AsMedia ASM1051 / ASM1053

[m4sterful]

Hey, are you interested in the AsMedia chips? I've got two units here for testing and can provide any details you'd like.

[themaddoctor]

I think maybe the controller chip on the drive's own PCB locks the drive. Not sure.

[Dootpehr]

Main drive label on top cover.

Small label on face opposed to the one with connectors.

Labels on drive's PCB.

[MrDecay]

Maddoctor has a point, maybe it is Ata locked, i was wondering if the top labeled would have mentioned it was aself encrypting drive or something like that

On Sat, Sep 17, 2022, 3:21 AM Dootpehr @.***> wrote:

[image: IMG_20220917_110646562] https://user-images.githubusercontent.com/110674093/190847352-99133152-6411-4d9f-a903-386223885f8e.jpg Main drive label on top cover.

[image: IMG_20220917_110911710] https://user-images.githubusercontent.com/110674093/190847415-45f99c06-7aeb-448e-971d-e42d55dae0bb.jpg Small label on face opposed to the one with connectors.

[image: IMG_20220917_111143177] https://user-images.githubusercontent.com/110674093/190847486-6bd0b9f7-c450-40cb-89d4-f4644577739f.jpg Labels on drive's PCB.

— Reply to this email directly, view it on GitHub https://github.com/andlabs/reallymine/issues/18#issuecomment-1250027942, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEATVRIJIZNGYRR7EVK3JXTV6V5R3ANCNFSM4CVYMIJA . You are receiving this because you were mentioned.Message ID: @.***>

[Dootpehr]

I've searched for ATA locking explanation. Seems that adapter board only executes something like:

hdparm --security-unlock PWD /dev/sdb

The rest is done with the drive itself. So password entered with original GUI from Windows is only forwarded to the drive. Can that be true?

If so then its sad. I'm very careful in setting passwords. There is no record in my list that stands for HDD password. So I believe its a software or a firmware glitch or a virus which made the drive useless. At least I can try executing that command. Did anyone here tried working with security commands of hdparm?

And another question. Is this SATA password stored on some chip on drive's own board, so that changing it to another non-protected same drive board will make data available?

[MrDecay]

, unfortunately ata passwords are kept In the firmware located in the utility blocks on the platter, now there are tools, but haven't tested any lately in the last 7 years...zubetta was one that was free,

Now there are 2 types of passwords 1user password: usually locks the data and is needed to unlock access. 2master password. Unfortunately if you unlock with a master password the immediatel action. Is a secure erase that wipes the drive but makes it formatable and usable again....

I guess what I'm saying is be cautious, don't accidentally nuke your drive..

On Mon, Sep 19, 2022, 4:37 AM Dootpehr @.***> wrote:

I've searched for ATA locking explanation. Seems that adapter board only executes something like:

hdparm --security-unlock PWD /dev/sdb

The rest is done with the drive itself. So password entered with original GUI from Windows is only forwarded to the drive. Can that be true?

If so then its sad. I'm very careful in setting passwords. There is no record in my list that stands for HDD password. So I believe its a software or a firmware glitch or a virus which made the drive useless. At least I can try executing that command. Did anyone here tried working with security commands of hdparm?

And another question. Is this SATA password stored on some chip on drive's own board, so that changing it to another non-protected same drive board will make data available?

— Reply to this email directly, view it on GitHub https://github.com/andlabs/reallymine/issues/18#issuecomment-1250792788, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEATVRNX2J3NZXO3NLUXUQTV7AX4BANCNFSM4CVYMIJA . You are receiving this because you were mentioned.Message ID: @.***>

[Dootpehr]

Great thank you for details. The drive is around 7 years old so recommended tool might help.

Even if default mode is user I shall explicitly specify it considering your advice.

[MrDecay]

Maybe if it was a windows machine it got bit locker, if it was Mac maybe it got encrypted with file vault

On Mon, Sep 19, 2022, 7:58 AM Tony Salinas @.***> wrote:

Also, I really read your original post, what computer was it in since you mentioned it started prompting on other devices? Besides that one computer

On Mon, Sep 19, 2022, 7:56 AM Dootpehr @.***> wrote:

Great thank you for details. The drive is around 7 years old so recommended tool might help.

Even if default mode is user I shall explicitly specify it considering your advice.

— Reply to this email directly, view it on GitHub https://github.com/andlabs/reallymine/issues/18#issuecomment-1250984274, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEATVRM56GSLPFXVNP3N2ZLV7BPJXANCNFSM4CVYMIJA . You are receiving this because you were mentioned.Message ID: @.***>

[Dootpehr]

I tried executing hdparm which gives the following output:

security_password: "PWD"

/dev/sda:
 Issuing SECURITY_UNLOCK command, password="PWD", user=user
SG_IO: bad/missing sense data, sb[]:  70 00 05 00 00 00 00 0a 04 51 40 01 21 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Excess flags given.

Is it a correct output for a password missmatch or another problem encounters which causes such behavior?

I searched about sense data and found how to request it with sdparm. So I executed sudo sdparm --command=sense --verbose /dev/sda, which gave me:

/dev/sda: ATA       WDC WD30EZRX-00S  0A80
    Request Sense cmd: 03 00 00 00 20 00 
request sense:
Fixed format, current; Sense key: No Sense
Additional sense: No additional sense information
Decode response as sense data:
Probably uninitialized data.
  Try to view as SCSI-1 non-extended sense:
  AdValid=0  Error class=0  Error code=0

Sorry if it becomes offtopic but the only reason for this output of security operations I found was realted to "frozen" status of drive but mine is "not frozen".

[MrDecay]

Actually look the bios when you boot up with the hard-drive attached to the computer, it should prompt you for a password...if it doesn't maybe it's not ata locked....okay let's start with screen shots here....send a picture of when you get the i/o errors

On Mon, Sep 19, 2022, 11:53 AM Dootpehr @.***> wrote:

I tried executing hdparm which gives the following output:

security_password: "PWD"

/dev/sda: Issuing SECURITY_UNLOCK command, password="PWD", user=user SG_IO: bad/missing sense data, sb[]: 70 00 05 00 00 00 00 0a 04 51 40 01 21 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Excess flags given.

Is it a correct output for a password missmatch or another problem encounters which causes such behavior?

I searched about sense data and found how to request it with sdparm. So I executed sudo sdparm --command=sense --verbose /dev/sda, which gave me:

/dev/sda: ATA WDC WD30EZRX-00S 0A80 Request Sense cmd: 03 00 00 00 20 00 request sense: Fixed format, current; Sense key: No Sense Additional sense: No additional sense information Decode response as sense data: Probably uninitialized data. Try to view as SCSI-1 non-extended sense: AdValid=0 Error class=0 Error code=0

Sorry if it becomes offtopic but the only reason for this output of security operations I found was realted to "frozen" status of drive but mine is "not frozen".

— Reply to this email directly, view it on GitHub https://github.com/andlabs/reallymine/issues/18#issuecomment-1251287774, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEATVRKKAGW6WDM3NOCVQP3V7CLBNANCNFSM4CVYMIJA . You are receiving this because you were mentioned.Message ID: @.***>

[Dootpehr]

I did configuration of boot device priority. So I entered BIOS with locked HDD when I was installing linux. Maybe I didn't enter menu section that invokes password input dialog. I'll test this intentionally. I'll make screen capture of system startup showing log lines. Yet I have run hdparm -I /dev/sda and it outputs in security section that security is enabled and the drive is locked. I couldn't reach that PC today, I'll try as soon as possible.

[Dootpehr]

I searched BIOS setup sections. I was never prompted for a password. I have captured example of log lines printed at startup and a final frame that remained still and contained last lines. I also once again executed commands I tried previous time.

An output of first call of sudo hdparm -I /dev/sda | grep -A 8 Security::

Security: 
    Master password revision code = 65534
        supported
        enabled
        locked
    not frozen
    not expired: security count
        supported: enhanced erase
    Security level maximum

An output of subsequent call of sudo ./reallymine getdek /dev/sda: error running getdek: read /dev/sda: input/output error

Also when I run GParted it spams notification dialogs during scan of /dev/sda. Dialogs display input/output error during fsyncing/closing, read, write operations. I think showing those dialogs here is not necessary.

[MrDecay]

This is what I got on a drive my friend put on the table..and that's on boot, I know this drive is locked with a security of high, not maximum

On Wed, Sep 21, 2022, 5:44 AM Dootpehr @.***> wrote:

I searched BIOS setup sections. I was never prompted for a password. I have captured example of log lines printed at startup and a final frame that remained still and contained last lines. I also once again executed commands I tried previous time. [image: IMG_20220921_121632631~2] https://user-images.githubusercontent.com/110674093/191475586-5edd3661-d7bc-4587-8685-5c174fb388a6.jpg [image: IMG_20220921_121652666~2] https://user-images.githubusercontent.com/110674093/191475716-b31549bf-121a-4538-837f-ab42a19be49d.jpg

An output of first call of sudo hdparm -I /dev/sda | grep -A 8 Security::

Security: Master password revision code = 65534 supported enabled locked not frozen not expired: security count supported: enhanced erase Security level maximum

An output of subsequent call of sudo ./reallymine getdek /dev/sda: error running getdek: read /dev/sda: input/output error

Also when I run GParted it spams notification dialogs during scan of /dev/sda. Dialogs display input/output error during fsyncing/closing, read, write operations. I think showing those dialogs here is not necessary.

— Reply to this email directly, view it on GitHub https://github.com/andlabs/reallymine/issues/18#issuecomment-1253525486, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEATVRLQJMCTVY2K5DVTZ23V7LRJZANCNFSM4CVYMIJA . You are receiving this because you were mentioned.Message ID: @.***>

[Dootpehr]

I tried zubetta with no positive result. I guess that the only way that's left is retrieve HDD as a hardware via erasing content. The drive is too new. zubetta was made for hardware older than it as I can see now. Or I can ask companies that provide data restore services for help. But I have doubts that it's possible even for them considering what I know so far. Anyway I won't hurry.

[MrDecay]

Western digital data lifeguard tool might be able to give some more diagnostic feedback in plain English to determine if it's 100% ata locked or a smart ware issue, or maybe it just happens to be a self encrypting drive...that we are not experienced with.

https://www.lifewire.com/western-digital-data-lifeguard-diagnostic-review-2624564

On Sat, Sep 24, 2022, 4:23 AM Dootpehr @.***> wrote:

I tried zubetta with no positive result. I guess that the only way that's left is retrieve HDD as a hardware via erasing content. The drive is too new. zubetta was made for hardware older than it as I can see now. Or I can ask companies that provide data restore services for help. But I have doubts that it's possible even for them considering what I know so far.

— Reply to this email directly, view it on GitHub https://github.com/andlabs/reallymine/issues/18#issuecomment-1256921167, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEATVRI4536EID2IP66GMZ3V73B7PANCNFSM4CVYMIJA . You are receiving this because you were mentioned.Message ID: @.***>

[Dootpehr]

DOSDLG from source you provided completed quick test without errors and printed that drive is locked. No firmware fault. Seems that hardware is OK as well. Status code 0220. Log file couldn't be opened for storing test result. So here is a picture of the output on screen.

[MrDecay]

Well confirms its locked, if is locked with security set to max. Then I feel it is beyond the scope of my experience. I think you would need so hardware tools to unlock...or some firmware modifying tools...

Maybe hddsuperclone might be able to dump some of the firmware modules

On Mon, Sep 26, 2022, 6:52 AM Dootpehr @.***> wrote:

DOSDLG from source you provided completed quick test without errors and printed that drive is locked. No firmware fault. Seems that hardware is OK as well. Status code 0220.

— Reply to this email directly, view it on GitHub https://github.com/andlabs/reallymine/issues/18#issuecomment-1257915654, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEATVRIDCCXFG33R6ZYQIITWAGE7BANCNFSM4CVYMIJA . You are receiving this because you were mentioned.Message ID: @.***>

[Dootpehr]

Thanks for suggestions anyway. For now I'll take my time and try to find this app you advise or something similar.

[MrDecay]

Also, I really read your original post, what computer was it in since you mentioned it started prompting on other devices? Besides that one computer

On Mon, Sep 19, 2022, 7:56 AM Dootpehr @.***> wrote:

Great thank you for details. The drive is around 7 years old so recommended tool might help.

Even if default mode is user I shall explicitly specify it considering your advice.

— Reply to this email directly, view it on GitHub https://github.com/andlabs/reallymine/issues/18#issuecomment-1250984274, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEATVRM56GSLPFXVNP3N2ZLV7BPJXANCNFSM4CVYMIJA . You are receiving this because you were mentioned.Message ID: @.***>

[Dootpehr]

A windows PC, AMD based. It was upgraded from windows 10 to 11. Problems started after mistakenly removing WD software which, as I can see now, contained the password. Before that a password was linked to user account and HDD could be accessed without entering password. The My Book itself was a replaced one. Previous one was sent to vendor within warranty period.

[m4sterful]

Dootpehr if that is true you should look under your registry: HKCU\SOFTWARE\Western Digital\WD Security\Credentials

The key will be the serial # of your disk, and the data will be a copy of your password, encrypted with your Windows credentials. You can manually decrypt it, but assuming that's still there reinstalling WD Security should have got you back where you need. Can't recall if the uninstaller asks you if you want to remove this, but won't hurt to check.

[Dootpehr]

Thank you for more suggestions and time spent. In my case there is no such folder in Western Digital registry section as WD Security. There are only WD Smartware, WD Quickview, Software updates. Only these. Maybe the reason is that I cleaned registry. Unfortunately now I can't check if the key was stored there.

Sorry for bothering, @m4sterful, but I sent you an invitation. I found that there is no way to send private message here except by invitation to a repository and it's issues. Can you, please, check your notifications.

[Dootpehr]

I was provided with help in unlocking input/output operations. Disk now appears occupied only by unallocated space. So I tried executing getdek and dumpkeysector commands. Both did not finish execution. Am I hurrying too much and these commands really need substantial time to execute?

[Dootpehr]

I tried waiting for execution of mentioned commands to finish for 1.5 hours. Still no result. These commands were not intended for use with unencrypted drives with unallocated space only?

[Dootpehr]

In another issue I found some steps that may help finding why commands don't finish execution. dd command was intended as first step. But it produced same result as mentioned in related issue. I decided to figure out what's wrong with dd. So I executed lsblk (as was advised), which produced:

NAME   MAJ:MIN RM   SIZE RO TYPE MOUNTPOINTS
loop0    7:0    0     4K  1 loop /snap/bare/5
loop1    7:1    0    62M  1 loop /snap/core20/1587
loop2    7:2    0  63,2M  1 loop /snap/core20/1623
loop3    7:3    0 163,3M  1 loop /snap/firefox/1635
loop4    7:4    0 236,8M  1 loop /snap/firefox/1943
loop5    7:5    0 400,8M  1 loop /snap/gnome-3-38-2004/112
loop6    7:6    0 346,3M  1 loop /snap/gnome-3-38-2004/119
loop7    7:7    0  91,7M  1 loop /snap/gtk-common-themes/1535
loop8    7:8    0    47M  1 loop /snap/snapd/16292
loop9    7:9    0   284K  1 loop /snap/snapd-desktop-integration/14
loop10   7:10   0    48M  1 loop /snap/snapd/17029
loop11   7:11   0    16K  1 loop /snap/software-boutique/57
loop12   7:12   0  13,5M  1 loop /snap/ubuntu-mate-welcome/709
loop13   7:13   0  13,5M  1 loop /snap/ubuntu-mate-welcome/714
sda      8:0    0   2,7T  0 disk 
sdb      8:16   1  59,7G  0 disk 
├─sdb1   8:17   1     1M  0 part 
└─sdb2   8:18   1  59,7G  0 part /var/snap/firefox/common/host-hunspell
                                 /
sdc      8:32   1     0B  0 disk

So an approximately 3TB disk is visible. Then sudo hdparm -I /dev/sda produced: LBA48 user addressable sectors: 5860467633 So I replaced initial command with this: sudo dd if=/dev/sda skip=5860467632 count=1 status=none | hexdump -C. It produced:

00000000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000200

Final sector is accessible. So an initial question of this issue arises again: why getdek and dumpkeysector commands don't finish execution? And another one: was initially proposed sector index a part of DCO area? If the answer to last question is "yes" than I was wrong about entering number from hdparm info.