
# sedutil-cli --setmbrdone on password drive

It works perfectly under Windows, while under Linux it gives me an "NOT_AUTHORIZED".

I compared the output using -vvvvv and found that the Linux's one is something like this:


sedutil-cli -vvvvv --setlockingrange 0 rw password /dev/sda
---
Log level set to DBG4
sedutil version : 1.20.0
Creating  DtaResponse()
Creating  DtaResponse()
...
Leaving DtaDevOpal::properties()
Entering DtaDev::isOpal2 1 # Windows don't have this line
Destroying DtaDevOS
Destroying DtaDevLinuxSata # In Windows it's DtaDiskUSB
Destroying DtaResponse
Destroying DtaResponse 
Setting Locking Range 0 1
Entering DtaDevOpal::setLockingRange
...
Dumping command buffer
Entering hexDump
0000 00000000 07fe0000 00000000 00000000  ................
0010 0000007c 00000000 00000000 00000000  ...|............
0020 00000000 00000000 00000064 00000000  ...........d....
0030 00000000 00000058 f8a80000 00000000  .......X........
0040 00ffa800 00000000 00ff02f0 8169a800  .............i..
0050 00020500 00000201 f200d020 35c76148  ........... 5.aH
0060 25be086e b97e2611 ec9913b6 640e741b  %..n.~&.....d.t.
0070 340a980f eb371f62 44f1107e f3f203a8  4....7.bD..~....
0080 00000009 00010001 f3f1f9f0 000000f1  ................
...
Entering DtaSession::methodStatus()
method status code NOT_AUTHORIZED
...

The bolded lines are different from Windows' one, and the hexDump is different from Windows.

I wonder if the hashed password is different between Windows and Linux due to some reasons, but I don't know how to check it.

Uenoowl commented 2 years ago

Applying the first two patch of #190 and run with --printPasswordHash, I can confirm that hashed passwords are different between Windows and Linux. Using the Windows hashed password with -n -x can unlock my driver in Linux.

r0m30 commented 2 years ago

What are they differences when you do a query? I'm guessing the serial number is different. It is probably a difference in the way windows and Linux handle the USB adapter you are using. If that's the case I have no idea what would fix it.

Uenoowl commented 2 years ago

The first line of the query outputs are different:

Windows:\\.\PhysicalDrive1 USB ST2000LM010-1RA174 SDM1 WDZPAAZY

Linux:/dev/sdb SAS BUP Ultra Touch 0004 Seagate

I don't exactly know the meaning of each item. But it seems neither of them contains the serial number printed on the hdd.

r0m30 commented 2 years ago

The first line of the query string is supposed to read like this: Device ID,interface type, drive ID string,microcode ID,serial number. The password hashing algorithm uses the serial number as the salt for the hash, so when using that USB adapter the only way I can think of to maintain cross OS compatibility is to use the no hash flag.

Uenoowl commented 2 years ago

Thanks for your explanation😃