WD My Passport Essential WDBAAA5000ABK - keeps asking for a password.

stynoo commented 7 years ago

Long story short: a friend lost access to her trusty portable drive and here we are.

Steps I took:

(windows) from disk management, no partitions detected and asking to put a new label on the disk to make it usable. (hell no)
(windows) WD tools (WD Security & WD Drive Utilities) are asking for a password to unlock the drive. My friend ensures she never put a password and was using the drive like this for a long time.
(linux) tried to ddrescue over USB: I/O error - access denied on all sectors
start reading (whoa, data recovery is something else!)
(linux) tried to use HDDSuperTool over the USB interface - nothing works, not even drive detection

At this point I call my friend and explains her that she - or needs a professional firm to look at this - or yolo and hope for the best. She tells me to go ahead as the data is important but not worth the money.

Soldered a sata interface on the disk and disabled the usb interface.
(linux) drive is detected, HDDSuperTool shows only a master password and no user password, ddrescue creates a full dump.
(windows) R-Studio does not detect anything on the image, the data must be encrypted, start reading again.
(linux) use reallymine to try to decrypt the image and it asks me again for a password.

What would be the next logical step?

stynoo commented 7 years ago

As per README:

dumplast:

sector at 0x7470A21000
00000000  00 01 44 57 00 00 00 00  e8 03 00 00 57 00 44 00  |..DW........W.D.|
00000010  43 00 2e 00 00 00 00 00  6e 00 6f 00 74 00 72 00  |C.......n.o.t.r.|
00000020  65 00 20 00 63 00 6f 00  6d 00 70 00 61 00 67 00  |e. .c.o.m.p.a.g.|
00000030  6e 00 69 00 65 00 00 00  00 00 00 00 00 00 00 00  |n.i.e...........|
00000040  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000060  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000070  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000080  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000090  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000a0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000b0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000c0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000d0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000e0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000f0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000100  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000110  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000120  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000130  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000140  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000150  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000160  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000170  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000180  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000190  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001a0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001b0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001c0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001d0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001e0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001f0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 72  |...............r|

dumpkeysector:

sector at 0x7470A01000
bridge type Initio
00000000  57 44 01 14 00 00 00 00  02 02 00 00 00 00 00 00  |WD..............|
00000010  00 00 00 00 3a 23 70 00  00 00 00 00 3a 23 70 00  |....:#p.....:#p.|
00000020  00 00 00 00 00 14 e0 00  20 00 00 00 00 00 00 00  |........ .......|
00000030  00 00 00 00 00 00 00 00  00 00 00 00 57 44 01 14  |............WD..|
00000040  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000060  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000070  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000080  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000090  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000a0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000b0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000c0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000d0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000e0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000f0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000100  e5 52 45 52 33 4b 4a 4d  20 20 20 30 00 09 14 b8  |.RER3KJM   0....|
00000110  70 42 70 42 00 00 f7 00  0f 41 a4 ce 00 80 00 00  |pBpB.....A......|
00000120  e5 2d 00 44 00 69 00 41  00 4d 00 0f 00 26 4f 00  |.-.D.i.A.M...&O.|
00000130  4e 00 44 00 00 00 ff ff  ff ff 00 00 ff ff ff ff  |N.D.............|
00000140  e5 24 00 49 00 58 00 37  00 35 00 0f 00 26 4b 00  |.$.I.X.7.5...&K.|
00000150  37 00 55 00 2e 00 58 00  76 00 00 00 69 00 44 00  |7.U...X.v...i.D.|
00000160  e5 49 58 37 35 4b 7e 31  58 56 49 20 00 83 f9 89  |.IX75K~1XVI ....|
00000170  7c 43 db 46 00 00 fa 89  7c 43 15 75 20 02 00 00  ||C.F....|C.u ...|
00000180  e5 2d 00 44 00 69 00 41  00 4d 00 0f 00 78 4f 00  |.-.D.i.A.M...xO.|
00000190  4e 00 44 00 00 00 ff ff  ff ff 00 00 ff ff ff ff  |N.D.............|
000001a0  e5 24 00 52 00 58 00 37  00 35 00 0f 00 78 4b 00  |.$.R.X.7.5...xK.|
000001b0  37 00 55 00 2e 00 58 00  76 00 00 00 69 00 44 00  |7.U...X.v...i.D.|
000001c0  e5 52 58 37 35 4b 7e 31  58 56 49 10 00 09 b1 b2  |.RX75K~1XVI.....|
000001d0  70 42 70 42 00 00 77 69  13 41 8c 57 00 80 00 00  |pBpB..wi.A.W....|
000001e0  e5 49 57 5a 41 4b 50 4e  41 56 49 20 10 3b 8e 8a  |.IWZAKPNAVI .;..|
000001f0  7c 43 db 46 00 00 8f 8a  7c 43 75 57 20 02 00 00  ||C.F....|CuW ...|

decryptkeysector -default:

sector at 0x7470A01000
bridge type Initio
00000000  80 2b 2a a4 f0 25 e7 c5  8a 3b 52 8f c3 3b 68 ff  |.+*..%...;R..;h.|
00000010  be 2a 3a 3a 9a c6 68 8f  24 5c 99 2e 5d 50 73 b1  |.*::..h.$\..]Ps.|
00000020  da a9 89 75 91 50 8b 5c  a9 86 bd 59 94 e5 a7 8e  |...u.P.\...Y....|
00000030  d1 6d 60 18 5a 80 04 56  69 e9 a9 01 0d ae 29 c6  |.m`.Z..Vi.....).|
00000040  03 70 db e9 e1 2d 0c 8f  2d 2f 8b 53 6a 27 d8 be  |.p...-..-/.Sj'..|
00000050  03 70 db e9 e1 2d 0c 8f  2d 2f 8b 53 6a 27 d8 be  |.p...-..-/.Sj'..|
00000060  03 70 db e9 e1 2d 0c 8f  2d 2f 8b 53 6a 27 d8 be  |.p...-..-/.Sj'..|
00000070  03 70 db e9 e1 2d 0c 8f  2d 2f 8b 53 6a 27 d8 be  |.p...-..-/.Sj'..|
00000080  03 70 db e9 e1 2d 0c 8f  2d 2f 8b 53 6a 27 d8 be  |.p...-..-/.Sj'..|
00000090  03 70 db e9 e1 2d 0c 8f  2d 2f 8b 53 6a 27 d8 be  |.p...-..-/.Sj'..|
000000a0  03 70 db e9 e1 2d 0c 8f  2d 2f 8b 53 6a 27 d8 be  |.p...-..-/.Sj'..|
000000b0  03 70 db e9 e1 2d 0c 8f  2d 2f 8b 53 6a 27 d8 be  |.p...-..-/.Sj'..|
000000c0  03 70 db e9 e1 2d 0c 8f  2d 2f 8b 53 6a 27 d8 be  |.p...-..-/.Sj'..|
000000d0  03 70 db e9 e1 2d 0c 8f  2d 2f 8b 53 6a 27 d8 be  |.p...-..-/.Sj'..|
000000e0  03 70 db e9 e1 2d 0c 8f  2d 2f 8b 53 6a 27 d8 be  |.p...-..-/.Sj'..|
000000f0  03 70 db e9 e1 2d 0c 8f  2d 2f 8b 53 6a 27 d8 be  |.p...-..-/.Sj'..|
00000100  e5 e6 99 dd c8 6b 1e 5e  c6 6a 72 b0 2a 77 57 2d  |.....k.^.jr.*wW-|
00000110  bd c5 78 85 81 00 7e 77  b5 bd db 04 30 fe 5f de  |..x...~w....0._.|
00000120  8a f8 c7 ba 95 d4 69 e9  b0 1f be e7 b3 de ad df  |......i.........|
00000130  ea 78 3a 02 90 3c 17 2f  1e b8 06 27 09 05 3d 77  |.x:..<./...'..=w|
00000140  63 a6 b0 07 4c 5a af c5  30 4b 7e 8d 1c 54 bc 95  |c...LZ..0K~..T..|
00000150  65 1b 16 53 ad 19 49 94  98 a9 c5 f9 11 82 8a 5b  |e..S..I........[|
00000160  21 47 dd ec 90 fd 47 bc  c6 34 28 9b 18 2a 6d 1d  |!G....G..4(..*m.|
00000170  63 ab 98 e9 cf e6 47 ac  58 e8 37 6c 02 3f 9f 73  |c.....G.X.7l.?.s|
00000180  74 69 00 16 24 8c 41 78  e0 7b 83 cf 53 a7 d7 30  |ti..$.Ax.{..S..0|
00000190  ea 78 3a 02 90 3c 17 2f  1e b8 06 27 09 05 3d 77  |.x:..<./...'..=w|
000001a0  56 d1 dd 26 e5 e0 f9 a1  8a 3c 2d 30 e3 e3 f4 be  |V..&.....<-0....|
000001b0  65 1b 16 53 ad 19 49 94  98 a9 c5 f9 11 82 8a 5b  |e..S..I........[|
000001c0  46 a0 79 23 3e 3f d2 84  fd c4 8d 6b ab 4a c1 69  |F.y#>?.....k.J.i|
000001d0  ba 78 81 fd 0c a1 89 d1  40 75 6e 2d 66 2b ed 06  |.x......@un-f+..|
000001e0  54 9e 16 1a ae b8 3f 9e  1d de e6 73 18 31 4f b8  |T.....?....s.1O.|
000001f0  a1 53 b5 9a 38 79 d0 a4  c0 f3 a5 01 70 e1 9d 9d  |.S..8y......p...|

edit: formatting

andlabs commented 7 years ago

You can use HDDSuperTool to dump the "service area" to find out what type of encryption is used on this drive. It's probably something reallymine doesn't handle yet...

stynoo commented 7 years ago

Thank you for the swift reply! I'll setup the disk again during the weekend and start dumping the contents. Any details in particular that are useful? I guess I'll start with module 28 as I read it should contain a copy of the key.

themaddoctor commented 7 years ago

Module 25, 28, 32, ... I've read that it can be in one of several. You won't find the key. You will find another "keysector" that needs to be decoded.

themaddoctor commented 7 years ago

Please dump sectors 0, 2048, and 2049 and post here.

themaddoctor commented 7 years ago

I looked carefully at the keysector, and it has far too little entropy to be encrypted like it should be.

stynoo commented 7 years ago

Thanks for looking into this, I appreciate all the help hints and insights you are willing to provide.
Just to be 100% sure, you want me to dump those sectors like this? (is dumping from the image ok or do you need them directly from the disk attached over sata?)

dd if=/path/to/myimage of=/dev/null skip=0 count=1 bs=512
dd if=/path/to/myimage of=/dev/null skip=2048 count=1 bs=512
dd if=/path/to/myimage of=/dev/null skip=2049 count=1 bs=512

themaddoctor commented 7 years ago

That's fine. It should not matter if you use an image that was just from dd or dd_rescue, not "decrypted" by any software.

themaddoctor commented 7 years ago

Replace "of=/dev/null" with "of=sector0.bin" etc.

themaddoctor commented 7 years ago

if you're having a problem, try dd if=/path/to/disk/or/image count=1 | hexdump -Cv dd if=/path/to/disk/or/image count=2 skip=2048 | hexdump -Cv

stynoo commented 7 years ago

It shouldn't be a problem to get them, I just need to get home and have access to the disk and image. I'll post the sectors and modules tomorrow but didn't want to post irrelevant info, hence my questions....

stynoo commented 7 years ago

Here is the first sector:

1+0 records in
1+0 records out
512 bytes copied, 0.324192 s, 1.6 kB/s
00000000  c4 df d4 9c 83 31 ed aa  26 e9 4d 52 3a 18 ce 24  |.....1..&.MR:..$|
00000010  8d da 95 15 28 84 88 fb  98 ef 14 1d 0f 6d f3 97  |....(........m..|
00000020  21 3b bd 80 aa c8 75 79  72 d5 93 a7 77 fc fc b1  |!;....uyr...w...|
00000030  b3 ae 0e 8a ac ff 77 f6  88 5a d4 91 43 ad 67 1f  |......w..Z..C.g.|
00000040  e1 69 95 a0 7d e4 b6 ee  3f 40 01 2f 62 94 5d ec  |.i..}...?@./b.].|
00000050  ce 3f 99 08 89 fc e2 06  98 05 04 59 aa 2a fa ce  |.?.........Y.*..|
00000060  e3 24 7d 71 31 50 d6 d9  97 48 27 1b 8e fb 5d 33  |.$}q1P...H'...]3|
00000070  6d 02 39 3e 9d 30 15 0a  8f 7c 32 4b 2b 93 7c 3d  |m.9>.0...|2K+.|=|
00000080  86 61 db 1c 75 23 12 13  9b 7b 02 36 e5 03 7d 9c  |.a..u#...{.6..}.|
00000090  a4 72 41 cb 43 42 8a 23  85 0c 82 05 e1 af 69 38  |.rA.CB.#......i8|
000000a0  a6 fb 7d af 60 e6 2d 12  c4 fb 3c 4c 9e 4f cb 4b  |..}.`.-...<L.O.K|
000000b0  eb 00 0d 74 3e e7 25 25  35 54 96 06 65 9f a0 46  |...t>.%%5T..e..F|
000000c0  da c3 df 86 3e 4c 25 e8  7e ac 72 f2 05 ea a6 72  |....>L%.~.r....r|
000000d0  f3 20 1f ee 92 7a e0 3d  e8 af 1c 32 0a dd db 33  |. ...z.=...2...3|
000000e0  b2 3c d1 c4 f7 ad 10 db  64 ab d8 c3 8d ae 79 37  |.<......d.....y7|
000000f0  64 46 0d c5 e6 e4 b3 f0  15 8f 86 2c 89 18 cd 95  |dF.........,....|
00000100  c6 9a 54 5d cd 4d a3 74  58 47 04 82 05 8d ae 2b  |..T].M.tXG.....+|
00000110  62 10 92 99 f5 18 51 81  6b 1f db 37 08 23 b3 5e  |b.....Q.k..7.#.^|
00000120  41 fb f8 dd 5b 48 6a b2  6a 2a ac 80 9f de 9c 38  |A...[Hj.j*.....8|
00000130  e9 6a d4 b1 1d 8d 06 f3  e7 5f 5b 5a 12 b6 c0 8d  |.j......._[Z....|
00000140  c9 ee 14 f7 30 2c 59 2f  f4 72 22 44 00 25 63 5c  |....0,Y/.r"D.%c\|
00000150  4b 9a 63 cb 30 3b ce 4b  f0 af ca fb 85 bc cb d6  |K.c.0;.K........|
00000160  88 28 95 f6 34 d8 a4 a7  bf 01 ae 78 d1 8b c7 b0  |.(..4......x....|
00000170  43 8c 63 f0 8a 03 9f 28  ed 2f 24 cd 16 ba bd ed  |C.c....(./$.....|
00000180  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
00000190  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
000001a0  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
000001b0  36 d7 e9 aa 66 17 21 b8  22 4c 8a d1 b7 85 7a 67  |6...f.!."L....zg|
000001c0  cf 67 d5 fc 17 0f 0a 0c  c7 32 eb 02 47 c6 50 a9  |.g.......2..G.P.|
000001d0  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
000001e0  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
000001f0  c8 3e b6 30 1c 00 cd 4c  7e 8f 65 62 97 e8 27 96  |.>.0...L~.eb..'.|
00000200

and 2048-2049:

2+0 records in
2+0 records out
1024 bytes (1.0 kB, 1.0 KiB) copied, 0.00339456 s, 302 kB/s
00000000  4e 3b f0 8a 6f e4 e2 58  68 5c 2f 4d 10 80 18 57  |N;..o..Xh\/M...W|
00000010  28 95 17 38 da b7 c3 44  ea f4 2e 12 67 f9 50 7b  |(..8...D....g.P{|
00000020  e3 25 8f 17 a4 aa 40 82  5b 27 b3 d4 19 45 30 77  |.%....@.['...E0w|
00000030  01 7f d4 53 6f 2a 07 6b  d9 58 75 50 4a ff 5a 77  |...So*.k.XuPJ.Zw|
00000040  22 59 5d 48 00 b7 f8 e6  55 5c 2e 4b 1c 3e 93 c4  |"Y]H....U\.K.>..|
00000050  71 8e 2b 1c b7 9c ed 7a  4a df 93 34 d7 90 bf ca  |q.+....zJ..4....|
00000060  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
00000070  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
00000080  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
00000090  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
000000a0  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
000000b0  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
000000c0  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
000000d0  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
000000e0  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
000000f0  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
00000100  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
00000110  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
00000120  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
00000130  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
00000140  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
00000150  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
00000160  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
00000170  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
00000180  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
00000190  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
000001a0  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
000001b0  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
000001c0  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
000001d0  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
000001e0  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
000001f0  c8 3e b6 30 1c 00 cd 4c  7e 8f 65 62 97 e8 27 96  |.>.0...L~.eb..'.|
00000200  69 f2 bc f9 2b 10 6b 45  9a 1f 4b 15 e7 84 bc 0e  |i...+.kE..K.....|
00000210  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
00000220  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
00000230  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
00000240  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
00000250  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
00000260  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
00000270  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
00000280  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
00000290  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
000002a0  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
000002b0  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
000002c0  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
000002d0  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
000002e0  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
000002f0  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
00000300  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
00000310  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
00000320  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
00000330  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
00000340  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
00000350  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
00000360  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
00000370  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
00000380  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
00000390  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
000003a0  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
000003b0  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
000003c0  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
000003d0  6d ed 91 af 50 41 a1 ad  b8 b4 13 90 95 14 f4 48  |m...PA.........H|
000003e0  a4 5c 33 39 6b 86 74 a1  f1 a8 d6 9c dd 36 39 f3  |.\39k.t......69.|
000003f0  c8 3e b6 30 1c 00 cd 4c  7e 8f 65 62 97 e8 27 96  |.>.0...L~.eb..'.|
00000400

themaddoctor commented 7 years ago

All I can say so far: It IS encrypted. It is in ECB mode. Looks like a DOS MBR in sector 0.

The keyblock you posted isn't helping, yet. Can you dump sector 976769056 to double-check that it is the same?

Also very curious to see the SA modules.

themaddoctor commented 7 years ago

Are you able to see if the chip is INIC-1607 or 3608?

stynoo commented 7 years ago

The chip is an initio INIC-1607E. Sector 976769056 is all zeroes.

1+0 records in
1+0 records out
00000000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000040  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000060  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000070  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000080  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000090  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000a0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000b0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000c0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000d0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000e0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000f0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000100  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000110  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000120  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000130  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000140  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000150  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000160  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000170  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000180  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000190  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001a0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001b0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001c0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001d0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001e0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001f0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000200
512 bytes copied, 0.327102 s, 1.6 kB/s

I am working on the modules now..

stynoo commented 7 years ago

And here are the modules: modules.zip

stynoo commented 7 years ago

And some extra info (while I was in there ;) )

hddsupertool 1.10-1.8 20170129
Finding devices

Q) Quit
R) Refresh drive list
1) /dev/sda (500107862016) WDC WD5000BMVV-11A1CS0 WD-WX80AA907712

---

Device information menu
q) Quit
p) Previous menu
h) Toggle script help
1) Identify device
2) Smart info
Enter your choice:
> 1
1
Raw buffer:
0: 7a 42 ff 3f 37 c8 10 00 00 00 00 00 3f 00 00 00    zB.?7.......?...
10: 00 00 00 00 20 20 20 20 57 20 2d 44 58 57 30 38    ....    W -DXW08
20: 41 41 30 39 37 37 32 31 00 00 00 40 32 00 31 30    AA097721...@2.10
30: 30 2e 41 31 31 30 44 57 20 43 44 57 30 35 30 30    0.A110DW CDW0500
40: 4d 42 56 56 31 2d 41 31 43 31 30 53 20 20 20 20    MBVV1-A1C10S
50: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 10 80                  ..
60: 00 00 00 2f 01 40 00 00 00 00 07 00 ff 3f 10 00    .../.@.......?..
70: 3f 00 10 fc fb 00 10 01 ff ff ff 0f 00 00 07 00    ?...............
80: 03 00 78 00 78 00 78 00 78 00 00 00 00 00 00 00    ..x.x.x.x.......
90: 00 00 00 00 00 00 1f 00 06 1f 00 00 4c 00 44 00    ............L.D.
a0: fe 01 00 00 6b 74 09 7f 63 61 69 74 09 be 63 61    ....kt..cait..ca
b0: 7f 40 43 00 43 00 fe 00 fe ff 00 00 fe 80 00 00    .@C.C...........
c0: 00 00 00 00 00 00 00 00 30 60 38 3a 00 00 00 00    ........0`8:....
d0: 00 00 00 00 00 00 00 00 01 50 e2 4e 9a 03 b5 6a    .........P.N...j
e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 40    ...............@
f0: 18 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00    .@..............
100: 29 00 00 00 00 00 00 00 00 00 d3 16 00 00 00 00    )...............
110: 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00    ................
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00    ................
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00    ................
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00    ................
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00    ................
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00    ................
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00    ................
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00    ................
190: 00 00 00 00 00 00 00 00 00 00 00 00 37 70 00 00    ............7p..
1a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00    ................
1b0: 00 00 18 15 00 00 00 00 00 00 00 00 1e 10 00 00    ................
1c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00    ................
1d0: 00 00 00 00 01 00 00 10 00 00 00 00 00 00 00 00    ................
1e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00    ................
1f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a5 56    ...............V
Model= WDC WD5000BMVV-11A1CS0
Serial=      WD-WX80AA907712
Firmware revision= 01.01A01
supports 48 bit commands = 1
total addressable sectors= 976773168
words per logical sector= 0
Size in bytes= 500107862016
Size in MiB= 476940
logical sectors per physical sector(2^x)= 0
enhanced_security_erase_supported= 1
security_count_expired= 0
security_frozen= 1
security_locked= 0
security_enabled= 0
security_supported= 1
error_recovery_control= 0
long_sector_access =1
drive look ahead supported= 1
drive look ahead status= 1
write_uncorrectable supported= 0

---

Device information menu
q) Quit
p) Previous menu
h) Toggle script help
1) Identify device
2) Smart info
Enter your choice:
> 2
2
Smart structure version= 16
ID#   FLAG  VALUE WORST THRESH   RAW DATA          ATTRIBUTE NAME
  1  0x002f  200   200    51   0x00000000000000   Read Error Rate
  3  0x0027  174   143    21   0x000000000008d2   Spin-Up Time
  4  0x0032   99    99     0   0x00000000000643   Start/Stop Count
  5  0x0033  200   200   140   0x00000000000000   Reallocated Sectors Count
  7  0x002e  100   253     0   0x00000000000000   Seek Error Rate
  9  0x0032  100   100     0   0x00000000000274   Power-On Hours Count
 10  0x0033  100   100    51   0x00000000000000   Spin Retry Count
 11  0x0032  100   100     0   0x00000000000000   Calibration Retries
 12  0x0032   99    99     0   0x000000000004ae   Power Cycle Count
192  0x0032  200   200     0   0x000000000002dd   Power-Off Retract Cycles
193  0x0032  198   198     0   0x00000000001aeb   Load/Unload Cycles
194  0x0022  119    99     0   0x0000000000001c   Temperature
196  0x0032  200   200     0   0x00000000000000   Reallocation Events
197  0x0032  200   200     0   0x00000000000000   Current Pending Sectors
198  0x0030  100   253     0   0x00000000000000   Off-line Uncorrectable
199  0x0032  200   200     0   0x00000000000000   UDMA CRC Error Rate
200  0x0009  100   253    51   0x00000000000000   Write Error Rate

themaddoctor commented 7 years ago

My bad. Try sector 976769032.

themaddoctor commented 7 years ago

This keyblock was in sector 17 of module 25 (hex):

00000000  57 44 01 14 00 00 00 00  02 02 00 00 00 00 00 00  |WD..............|
00000010  00 00 00 00 3a 23 70 00  00 00 00 00 3a 23 70 00  |....:#p.....:#p.|
00000020  00 00 00 00 00 14 e0 00  20 00 00 00 00 00 00 00  |......à. .......|
00000030  00 00 00 00 00 00 00 00  00 00 00 00 57 44 01 14  |............WD..|
00000040  f0 26 e6 6c 59 02 bd 4a  52 d7 76 be 11 03 62 12  |ð&ælY.½JR×v¾..b.|
00000050  81 7c c5 08 29 57 73 0f  a6 84 cc c7 13 ea 52 20  |.|Å.)Ws.¦.ÌÇ.êR |
00000060  25 bb dc cc 7d 91 61 80  df b5 95 36 97 10 4c 09  |%»ÜÌ}.a.ßµ.6..L.|
00000070  e5 14 0d 3b 2f 26 63 2d  8d b3 21 29 30 0f 35 34  |å..;/&c-.³!)0.54|
00000080  6f a7 5b df 8a 84 0c 27  88 56 a6 bf 37 8e 38 39  |o§[ß...'.V¦¿7.89|
00000090  e2 96 11 9a 6e 0c d1 7a  25 29 c2 b5 ae 30 fd 3f  |â...n.Ñz%)Âµ®0ý?|
000000a0  e2 de 58 cc fa 76 e4 82  a8 20 74 9b e5 e1 de 14  |âÞXÌúvä.¨ t.åáÞ.|
000000b0  0c 96 4c d7 57 71 74 59  3f ff c2 2d 78 c1 77 a0  |..L×WqtY?ÿÂ-xÁw |
000000c0  a3 2b 01 d8 a4 40 3a 9c  d6 99 8a 47 79 b0 46 71  |£+.Ø¤@:.Ö..Gy°Fq|
000000d0  34 ad 8b e5 5d 03 02 05  65 22 74 8c c6 76 02 28  |4.å]...e"t.Æv.(|
000000e0  4c de d0 da 00 da 3a 8a  a3 29 2f 18 9c 32 ee 35  |LÞÐÚ.Ú:.£)/..2î5|
000000f0  de d5 30 0b 72 4a 34 97  12 aa 5a 2e 78 32 2c 3a  |ÞÕ0.rJ4..ªZ.x2,:|
00000100  44 3b 52 d2 c7 a4 99 f3  8a 1a 88 85 75 f5 dc 16  |D;RÒÇ¤.ó....uõÜ.|
00000110  b5 14 75 9d 22 20 4b 45  40 66 9d cd 46 73 6b 8f  |µ.u." KE@f.ÍFsk.|
00000120  9d 26 53 1d 00 f0 73 7b  ad 04 4d c8 f3 f1 c6 37  |.&S..ðs{.MÈóñÆ7|
00000130  03 52 8a de 4f 0a 2a e2  ab fb e4 fb 5d ec 5d 0a  |.R.ÞO.*â«ûäû]ì].|
00000140  65 c5 c3 b9 99 b4 73 75  8e 0f 4c 37 e0 e8 6d b8  |eÅÃ¹.´su..L7àèm¸|
00000150  23 ab db 29 6d 31 df 8f  ee a8 0d 42 de 33 9c 49  |#«Û)m1ß.î¨.BÞ3.I|
00000160  be 74 2c a4 2e 88 8f 7d  44 14 c9 8f 10 62 62 c5  |¾t,¤...}D.É..bbÅ|
00000170  f7 f0 80 c4 d0 c1 c8 f8  23 14 57 db 90 e8 cc 9e  |÷ð.ÄÐÁÈø#.WÛ.èÌ.|
00000180  58 10 d8 5a 46 9f 7c 42  c5 22 31 22 e4 1f ea 95  |X.ØZF.|BÅ"1"ä.ê.|
00000190  9c da 63 af a5 47 e4 e9  72 8c 9f f0 ff 35 d6 0e  |.Úc¯¥Gäér..ðÿ5Ö.|
000001a0  d7 11 85 0d 6e 05 15 2c  c6 9d 9a da 72 1e 43 ff  |×...n..,Æ..Úr.Cÿ|
000001b0  9e 99 86 00 76 69 08 74  d7 ce d1 54 57 2f 62 ce  |....vi.t×ÎÑTW/bÎ|
000001c0  5d c6 d6 df 34 6d 88 da  01 70 cf 35 97 b5 74 d2  |]ÆÖß4m.Ú.pÏ5.µtÒ|
000001d0  03 2b a9 ac d7 83 32 65  4f 54 8c 0e 49 ef 71 c0  |.+©¬×.2eOT..IïqÀ|
000001e0  25 0b 13 67 cc fe 29 b0  7d 0d 39 d8 a8 1d 35 8c  |%..gÌþ)°}.9Ø¨.5.|
000001f0  b6 86 bd fe 93 04 39 1b  aa 8b 1c f0 ee af 94 23  |¶.½þ..9.ª..ðî¯.#|

The key is b9f5f121f611416f4343ee4847f2ddfd03109682d97d46c6bf545f29fbee557a

themaddoctor commented 7 years ago

What must have happened is that the keyblock in the user data area was corrupted, and that confused the firmware. Very luckily, the keyblock in the service area was intact.

themaddoctor commented 7 years ago

@stynoo since you have a "working" INIC-chipped drive, would you be willing to help with research? If so, can you try a status call to the drive? sg_raw -r 1k /dev/whatever c0 45 00 00 00 00 00 30 And if that works without error, would you be willing to do about 10,000 of them and dump the output into a file? It would help me to work out how the on-board random-number generator works. Something like for i in seq 1 10000; do sg_raw -r 1k /dev/whatever c0 45 00 00 00 00 00 30 >> statusdump.txt; done And lastly, I would want the manufacture date from the label on the drive.

Thanks a lot!

stynoo commented 7 years ago

Well look at this!

# file decrypted.img
decrypted.img: DOS/MBR boot sector MS-MBR XP english at offset 0x12c "Invalid partition table" at offset 0x144 "Error loading operating system" at offset 0x163 "Missing operating system", disk signature 0x21968; partition 1 : ID=0xc, start-CHS (0x0,32,33), end-CHS (0x3ff,254,63), startsector 2048, 975398912 sectors

For later reference; I used this:

# reallymine decryptfile crypted.img decrypted.img b9f5f121f611416f4343ee4847f2ddfd03109682d97d46c6bf545f29fbee557a 'swaplongs decrypt swaplongs'

would you be willing to help with research?

You don't have to ask, let me decrypt this and I'll provide whatever info you need from that disk...

themaddoctor commented 7 years ago

When you're done with recovery, remind me to tell you how to fix the disk so it works like it used to (hopefully).

stynoo commented 7 years ago

The recovery just finished and the data is safe.
Here goes:

root@tinker:~# sg_raw -r 1k /dev/sdc c0 45 00 00 00 00 00 30
SCSI Status: Check Condition 

Sense Information:
 Fixed format, current;  Sense key: Illegal Request
 Additional sense: Invalid command operation code

Error 9 occurred, no data received

But wait, there is no way that I will trust any more data to this disk, besides the sata conversion disabled the usb interface. So if you @themaddoctor or @andlabs would accept I am willing to ship the disk to you on my own expense (after a zero-fill ofcourse).

themaddoctor commented 7 years ago

The status comman only works through the USB connection.

How is it that adding the SATA disabled the USB? I would have thought that you could use either at this point.

stynoo commented 7 years ago

To enable SATA, you have to remove four capacitors to disable the USB bridge. Those are waaaaay to small to repair for me.

themaddoctor commented 7 years ago

Ah. Did you keep them?

stynoo commented 7 years ago

Impossible :-) See for yourself..

themaddoctor commented 7 years ago

Yeah, I see.

Yes, I would like this disk. Thank you. I'll try to replace the capacitors, because I want to talk to the Initio chip and pry out its secrets.

Before you zero out, could you dump sector 976769032 real quick, just to make sure it's the same keyblock that you found with reallymine?

My email is thomas dot a dot kaeding at gmail dot com. Won't post my physical address online.

stynoo commented 7 years ago

No worries, I still have the raw images.

00000000  57 44 01 14 00 00 00 00  02 02 00 00 00 00 00 00  |WD..............|
00000010  00 00 00 00 3a 23 70 00  00 00 00 00 3a 23 70 00  |....:#p.....:#p.|
00000020  00 00 00 00 00 14 e0 00  20 00 00 00 00 00 00 00  |........ .......|
00000030  00 00 00 00 00 00 00 00  00 00 00 00 57 44 01 14  |............WD..|
00000040  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000060  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000070  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000080  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000090  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000a0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000b0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000c0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000d0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000e0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000f0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000100  e5 52 45 52 33 4b 4a 4d  20 20 20 30 00 09 14 b8  |.RER3KJM   0....|
00000110  70 42 70 42 00 00 f7 00  0f 41 a4 ce 00 80 00 00  |pBpB.....A......|
00000120  e5 2d 00 44 00 69 00 41  00 4d 00 0f 00 26 4f 00  |.-.D.i.A.M...&O.|
00000130  4e 00 44 00 00 00 ff ff  ff ff 00 00 ff ff ff ff  |N.D.............|
00000140  e5 24 00 49 00 58 00 37  00 35 00 0f 00 26 4b 00  |.$.I.X.7.5...&K.|
00000150  37 00 55 00 2e 00 58 00  76 00 00 00 69 00 44 00  |7.U...X.v...i.D.|
00000160  e5 49 58 37 35 4b 7e 31  58 56 49 20 00 83 f9 89  |.IX75K~1XVI ....|
00000170  7c 43 db 46 00 00 fa 89  7c 43 15 75 20 02 00 00  ||C.F....|C.u ...|
00000180  e5 2d 00 44 00 69 00 41  00 4d 00 0f 00 78 4f 00  |.-.D.i.A.M...xO.|
00000190  4e 00 44 00 00 00 ff ff  ff ff 00 00 ff ff ff ff  |N.D.............|
000001a0  e5 24 00 52 00 58 00 37  00 35 00 0f 00 78 4b 00  |.$.R.X.7.5...xK.|
000001b0  37 00 55 00 2e 00 58 00  76 00 00 00 69 00 44 00  |7.U...X.v...i.D.|
000001c0  e5 52 58 37 35 4b 7e 31  58 56 49 10 00 09 b1 b2  |.RX75K~1XVI.....|
000001d0  70 42 70 42 00 00 77 69  13 41 8c 57 00 80 00 00  |pBpB..wi.A.W....|
000001e0  e5 49 57 5a 41 4b 50 4e  41 56 49 20 10 3b 8e 8a  |.IWZAKPNAVI .;..|
000001f0  7c 43 db 46 00 00 8f 8a  7c 43 75 57 20 02 00 00  ||C.F....|CuW ...|
00000200
1+0 records in
1+0 records out
512 bytes copied, 0,000700507 s, 731 kB/s

I'll send you a mail when my friend confirms that her data is saved.

stynoo commented 7 years ago

Out of curiosity, how did you find the keyblock in the modules? Did you grep for a specific pattern?
And where in that block is the key located?

themaddoctor commented 7 years ago

Sector 17 of module 25. I dumped each sector as hex and grepped for 8 hex digits at the beginning (57440114). I did a bash command to loop over all the module files.

themaddoctor commented 7 years ago

ReallyMine does something similar.

themaddoctor commented 7 years ago

@stynoo Maybe take a look at issue #38: https://github.com/andlabs/reallymine/issues/38

The ReallyMine developer needs guinea pigs to test multi-thread decryption. Since you seem to know what you're doing, and have a small disk image (500GB compared to 1, 2, 3, or 4TB), maybe you could give it a try.

stynoo commented 7 years ago

I saw that post and did some tests already. I'll post some findings in the issue as I am not sure I was able to compile it correctly.

andlabs / reallymine

WD My Passport Essential WDBAAA5000ABK - keeps asking for a password. #44