Open NameDoesNotGoHere opened 4 years ago
sudo dd if=/dev/mapper/wd skip=2048 count=16 | file -
16+0 records in
16+0 records out
8192 bytes (8.2 kB, 8.0 KiB) copied, 0.0030416 s, 2.7 MB/s
/dev/stdin: data
... indicates that it does not see a file system there.
If you send me a copy of your keyblock and sectors 0 and 2048, I will see if my script can decrypt them.
What commands would I need to enter to get that information? I'm sorry, but I'd prefer doing this locally on my machine.
If you want to do everything locally, then double check that you typed everything correctly. From your output, it looks like you have the wrong key or there is something different about your disk. I can't tell without seeing a copy of your keyblock and sectors 0 and 2048.
If you want to do everything locally, then double check that you typed everything correctly. From your output, it looks like you have the wrong key or there is something different about your disk. I can't tell without seeing a copy of your keyblock and sectors 0 and 2048.
user@user-virtual-machine:~/wd$ hexdump -C kb.bin
00000000 57 44 01 14 00 00 00 00 01 00 00 00 00 00 00 00 |WD..............|
00000010 00 00 00 00 74 5b 78 00 00 00 00 00 74 5b 78 00 |....t[x.....t[x.|
00000020 00 00 00 00 00 14 e0 00 10 00 00 00 00 00 00 00 |................|
00000030 00 00 00 00 00 00 00 00 00 00 00 00 57 44 01 14 |............WD..|
00000040 b1 1c 3d 27 46 6b 57 bb b9 cd 95 7c 4e a6 d4 ae |..='FkW....|N...|
00000050 7a d9 22 53 72 fb 18 c0 c4 27 b0 df a0 6f d0 6d |z."Sr....'...o.m|
00000060 a1 0d 2e b2 9c 83 8a 82 8a 48 07 7e 9a eb 2b dc |.........H.~..+.|
00000070 d5 dc ba c1 bc 10 57 83 80 90 17 b7 40 ca 7f 00 |......W.....@...|
00000080 e9 e7 3f 94 50 9a 90 d8 af 9c 9a 49 50 4d e3 07 |..?.P......IPM..|
00000090 2f d1 72 43 af 1a e3 99 8b a0 9e 17 5b 69 61 a5 |/.rC........[ia.|
000000a0 4d e3 8d 0e a3 c9 e1 04 2d ce 08 0e c9 8a b1 04 |M.......-.......|
000000b0 62 18 c8 d0 88 9a 76 5f bb 5c f6 17 63 00 84 8a |b.....v_.\..c...|
000000c0 36 8e 4c 93 33 ec 6a c4 9b 95 c2 3d 4f fa 15 8e |6.L.3.j....=O...|
000000d0 f4 bf 5b ae c6 3a 37 ca 9a 99 d1 0b dd 2e bf 14 |..[..:7.........|
000000e0 2b bd 35 36 a4 06 82 f7 66 f7 70 25 7b f8 84 1d |+.56....f.p%{...|
000000f0 50 b3 70 34 af f8 22 46 27 33 8d 7a 1f 2f ec dd |P.p4.."F'3.z./..|
00000100 d1 2f e8 21 30 30 44 b1 fc 06 a1 f0 97 ff 09 a5 |./.!00D.........|
00000110 10 ba 7d f1 5b 08 e6 bc e5 5f e7 4e 79 7b ef e7 |..}.[...._.Ny{..|
00000120 7c fd 1e 59 04 24 21 0d 87 12 f7 bb 4b c3 cb a6 ||..Y.$!.....K...|
00000130 28 7d 92 93 71 6d 66 63 39 ae b0 6f dc 5d 87 97 |(}..qmfc9..o.]..|
00000140 bf ef 7d e3 83 fc 95 d0 28 60 9f 5e 68 dc d9 97 |..}.....(`.^h...|
00000150 a3 a7 ca 2f b0 ec 2d 61 83 4f ea 3e 76 24 9f df |.../..-a.O.>v$..|
00000160 75 ae c1 47 e6 83 75 50 e4 8a e3 2e c6 4d 0e c8 |u..G..uP.....M..|
00000170 48 4a ca b3 0e 17 b3 c0 6a 67 65 fd 0f 88 77 e5 |HJ......jge...w.|
00000180 94 a6 39 c7 a1 41 30 2a 4c 1c 6d 92 10 be 90 b8 |..9..A0*L.m.....|
00000190 b8 07 e8 ca ab 95 54 ba f9 75 e7 f1 07 12 ca f0 |......T..u......|
000001a0 6b 68 40 08 d4 80 a3 62 71 05 f7 db 6c ab 90 eb |kh@....bq...l...|
000001b0 86 ad 5e ee f5 e6 51 3a 5b ab 87 10 83 b4 c7 8b |..^...Q:[.......|
000001c0 1d 71 f8 8f 46 62 d0 55 6e 50 28 73 50 d0 d9 5d |.q..Fb.UnP(sP..]|
000001d0 2f 23 6a 9b c2 13 1b 3d a9 f1 4b 88 76 6a c1 54 |/#j....=..K.vj.T|
000001e0 ed 85 d4 59 a5 34 6e 08 15 1e 05 b7 46 91 60 4e |...Y.4n.....F.`N|
000001f0 d4 71 2d f5 34 41 99 8d 26 5b 36 c2 ee 6c 3f d2 |.q-.4A..&[6..l?.|
00000200
user@user-virtual-machine:~/wd$ sudo dd if=/dev/sdb count=1 | hexdump -C
00000000 eb b7 09 e4 fb 7d ef ac d5 70 78 fe a4 30 2e 93 |.....}...px..0..|
00000010 65 0e be cf 63 75 8e ad 16 1c 4a 31 b3 0c 4d 8d |e...cu....J1..M.|
00000020 7f 5d 19 8e a3 5b 6d d7 1f 88 d4 21 d9 bf ca 17 |.]...[m....!....|
00000030 91 a8 33 59 82 d0 68 16 8a b1 b3 41 1c a5 fa 76 |..3Y..h....A...v|
00000040 ad c0 19 99 79 dd 0e 33 f6 48 16 a1 f6 81 b3 05 |....y..3.H......|
00000050 bc 86 fe 28 95 36 8f dd ab 35 e3 15 88 ab 5d 80 |...(.6...5....].|
00000060 e3 3d bd c5 ce b8 f6 c1 e7 49 e6 9c 19 7a c2 e5 |.=.......I...z..|
00000070 84 9e ab 6a 0a 5c 7b f5 41 31 44 84 ca 20 8c 6a |...j.\{.A1D.. .j|
00000080 37 10 a3 20 9f c6 80 00 1d 4f 3e 58 bc 29 6d 62 |7.. .....O>X.)mb|
00000090 a3 91 c2 c8 e8 86 04 dc 90 eb 0c 3f d6 fd 94 0b |...........?....|
000000a0 6b 32 17 fa 5e 1c 47 8c 0c 10 5f df 12 f4 10 68 |k2..^.G..._....h|
000000b0 7f b0 fb d8 c0 6a 4f f6 23 14 78 c4 bd 86 2f 1d |.....jO.#.x.../.|
000000c0 0f 11 99 6d db 17 70 e9 d5 32 fd e0 cb cb 41 f3 |...m..p..2....A.|
000000d0 29 a4 ab 2f d3 45 7e e9 2e 89 7e 33 3e d3 68 45 |)../.E~...~3>.hE|
000000e0 37 e9 6f cf 3e 7e b4 18 e5 91 5c 37 80 ec 79 4e |7.o.>~....\7..yN|
000000f0 f7 8f 7e 9a 81 b8 f4 c9 b0 6f d6 ef b3 75 23 59 |..~......o...u#Y|
00000100 bd 2d ad b0 c4 91 3f e1 55 ac ff 1f 40 f3 6c f0 |.-....?.U...@.l.|
00000110 af 0a a0 09 d0 6a 3f ce 70 8b c5 4c 8c 18 7b 14 |.....j?.p..L..{.|
00000120 25 08 46 39 d4 8b 70 e3 0d b8 2d cd a9 f1 08 74 |%.F9..p...-....t|
00000130 26 b8 17 7b a6 b2 71 5c e7 13 4e 6e df 29 bb c8 |&..{..q\..Nn.)..|
00000140 41 de 4b e3 49 0d 29 bf f6 41 bb 82 05 d0 f6 2a |A.K.I.)..A.....*|
00000150 2d 51 2b 5e df 93 6c a6 03 68 1b 07 bf ab ea 59 |-Q+^..l..h.....Y|
00000160 9e ae be 8b d9 94 5a 2c f3 02 43 60 42 4c 42 23 |......Z,..C`BLB#|
00000170 1f 68 18 7a 6b 3b 90 f4 ad 66 35 74 ca 2a 8b c1 |.h.zk;...f5t.*..|
00000180 a9 4f 5f a6 22 2f 30 e1 13 98 e0 f7 68 fe 7e 9e |.O_."/0.....h.~.|
*
000001b0 1f 60 cf be 60 37 83 c8 02 c8 f4 06 e2 24 99 64 |.`..`7.......$.d|
000001c0 6f a0 37 95 2b 66 32 32 15 5d 28 59 92 29 fb fb |o.7.+f22.](Y.)..|
000001d0 a9 4f 5f a6 22 2f 30 e1 13 98 e0 f7 68 fe 7e 9e |.O_."/0.....h.~.|
*
000001f0 80 07 9b 16 e2 56 53 92 46 cc e9 54 05 6f 96 30 |.....VS.F..T.o.0|
1+0 records in
1+0 records out
512 bytes copied, 0.48172 s, 1.1 kB/s
00000200
user@user-virtual-machine:~/wd$ sudo dd if=/dev/sdb count=1 skip=2048 | hexdump -C
00000000 d3 d3 d8 f8 4f 17 8e 4c 88 17 6a 1f c1 d3 d5 6c |....O..L..j....l|
00000010 2d 1d d8 5f c4 e2 4a 24 ab b9 5a ff 62 71 99 84 |-.._..J$..Z.bq..|
00000020 01 bc 78 4e 98 f3 5a 87 97 85 69 9b 69 12 8c a8 |..xN..Z...i.i...|
00000030 45 c9 a4 31 fc 2f c7 fb 8e 38 b5 3e d2 93 d2 58 |E..1./...8.>...X|
00000040 d4 f4 97 63 f7 53 df 8e f8 61 1c aa 5e 9f 5e d9 |...c.S...a..^.^.|
00000050 aa fb f4 b8 50 54 08 1f 68 a6 32 b9 47 41 3f 1a |....PT..h.2.GA?.|
00000060 ab f8 c6 8b 65 66 fa c2 b0 a5 7b 7c e5 a6 38 d5 |....ef....{|..8.|
00000070 06 b9 08 b1 d6 c0 a0 c6 e2 b8 22 07 b9 f8 e5 06 |..........".....|
00000080 a3 cf ab 8f 70 b5 ce ea fd bc fa 57 3c 26 24 b7 |....p......W<&$.|
00000090 91 75 97 63 33 03 98 f6 13 fd fb 70 c3 87 fa 1c |.u.c3......p....|
000000a0 8c fe 56 99 b6 ad 74 1f 07 89 c3 f1 40 fa 0d 3a |..V...t.....@..:|
000000b0 3d 0a d4 2a 25 fd f6 39 da 4c 82 34 ec a5 4e df |=..*%..9.L.4..N.|
000000c0 47 c8 b4 4a 34 ec d8 d2 93 d2 14 46 31 b3 0a 6c |G..J4......F1..l|
000000d0 ca 07 a2 5d a5 fe 2f 8c 86 fe b9 cb c3 25 81 a1 |...]../......%..|
000000e0 1f b1 95 09 43 50 66 dd e9 21 d1 36 8f 0f a7 f5 |....CPf..!.6....|
000000f0 8a a6 0f 98 10 79 12 f0 41 c6 a3 bd f4 ca ff 8a |.....y..A.......|
00000100 b7 c7 75 b4 2a 5f 1f 1d 73 7f e1 7e 16 c7 b4 53 |..u.*_..s..~...S|
00000110 97 15 3c 25 7f 00 f4 3a a2 e1 90 49 8a 62 cb cd |..<%...:...I.b..|
00000120 04 2a fd e1 d3 f6 a9 7c 1f ef 00 0b 87 d4 f4 25 |.*.....|.......%|
00000130 46 72 3c 67 23 48 ff f6 8e fd ec 4d b5 eb 4a 95 |Fr<g#H.....M..J.|
00000140 2d c0 56 ff ee d8 7c 6d 41 4b 3d 90 9a 9e f7 3b |-.V...|mAK=....;|
00000150 d0 11 a2 cd 7e 84 8d 9c fd 54 9b 8c 58 36 cf 48 |....~....T..X6.H|
00000160 cf 2a 3c 25 22 82 9d 18 e4 43 68 65 50 77 02 0b |.*<%"....ChePw..|
00000170 0f 0c 3a 56 aa 68 ac 73 c8 67 0c cd f9 89 3e ba |..:V.h.s.g....>.|
00000180 dc e1 f0 c1 8b 77 be d3 6c 60 fb df 0c 02 87 2f |.....w..l`...../|
00000190 b9 04 bf d3 c2 2d 56 b8 5b d9 46 a5 43 97 ed 57 |.....-V.[.F.C..W|
000001a0 a7 65 45 94 d0 69 fd 76 ca 65 34 9a 98 04 b7 f0 |.eE..i.v.e4.....|
000001b0 db 61 e7 75 fc d2 22 ae 0a 1e 4a 8f 36 b3 40 84 |.a.u.."...J.6.@.|
000001c0 ea 5b 68 24 0a a4 df 34 23 22 e6 1e ac 0d 02 30 |.[h$...4#".....0|
000001d0 8b 6b 61 c6 a7 3e 19 e5 98 81 f3 ea 87 87 81 80 |.ka..>..........|
000001e0 b9 9d 9d 53 c7 ca 93 da 33 f6 bc 37 d5 49 09 80 |...S....3..7.I..|
000001f0 fe cf 91 a4 47 20 5e 86 8e bd ed 5c f7 d6 5e ac |....G ^....\..^.|
1+0 records in
1+0 records out
512 bytes copied, 0.00754827 s, 67.8 kB/s
00000200
I was unable to decrypt your keyblock, which would indicate that you have the wrong KEK. I can think of three possible reasons for this: 1. You do actually have a password. 2. The drive was reset using the WD software. 3. The drive was removed from its case and connected to a USB-SATA bridge card that does not match its original.
Based on the repetition of lines in the hexdump, your sector 0 looks how an encrypted sector 0 should. I can't say anything about sector 2048 at this time.
I'm 99.9% sure I never set a password on this thing. I just plugged it up into the computers and it did its data backup thing. I could see all the files without ever having to type a password on any computer while the bridge card was still functioning.
I don't see any references for passwords in the documents, http://h10032.www1.hp.com/ctg/Manual/c01824301.pdf
What "WD" software?
This is the original bridge card.
There was some software that came with the drive. It was likely on a hidden partition and you never knew about it.
Would you be willing to try http://www.sdcomputingservice.com/hddsupertool/download to get the service-area modules? There might be a backup of the keyblock in module 0x25. Maybe, just maybe, it is different from the one you already found. The file I have downloaded and used in the past is hddsupertool-free-1.10-1.8-x64.tar.gz, in the middle of the list. It is menu-driven, so you just want to choose vendor-specific commands, and dump modules.
I assume this is the correct direction I'm supposed to be going?
user@user-virtual-machine:~$ sudo !!
sudo hddsupertool
hddsupertool 1.10-1.8 20170129
Finding devices
Q) Quit
R) Refresh drive list
1) /dev/sda (0) sense-data 05 20 00
2) /dev/sdb (1000204886016) VMware Virtual SATA Hard Drive 00000000000000000001
Choose which drive >
...
VSC menu
q) Quit
p) Previous menu
h) Toggle script help
1) WD dump mod 42 (older Caviar drives)
2) WD royl (Marvel) dump mod 02
3) WD royl (Marvel) dump mod 32
4) WD royl (Marvel) patch mod 02 (slow fix)
5) WD royl (Marvel) patch mod 32 (slow fix)
6) WD royl (Marvel) dump all modules
7) WD royl (Marvel) dump selected module
8) WD royl (Marvel) read rom
9) WD royl (Marvel) check rom file
10) WD royl (Marvel) write rom
Enter your choice:
> 6
6
identify
Model: VMware Virtual SATA Hard Drive
Drive is not WD, exiting
The software is not seeing the WD actual drive info. I guess I need to run this on bare metal tomorrow.
HP SimpleSave 1TB, with inic1607e controller. USB port on controller is damaged (missing pins).
Host OS: Windows 7 SP1 / VMWare Workstation 12 Player.
VM: Ubuntu 16.04.6 LTS
Connected via SATA.
I've attempted at mounting the drive, but it seems to not recognize the filesystem. Am I doing something wrong, stupid, or?
Directions had a note about a password, but I'm 99.9% sure I never set a password.
Thanks.