Need help

[Kittopaul]

Hi All,

i have a 2TB Mybook WD drive with all my personal backups, the usb-sata bridge chip failed (does not power on), took the drive out the enclosure and connected it to a pc running Lubuntu 14.04 LTS.

i ran reallymine from the terminal and got the DEK. Thank you andlabs

bridge type JMicron DEK: 00B9E698E1ED7031FA26D3E3433E9712D3F93C61BE9226AA7BCC186DBC4B8493 decryption steps: reverse decrypt reverse

Started reallymine again this time to decrypt the image (decrypted.img) to another 2TB formatted drive, the decryption ran nonstop for 6 days, unfortunately power tripped :(, powered the pc back on and saw the image size being 1.4TB, ran photorec on the image which did retrieve some of my files (photo's etc.) showing reallymine did work.

Now i do not want to start the decrypting process all over again to retrieve the full 2TB worth of data and would like to try cryptsetup and kpartx instead to mount the drive.

I have followed the JMicron JMS538S guide in "Mounting encrypted WD disks in linux.pdf" by themaddoctor (Thank you), skipped the get DEK part (will use the one reallymine provided), now i have trouble with linux with building the encryption module for the kernel (tried with both 3.13.2-031302-generic and linux-headers-4.4.0-71-generic kernels in Lubuntu) at the part "Then build with" sudo make modules, i then get the following error.

root@paul-System-Product-Name:/usr/src/linux-headers-3.13.2-031302-generic# make modules make[1]: Nothing to be done for `all'. HOSTCC arch/x86/tools/relocs_32.o In file included from arch/x86/tools/relocs_32.c:1:0: arch/x86/tools/relocs.h:17:32: fatal error: tools/le_byteshift.h: No such file or directory

include <tools/le_byteshift.h>

                            ^

compilation terminated. make[1]: [arch/x86/tools/relocs_32.o] Error 1 make: [archscripts] Error 2

I do not know where to get this file "le_byteshift.h"

If anyone can guide me through getting past this step, would be very much appreciated as i do not have much Linux experience.

Thank you in advance.

[SteveAyre]

Looks like there's a le_byteshift.h file in a different directory but not in a tools directory. It's probably a build product. Try just 'make' first perhaps, and check it's using the same config Ubuntu built the kernel with.

[themaddoctor]

I found an easier way to build the module (and a better module, too). Here is a new PDF. Mounting encrypted WD disks in linux 0.2.pdf

[themaddoctor]

You need to be consistent in your kernel sources. If you have 4.4.0 running, don't use the sources for 3.13.2. I used 3.13.2 as an example, because that's what is on my 4-year-old system.

[Kittopaul]

Thank you for the new PDF themaddoctor.

Do i need to copy the code in Appendix C into a new file named permute.c and in which directory does this file need to be saved in? or can it be saved in the same directory (assuming directory is /home/paul/wd) as the Makefile which was made by the command "echo “obj-m := permute.o” > Makefile"?

[themaddoctor]

Yes, and put it in the same directory as the makefile. Then, when you are in that directory, do make -C /lib/modules/uname -r/build M=$PWD

[themaddoctor]

After you build it, would you send me a copy? My email is at the top of the PDF. Also, the distribution name and number of linux that you use. Thank you.

[Kittopaul]

Managed to get it to work, thank you very much.

Reinstalled pc with Ubuntu 14.0.5 lts running 4.4.0-31-generic kernel instead.

Had to make changes to the makefile as it produced blank Module.symvers and modules.order files, so i created makefile with the following lines instead:

obj-m += permute.o

all: make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules

clean: make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean

Typed make and permute.ko was created in the same directory.

Followed the next steps in the guide (skipped kpartx mounting) and all worked flawlessly.

So i remember i damaged the partition on the disk as well when i tried to initialize it on my windows pc trying to read it.

Opened up photorec pointed it to /dev/mapper/wd which recovered valid data (no data from dev/mapped/wd-layer1/wd-layer2 at all), ran testdisk to analyse (quick search) on /dev/mapper/wd which located my lost ntfs partition, recovered it and rebooted pc, ran the commands from the guide again with the kpartx mounting part and there the file manager popped up showing all my data, as a normal disk would do :)

[themaddoctor]

Nice!