Is it possible to read WD Mybook using generic HDD enclosure?

[azrielnation]

I have WD Mybook 4 Tb, while the drive still perfectly working, the board give up suddenly. I still can access data from windows just like about 5-10 sec before the board disconnect the connection. I have try to dissemble the drive and bought a generic SATA to USB enclosure. But the disk said not formatted and cannot opened. I never set any password on it.

I'm not familiar with Linux, but trying follow the instruction one by one, but get lost because I got different result from first step.

Is the data really encrypted by onboard chip WD even I don't use their tools to encrypt? or I just need to repair the MBR just to access my file? thanks for your help.

I already hopeless and want to buy another WD Mybook just to get the working board. But unfortunately, my HDD type already discontinue. The board code is 4061-705149-A00 Rev AB. If you know that the newest type can be use as substitute, I will take that option. But if the encryption really specific by board code, then no option left for me unless you help me step by step to retrieve/ mount the drive. thanks again.

[themaddoctor]

Yes, it's encrypted. Setting a password only changes how the key is stored.

[azrielnation]

thanks for reply. I try my best to follow your PDF instruction step by step. I will update what I got.

First to make sure I didn't set wrongly, I use orico SATA to USB enclosure. I have connect it to windows but not do any formatting or disk checking. I use Ubuntu 18.04 LS live USB.

first step is checking in proc/partitions 8 32 3906985816 sdc

then sudo file -s /dev/sdc

give me:

/dev/sdc: DOS/MBR boot sector MS-MBR XP english at offset 0x12c "Invalid partition table" at offset 0x144 "Error loading operating system" at offset 0x163 "Missing operating system", disk signature 0xdb4bf07b; partition 1 : ID=0x7, start-CHS (0x0,4,5), end-CHS (0x3ff,254,63), startsector 256, 976745984 sectors

then I do mkdir wd cd wd

(wd folder appear on my home directory)

then next instruction is echo 03141592653589793238462643383279fcebea6d9aca7686cdc7b9d9bcc7cd86 > kek.hex (kek.hex file appear inside wd folder) then next one I can't decide which one to use as I don't know which chip my WD use. can you help me where I could find for chip description? What I saw on my board, I only found this chip name:

Asmedia ASM 1051w Pm25LD020 RT8284 APM 4232

again, thanks for your help.

[azrielnation]

For googling using Asmedia as searchkey I found that Asmedia ASM 1051W doesn't do encrypt the drive. I use R-studio and I found all my files still there. But the partition were split into 2. I don't know which tools are the best for this scenario. Is there any tools to fix partition so it could recognize by windows again?

[klturi421]

@azrielnation - based on my experience over the past few weeks I have found that there is not a way to repair the partitions to be recognized. I've found that the best way to recover the files is to run reallymine on the drive which will create the .img file which can then be used in programs like R-Studio and DMDE, even potentially other available software like Recuva (have yet to test).

Further more, if you use Reallymine's command sudo reallymine getdek /dev/sda (replace /dev/sda with the correct location of your drive) it will tell you which chip you have or at least which chip your drive was "encrypted" with.

[azrielnation]

@klturi421. I have directly scan the HDD using RStudio. Takes really long (10 hours) but the result.. almost all my files were detected and not corrupted. The split partition were result from early detection, but after scan throughly the partition fully recognize as one drive. Yet still cannot recognize by windows. I will do some experiment after I recover all my files, maybe there is a software that could rebuild again the partition table and fix the hdd so it could read directly from windows. But I guess it would be really hard, from what I learn, the WD using hardware IC to emulate 4K block in 512 byte HDD block. Rstudio could emulate again this process, but directly read it would be impossible.

[themaddoctor]

You could use a linux computer to repartition it with the correct block size. If you line it up right, it should work. Don't do it on windows, because windows will destroy the first block on each new partiton.

[klturi421]

@azrielnation. Dang, sounds like you got lucky and caught the issue early on. Sadly for myself I am having to run at about 40gb a day and still have about 65+ days to go. Glad to hear that you were able to recover your files though!

I'm definitely eager to get the files copied and then toy around with the drive a bit to see if there was anything I could have done differently. Of course I will probably find that I missed something completely that would have ended up saving me a ton of time.

[azrielnation]

@themaddoctor yes, I will try in linux after recover all my files. Some of tools really scary to try if your precious data still there. You have any suggestions or tutorial to remap the block size?

@klturi421 wow, 40Gb takes 65 days? Have you try to use USB 3.0? I've try on my old computer with USB 2.0 and only do fast scan takes 4 days to complete based on software estimation time, but I gave up after waiting 24 hours because my HDD case getting really hot, I dont want to burn my HDD. Then I switch to my office computer and gain the full speed of USB 3.0. I just need 10 hours to fully scan 4 TB HDD, and maybe 6 hours to recover all my data.

[klturi421]

@azrielnation - I think you may have misunderstood, its 40 GB per 24 hours. 3TB is whats taking 65 days. Currently the HDD is connected via SATA 3 to the PC using Ubuntu 18.04. No matter if I have it connected via SATA or USB 3 it still takes the same amount of time using the standard Reallymine configuration. When I attempt to use the concurrent configuration, it did not actually decrypt the drive and no files were recoverable when I opened the img in R-Studio. If I try to just scan the drive when connected to sata via R-Studio, I get no recoverable files. But when I used a small sample of the copied img I was able to find some files.

I did some testing using both versions of reallymine and on USB or SATA, the only version that I am able to actually recover any data from the img is the non-concurrent or standard release of reallymine. I'm not sure if I'm doing something wrong but it certainly is frustrating! Also when I run reallymine concurrent via usb I am only able to get the first 360 GB of data.

[themaddoctor]

My suggestion was to run fdisk and remove the existing partition, then add one that starts at the correct sector (usually 2048).

[Zibri]

Yes, it's encrypted. Setting a password only changes how the key is stored.

well that depends... if you issue the erase command the KEY should change too.