decrypt wd my book

[raminbabaie]

Hi, , i am HDD repairing and Data recovery Technician you can check me in linked plz send me massage i will send to you linked in address.

Hope you are well. I was reading your training about Decryption of data in WD my passport HDD that a question came to my mind that we challenge with it everyday in our center .

sometimes customers have password on their HDD and have forgotten it ,how we can access to the password ?

the next question is , sometimes HDD has password and customers format HDD and the data become encrypted ,do you have any idea for finding the password? we use data recovery tools .like mrt .wd marvel .i can find easily keyblock than module 25 or 38

by the way it was very useful thanks for your efforts and i hope i can also help people with your guidance . i am looking forward to hearing from you.

[themaddoctor]

I can recover the disk key for the JMS538S and Symwave chips in 95% of cases, because I have special tools. For other chipsets, I can find passwords with a dictionary attack (but no guarantee).

For password recovery, I need some documentation to show that the client is the true owner of the disk.

If I understand your 2nd question, formatting does not change the disk key, unless the client does a special "quick erase" using the WD software. In that case, I can recover the key only for JMS538S chipsets.

[themaddoctor]

I hope that answers your questions.

[raminbabaie]

thanks for reply .very good .can u help me for find password and decrypt data?. i dont use linux.i use data recovery software.

[raminbabaie]

my work is data recovery and i have very prb for this

[themaddoctor]

1. Show me the documentation that your client is the true owner of the disk.

2. Is it a MyBook or a Passport?

3. Which chipset is on the USB bridge card?

[raminbabaie]

hi. this is passport, and have symwave 6316 usb bridge ic ,and with wd security software formated

On Tue, Jul 2, 2019 at 12:35 AM themaddoctor notifications@github.com wrote:

1.

Show me the documentation that your client is the true owner of the disk. 2.

Is it a MyBook or a Passport? 3.

Which chipset is on the USB bridge card?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/themaddoctor/linux-mybook-tools/issues/35?email_source=notifications&email_token=AMP5BKDAEKI3C7OVV3ZRN6DP5JPPNA5CNFSM4H4VI6R2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODY7GJII#issuecomment-507405473, or mute the thread https://github.com/notifications/unsubscribe-auth/AMP5BKATFMYCE3PTWYKXQQLP5JPPNANCNFSM4H4VI6RQ .

[raminbabaie]

plz send me email ,i will send to you documentation factor for client

On Tue, Jul 2, 2019 at 4:22 PM Araz Babaie araz.babaie@gmail.com wrote:

hi. this is passport, and have symwave 6316 usb bridge ic ,and with wd security software formated

On Tue, Jul 2, 2019 at 12:35 AM themaddoctor notifications@github.com wrote:

1.

Show me the documentation that your client is the true owner of the disk. 2.

Is it a MyBook or a Passport? 3.

Which chipset is on the USB bridge card?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/themaddoctor/linux-mybook-tools/issues/35?email_source=notifications&email_token=AMP5BKDAEKI3C7OVV3ZRN6DP5JPPNA5CNFSM4H4VI6R2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODY7GJII#issuecomment-507405473, or mute the thread https://github.com/notifications/unsubscribe-auth/AMP5BKATFMYCE3PTWYKXQQLP5JPPNANCNFSM4H4VI6RQ .

[themaddoctor]

I'm sorry, but for the Symwave chip I cannot help if the drive was reencrypted with the WD software. It is not clear from your messages what has happened to the drive.

[raminbabaie]

No problem Thomas .I have another case symwave but not formatted .customer just lost password.if you can help me .we in center very have problem for this subject. On Jul 2, 2019 4:27 PM, "themaddoctor" notifications@github.com wrote:

I'm sorry, but for the Symwave chip I cannot help if the drive was reencrypted with the WD software. It is not clear from your messages what has happened to the drive.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/themaddoctor/linux-mybook-tools/issues/35?email_source=notifications&email_token=AMP5BKCVCMXHZARDCAS4M7DP5M7BNA5CNFSM4H4VI6R2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODZBAXZY#issuecomment-507644903, or mute the thread https://github.com/notifications/unsubscribe-auth/AMP5BKGGHPN7HMS5S33EXKTP5M7BNANCNFSM4H4VI6RQ .

[raminbabaie]

Customers think that in the event of a forgotten password, they can format the hard disk and recovery it with the usual software.

[raminbabaie]

https://mega.nz/#!jihwjYQJ!cyBeXrCduq-T6ATq3-qy2CKlNTUN2z3jZkzlzM1kDRY this is keyblock for lost password hdd.thanks for help

[themaddoctor]

Send proof of true ownership and I will send you the key to the encryption. Then you will have to follow the instructions in "Mounting encrypted WD disks in linux", using the section on Symwave in XTS mode.

[themaddoctor]

I don't think that you and I agree on what the word "format" means.

[raminbabaie]

Plz give me email address to send file .I can't load here On Jul 2, 2019 7:06 PM, "themaddoctor" notifications@github.com wrote:

Send proof of true ownership and I will send you the key to the encryption. Then you will have to follow the instructions in "Mounting encrypted WD disks in linux", using the section on Symwave in XTS mode.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/themaddoctor/linux-mybook-tools/issues/35?email_source=notifications&email_token=AMP5BKF3LBHNYFOF6RP3ON3P5NRVNA5CNFSM4H4VI6R2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODZBPTGQ#issuecomment-507705754, or mute the thread https://github.com/notifications/unsubscribe-auth/AMP5BKDTXB5OV2LFZ6LFAP3P5NRVNANCNFSM4H4VI6RQ .

[raminbabaie]

Erase with wd security I mean . On Jul 2, 2019 7:06 PM, "themaddoctor" notifications@github.com wrote:

I don't think that you and I agree on what the word "format" means.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/themaddoctor/linux-mybook-tools/issues/35?email_source=notifications&email_token=AMP5BKD2H6JQ2C23ZD6SXMDP5NRXPA5CNFSM4H4VI6R2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODZBPU4Q#issuecomment-507705970, or mute the thread https://github.com/notifications/unsubscribe-auth/AMP5BKFHAVS4PBDPQC4SZOTP5NRXPANCNFSM4H4VI6RQ .

[themaddoctor]

Erasing with WD security software DESTROYS the keyblock, and then the key is lost forever.

[themaddoctor]

this is a temporary email. I cannot guarantee that it works. joclutitre@wemel.site

[raminbabaie]

Hmmmmmm.ok I got it .where I can send file to u? On Jul 2, 2019 7:11 PM, "themaddoctor" notifications@github.com wrote:

Erasing with WD security software DESTROYS the keyblock, and then the key is lost forever.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/themaddoctor/linux-mybook-tools/issues/35?email_source=notifications&email_token=AMP5BKEFJYS4B4BEC2Q6EPTP5NSH7A5CNFSM4H4VI6R2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODZBQDGI#issuecomment-507707801, or mute the thread https://github.com/notifications/unsubscribe-auth/AMP5BKHCEEAW7UTBSDJDTLLP5NSH7ANCNFSM4H4VI6RQ .

[themaddoctor]

joclutitre@wemel.site

[themaddoctor]

Sorry, that email cannot handle RAR files.

[raminbabaie]

i have sent it .plz check it

On Tue, Jul 2, 2019 at 7:15 PM themaddoctor notifications@github.com wrote:

joclutitre@wemel.site

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/themaddoctor/linux-mybook-tools/issues/35?email_source=notifications&email_token=AMP5BKHHWXAD35XQ5KT6GK3P5NSXFA5CNFSM4H4VI6R2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODZBQQAA#issuecomment-507709440, or mute the thread https://github.com/notifications/unsubscribe-auth/AMP5BKDWSFZ2SU62QB57SP3P5NSXFANCNFSM4H4VI6RQ .

[raminbabaie]

ok now i send picture .plz check again

On Tue, Jul 2, 2019 at 7:28 PM Araz Babaie araz.babaie@gmail.com wrote:

i have sent it .plz check it

On Tue, Jul 2, 2019 at 7:15 PM themaddoctor notifications@github.com wrote:

joclutitre@wemel.site

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/themaddoctor/linux-mybook-tools/issues/35?email_source=notifications&email_token=AMP5BKHHWXAD35XQ5KT6GK3P5NSXFA5CNFSM4H4VI6R2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODZBQQAA#issuecomment-507709440, or mute the thread https://github.com/notifications/unsubscribe-auth/AMP5BKDWSFZ2SU62QB57SP3P5NSXFANCNFSM4H4VI6RQ .

[themaddoctor]

It only handles text files. Encode the jpg in base64 and send that.

[raminbabaie]

i sent

On Tue, Jul 2, 2019 at 7:33 PM themaddoctor notifications@github.com wrote:

It only handles text files. Encode the jpg in base64 and send that.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/themaddoctor/linux-mybook-tools/issues/35?email_source=notifications&email_token=AMP5BKCRWWDD6KMTORJ6TIDP5NU3ZA5CNFSM4H4VI6R2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODZBSM5I#issuecomment-507717237, or mute the thread https://github.com/notifications/unsubscribe-auth/AMP5BKG2UG2VLY4E4JYLEPDP5NU3ZANCNFSM4H4VI6RQ .

[themaddoctor]

Where do you work?

[themaddoctor]

What you sent is a receipt or work order from your own business. It does not show that the client owns the disk. Proof of ownership could be the original receipt or the registration for the warranty on the WD website.

[raminbabaie]

you are right, but the problem is that we live in a country that is under strict sanctions and we dont have any access to international marketing like buying from the WD website. this receipt is the only proof that we can get from the customer in our center and all of the centers in Iran. our purpose is just to help the customer to not lose the data.i hope you can understand my situation. thank you.

On Tue, Jul 2, 2019 at 7:59 PM themaddoctor notifications@github.com wrote:

What you sent is a receipt or work order from your own business. It does not show that the client owns the disk. Proof of ownership could be the original receipt or the registration for the warranty on the WD website.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/themaddoctor/linux-mybook-tools/issues/35?email_source=notifications&email_token=AMP5BKBDSUDAYA7CXWOPIYLP5NX6DA5CNFSM4H4VI6R2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODZBVAGQ#issuecomment-507727898, or mute the thread https://github.com/notifications/unsubscribe-auth/AMP5BKFNT7D55BB7SY5ICTTP5NX6DANCNFSM4H4VI6RQ .

[raminbabaie]

I'm waiting for your answer can you help me? On Jul 2, 2019 7:59 PM, "themaddoctor" notifications@github.com wrote:

What you sent is a receipt or work order from your own business. It does not show that the client owns the disk. Proof of ownership could be the original receipt or the registration for the warranty on the WD website.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/themaddoctor/linux-mybook-tools/issues/35?email_source=notifications&email_token=AMP5BKBDSUDAYA7CXWOPIYLP5NX6DA5CNFSM4H4VI6R2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODZBVAGQ#issuecomment-507727898, or mute the thread https://github.com/notifications/unsubscribe-auth/AMP5BKFNT7D55BB7SY5ICTTP5NX6DANCNFSM4H4VI6RQ .

[themaddoctor]

My temporary email has expired. What is your email address?

[raminbabaie]

Plz check this email . blthgiwzjluimtyl@protonmail.com On Jul 2, 2019 10:24 PM, "Araz Babaie" araz.babaie@gmail.com wrote:

Araz.babaie@gmail.com On Jul 2, 2019 10:23 PM, "themaddoctor" notifications@github.com wrote:

My temporary email has expired. What is your email address?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/themaddoctor/linux-mybook-tools/issues/35?email_source=notifications&email_token=AMP5BKFZB4BZLLCIBT36YMDP5OIZZA5CNFSM4H4VI6R2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODZCCC5Y#issuecomment-507781495, or mute the thread https://github.com/notifications/unsubscribe-auth/AMP5BKDW6YKZ66WEUQUUY5TP5OIZZANCNFSM4H4VI6RQ .

[themaddoctor]

No, sorry. It is illegal in my country to share software that can be used to break into computer systems.

[raminbabaie]

thank you for help bro.:):)