Open m4sterful opened 7 years ago
Sure! Just run the various commands as described in the README and let's see what you can get out of the drive.
AsMedia? Is that a new chip?
On Nov 9, 2016 5:22 PM, "Pietro Gagliardi" notifications@github.com wrote:
Sure! Just run the various commands as described in the README and let's see what you can get out of the drive.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/andlabs/reallymine/issues/18#issuecomment-259555800, or mute the thread https://github.com/notifications/unsubscribe-auth/AQE6xYooTMhlNDjJ3xgNnIQwWDIMPpOJks5q8lW5gaJpZM4KuGIS .
This unit indicates it supports AES 256 encryption but bypassing the usb bridge actually yields the same unencrypted data at this point (no password currently set). I will try encryption using the WD security tool and see if it's in fact performing software encryption or enabling some function in the chip...
What's the result?
Yes, yes, yes, yes, yes.
Can you dump the first and last 3MB of the disk without the USB bridge, all service area modules, and the eeprom?
So I apologize for the confusion, but what happened was this: I was trying out this program on a few drives I'd previously done recovery on, reading over the code, very excited at a real PoC for the decryption algos, and I looked through my DR cases and found a controller that wasn't even listed.
So I immediately posted and then get to work... except as I said in my original post the data turned out to be completely unencrypted! Even though the controller specs indicate encryption is available, the WD security tool would not list it or allow me to encrypt the drive. So I assumed the firmware and etc would not be too interesting to the project and moved on..
:(
Sorry =/
I'll see if I can make it up in the future with some interesting information if I can...
And that's with the ASM1051/ASM1053 chips? Interesting; I wonder if all of them are like that.
I seem to vaguely recall some types of drives having the encryption chip on the drive themselves so the USB bridge chip do nothing and using the drive directly would give you pure data but not reading the platters through a microscope or something, but I can't verify that either...
I've thought about this for a bit, and I think it would be good to look at the keyblocks, in order to start understanding these chips. I know what @andlabs is thinking, but some AS-chipped drives are encrypted, and there needs to be a way to tell the chip to encrypt or not to encrypt. With some other chips, there is a "FDE" mode that really means "let the drive handle it". The AS chips must have something like that.
So, for these two drives, do they have the same size with the USB bridge as without it? In linux the size in kiB is in /proc/partitions. If the sizes are different, can you dump the last 3MB of each and send them?
If the sizes are the same, can you dump the service modules? I would use hddsupertool for that. The modules contain mostly zeroes, so if you zip them together, the file will be small.
If there is no keyblock in any of that stuff, the firmware must control it. That would be sad indeed.
So SSDs with FDE perform proper encryption techniques, as that as easily controlled in-firmware and hand-in-hand with load leveling algorithms. While there may be HDDs with fde available, I have not encountered one. For the most part laptop HDDs have always used standard ATA commands to lock the drive with a password. Any standard pro firmware recovery hardware all have one click solutions to any hdd passwords, and I can tell you from experience that replacement / modification of specific firmware modules in the WD drives have always unlocked the drive, the data is most definitely not encrypted on-disk.
Regarding the drive above, yes it had the same block count using USB and SATA (UPDATE: this is not true, they were close but not the same, see post below) - looked firmware-wise like a standard SATA drive with the USB removed - that is, some USB drives have an extra firmware module in them, but I did not identify one in this case.
Drive firmware modules are ~ 175mb, if you want let me know where you want me to upload them I can provide them for you certainly.
If you zip them, is it any smaller?
Should be, I'll see what I can do.
Just like that another ASM1051 unit fell to us for data recovery, pretty easy recovery because again, zero drive level encryption.
Regarding the firmware, it's 450mb including tracks too (which are just a RAW dump of SA and of course include the modules) but zipped you're looking at only 15mb! I used 7z but changed extension to .zip for upload to github, hopefully all is well.
So you know what you're looking at, you have the ROM, \ROM\ROM_WDC...bin, which contains the boot code and several modules - 0A, 0B, 0D, 4F, etc. The ROM minus modules is backed up in the SA, but this is what you'd find in the EEPROM on the physical board. It contains a base image, and the modules give the drive just enough data to spin up the motor, actuate the heads to the SA, and read the rest of the firmware. Some useful things here from a DR perspective are microjogs, head alignment values, pre-amp values, vendor and configuration details, etc.
The Track folder is a raw dump of the service area, which on this drive is 256 tracks by 1480 sectors per track. Total size for data is 185MB, though obviously most of that goes unused (and often I find earlier tracks, 0- may not read and are unpopulated, even on fully functional drives - you'll see I dumped only track 40 onwards). There are two copies of this firmware held on the first two surfaces of the drive (heads 0 and 1) - both sets are in the file and should generally match each other exactly.
The modules, contained in the mod folder, are contained in the tracks. They represent the 'files' of the operating system that runs the hard disk. Each file serves a different purpose - the exact location of module 01 is contained in the ROM, and it is the first file read from the service area when the drive boots, because that module represents a file table for the rest of the modules - that is, their exact track and sector starting position represented as an ABA value.
Regarding sector count, check this out: SATA Board: 3906963633 USB Board: 3906963456 177 sectors less
When I compare, I find that sector 0~3906963633 appears visually the same, but in the 177 sectors there are various sectors that, if I was looking at an encrypted drive, I would assume were encrypted. However, I now believe they are artifacts of some kind of initial format on the drive.
I looked over other areas of allocated but unused sectors on the drive (Drive was only 55% full), I find these same sector entries. The first line (07 7d 20 70 E8 BA 7F 47 22 37 04 72 XX XX XX XX) will be the same, and all the lines after are the same as well across the entire drive. The ones marked XX I believe are a sector count or something like that. I found no other interesting sectors in that area. If someone else can take a look at a similar drive it would be interesting to see if this is an artifact of the initialization on the USB interface from the factory.
That brings us to ASM1051.bin, which may be worth looking at. There are two EEPROMs on the board and this is a dump of the EEPROM at U14, which is for the USB3 controller. There is all sorts of interesting strings, such as references to the 'WD Virtual CD' device WD likes to show when the drive has encryption. I did not get a good ID on the chip (text was unreadable, and my programmer did not have an ID match), and assumed it was 256K, and I used the same settings as when I read U12 as they looked the same. It appears to have only been 64K: the ROM restarts at sector 128, and after sector 256 there is only empty space.
WDC WD20NMVW-11AV3S0_01.01A01_WD-WX91A9353120_0001000G_1480_256.zip
Above is an example sector as is in the reserved section on the drive
Well, so far I have found a JMicron-type keyblock in module 0x25. I'll post it in a sec.
What was in those hidden 177 sectors? Are they included in the zip?
The keyblock, in sector 1 (2nd sector) of module 0x25:
00000000 57 44 76 31 1b 5f 00 00 00 88 df e8 00 00 00 00 |WDv1._....��....|
00000010 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 00 |......�.........|
00000020 01 00 00 00 00 00 46 50 00 00 00 00 00 00 00 00 |......FP........|
00000030 00 02 ff 00 00 00 00 00 00 00 00 00 00 00 00 00 |..�.............|
00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000050 20 00 46 df 00 00 00 01 00 00 00 00 57 44 76 31 | .F�........WDv1|
00000060 e8 8b 67 1b e6 14 37 d1 64 f3 d9 5d e4 b7 4b 6c |�.g.�.7�d��]��Kl|
00000070 18 d9 11 54 7c 89 c1 3c c2 3b 9e 6a 4c da b9 39 |.�.T|.�<�;.jLڹ9|
00000080 ef fa 2e 33 95 45 0e f7 98 58 fc a0 d4 2e f5 ec |��.3.E.�.X���.��|
00000090 8b f9 fb 98 44 07 9e 68 6d f7 85 14 58 ea ed a8 |.��.D..hm�..X���|
000000a0 9e 4b a2 96 6a 1a 4d 27 4c b1 19 60 41 ee 5c 5b |.K�.j.M'L�.`A�\[|
000000b0 e5 15 41 c4 ec fa a5 26 cc 47 9d 91 fd 30 44 33 |�.A����&�G..�0D3|
000000c0 5f cf f6 c6 2b 3e 7c 80 c3 94 ad b3 f1 4b 5a 07 |_���+>|.�.���KZ.|
000000d0 14 82 19 ff 1e b0 7a 88 30 72 02 30 cd e5 7c 3d |...�.�z.0r.0��|=|
000000e0 dc 5a 0a d4 52 b2 64 25 25 d3 9b 2d f8 c1 19 93 |�Z.�R�d%%�.-��..|
000000f0 57 de e8 59 69 ca 8f d8 8a 22 ee 54 75 e0 39 2e |W��Yi�.�."�Tu�9.|
00000100 5c 75 a0 6e 56 31 64 a8 7a 85 49 dc ec 23 d7 ff |\u�nV1d�z.I��#��|
00000110 fd 04 b1 42 5e ed ae 6e 4c 6b d2 33 40 80 27 39 |�.�B^��nLk�3@.'9|
00000120 9e 36 f8 bf b1 7b 35 2d 82 cd a5 fb 06 36 5d 94 |.6���{5-.�.6].|
00000130 68 30 f1 7f 4f 12 7b ff c4 a4 59 97 bc 94 29 ab |h0�.O.{�ĤY.�.)�|
00000140 b0 d8 73 3d 73 04 e1 d8 10 b5 3c bf 1a e1 60 75 |��s=s.��.�<�.�`u|
00000150 63 a5 fa 27 81 72 b2 f7 96 3b 1f 64 f9 4d a2 a0 |c��'.r��.;.d�M��|
00000160 cd eb d5 1f 9f 4b 65 04 68 29 04 f2 1f 67 ea 0a |���..Ke.h).�.g�.|
00000170 be d7 ee 5c e8 07 cc e4 f1 7b 11 70 2e 31 f7 95 |���\�.���{.p.1�.|
00000180 4b c8 e9 2f 6f db 5a ac 34 2a c2 fc 70 1f d0 83 |K��/o�Z�4*��p.�.|
00000190 5f d2 ea 4a 29 ec 99 be cf 81 5d a0 85 75 15 0a |_��J)�.��.]�.u..|
000001a0 1a 68 23 1e 2d 23 fc 8a 4d 24 16 04 d9 76 20 9d |.h#.-#�.M$..�v .|
000001b0 50 47 ff 1c 1f e2 7b 5f 21 a1 4e 77 21 90 37 fd |PG�..�{_!�Nw!.7�|
000001c0 f7 21 fb 21 05 9b b0 fa 45 71 8b 18 ff 03 5a f0 |�!�!..��Eq..�.Z�|
000001d0 2c 42 97 5d ae 19 c3 34 2b a4 df 25 50 d9 7a 4a |,B.]�.�4+��%P�zJ|
000001e0 33 a5 8f 18 57 53 78 c0 08 24 2f 92 75 3f d6 c3 |3�..WSx�.$/.u?��|
000001f0 53 f5 9c ca f2 84 bf e1 ea 1b 3f a7 30 eb 1c d4 |S�.��.���.?�0�.�|
Decrypted with the default (pi) key:
00000000 2e 59 bc 40 37 1c 58 68 13 29 6c 46 1f e2 11 9b |.Y�@7.Xh.)lF.�..|
00000010 0f ef 48 20 45 eb 9e eb dd 15 4a 0c 5f a8 93 cc |.�H E�.��.J._�.�|
00000020 15 d2 c8 40 d8 e5 c3 68 35 d4 f6 ff c7 36 59 88 |.��@���h5����6Y.|
00000030 10 cf 7a 85 ea fa a1 60 5c 0f e9 a9 3d 6d de f3 |.�z.���`\.��=m��|
00000040 d0 62 f2 36 84 01 37 aa 75 67 2b 93 c1 1f 4f f2 |�b�6..7�ug+.�.O�|
00000050 94 54 40 40 25 cb 89 54 f7 72 7e 2d 4e fe 06 fb |.T@@%�.T�r~-N�.�|
00000060 1c 00 00 00 40 00 00 00 c2 00 00 00 85 00 00 00 |....@...�.......|
00000070 57 00 00 00 6c 00 00 00 5d 00 00 00 ed 00 00 00 |W...l...]...�...|
00000080 ab 00 00 00 16 00 00 00 c1 00 00 00 34 00 00 00 |�.......�...4...|
00000090 7e 00 00 00 3d 00 00 00 4e 00 00 00 e2 00 00 00 |~...=...N...�...|
000000a0 e4 00 00 00 9b 00 00 00 c9 00 00 00 6b 00 00 00 |�.......�...k...|
000000b0 4d 00 00 00 53 00 00 00 cd 00 00 00 ca 00 00 00 |M...S...�...�...|
000000c0 da 00 00 00 64 00 00 00 02 00 00 00 de 00 00 00 |�...d.......�...|
000000d0 c5 00 00 00 95 00 00 00 e9 00 00 00 0a 00 00 00 |�.......�.......|
000000e0 81 00 00 00 f6 00 00 00 fb 00 00 00 6a 00 00 00 |....�...�...j...|
000000f0 22 00 00 00 bf 00 00 00 09 00 00 00 30 00 00 00 |"...�.......0...|
00000100 44 45 4b 31 0a 3e 00 00 69 0a ee 4a 72 7e 71 f8 |DEK1.>..i.�Jr~q�|
00000110 84 40 24 ab 32 24 9c 1c e7 9c b8 a8 3e 68 11 b6 |.@$�2$..�.��>h.�|
00000120 85 24 6c 4c a0 69 11 63 00 ce de 9d 4a 69 8a 37 |.$lL�i.c.��.Ji.7|
00000130 d7 63 e4 a4 8d 00 47 00 50 00 67 00 3f 00 8a 00 |�c��..G.P.g.?...|
00000140 c9 00 f0 00 a9 00 41 00 83 00 46 00 0d 00 e6 00 |�.�.�.A...F...�.|
00000150 c3 00 98 00 48 56 79 a7 20 00 00 00 00 00 00 00 |�...HVy� .......|
00000160 8f 00 00 00 d6 00 00 00 9a 00 00 00 a6 00 00 00 |....�.......�...|
00000170 87 00 00 00 89 00 00 00 a9 00 00 00 c8 00 00 00 |........�...�...|
00000180 04 00 00 00 a1 00 00 00 97 00 00 00 37 00 00 00 |....�.......7...|
00000190 cf 00 00 00 14 00 00 00 1f 00 00 00 f1 00 00 00 |�...........�...|
000001a0 eb 00 00 00 d4 00 00 00 44 00 00 00 63 00 00 00 |�...�...D...c...|
000001b0 12 00 00 00 60 00 00 00 a3 00 00 00 49 00 00 00 |....`...�...I...|
000001c0 f2 00 00 00 5a 00 00 00 fd 00 00 00 15 00 00 00 |�...Z...�.......|
000001d0 70 00 00 00 1d 00 00 00 2f 00 00 00 2e 00 00 00 |p......./.......|
000001e0 41 00 00 00 ad 00 00 00 69 00 00 00 93 00 00 00 |A...�...i.......|
000001f0 96 00 00 00 58 00 00 00 23 00 00 00 d0 00 00 00 |....X...#...�...|
The extracted DEK: 378a694a9ddece00631169a04c6c2485a8b89ce71c9c2432ab244084f8717e72
The 177 sectors all looked just like the image I posted, nothing more. Yes I saw that in sec 25, I figured as it was a passport drive it was probably pre-programmed for the JMicron chip or something like that? Not sure why it would have it..
Is the USB controller dead? Can you get a VID:PID?
What about status command? sg_raw -r 1k /dev/...... c0 45 00 00 00 00 00 30
Here's a discussion of a similar drive: https://forum.hddguru.com/viewtopic.php?f=1&t=30081
And it prompts me to ask this: Can you find a JMicron chip on the drive's PCB? If you have to remove it to look, of course wait until you finish the recovery.
There is no Jmicron chip on the board - it's a standard USB3 drive with an ASMedia ASM1051W chip on it as well as a standard Marval RISC processor.
I have two USB3 boards with ASM1051 chips to check - one I pulled both EEPROMs off, the other has both EEPROMs on and is attached to a drive.
The drive installs the standard WD SES hardware driver, WD My Passport USB, USB Mass Storage VID_1058&PID_259D.
With EEPROM removed (same board as I provided the EEPROM for), shows up as ASMT 2105 USB Device, USB Mass Storage VID_174C&PID_51D6.
Out of curiosity, does reallymine getdek
say the same thing as your manual DEK extraction with that block? Can't check right now, but it does look like JMicron format, yes.
@andlabs I don't know. My really mine has exactly one executable called "reallymine-master" and
./reallymine-master getdek kb.bin
gives me "error opening encrypted file getdek: open getdek: no such file or directory".
@m4sterful What is the manufacture date on the label of this disk?
DOM is 09 APR 2016
BTW, disks are assigned keys at the factory THROUGH the JMicron chip, which adds its own PRNG numbers to the key. (As I understand it.) So finding these keyblocks confuses me even more.
huh. Previously I'd mentioned I had not bumped into a true self encrypting hard drive, that is, a hard drive with AES encryption built in to the firmware. However, the post you linked as well as another post in the dolphin forums leads me to believe this is an SEV drive.
If that is the case, could not it be using the same (or similar) algorhythm for decryption as JMicron, but be performing this action in-firmware? Can we confirm the mod 25 decrypted to a decrypted JMicron WDv1 sector? If they have enough differences perhaps WD is just reusing code to store the encryption key?
Just got one of these asmedia drives, will start looking at it tomorrow after noon.
On Jun 7, 2017 9:10 PM, "m4sterful" notifications@github.com wrote:
huh. Previously I'd mentioned I had not bumped into a true self encrypting hard drive, that is, a hard drive with AES encryption built in to the firmware. However, the post you linked as well as another post in the dolphin forums leads me to believe this is an SEV drive.
If that is the case, could not it be using the same (or similar) algorhythm for decryption as JMicron, but be performing this action in-firmware? Can we confirm the mod 25 decrypted to a decrypted JMicron WDv1 sector? If they have enough differences perhaps WD is just reusing code to store the encryption key?
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/andlabs/reallymine/issues/18#issuecomment-306977909, or mute the thread https://github.com/notifications/unsubscribe-auth/AQE6xYjmBGaeu5JSr0zTBxKhwaIx2_0Eks5sB1gsgaJpZM4KuGIS .
So I looked through my stack and found a similar one of these drives - 2TB from 03 Aug 2014, WD20NMVW-11AV3S3 with ASM1051W. I managed to spin it back up and pull firmware. It has a completely different sector 25. See attached.
WDC WD20NMVW-11AV3S3_01.01A01_WD-WX91A647U2R8_00210016_1480_256.zip.
Same LBA difference on SATA connection, similar signature on any area not yet written. My guess here is that we might be looking at unencrypted, unwritten sectors 'encrypted' by the SEV functionality on the drive.
While I did not need to unlock the service area for these drives, this article http://forum.acelaboratory.com/viewtopic.php?t=8555 indicates that some of them do require it. They also mention module 02 is indicated in enabling / disabling SEV on the drive - I'll see if I can potentially confirm that and disable it..
@themaddoctor your reallymine is old; you may want to get the latest version :S
Also FWIW I still plan on adding module dumping to reallymine as well, but that'll happen at some point in the distant future.
@m4sterful The status command I posted yesterday should return the available encryption modes for that particular drive.
Here's something interesting: The numbers in lines 16 through 1f in a decrypted keyblock are generated by the PRNG on the JMicron boards. That PRNG has a period of 255 (no shit!). I have checked to my satisfaction that the numbers in this keyblock (posted above) are from the same PRNG as from my JMS538S drive.
I have not been able to reencrypt the pattern c587b04ca8224dff5abea5710d749479 back into zeroes, as I believe they must.
Re PRNG that's interesting... still no idea how I've got that module in a non-jmicron package... I would immediately re-find and redump that particular drive but that drive is no longer in my possession unfortunately.
Ok I'm working on other jobs but I'll run that command when I get a moment
From now on, I will refer to the ASM disk with the JMS keyblock as disk1. The other one as disk2.
OK, the key from disk1 turns out to be vulnerable to the attack described by the "got HW crypto?" PDF, and corresponds to a date stamp of 2013-11-11. That's 2½ years before the manufacture date you gave us. Also, that key will not reproduce that fill pattern (should encrypt back to all zeroes).
Are you absolutely sure the modules are from the same disk (disk1)? Do you keep records of DEKs, so you can search if this DEK is from a different client?
Was disk1 a refurbished disk? The label would be different. It would be black and white, without any color, and might even say "refurbished" on it. I know you don't have the disk any more, but did you take a photo?
Let me clarify - the first firmware dumps (ROM, SA, and ASM firmware) I provided are from the drive from the initial posting I made in November of 2016. That is, I had the original board and a copy of the firmware I made at the time; the drive itself has since been destroyed on client request. That drive is from 2013. I don't have the physical drive anymore and I don't record the cover or date stamp, so outside of pulling that data from the firmware modules I don't have it. It is very possible it was refurbished - as you can imagine those drives are more prone to failure than drives that haven't failed in the past, however I can't say that with certainty at this time.
The packet dump I provided in image https://user-images.githubusercontent.com/1760814/26906997-28c0d940-4bbe-11e7-8b2e-1605d6084528.png is from the drive I was actively working on yesterday, which is the 2016 model I referred to. I do not have a firmware dump from it right now - it's currently imaging after some minor work and a USB -> SATA conversion.
I also provided the firmware dump and etc from the drive from 2014, which you have above. I still have the 2014 drive on hand.
I think that the thing to do is to dump a drive, then set a password with SmartWare, then dump it again. We can find the differences easily.
@andlabs Yes, reallymine gets the same DEK for the JMicron keyblock above.
Disregard. My asmedia drive has a blown hdd pcb
On Jun 7, 2017 9:16 PM, "Tony Salinas" adroflaredo@gmail.com wrote:
Just got one of these asmedia drives, will start looking at it tomorrow after noon.
On Jun 7, 2017 9:10 PM, "m4sterful" notifications@github.com wrote:
huh. Previously I'd mentioned I had not bumped into a true self encrypting hard drive, that is, a hard drive with AES encryption built in to the firmware. However, the post you linked as well as another post in the dolphin forums leads me to believe this is an SEV drive.
If that is the case, could not it be using the same (or similar) algorhythm for decryption as JMicron, but be performing this action in-firmware? Can we confirm the mod 25 decrypted to a decrypted JMicron WDv1 sector? If they have enough differences perhaps WD is just reusing code to store the encryption key?
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/andlabs/reallymine/issues/18#issuecomment-306977909, or mute the thread https://github.com/notifications/unsubscribe-auth/AQE6xYjmBGaeu5JSr0zTBxKhwaIx2_0Eks5sB1gsgaJpZM4KuGIS .
@MrDecay Does it have an encryption chip on it?
I can check out the USB pcb when I get home. But I don't think the drive controller does but ill look into it
On Jun 14, 2017 5:14 PM, "themaddoctor" notifications@github.com wrote:
@MrDecay https://github.com/mrdecay Does it have an encryption chip on it?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/andlabs/reallymine/issues/18#issuecomment-308573435, or mute the thread https://github.com/notifications/unsubscribe-auth/AQE6xYXf8T_wIqNuG4LN9ebALNR_-cz-ks5sEFsngaJpZM4KuGIS .
I have a WD My Book 1230 which has an ASM1051W on its USB-SATA converter board. I'm sure that a password was not set. However after certain period of usage it started require password on any other PC except mine, on my PC it was unlocked for my user account. This is certainly a glitch as I didn't set any password. Searching made me sure that such glitch is frequent. I don't have a dedicated Linux PC, I ran ubuntu on a virtual machine on my nettop. I had HDD connected first with original My Book converter, then with non-encrypting Blueendless USB-SATA converter. Both setups cause reallymine to output "input/output error". Am I right that for your application to work properly a SATA connection to a dedicated Linux machine is required?
UPD: Exact reason of my efforts is that now even my windows PC is not able to unlock the storage and I don't want to erase the content as WD support advices to do to make it fully functional.
AFAIK, ASM1051W does not do encryption, and the disk is locked by some other mechanism.
You can try connecting the drive to a linux machine via SATA, and see what it says.
Thank you for the reply. I'll try to get the needed setup and test direct SATA connection. Actually what you say about chip capabilities is a big surprise. I will examine other chips on converter board. There may be another one that is paired with main chip and can do encryption. I didn't think of this case at first. When HDD was connected with non-encrypting USB-SATA converter Windows didn't recognize the device as initialized storage and DMDE didn't find any signs of data, only bad sectors. I still think that WD-provided converter board does hardware encryption.
I instaled ubuntu on a separate storage device. The other one is WD HDD taken from My Book encosure. Every time system boots it shows log lines displaying I/O error when reading My Book HDD. I haven't installed Go and reallymine but I assume that there is a high probability of getting I/O error when trying to execute getdek command. Anyway I will install both and try. Seems like my version of hardware keeps HDD in a state which is not recognized as initialized. Will initialization overwrite block containing encryption key?
After installation and running getdek command I get I/O error. It was expected. Here are some details. A USB-SATA converter board contains separate flash memory chip. It is possible that new firmware stores decryption key on that chip instead of user disk. Photos for making things clearer.
Overview of converter board
On-board flash chip Pm25LD020
Reverse side with labels on board. May help finding whether this My Book has different hardware revision or something.
Chip I failed to identify. Close to power connector. Can be a power related IC. Marked as R18284 GSPFDW1W. 1W may stand for power specification. It is likely a power IC.
I don't know what else to try. Losing my data is really undesirable.
I don't think, the encryption is on the flash at least not with past chips. The key has always been on a sector right outaide the user partion, but an i/o error could be you ha e a bad sector,possibly at the beginning of the drive or even a failing head(can't properly read the sector creating an i/o error)..
Does the directo to sata connection detect the hard-drive in the bios (model number "correct lba size)
On Wed, Sep 14, 2022, 6:41 AM Dootpehr @.***> wrote:
After installation and running getdek command I get I/O error. It was expected. Here are some details. A USB-SATA converter board contains separate flash memory chip. It is possible that new firmware stores decryption key on that chip instead of user disk. Photos for making things clearer.
[image: IMG_20220914_131101553] https://user-images.githubusercontent.com/110674093/190139207-b2adbb21-d22b-4606-acd5-8c62e9629b59.jpg Overview of converter board
[image: IMG_20220914_124530412] https://user-images.githubusercontent.com/110674093/190139549-8aa989fe-926d-4e89-87b3-c00c8f5e5243.jpg On-board flash chip Pm25LD020
[image: IMG_20220914_123157926] https://user-images.githubusercontent.com/110674093/190140425-17dedcc7-0664-4249-9d34-b59f151a0c14.jpg Reverse side with labels on board. May help finding whether this My Book has different hardware revision or something.
[image: IMG_20220914_124622370] https://user-images.githubusercontent.com/110674093/190141360-a325d660-2882-45d0-8e8c-9ee60ef6b950.jpg Chip I failed to identify. Close to power connector. Can be a power related IC. Marked as R18284 GSPFDW1W. 1W may stand for power specification. It is likely a power IC.
I don't know what else to try. Losing my data is really undesirable.
— Reply to this email directly, view it on GitHub https://github.com/andlabs/reallymine/issues/18#issuecomment-1246640852, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEATVRJAQTKS4I3WPCF4OMLV6G2YFANCNFSM4CVYMIJA . You are receiving this because you were mentioned.Message ID: @.***>
This info is displayed not only in BIOS. Ubuntu application reads size and device model as well.
Post s picture of the haddrive labels I want to investigate something
On Fri, Sep 16, 2022, 2:33 AM Dootpehr @.***> wrote:
This info is displayed not only in BIOS. Ubuntu application reads size and device model as well.
— Reply to this email directly, view it on GitHub https://github.com/andlabs/reallymine/issues/18#issuecomment-1249022068, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEATVRNS376MSL3ZKYVQBYTV6QPEPANCNFSM4CVYMIJA . You are receiving this because you were mentioned.Message ID: @.***>
Hey, are you interested in the AsMedia chips? I've got two units here for testing and can provide any details you'd like.