AsMedia ASM1051 / ASM1053

[m4sterful]

Hey, are you interested in the AsMedia chips? I've got two units here for testing and can provide any details you'd like.

[andlabs]

Sure! Just run the various commands as described in the README and let's see what you can get out of the drive.

[MrDecay]

AsMedia? Is that a new chip?

On Nov 9, 2016 5:22 PM, "Pietro Gagliardi" notifications@github.com wrote:

Sure! Just run the various commands as described in the README and let's see what you can get out of the drive.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/andlabs/reallymine/issues/18#issuecomment-259555800, or mute the thread https://github.com/notifications/unsubscribe-auth/AQE6xYooTMhlNDjJ3xgNnIQwWDIMPpOJks5q8lW5gaJpZM4KuGIS .

[m4sterful]

This unit indicates it supports AES 256 encryption but bypassing the usb bridge actually yields the same unencrypted data at this point (no password currently set). I will try encryption using the WD security tool and see if it's in fact performing software encryption or enabling some function in the chip...

[andlabs]

What's the result?

[themaddoctor]

Yes, yes, yes, yes, yes.

Can you dump the first and last 3MB of the disk without the USB bridge, all service area modules, and the eeprom?

[m4sterful]

So I apologize for the confusion, but what happened was this: I was trying out this program on a few drives I'd previously done recovery on, reading over the code, very excited at a real PoC for the decryption algos, and I looked through my DR cases and found a controller that wasn't even listed.

So I immediately posted and then get to work... except as I said in my original post the data turned out to be completely unencrypted! Even though the controller specs indicate encryption is available, the WD security tool would not list it or allow me to encrypt the drive. So I assumed the firmware and etc would not be too interesting to the project and moved on..

[themaddoctor]

:(

[m4sterful]

Sorry =/

I'll see if I can make it up in the future with some interesting information if I can...

[andlabs]

And that's with the ASM1051/ASM1053 chips? Interesting; I wonder if all of them are like that.

I seem to vaguely recall some types of drives having the encryption chip on the drive themselves so the USB bridge chip do nothing and using the drive directly would give you pure data but not reading the platters through a microscope or something, but I can't verify that either...

[themaddoctor]

I've thought about this for a bit, and I think it would be good to look at the keyblocks, in order to start understanding these chips. I know what @andlabs is thinking, but some AS-chipped drives are encrypted, and there needs to be a way to tell the chip to encrypt or not to encrypt. With some other chips, there is a "FDE" mode that really means "let the drive handle it". The AS chips must have something like that.

So, for these two drives, do they have the same size with the USB bridge as without it? In linux the size in kiB is in /proc/partitions. If the sizes are different, can you dump the last 3MB of each and send them?

If the sizes are the same, can you dump the service modules? I would use hddsupertool for that. The modules contain mostly zeroes, so if you zip them together, the file will be small.

If there is no keyblock in any of that stuff, the firmware must control it. That would be sad indeed.

[m4sterful]

So SSDs with FDE perform proper encryption techniques, as that as easily controlled in-firmware and hand-in-hand with load leveling algorithms. While there may be HDDs with fde available, I have not encountered one. For the most part laptop HDDs have always used standard ATA commands to lock the drive with a password. Any standard pro firmware recovery hardware all have one click solutions to any hdd passwords, and I can tell you from experience that replacement / modification of specific firmware modules in the WD drives have always unlocked the drive, the data is most definitely not encrypted on-disk.

Regarding the drive above, yes it had the same block count using USB and SATA (UPDATE: this is not true, they were close but not the same, see post below) - looked firmware-wise like a standard SATA drive with the USB removed - that is, some USB drives have an extra firmware module in them, but I did not identify one in this case.

Drive firmware modules are ~ 175mb, if you want let me know where you want me to upload them I can provide them for you certainly.

[themaddoctor]

If you zip them, is it any smaller?

[m4sterful]

Should be, I'll see what I can do.

[m4sterful]

Just like that another ASM1051 unit fell to us for data recovery, pretty easy recovery because again, zero drive level encryption.

Regarding the firmware, it's 450mb including tracks too (which are just a RAW dump of SA and of course include the modules) but zipped you're looking at only 15mb! I used 7z but changed extension to .zip for upload to github, hopefully all is well.

So you know what you're looking at, you have the ROM, \ROM\ROM_WDC...bin, which contains the boot code and several modules - 0A, 0B, 0D, 4F, etc. The ROM minus modules is backed up in the SA, but this is what you'd find in the EEPROM on the physical board. It contains a base image, and the modules give the drive just enough data to spin up the motor, actuate the heads to the SA, and read the rest of the firmware. Some useful things here from a DR perspective are microjogs, head alignment values, pre-amp values, vendor and configuration details, etc.

The Track folder is a raw dump of the service area, which on this drive is 256 tracks by 1480 sectors per track. Total size for data is 185MB, though obviously most of that goes unused (and often I find earlier tracks, 0- may not read and are unpopulated, even on fully functional drives - you'll see I dumped only track 40 onwards). There are two copies of this firmware held on the first two surfaces of the drive (heads 0 and 1) - both sets are in the file and should generally match each other exactly.

The modules, contained in the mod folder, are contained in the tracks. They represent the 'files' of the operating system that runs the hard disk. Each file serves a different purpose - the exact location of module 01 is contained in the ROM, and it is the first file read from the service area when the drive boots, because that module represents a file table for the rest of the modules - that is, their exact track and sector starting position represented as an ABA value.

Regarding sector count, check this out: SATA Board: 3906963633 USB Board: 3906963456 177 sectors less

When I compare, I find that sector 0~3906963633 appears visually the same, but in the 177 sectors there are various sectors that, if I was looking at an encrypted drive, I would assume were encrypted. However, I now believe they are artifacts of some kind of initial format on the drive.

I looked over other areas of allocated but unused sectors on the drive (Drive was only 55% full), I find these same sector entries. The first line (07 7d 20 70 E8 BA 7F 47 22 37 04 72 XX XX XX XX) will be the same, and all the lines after are the same as well across the entire drive. The ones marked XX I believe are a sector count or something like that. I found no other interesting sectors in that area. If someone else can take a look at a similar drive it would be interesting to see if this is an artifact of the initialization on the USB interface from the factory.

That brings us to ASM1051.bin, which may be worth looking at. There are two EEPROMs on the board and this is a dump of the EEPROM at U14, which is for the USB3 controller. There is all sorts of interesting strings, such as references to the 'WD Virtual CD' device WD likes to show when the drive has encryption. I did not get a good ID on the chip (text was unreadable, and my programmer did not have an ID match), and assumed it was 256K, and I used the same settings as when I read U12 as they looked the same. It appears to have only been 64K: the ROM restarts at sector 128, and after sector 256 there is only empty space.

WDC WD20NMVW-11AV3S0_01.01A01_WD-WX91A9353120_0001000G_1480_256.zip

ASM1051.zip

[m4sterful]

Above is an example sector as is in the reserved section on the drive

[themaddoctor]

Well, so far I have found a JMicron-type keyblock in module 0x25. I'll post it in a sec.

What was in those hidden 177 sectors? Are they included in the zip?

[themaddoctor]

The keyblock, in sector 1 (2nd sector) of module 0x25:

00000000  57 44 76 31 1b 5f 00 00  00 88 df e8 00 00 00 00  |WDv1._....��....|
00000010  00 00 00 00 00 00 f0 00  00 00 00 00 00 00 00 00  |......�.........|
00000020  01 00 00 00 00 00 46 50  00 00 00 00 00 00 00 00  |......FP........|
00000030  00 02 ff 00 00 00 00 00  00 00 00 00 00 00 00 00  |..�.............|
00000040  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000050  20 00 46 df 00 00 00 01  00 00 00 00 57 44 76 31  | .F�........WDv1|
00000060  e8 8b 67 1b e6 14 37 d1  64 f3 d9 5d e4 b7 4b 6c  |�.g.�.7�d��]��Kl|
00000070  18 d9 11 54 7c 89 c1 3c  c2 3b 9e 6a 4c da b9 39  |.�.T|.�<�;.jLڹ9|
00000080  ef fa 2e 33 95 45 0e f7  98 58 fc a0 d4 2e f5 ec  |��.3.E.�.X���.��|
00000090  8b f9 fb 98 44 07 9e 68  6d f7 85 14 58 ea ed a8  |.��.D..hm�..X���|
000000a0  9e 4b a2 96 6a 1a 4d 27  4c b1 19 60 41 ee 5c 5b  |.K�.j.M'L�.`A�\[|
000000b0  e5 15 41 c4 ec fa a5 26  cc 47 9d 91 fd 30 44 33  |�.A����&�G..�0D3|
000000c0  5f cf f6 c6 2b 3e 7c 80  c3 94 ad b3 f1 4b 5a 07  |_���+>|.�.���KZ.|
000000d0  14 82 19 ff 1e b0 7a 88  30 72 02 30 cd e5 7c 3d  |...�.�z.0r.0��|=|
000000e0  dc 5a 0a d4 52 b2 64 25  25 d3 9b 2d f8 c1 19 93  |�Z.�R�d%%�.-��..|
000000f0  57 de e8 59 69 ca 8f d8  8a 22 ee 54 75 e0 39 2e  |W��Yi�.�."�Tu�9.|
00000100  5c 75 a0 6e 56 31 64 a8  7a 85 49 dc ec 23 d7 ff  |\u�nV1d�z.I��#��|
00000110  fd 04 b1 42 5e ed ae 6e  4c 6b d2 33 40 80 27 39  |�.�B^��nLk�3@.'9|
00000120  9e 36 f8 bf b1 7b 35 2d  82 cd a5 fb 06 36 5d 94  |.6���{5-.�.6].|
00000130  68 30 f1 7f 4f 12 7b ff  c4 a4 59 97 bc 94 29 ab  |h0�.O.{�ĤY.�.)�|
00000140  b0 d8 73 3d 73 04 e1 d8  10 b5 3c bf 1a e1 60 75  |��s=s.��.�<�.�`u|
00000150  63 a5 fa 27 81 72 b2 f7  96 3b 1f 64 f9 4d a2 a0  |c��'.r��.;.d�M��|
00000160  cd eb d5 1f 9f 4b 65 04  68 29 04 f2 1f 67 ea 0a  |���..Ke.h).�.g�.|
00000170  be d7 ee 5c e8 07 cc e4  f1 7b 11 70 2e 31 f7 95  |���\�.���{.p.1�.|
00000180  4b c8 e9 2f 6f db 5a ac  34 2a c2 fc 70 1f d0 83  |K��/o�Z�4*��p.�.|
00000190  5f d2 ea 4a 29 ec 99 be  cf 81 5d a0 85 75 15 0a  |_��J)�.��.]�.u..|
000001a0  1a 68 23 1e 2d 23 fc 8a  4d 24 16 04 d9 76 20 9d  |.h#.-#�.M$..�v .|
000001b0  50 47 ff 1c 1f e2 7b 5f  21 a1 4e 77 21 90 37 fd  |PG�..�{_!�Nw!.7�|
000001c0  f7 21 fb 21 05 9b b0 fa  45 71 8b 18 ff 03 5a f0  |�!�!..��Eq..�.Z�|
000001d0  2c 42 97 5d ae 19 c3 34  2b a4 df 25 50 d9 7a 4a  |,B.]�.�4+��%P�zJ|
000001e0  33 a5 8f 18 57 53 78 c0  08 24 2f 92 75 3f d6 c3  |3�..WSx�.$/.u?��|
000001f0  53 f5 9c ca f2 84 bf e1  ea 1b 3f a7 30 eb 1c d4  |S�.��.���.?�0�.�|

Decrypted with the default (pi) key:

00000000  2e 59 bc 40 37 1c 58 68  13 29 6c 46 1f e2 11 9b  |.Y�@7.Xh.)lF.�..|
00000010  0f ef 48 20 45 eb 9e eb  dd 15 4a 0c 5f a8 93 cc  |.�H E�.��.J._�.�|
00000020  15 d2 c8 40 d8 e5 c3 68  35 d4 f6 ff c7 36 59 88  |.��@���h5����6Y.|
00000030  10 cf 7a 85 ea fa a1 60  5c 0f e9 a9 3d 6d de f3  |.�z.���`\.��=m��|
00000040  d0 62 f2 36 84 01 37 aa  75 67 2b 93 c1 1f 4f f2  |�b�6..7�ug+.�.O�|
00000050  94 54 40 40 25 cb 89 54  f7 72 7e 2d 4e fe 06 fb  |.T@@%�.T�r~-N�.�|
00000060  1c 00 00 00 40 00 00 00  c2 00 00 00 85 00 00 00  |....@...�.......|
00000070  57 00 00 00 6c 00 00 00  5d 00 00 00 ed 00 00 00  |W...l...]...�...|
00000080  ab 00 00 00 16 00 00 00  c1 00 00 00 34 00 00 00  |�.......�...4...|
00000090  7e 00 00 00 3d 00 00 00  4e 00 00 00 e2 00 00 00  |~...=...N...�...|
000000a0  e4 00 00 00 9b 00 00 00  c9 00 00 00 6b 00 00 00  |�.......�...k...|
000000b0  4d 00 00 00 53 00 00 00  cd 00 00 00 ca 00 00 00  |M...S...�...�...|
000000c0  da 00 00 00 64 00 00 00  02 00 00 00 de 00 00 00  |�...d.......�...|
000000d0  c5 00 00 00 95 00 00 00  e9 00 00 00 0a 00 00 00  |�.......�.......|
000000e0  81 00 00 00 f6 00 00 00  fb 00 00 00 6a 00 00 00  |....�...�...j...|
000000f0  22 00 00 00 bf 00 00 00  09 00 00 00 30 00 00 00  |"...�.......0...|
00000100  44 45 4b 31 0a 3e 00 00  69 0a ee 4a 72 7e 71 f8  |DEK1.>..i.�Jr~q�|
00000110  84 40 24 ab 32 24 9c 1c  e7 9c b8 a8 3e 68 11 b6  |.@$�2$..�.��>h.�|
00000120  85 24 6c 4c a0 69 11 63  00 ce de 9d 4a 69 8a 37  |.$lL�i.c.��.Ji.7|
00000130  d7 63 e4 a4 8d 00 47 00  50 00 67 00 3f 00 8a 00  |�c��..G.P.g.?...|
00000140  c9 00 f0 00 a9 00 41 00  83 00 46 00 0d 00 e6 00  |�.�.�.A...F...�.|
00000150  c3 00 98 00 48 56 79 a7  20 00 00 00 00 00 00 00  |�...HVy� .......|
00000160  8f 00 00 00 d6 00 00 00  9a 00 00 00 a6 00 00 00  |....�.......�...|
00000170  87 00 00 00 89 00 00 00  a9 00 00 00 c8 00 00 00  |........�...�...|
00000180  04 00 00 00 a1 00 00 00  97 00 00 00 37 00 00 00  |....�.......7...|
00000190  cf 00 00 00 14 00 00 00  1f 00 00 00 f1 00 00 00  |�...........�...|
000001a0  eb 00 00 00 d4 00 00 00  44 00 00 00 63 00 00 00  |�...�...D...c...|
000001b0  12 00 00 00 60 00 00 00  a3 00 00 00 49 00 00 00  |....`...�...I...|
000001c0  f2 00 00 00 5a 00 00 00  fd 00 00 00 15 00 00 00  |�...Z...�.......|
000001d0  70 00 00 00 1d 00 00 00  2f 00 00 00 2e 00 00 00  |p......./.......|
000001e0  41 00 00 00 ad 00 00 00  69 00 00 00 93 00 00 00  |A...�...i.......|
000001f0  96 00 00 00 58 00 00 00  23 00 00 00 d0 00 00 00  |....X...#...�...|

The extracted DEK: 378a694a9ddece00631169a04c6c2485a8b89ce71c9c2432ab244084f8717e72

[m4sterful]

The 177 sectors all looked just like the image I posted, nothing more. Yes I saw that in sec 25, I figured as it was a passport drive it was probably pre-programmed for the JMicron chip or something like that? Not sure why it would have it..

[themaddoctor]

Is the USB controller dead? Can you get a VID:PID?

What about status command? sg_raw -r 1k /dev/...... c0 45 00 00 00 00 00 30

[themaddoctor]

Here's a discussion of a similar drive: https://forum.hddguru.com/viewtopic.php?f=1&t=30081

And it prompts me to ask this: Can you find a JMicron chip on the drive's PCB? If you have to remove it to look, of course wait until you finish the recovery.

[m4sterful]

There is no Jmicron chip on the board - it's a standard USB3 drive with an ASMedia ASM1051W chip on it as well as a standard Marval RISC processor.

I have two USB3 boards with ASM1051 chips to check - one I pulled both EEPROMs off, the other has both EEPROMs on and is attached to a drive.

The drive installs the standard WD SES hardware driver, WD My Passport USB, USB Mass Storage VID_1058&PID_259D.

With EEPROM removed (same board as I provided the EEPROM for), shows up as ASMT 2105 USB Device, USB Mass Storage VID_174C&PID_51D6.

[andlabs]

Out of curiosity, does reallymine getdek say the same thing as your manual DEK extraction with that block? Can't check right now, but it does look like JMicron format, yes.

[themaddoctor]

@andlabs I don't know. My really mine has exactly one executable called "reallymine-master" and

./reallymine-master getdek kb.bin

gives me "error opening encrypted file getdek: open getdek: no such file or directory".

[themaddoctor]

@m4sterful What is the manufacture date on the label of this disk?

[m4sterful]

DOM is 09 APR 2016

[themaddoctor]

BTW, disks are assigned keys at the factory THROUGH the JMicron chip, which adds its own PRNG numbers to the key. (As I understand it.) So finding these keyblocks confuses me even more.

[m4sterful]

huh. Previously I'd mentioned I had not bumped into a true self encrypting hard drive, that is, a hard drive with AES encryption built in to the firmware. However, the post you linked as well as another post in the dolphin forums leads me to believe this is an SEV drive.

If that is the case, could not it be using the same (or similar) algorhythm for decryption as JMicron, but be performing this action in-firmware? Can we confirm the mod 25 decrypted to a decrypted JMicron WDv1 sector? If they have enough differences perhaps WD is just reusing code to store the encryption key?

[MrDecay]

Just got one of these asmedia drives, will start looking at it tomorrow after noon.

On Jun 7, 2017 9:10 PM, "m4sterful" notifications@github.com wrote:

huh. Previously I'd mentioned I had not bumped into a true self encrypting hard drive, that is, a hard drive with AES encryption built in to the firmware. However, the post you linked as well as another post in the dolphin forums leads me to believe this is an SEV drive.

If that is the case, could not it be using the same (or similar) algorhythm for decryption as JMicron, but be performing this action in-firmware? Can we confirm the mod 25 decrypted to a decrypted JMicron WDv1 sector? If they have enough differences perhaps WD is just reusing code to store the encryption key?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/andlabs/reallymine/issues/18#issuecomment-306977909, or mute the thread https://github.com/notifications/unsubscribe-auth/AQE6xYjmBGaeu5JSr0zTBxKhwaIx2_0Eks5sB1gsgaJpZM4KuGIS .

[m4sterful]

So I looked through my stack and found a similar one of these drives - 2TB from 03 Aug 2014, WD20NMVW-11AV3S3 with ASM1051W. I managed to spin it back up and pull firmware. It has a completely different sector 25. See attached.

WDC WD20NMVW-11AV3S3_01.01A01_WD-WX91A647U2R8_00210016_1480_256.zip.

Same LBA difference on SATA connection, similar signature on any area not yet written. My guess here is that we might be looking at unencrypted, unwritten sectors 'encrypted' by the SEV functionality on the drive.

While I did not need to unlock the service area for these drives, this article http://forum.acelaboratory.com/viewtopic.php?t=8555 indicates that some of them do require it. They also mention module 02 is indicated in enabling / disabling SEV on the drive - I'll see if I can potentially confirm that and disable it..

[andlabs]

@themaddoctor your reallymine is old; you may want to get the latest version :S

[andlabs]

Also FWIW I still plan on adding module dumping to reallymine as well, but that'll happen at some point in the distant future.

[themaddoctor]

@m4sterful The status command I posted yesterday should return the available encryption modes for that particular drive.

[themaddoctor]

Here's something interesting: The numbers in lines 16 through 1f in a decrypted keyblock are generated by the PRNG on the JMicron boards. That PRNG has a period of 255 (no shit!). I have checked to my satisfaction that the numbers in this keyblock (posted above) are from the same PRNG as from my JMS538S drive.

I have not been able to reencrypt the pattern c587b04ca8224dff5abea5710d749479 back into zeroes, as I believe they must.

[m4sterful]

Re PRNG that's interesting... still no idea how I've got that module in a non-jmicron package... I would immediately re-find and redump that particular drive but that drive is no longer in my possession unfortunately.

Ok I'm working on other jobs but I'll run that command when I get a moment

[themaddoctor]

From now on, I will refer to the ASM disk with the JMS keyblock as disk1. The other one as disk2.

OK, the key from disk1 turns out to be vulnerable to the attack described by the "got HW crypto?" PDF, and corresponds to a date stamp of 2013-11-11. That's 2½ years before the manufacture date you gave us. Also, that key will not reproduce that fill pattern (should encrypt back to all zeroes).

Are you absolutely sure the modules are from the same disk (disk1)? Do you keep records of DEKs, so you can search if this DEK is from a different client?

[themaddoctor]

Was disk1 a refurbished disk? The label would be different. It would be black and white, without any color, and might even say "refurbished" on it. I know you don't have the disk any more, but did you take a photo?

[m4sterful]

Let me clarify - the first firmware dumps (ROM, SA, and ASM firmware) I provided are from the drive from the initial posting I made in November of 2016. That is, I had the original board and a copy of the firmware I made at the time; the drive itself has since been destroyed on client request. That drive is from 2013. I don't have the physical drive anymore and I don't record the cover or date stamp, so outside of pulling that data from the firmware modules I don't have it. It is very possible it was refurbished - as you can imagine those drives are more prone to failure than drives that haven't failed in the past, however I can't say that with certainty at this time.

The packet dump I provided in image https://user-images.githubusercontent.com/1760814/26906997-28c0d940-4bbe-11e7-8b2e-1605d6084528.png is from the drive I was actively working on yesterday, which is the 2016 model I referred to. I do not have a firmware dump from it right now - it's currently imaging after some minor work and a USB -> SATA conversion.

I also provided the firmware dump and etc from the drive from 2014, which you have above. I still have the 2014 drive on hand.

[themaddoctor]

I think that the thing to do is to dump a drive, then set a password with SmartWare, then dump it again. We can find the differences easily.

[themaddoctor]

@andlabs Yes, reallymine gets the same DEK for the JMicron keyblock above.

[MrDecay]

Disregard. My asmedia drive has a blown hdd pcb

On Jun 7, 2017 9:16 PM, "Tony Salinas" adroflaredo@gmail.com wrote:

Just got one of these asmedia drives, will start looking at it tomorrow after noon.

On Jun 7, 2017 9:10 PM, "m4sterful" notifications@github.com wrote:

huh. Previously I'd mentioned I had not bumped into a true self encrypting hard drive, that is, a hard drive with AES encryption built in to the firmware. However, the post you linked as well as another post in the dolphin forums leads me to believe this is an SEV drive.

If that is the case, could not it be using the same (or similar) algorhythm for decryption as JMicron, but be performing this action in-firmware? Can we confirm the mod 25 decrypted to a decrypted JMicron WDv1 sector? If they have enough differences perhaps WD is just reusing code to store the encryption key?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/andlabs/reallymine/issues/18#issuecomment-306977909, or mute the thread https://github.com/notifications/unsubscribe-auth/AQE6xYjmBGaeu5JSr0zTBxKhwaIx2_0Eks5sB1gsgaJpZM4KuGIS .

[themaddoctor]

@MrDecay Does it have an encryption chip on it?

[MrDecay]

I can check out the USB pcb when I get home. But I don't think the drive controller does but ill look into it

On Jun 14, 2017 5:14 PM, "themaddoctor" notifications@github.com wrote:

@MrDecay https://github.com/mrdecay Does it have an encryption chip on it?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/andlabs/reallymine/issues/18#issuecomment-308573435, or mute the thread https://github.com/notifications/unsubscribe-auth/AQE6xYXf8T_wIqNuG4LN9ebALNR_-cz-ks5sEFsngaJpZM4KuGIS .

[Dootpehr]

I have a WD My Book 1230 which has an ASM1051W on its USB-SATA converter board. I'm sure that a password was not set. However after certain period of usage it started require password on any other PC except mine, on my PC it was unlocked for my user account. This is certainly a glitch as I didn't set any password. Searching made me sure that such glitch is frequent. I don't have a dedicated Linux PC, I ran ubuntu on a virtual machine on my nettop. I had HDD connected first with original My Book converter, then with non-encrypting Blueendless USB-SATA converter. Both setups cause reallymine to output "input/output error". Am I right that for your application to work properly a SATA connection to a dedicated Linux machine is required?

UPD: Exact reason of my efforts is that now even my windows PC is not able to unlock the storage and I don't want to erase the content as WD support advices to do to make it fully functional.

[themaddoctor]

AFAIK, ASM1051W does not do encryption, and the disk is locked by some other mechanism.

You can try connecting the drive to a linux machine via SATA, and see what it says.

[Dootpehr]

Thank you for the reply. I'll try to get the needed setup and test direct SATA connection. Actually what you say about chip capabilities is a big surprise. I will examine other chips on converter board. There may be another one that is paired with main chip and can do encryption. I didn't think of this case at first. When HDD was connected with non-encrypting USB-SATA converter Windows didn't recognize the device as initialized storage and DMDE didn't find any signs of data, only bad sectors. I still think that WD-provided converter board does hardware encryption.

[Dootpehr]

I instaled ubuntu on a separate storage device. The other one is WD HDD taken from My Book encosure. Every time system boots it shows log lines displaying I/O error when reading My Book HDD. I haven't installed Go and reallymine but I assume that there is a high probability of getting I/O error when trying to execute getdek command. Anyway I will install both and try. Seems like my version of hardware keeps HDD in a state which is not recognized as initialized. Will initialization overwrite block containing encryption key?

[Dootpehr]

After installation and running getdek command I get I/O error. It was expected. Here are some details. A USB-SATA converter board contains separate flash memory chip. It is possible that new firmware stores decryption key on that chip instead of user disk. Photos for making things clearer.

Overview of converter board

On-board flash chip Pm25LD020

Reverse side with labels on board. May help finding whether this My Book has different hardware revision or something.

Chip I failed to identify. Close to power connector. Can be a power related IC. Marked as R18284 GSPFDW1W. 1W may stand for power specification. It is likely a power IC.

I don't know what else to try. Losing my data is really undesirable.

[MrDecay]

I don't think, the encryption is on the flash at least not with past chips. The key has always been on a sector right outaide the user partion, but an i/o error could be you ha e a bad sector,possibly at the beginning of the drive or even a failing head(can't properly read the sector creating an i/o error)..

Does the directo to sata connection detect the hard-drive in the bios (model number "correct lba size)

On Wed, Sep 14, 2022, 6:41 AM Dootpehr @.***> wrote:

After installation and running getdek command I get I/O error. It was expected. Here are some details. A USB-SATA converter board contains separate flash memory chip. It is possible that new firmware stores decryption key on that chip instead of user disk. Photos for making things clearer.

[image: IMG_20220914_131101553] https://user-images.githubusercontent.com/110674093/190139207-b2adbb21-d22b-4606-acd5-8c62e9629b59.jpg Overview of converter board

[image: IMG_20220914_124530412] https://user-images.githubusercontent.com/110674093/190139549-8aa989fe-926d-4e89-87b3-c00c8f5e5243.jpg On-board flash chip Pm25LD020

[image: IMG_20220914_123157926] https://user-images.githubusercontent.com/110674093/190140425-17dedcc7-0664-4249-9d34-b59f151a0c14.jpg Reverse side with labels on board. May help finding whether this My Book has different hardware revision or something.

[image: IMG_20220914_124622370] https://user-images.githubusercontent.com/110674093/190141360-a325d660-2882-45d0-8e8c-9ee60ef6b950.jpg Chip I failed to identify. Close to power connector. Can be a power related IC. Marked as R18284 GSPFDW1W. 1W may stand for power specification. It is likely a power IC.

I don't know what else to try. Losing my data is really undesirable.

— Reply to this email directly, view it on GitHub https://github.com/andlabs/reallymine/issues/18#issuecomment-1246640852, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEATVRJAQTKS4I3WPCF4OMLV6G2YFANCNFSM4CVYMIJA . You are receiving this because you were mentioned.Message ID: @.***>

[Dootpehr]

This info is displayed not only in BIOS. Ubuntu application reads size and device model as well.

[MrDecay]

Post s picture of the haddrive labels I want to investigate something

On Fri, Sep 16, 2022, 2:33 AM Dootpehr @.***> wrote:

This info is displayed not only in BIOS. Ubuntu application reads size and device model as well.

— Reply to this email directly, view it on GitHub https://github.com/andlabs/reallymine/issues/18#issuecomment-1249022068, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEATVRNS376MSL3ZKYVQBYTV6QPEPANCNFSM4CVYMIJA . You are receiving this because you were mentioned.Message ID: @.***>