No output for getdek / decrypt WD My Book Essentials 3TB JMicron chip

[melissacwp]

Hi everyone,

I have a WD My Book Essentials 3TB that I am hoping to retrieve data from. When connected, it frequently disconnects and sometimes becomes undetectable. A lot of research later, I've deduced that it was due to the PCB. I took it to a local IT technician who managed to take it out of its enclosure and confirmed it was indeed a PCB problem. I've tried to search for a replacement PCB (as it was one solution i came across) but unfortunately, the model of this hard disk is old so it's been a challenge looking for the part.

After more googling, I came across an option to decrypt the drive as a way to hopefully gain access to the data. I came across reallymine and my-linux-tools and became even more hopeful, and was also amazed at all the help given by both project developers. I am a complete newbie to the world of Linux but I managed to slowly figure things out and create a live boot of Ubuntu to get started (all for the sake of the hard disk). It's now connected to my laptop using a SATA connection cable.

I initially tried to follow themaddoctor's guide but I was not getting a similar output required from each command. The My Book that I have on hand uses the JMS538S chip. I've read and reread the PDF, googled foreign-sounding terms and basically tried my best to follow the guide but to no avail.

Not giving up, I decided to go down the path of reallymine. For someone who is new to Linux, I finally got it to run (at least I think I did), however when executing the command "sudo ./reallymine getdek /dev/sdc", it doesn't produce any output, same goes to the decrypt command. When I try to close the terminal, it says that it is still running. So I re-tried the command again and left it for more than an hour but still nothing appears. I'm not sure how long it should take but reading from past issues - it didn't seem to take long, then again I might be wrong.

How long should I leave the getdek command to run? And is there a way to check if the data are still intact?

I apologise in advance for potentially stupid questions and thank everyone for their time and whatever help I can get!

[themaddoctor]

Can you get sector 5860528160? sudo dd if=/dev/sdX skip=5860528160 count=1 status=none | hexdump -C where X is replaced by the correct letter for the WD drive

[melissacwp]

Thanks for your super swift reply! The output returned with this dd: /dev/sdc: cannot skip: Invalid argument I tried for both sdc and sdc1

[themaddoctor]

Did you remove the disk from the WD enclosure and connect it to the computer with a generic enclosure or an SATA port? What is the output of "lsblk"?

[melissacwp]

It's currently connected via a SATA - USB adapter

Here's the output of "lsblk" :

NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT loop0 7:0 0 1.9G 1 loop /rofs loop1 7:1 0 27.1M 1 loop /snap/snapd/7264 loop2 7:2 0 55M 1 loop /snap/core18/1705 loop3 7:3 0 240.8M 1 loop /snap/gnome-3-34-1804/24 loop4 7:4 0 62.1M 1 loop /snap/gtk-common-themes/1506 loop5 7:5 0 49.8M 1 loop /snap/snap-store/433 sda 8:0 0 931.5G 0 disk ├─sda1 8:1 0 100M 0 part ├─sda2 8:2 0 900M 0 part ├─sda3 8:3 0 128M 0 part ├─sda4 8:4 0 372.6G 0 part ├─sda5 8:5 0 537.8G 0 part └─sda6 8:6 0 20G 0 part sdb 8:16 1 28.9G 0 disk └─sdb1 8:17 1 28.9G 0 part /cdrom sdc 8:32 0 746.5G 0 disk └─sdc1 8:33 0 746.5G 0 part /media/ubuntu/New Volume sr0 11:0 1 1024M 0 rom

[themaddoctor]

None of those are a 3TB disk.

[melissacwp]

From the output it may not seem like it yes, but I've checked via Disks and disconnecting the hard disk and running lsblk to find out the device drive. Whenever I disconnect the 3TB disk, sdc does not appear when executing lsblk but once reconnected, it appears again.

I am quite certain it is 3TB as the sticker on the disk is a Green WD 3TB

I have a very very bad feeling that the IT technician did something to it in the process of checking. Before I sent it in for checks, I was still able to connect to the hard disk by chance (with the PCB on). Sadly, when I got it back and tried to connect, it would not detect.

[themaddoctor]

sdc is clearly the Ubuntu thumb drive

Maybe try a new SATA-USB adapter.

[melissacwp]

Oh, I thought that the sdb drive was referring to my Ubuntu thumb drive cause I loaded my Ubuntu on a 32GB USB Flash Drive.. Okay, I'll get myself a new SATA-USB adapter and will try again when it arrives (hopefully soon)! I'll update as soon as I get something. Thanks a lot for all your replies :)

[maurosisa]

Hi @themaddoctor ,

I have a passport for Mac so my chip is JMS538S . I am familiar with Linux but I am confused about the hardware steps as prerequisite .I opened the enclosure :could I connect the WD board to a converter ready to use and then connect it to the usb of the pc ? could I avoid making these wire connections described here https://blog.acelab.eu.com/pc-3000-hdd-how-to-solder-a-sata-adapter-to-the-usb-western-digital-drive.html ? Thanks in advance for your kind help ! Regards

[themaddoctor]

Maybe. Good luck.

[maurosisa]

Have you guidelines for this type of HD ? The passport is owned by a relative of mine that told me he didn't put any password but he made some "bad click" and the HD got encrypted and indeed i cannot mount the data partition on my Ubuntu.He ownes a mac.Please for your help, to be honest I want to help this man because he has all his pictures there,that's not for business.

[themaddoctor]

I don't know about hardware. If you can gain access to the drive and make an image of it, I can help with decryption.

[maurosisa]

Do you know if there is the way to mount the data partition, knowing that the password is null ?

[themaddoctor]

If you can gain access to the drive and make an image of it, I can help with decryption.

[maurosisa]

In order to extract the image the /dev/sdx should be readable , but dd doesn't work due to the activated encryption i suppose.s there a way to revert this encryption if the password wasn't actually set ?

[themaddoctor]

Those drives are always encrypted. The JMS chip decrypts on the fly. You have to bypass the chip and read the drive directly. Only then can I help.

[maurosisa]

I see.so the trick should be to replace the controller with one compatible but without the JMS chip.by now , thamks for your help, i hope to manage to do it !

[Dootpehr]

Hello, @themaddoctor. I was posting details of my issue with AsMedia chip My Book in appropriate thread. Recently I posted there about commands that fail to finish execution. I tried waiting for execution of getdek and dumpkeysector commands to finish for 1.5 hours. Still no result. I'll try to execute command suggested in this post and provide a feedback.

[themaddoctor]

I don't think the ASM chip does encryption.

[Dootpehr]

@themaddoctor Just for test purpose I tried to execute sudo dd if=/dev/sdX skip=5860528160 count=1 status=none | hexdump -C command which you adviced in this thread. It produced: dd: /dev/sda: cannot skip: Invalid argument I understand that my HDD was not encrypted by ASM chip. Still can you tell whether trying to apply getdek and dumpkeysector commands to a drive with unallocated space only should cause those commands to stay executing for that long time? And what the output of dd means in my case?

[Dootpehr]

@themaddoctor I decided to figure out what's wrong with dd. So I executed lsblk (as you advised), which produced:

NAME   MAJ:MIN RM   SIZE RO TYPE MOUNTPOINTS
loop0    7:0    0     4K  1 loop /snap/bare/5
loop1    7:1    0    62M  1 loop /snap/core20/1587
loop2    7:2    0  63,2M  1 loop /snap/core20/1623
loop3    7:3    0 163,3M  1 loop /snap/firefox/1635
loop4    7:4    0 236,8M  1 loop /snap/firefox/1943
loop5    7:5    0 400,8M  1 loop /snap/gnome-3-38-2004/112
loop6    7:6    0 346,3M  1 loop /snap/gnome-3-38-2004/119
loop7    7:7    0  91,7M  1 loop /snap/gtk-common-themes/1535
loop8    7:8    0    47M  1 loop /snap/snapd/16292
loop9    7:9    0   284K  1 loop /snap/snapd-desktop-integration/14
loop10   7:10   0    48M  1 loop /snap/snapd/17029
loop11   7:11   0    16K  1 loop /snap/software-boutique/57
loop12   7:12   0  13,5M  1 loop /snap/ubuntu-mate-welcome/709
loop13   7:13   0  13,5M  1 loop /snap/ubuntu-mate-welcome/714
sda      8:0    0   2,7T  0 disk 
sdb      8:16   1  59,7G  0 disk 
├─sdb1   8:17   1     1M  0 part 
└─sdb2   8:18   1  59,7G  0 part /var/snap/firefox/common/host-hunspell
                                 /
sdc      8:32   1     0B  0 disk

So an approximately 3TB disk is visible. Then sudo hdparm -I /dev/sda produced: LBA48 user addressable sectors: 5860467633 So I replaced initial command with this: sudo dd if=/dev/sda skip=5860467632 count=1 status=none | hexdump -C. It produced:

00000000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000200

Final sector is accessible. So an initial question of this issue arises again: why getdek and dumpkeysector commands don't finish execution? And another one: was initially proposed sector index a part of DCO area? If the answer to last question is "yes" than I was wrong about entering number from hdparm info. Sorry for delay, I didn't have access to test PC.