decrypted.img remains zero bytes in size.

[JoshAust]

Hi. First, thanks for this great program.

I have a 3TB Western Digital Essentials drive that the USB board has died. I cannot seem to source one online with the same firmware, hence why I am trying reallymine instead.

I connnected the drive to a PC directly via the SATA port. The drive has zero bad sectors, pending bad sectors ore reallocation events.

I ran reallymine via ubuntu and it successfully made an image of the drive overnight. However, the image size was only a bit over 300GB in size.

I did some research, and it appears that when the drive is connected via the USB-SATA bridge, the drive appears as 4096 bytes per sector, however when directly connected to the SATA port, it appears as 512 bytes per sectors ( 1/8 of the size) So I assume that is why the image is approximately one 1/8 of the drives size.

So, I instead imaged the 3Tb drive onto a brand new blank 4TB drive using ddrescue. That ran overnight and came to 3TB in size, so I assume it imaged OK, as no errors were reported.

HOWEVER, when I re ran reallymine on that 4TB drive, it creates the decrypt.img file, however it remains as zero bytes, and never grows in size. reallymine still appears to be running.

I've tried rebooting it, and re-running it, with no change.

The command I'm running is: sudo ./reallymine decrypt /dev/sdb decrypted.img

Any help, suggestions etc greatly appreciated.

[themaddoctor]

I don't know much about the program, but if you are willing to start from the beginning, maybe I can be useful.

First, what chip is on the burned out bridge card? The square one in the middle.

[JoshAust]

Hi Themaddoctor, and thanks for your reply. Its a symwave SW6316-3VB14 chip.

I'm happy to start from the beginning if required.

I kept a copy of the first image I made that only ended up being around 300GB in size. I also have a 4TB drive I imaged the 3TB drive directly onto using DDRESCUE -F /DEV/SDA /DEV/SDC /MNT/LOG.LOG

I believe the drive itself is perfectly fine, as I have tested the SMART attributes, and have also tested sector access with Victoria, and the drive seems to be fine.

[themaddoctor]

Can you dump sectors 0, 2048, and 5860529539?

dd if=/dev/sda skip=0 count=1 | hexdump -C dd if=/dev/sda skip=2048 count=1 | hexdump -C dd if=/dev/sda skip=5860529539 count=1 | hexdump -C

Copy the output over. Do not post a screenshot.

[JoshAust]

Sure. These are taken from the brand new 4TB drive that I "ddrescue -f" the encrypted drive to: sector 0

00000000 33 ed a1 2f 35 91 fd 61 10 6b 0a d7 9a 70 ef 5b |3../5..a.k...p.[| 00000010 de 4c 57 e1 4c e7 29 9a b4 d2 05 ae 12 36 49 77 |.LW.L.)......6Iw| 00000020 11 cd e6 37 f7 15 54 c4 83 fc 3f 46 54 a1 cc b0 |...7..T...?FT...| 00000030 bb b2 96 a4 20 ff 27 1b 8b 72 f7 90 9b 92 e1 5e |.... .'..r.....^| 00000040 a2 35 d4 34 01 bf d9 0e 93 bf ec 9c d4 ea b6 6a |.5.4...........j| 1+0 records in 1+0 records out 512 bytes copied, 0.012253 s, 41.8 kB/s00000050 76 93 ac 1c 6d fb dd a0 db b5 41 7f e1 5d 81 30 |v...m.....A..].0| 00000060 f8 f4 c4 54 9a 21 ac 3d bc 65 cd c6 47 ea 68 7a |...T.!.=.e..G.hz| 00000070 22 e1 e9 7c 11 f8 97 16 5f 14 73 e8 5f b4 53 29 |"..|.....s..S)|

00000080 0f 68 0c 3f df 88 32 c8 4f dd 68 95 68 2f d6 14 |.h.?..2.O.h.h/..| 00000090 c0 25 c9 56 2d c1 15 9d 7d 9f e5 94 26 9b 3e f3 |.%.V-...}...&.>.| 000000a0 df 26 d7 2e 5c ab 75 76 21 83 80 f7 8f a9 0d 6a |.&...uv!......j| 000000b0 22 f8 55 3c d7 68 b8 e8 60 27 1e 23 a2 77 15 99 |".U<.h..'.#.w..| 000000c0 31 d4 f3 78 c3 2e 8f e8 e2 12 02 ea a9 d6 1f 4b |1..x...........K| 000000d0 ba 81 af 28 65 c7 c9 54 82 41 5d a8 5a b6 94 da |...(e..T.A].Z...| 000000e0 ee 54 4b 43 95 b8 6c 16 5f dd f9 10 e0 9c e2 70 |.TKC..l._......p| 000000f0 40 5e 9d 4f 2b f7 9f 81 77 7d 74 60 61 d6 61 e9 |@^.O+...w}ta.a.| 00000100 bc d4 1a 59 b4 80 1a 15 17 9d d4 c3 18 bc c5 44 |...Y...........D| 00000110 82 3b 0b 66 b7 3d a5 4c 08 be 63 53 b7 00 fa 51 |.;.f.=.L..cS...Q| 00000120 35 24 7b 4f 4f 53 b8 7f b5 5e 3d 58 b4 fe 5f 72 |5${OOS...^=X.._r| 00000130 80 ea ab d2 4d 5e 55 2e 0b 05 d7 b6 c4 46 03 af |....M^U......F..| 00000140 27 ed d0 10 8a b2 08 ff 93 c9 d5 dc dc c2 39 a5 |'.............9.| 00000150 1c bc 51 a7 ae f8 0c 60 02 ec 9d a1 ee 67 5a c4 |..Q....`.....gZ.| 00000160 53 57 be 16 4c 47 9a 52 3e 00 25 18 7c a5 d1 3d |SW..LG.R>.%.|..=| 00000170 b8 1f 9f a6 1e 86 1f ab 55 91 ac ca a4 5e 9b f5 |........U....^..| 00000180 d0 02 8b d4 21 a1 89 d2 d1 b9 ba 62 05 62 a4 d8 |....!......b.b..| 000001b0 89 8b 38 96 f2 d5 eb 0c a6 3a 77 99 f9 b6 8d 3d |..8......:w....=| 000001c0 93 21 6d f8 d4 ac 02 9e 05 b1 d0 50 2f 3f ba 91 |.!m........P/?..| 000001d0 d0 02 8b d4 21 a1 89 d2 d1 b9 ba 62 05 62 a4 d8 |....!......b.b..| 000001f0 ba f1 b3 b7 1f 99 ec cb 01 57 67 f1 2c a6 48 a6 |.........Wg.,.H.| 00000200

[JoshAust]

sector 2048: 00000000 81 db 6e dd 1e 2b 13 5e 3e 30 9f 9d e5 9e 03 0b |..n..+.^>0......| 1+0 records in 1+0 records out 00000010 69 50 5f bc 66 be 07 e7 e9 13 4d 97 f7 9e 09 f4 |iP.f.....M.....| 512 bytes copied, 0.000217178 s, 2.4 MB/s 00000020 a7 67 16 bf 04 2a 9f 29 54 e9 a6 f2 72 77 78 c9 |.g...*.)T...rwx.| 00000030 a8 64 b6 b5 5a 9d 4f d1 70 9b fe e9 4d 2f 80 c1 |.d..Z.O.p...M/..| 00000040 29 d9 7d f4 f6 96 d1 68 39 e5 10 32 c2 e5 1c 35 |).}....h9..2...5| 00000050 13 f8 de 63 be 08 4a 46 f1 ed 91 c2 33 d8 56 20 |...c..JF....3.V | 00000060 df 24 96 18 7c 48 d7 c7 e1 9d f7 d4 10 15 cc bd |.$..|H..........| 00000070 1d cc c2 19 97 17 15 1a 5f 27 03 b9 c5 9b e1 9d |........'......| 00000080 03 29 3c a5 90 7e f9 c1 51 6b 64 91 42 91 a6 f6 |.)<..~..Qkd.B...| 00000090 7a e3 7c 16 8c d7 13 8f eb f9 4f a0 1a 38 4e ab |z.|.......O..8N.| 000000a0 37 e5 08 19 ce 35 68 90 a1 a3 2c 13 aa a4 da 58 |7....5h...,....X| 000000b0 bf 6d a4 2c 11 cd af c2 d0 d2 2e 84 8f 0b 1e bc |.m.,............| 000000c0 1b 23 ca a0 f1 eb 91 47 bc 7d 68 1c 6a 4b 17 d7 |.#.....G.}h.jK..| 000000d0 b1 a5 fe d5 cf 29 28 6d 6b 14 a7 99 56 88 81 12 |.....)(mk...V...| 000000e0 7b 6e a6 00 3e 72 98 71 bb d0 b8 8b e5 14 cc 4c |{n..>r.q.......L| 000000f0 d4 f8 0a ba 59 f6 eb 51 bd 05 b7 78 b1 e6 0f b0 |....Y..Q...x....| 00000100 86 4d c3 bf fd b9 21 ae 2e 24 47 77 8b 05 ca 0a |.M....!..$Gw....| 00000110 33 07 06 99 8a 28 35 f7 97 bd c5 29 39 82 18 82 |3....(5....)9...| 00000120 07 ee c8 a8 59 70 c6 6c 0d 39 0d 99 d6 07 2a 1c |....Yp.l.9.....| 00000130 ff 7b 70 dd 56 83 9c 1a 1f 92 91 ac 71 83 39 0b |.{p.V.......q.9.| 00000140 21 4e 94 9e c8 4a 86 8f af 74 af ce a3 bf 38 ea |!N...J...t....8.| 00000150 fc 77 f0 26 c8 ce 4d c1 fd 56 5e 0e c8 15 34 f3 |.w.&..M..V^...4.| 00000160 6f 0f ea f7 c8 66 2d ae 69 fb 8e c8 e4 73 77 db |o....f-.i....sw.| 00000170 6f 15 2f c8 07 f1 94 0f 14 2d e1 b5 ed 34 81 1c |o./......-...4..| 00000180 2b 5d 46 d7 05 7e 83 97 e5 60 3a 81 0c ab 5e 8d |+]F..~...`:...^.| 00000190 61 db 9f 88 76 2b e9 92 c2 9e 7b 9a e9 1a e2 c8 |a...v+....{.....| 000001a0 bd a5 f5 79 2c 05 c6 2a 9c 3b dd 09 dd 0f 03 00 |...y,...;......| 000001b0 69 43 47 8d f7 0e 11 1a 92 ec 5a a0 4a 28 a5 3e |iCG.......Z.J(.>| 000001c0 bb 06 c1 a7 8b eb 67 df 0e ec 4d 4a ec ec 30 00 |......g...MJ..0.| 000001d0 b1 4f 49 76 68 fb 15 5b 4c 3f 33 82 87 bd 9c 34 |.OIvh..[L?3....4| 000001e0 97 57 8f 17 1c 47 8b 8c 87 9f 07 8f 95 75 bb eb |.W...G.......u..| 000001f0 06 ee cb b4 e1 97 b1 74 82 11 db 3d dd a1 82 2a |.......t...=...*| 00000200

[JoshAust]

and sector 5860529539: 00000000 57 4d 59 53 24 08 01 f8 00 00 00 00 02 00 00 00 |WMYS$...........| 00000010 af 28 59 71 68 83 51 9e 9b f0 8c 99 9a 88 22 ae |.(Yqh.Q.......".| 00000020 bb b9 0f de 5f 0a 6d 5f 5e 71 3d 6a eb 1e 5c 07 |.....m^q=j...| 00000030 33 01 f0 8b ee da e0 4a 15 88 b9 b5 72 b1 03 20 |3......J....r.. | 00000040 f3 65 eb 88 91 70 f9 e7 09 9a ee cb 58 05 ad 97 |.e...p......X...| 00000050 e3 6e b3 6d 5f 78 c9 cd fe cb 85 c0 43 50 06 8d |.n.m_x......CP..| 00000060 0f b6 50 6e 1a 36 30 8c 8e 25 9b fa 32 26 6b 6a |..Pn.60..%..2&kj| 00000070 04 02 72 61 c0 a9 f3 65 a1 b4 b5 55 0c d4 e7 c7 |..ra...e...U....| 00000080 f1 52 3b f2 46 b3 e8 69 00 00 00 00 00 00 00 00 |.R;.F..i........| 00000090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 000001c0 00 f4 a9 2b 00 00 00 00 00 10 00 00 03 00 00 00 |...+............| 000001d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000200

[JoshAust]

I have compared these to the original encrypted 3TB drive. All three sectors match identically the same sectors.

Apologies for the formatting or otherwise, as I'm not as familiar using ubuntu, so I copied the data from terminal, then pasted the data into a text file using libre office writer... I haven't learnt the command to pipe terminal data to a file. :)

[themaddoctor]

To direct output to a file, just put

filename.txt at the end of the command.

At first glance, nothing looks unusual. But it's midnight here, so I will take a closer look tomorrow afternoon and see if I can get the key and decrypt sector 0.

[themaddoctor]

Githup mangled that. I should say to add the greater than symbol followed by the name of the file you want to write.

I went ahead and decrypted sector 0 and found

Disk JoshAust-3TB-SW6316-0-decrypted.bin: 512 B, 512 bytes, 1 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: dos Disk identifier: 0x0002dcc8

Device Boot Start End Blocks Id System JoshAust-3TB-SW6316-0-decrypted.bin1 256 732558335 366279040 7 HPFS/NTFS/exFAT

There is a discrepancy there, because sector 2048 decrypted to the header of an NTFS filesystem. So really, the partition table uses blocks of size 4096, if my math is right.

Your key is 84f52e69f30dd2c3413c66aba92e3701623af526dec257e65f4b204580d1b266.

Tomorrow we'll talk about trying to mount the disk using a decryption routine built into ubuntu's kernel.

[JoshAust]

Ah, thanks for that. Just like piping in DOS/win.

filename.txt worked.

I'll put it all here as well for a neater version. (These are all from the original encrypted drive plugged in via SATA).

Sector 0:

00000000 33 ed a1 2f 35 91 fd 61 10 6b 0a d7 9a 70 ef 5b |3../5..a.k...p.[| 00000010 de 4c 57 e1 4c e7 29 9a b4 d2 05 ae 12 36 49 77 |.LW.L.)......6Iw| 00000020 11 cd e6 37 f7 15 54 c4 83 fc 3f 46 54 a1 cc b0 |...7..T...?FT...| 00000030 bb b2 96 a4 20 ff 27 1b 8b 72 f7 90 9b 92 e1 5e |.... .'..r.....^| 00000040 a2 35 d4 34 01 bf d9 0e 93 bf ec 9c d4 ea b6 6a |.5.4...........j| 00000050 76 93 ac 1c 6d fb dd a0 db b5 41 7f e1 5d 81 30 |v...m.....A..].0| 00000060 f8 f4 c4 54 9a 21 ac 3d bc 65 cd c6 47 ea 68 7a |...T.!.=.e..G.hz| 00000070 22 e1 e9 7c 11 f8 97 16 5f 14 73 e8 5f b4 53 29 |"..|.....s..S)| 00000080 0f 68 0c 3f df 88 32 c8 4f dd 68 95 68 2f d6 14 |.h.?..2.O.h.h/..| 00000090 c0 25 c9 56 2d c1 15 9d 7d 9f e5 94 26 9b 3e f3 |.%.V-...}...&.>.| 000000a0 df 26 d7 2e 5c ab 75 76 21 83 80 f7 8f a9 0d 6a |.&...uv!......j| 000000b0 22 f8 55 3c d7 68 b8 e8 60 27 1e 23 a2 77 15 99 |".U<.h..'.#.w..| 000000c0 31 d4 f3 78 c3 2e 8f e8 e2 12 02 ea a9 d6 1f 4b |1..x...........K| 000000d0 ba 81 af 28 65 c7 c9 54 82 41 5d a8 5a b6 94 da |...(e..T.A].Z...| 000000e0 ee 54 4b 43 95 b8 6c 16 5f dd f9 10 e0 9c e2 70 |.TKC..l._......p| 000000f0 40 5e 9d 4f 2b f7 9f 81 77 7d 74 60 61 d6 61 e9 |@^.O+...w}ta.a.| 00000100 bc d4 1a 59 b4 80 1a 15 17 9d d4 c3 18 bc c5 44 |...Y...........D| 00000110 82 3b 0b 66 b7 3d a5 4c 08 be 63 53 b7 00 fa 51 |.;.f.=.L..cS...Q| 00000120 35 24 7b 4f 4f 53 b8 7f b5 5e 3d 58 b4 fe 5f 72 |5${OOS...^=X.._r| 00000130 80 ea ab d2 4d 5e 55 2e 0b 05 d7 b6 c4 46 03 af |....M^U......F..| 00000140 27 ed d0 10 8a b2 08 ff 93 c9 d5 dc dc c2 39 a5 |'.............9.| 00000150 1c bc 51 a7 ae f8 0c 60 02 ec 9d a1 ee 67 5a c4 |..Q....`.....gZ.| 00000160 53 57 be 16 4c 47 9a 52 3e 00 25 18 7c a5 d1 3d |SW..LG.R>.%.|..=| 00000170 b8 1f 9f a6 1e 86 1f ab 55 91 ac ca a4 5e 9b f5 |........U....^..| 00000180 d0 02 8b d4 21 a1 89 d2 d1 b9 ba 62 05 62 a4 d8 |....!......b.b..| 000001b0 89 8b 38 96 f2 d5 eb 0c a6 3a 77 99 f9 b6 8d 3d |..8......:w....=| 000001c0 93 21 6d f8 d4 ac 02 9e 05 b1 d0 50 2f 3f ba 91 |.!m........P/?..| 000001d0 d0 02 8b d4 21 a1 89 d2 d1 b9 ba 62 05 62 a4 d8 |....!......b.b..| 000001f0 ba f1 b3 b7 1f 99 ec cb 01 57 67 f1 2c a6 48 a6 |.........Wg.,.H.| 00000200

---

Sector 2048: 00000000 81 db 6e dd 1e 2b 13 5e 3e 30 9f 9d e5 9e 03 0b |..n..+.^>0......| 00000010 69 50 5f bc 66 be 07 e7 e9 13 4d 97 f7 9e 09 f4 |iP.f.....M.....| 00000020 a7 67 16 bf 04 2a 9f 29 54 e9 a6 f2 72 77 78 c9 |.g...*.)T...rwx.| 00000030 a8 64 b6 b5 5a 9d 4f d1 70 9b fe e9 4d 2f 80 c1 |.d..Z.O.p...M/..| 00000040 29 d9 7d f4 f6 96 d1 68 39 e5 10 32 c2 e5 1c 35 |).}....h9..2...5| 00000050 13 f8 de 63 be 08 4a 46 f1 ed 91 c2 33 d8 56 20 |...c..JF....3.V | 00000060 df 24 96 18 7c 48 d7 c7 e1 9d f7 d4 10 15 cc bd |.$..|H..........| 00000070 1d cc c2 19 97 17 15 1a 5f 27 03 b9 c5 9b e1 9d |........'......| 00000080 03 29 3c a5 90 7e f9 c1 51 6b 64 91 42 91 a6 f6 |.)<..~..Qkd.B...| 00000090 7a e3 7c 16 8c d7 13 8f eb f9 4f a0 1a 38 4e ab |z.|.......O..8N.| 000000a0 37 e5 08 19 ce 35 68 90 a1 a3 2c 13 aa a4 da 58 |7....5h...,....X| 000000b0 bf 6d a4 2c 11 cd af c2 d0 d2 2e 84 8f 0b 1e bc |.m.,............| 000000c0 1b 23 ca a0 f1 eb 91 47 bc 7d 68 1c 6a 4b 17 d7 |.#.....G.}h.jK..| 000000d0 b1 a5 fe d5 cf 29 28 6d 6b 14 a7 99 56 88 81 12 |.....)(mk...V...| 000000e0 7b 6e a6 00 3e 72 98 71 bb d0 b8 8b e5 14 cc 4c |{n..>r.q.......L| 000000f0 d4 f8 0a ba 59 f6 eb 51 bd 05 b7 78 b1 e6 0f b0 |....Y..Q...x....| 00000100 86 4d c3 bf fd b9 21 ae 2e 24 47 77 8b 05 ca 0a |.M....!..$Gw....| 00000110 33 07 06 99 8a 28 35 f7 97 bd c5 29 39 82 18 82 |3....(5....)9...| 00000120 07 ee c8 a8 59 70 c6 6c 0d 39 0d 99 d6 07 2a 1c |....Yp.l.9.....| 00000130 ff 7b 70 dd 56 83 9c 1a 1f 92 91 ac 71 83 39 0b |.{p.V.......q.9.| 00000140 21 4e 94 9e c8 4a 86 8f af 74 af ce a3 bf 38 ea |!N...J...t....8.| 00000150 fc 77 f0 26 c8 ce 4d c1 fd 56 5e 0e c8 15 34 f3 |.w.&..M..V^...4.| 00000160 6f 0f ea f7 c8 66 2d ae 69 fb 8e c8 e4 73 77 db |o....f-.i....sw.| 00000170 6f 15 2f c8 07 f1 94 0f 14 2d e1 b5 ed 34 81 1c |o./......-...4..| 00000180 2b 5d 46 d7 05 7e 83 97 e5 60 3a 81 0c ab 5e 8d |+]F..~...`:...^.| 00000190 61 db 9f 88 76 2b e9 92 c2 9e 7b 9a e9 1a e2 c8 |a...v+....{.....| 000001a0 bd a5 f5 79 2c 05 c6 2a 9c 3b dd 09 dd 0f 03 00 |...y,...;......| 000001b0 69 43 47 8d f7 0e 11 1a 92 ec 5a a0 4a 28 a5 3e |iCG.......Z.J(.>| 000001c0 bb 06 c1 a7 8b eb 67 df 0e ec 4d 4a ec ec 30 00 |......g...MJ..0.| 000001d0 b1 4f 49 76 68 fb 15 5b 4c 3f 33 82 87 bd 9c 34 |.OIvh..[L?3....4| 000001e0 97 57 8f 17 1c 47 8b 8c 87 9f 07 8f 95 75 bb eb |.W...G.......u..| 000001f0 06 ee cb b4 e1 97 b1 74 82 11 db 3d dd a1 82 2a |.......t...=...*| 00000200

---

Sector 5860529539: 00000000 57 4d 59 53 24 08 01 f8 00 00 00 00 02 00 00 00 |WMYS$...........| 00000010 af 28 59 71 68 83 51 9e 9b f0 8c 99 9a 88 22 ae |.(Yqh.Q.......".| 00000020 bb b9 0f de 5f 0a 6d 5f 5e 71 3d 6a eb 1e 5c 07 |.....m^q=j...| 00000030 33 01 f0 8b ee da e0 4a 15 88 b9 b5 72 b1 03 20 |3......J....r.. | 00000040 f3 65 eb 88 91 70 f9 e7 09 9a ee cb 58 05 ad 97 |.e...p......X...| 00000050 e3 6e b3 6d 5f 78 c9 cd fe cb 85 c0 43 50 06 8d |.n.m_x......CP..| 00000060 0f b6 50 6e 1a 36 30 8c 8e 25 9b fa 32 26 6b 6a |..Pn.60..%..2&kj| 00000070 04 02 72 61 c0 a9 f3 65 a1 b4 b5 55 0c d4 e7 c7 |..ra...e...U....| 00000080 f1 52 3b f2 46 b3 e8 69 00 00 00 00 00 00 00 00 |.R;.F..i........| 00000090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 000001c0 00 f4 a9 2b 00 00 00 00 00 10 00 00 03 00 00 00 |...+............| 000001d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000200

[JoshAust]

Sorry, missed your most recent post. WOW! thank you, that is awesome! Much appreciated.

Re the discrepancy.... From my reading, the drive appears to be using 4096b sectors when it is connected to the USB bridge, but appears as 512b when connected via SATA....which I guess is why reallymine only images 1/8 of the drive. However, I did notice that it appears to be a bit less than 1/8th as the "decrypted" image from reallymine is only 307,490,830,384 bytes in size, which only works out to be about 2.46TB. Anyway, thanks once again, and speak soon.

[themaddoctor]

which I guess is why reallymine only images 1/8 of the drive. Probably not.

[themaddoctor]

OK, the first thing you should do is put the original disk in a safe place. We will mess around with the copy that you made. If things work correctly, you will also need a third disk to hold your files. Maybe an external disk would be best, since you can connect and disconnect if/when you are ready for it.

Connect the encrypted copy to the ubuntu machine and tell me what its designation is. /dev/sda or /dev/sdb or ...

[JoshAust]

Hi again themaddoctor. Sorry for the delay - its just after 9:00am here in Tasmania.  OK The encrypted copy drive is /dev/sdb. The third (blank) disk is /dev/sdk. (Its a second hand drive that I've deleted all the partitions from).

[themaddoctor]

OK. You need to have the program 'cryptsetup' installed. Find out if you have it by typing which cryptsetup

[themaddoctor]

If you don't have it, install with sudo apt-get install cryptsetup

My info is somewhat old, and ubuntu might have changed its package manager, so maybe you need to figure it out.

[JoshAust]

"which cryptsetup" did nothing at all, just returned to the terminal line. so I did "cryptsetup" which said it was not installed, but that I could install it by running: "sudo apt-get install cryptsetup-bin" I installed it and re ran "which cryptsetup" and it returned: "/usr/sbin/cryptsetup"

[themaddoctor]

Now feed your key to cryptsetup. This is all one command and should all be on one line.

echo 84f52e69f30dd2c3413c66aba92e3701623af526dec257e65f4b204580d1b266 | xxd -p -r | sudo cryptsetup -d - --hash=plain --key-size=256 -c aes-ecb create wd /dev/sdb

Check for success by doing sudo file -s /dev/mapper/wd

If you get "DOS/MBR boot sector..." then it worked.

[JoshAust]

OK, I just tried that, by copying the line and pasting it into terminal... It did not return anything, just came back to the terminal.

[themaddoctor]

Check for success by doing sudo file -s /dev/mapper/wd

If you get "DOS/MBR boot sector..." then it worked.

[JoshAust]

however, I re ran it and it returned: "wd device already exists"

running lsblk now shows a partition? named wd under sdb.

[themaddoctor]

sudo file -s /dev/mapper/wd

[JoshAust]

"sudo file -s /dev/mapper/wd" returns: "/dev/mapper/wd: symbolic link to ../dm-0"

[themaddoctor]

sudo file -s -L /dev/mapper/wd

[JoshAust]

that returns:

/dev/mapper/wd: DOS/MBR boot sector MS-MBR XP english at offset 0x12c "Invalid partition table" at offset 0x144 "Error loading operating system" at offset 0x163 "Missing operating system", disk signature 0x2dcc8; partition 1 : ID=0x7, start-CHS (0x0,4,5), end-CHS (0x3ff,254,63), startsector 256, 732558080 sectors

[themaddoctor]

OK. It worked.

Now you need to change the partition table so that it uses 512-byte blocks, which is the standard size.

Run sudo fdisk /dev/dm-0

Fdisk is an interactive program. Use m to get help. Use d to delete the existing partition. Use n to recreate it. Use a starting block of 2048 and end block that is as large as possible.

[themaddoctor]

Use p to display the partition table. Check to see if it says sector size is 512.

[JoshAust]

I ran it, and it threw a possible error, then a different command prompt: The size of this disk is 3.7 TiB (4000787030016 bytes). DOS partition table format cannot be used on drives for volumes larger than 2199023255040 bytes for 512-byte sectors. Use GUID partition table format (GPT).

Then it has another different command prompt that reads: "Command (m for help): ^C"

Should I continue?

[themaddoctor]

p to print the table

[JoshAust]

i did "d" and deleted it I typed n and it asks for primary or extended. Which should I choose?

[JoshAust]

default is primary.

[themaddoctor]

That explains a lot. WD used a larger block size so that block numbers would not overflow. They used a DOS partition table, but you are going to replace it with GPT table.

Use command g then use command n start 2048 end wherever it suggests

[JoshAust]

red text reports "Partition #1 contains a ntfs signature"

Then prompts to remove the signature yes/no?

[themaddoctor]

NO

[JoshAust]

OK

I said no. Back at the "Command (m for help):

[themaddoctor]

g to create new GPT table

[JoshAust]

that returns: "Created a new GPT disklabel (GUID: F85715B8-6349-8340-8320-B95C5610BD78). The old dos signature will be removed by a write command."

[themaddoctor]

n to create new partition in the new table You want the new partition to start at 2048 and end at the largest possible (it will suggest it).

[JoshAust]

when I do that, selecting the default start, 2048 and the default end 7814037134. It reports: Created a new GPT disklabel (GUID: F85715B8-6349-8340-8320-B95C5610BD78). The old dos signature will be removed by a write command."

It then asks: Do you want to remove the signature? [Y]es/[N]o:"

[themaddoctor]

I guess so. I've never had it ask me that before. Then w to write the new table and exit.

[JoshAust]

SORRY!!! I made an error.

let me rewrite that:

when I do that, selecting the default start, 2048 and the default end 7814037134. It reports: Created a new partition 1 of type 'Linux filesystem' and of size 3.7 TiB. Partition #1 contains a ntfs signature."

IT then again prompts to remove the signature...

I think I've stuffed something up here...

[themaddoctor]

Use q to exit without actually writing to disk.

[JoshAust]

done...

[themaddoctor]

We are going to try something else. These two commands. The second one should tell you which loop device it used.

sudo losetup -o 1048576 -f /dev/dm-0

sudo losetup -j /dev/dm-0

[JoshAust]

first returned nothing. The second returned: "/dev/loop12: [0005]:655 (/dev/dm-0), offset 1048576"

[themaddoctor]

OK. Good.

Try to mount it with these two commands:

sudo mkdir -p /mnt/wd

sudo mount /dev/loop12 /mnt/wd

[JoshAust]

Wow! I only ran the first command, then noticed that the drive had appeared under Files, and I can see all the data! Do I need to run the other command, as it appears to already be mounted?

[themaddoctor]

No. You are ready to copy your data to the blank drive.

[JoshAust]

Fantastic! Thank you so much for your help!

[themaddoctor]

You're welcome. Back up your data. Have a good night.