Need help with forgotten password JMS 1 TB

[gbatalski]

@themaddoctor hello, i need to decrypt the drive for what i've forgotten the password. What could be the procedure to recover/decrypt it? About 6 years ago i could dump (somehow?) the content to an img file from what i could read the keyblock with your script now. The drive itself is also available but via the usb and not readable without modification you mentioned somewhere.

Is it possible to decrypt the drive (img file) if i'm getting the output below:

sudo ./findkeyblock.sh /dev/loop39 
found JMicron keyblock at sector 1953519648
dumping to keyblock-1953519648.bin

The pi won't work, so it should be some password set. I also tried with https://github.com/andlabs/reallymine but with the same success: same keyblock but

 sudo reallymine getdek /dev/loop39
 You need the WD password to decrypt this drive.
 Enter WD password: 

We could contact so you can verify, that i'm not a criminal :-).

Regards, Gena

[gbatalski]

dump_keyblock.tar.gz Just in case you could take a look at..

[themaddoctor]

It would help to know the date of manufacture of the disk. It would be on the label of the original drive.

How will you prove to me that you own the disk?

[themaddoctor]

Never mind about the date. It was probably April 2013.

[gbatalski]

Hi @themaddoctor and thank you for your very quick response! The manufacturing date seems to be 27.04.2013. Here you can find some pictures of the disk https://share.icloud.com/photos/05d9X9e2jPuug5TIDCAV-32Rw I would try to search for the invoice, but it could be some years ago and therefore lost/thrown away. I also can send you my pesonal data/id picture + my selfie (just like a german postident :-) ). You could give me an email or phone number to send you personal details (not a good thing to post it here on github). If you have another idea, let me know. Thanks again and regards!

[themaddoctor]

How are you accessing the keyblock and encrypted data from a Passport? Was there a bridge card?

[gbatalski]

No, somehow i could dump an image file of a whole encrypted partition. From this image file i could dump yesterday the keyblock i've sent to you. I can not remember me, but it was a research paper about a flaw in the encryption of this kind of drives. For the next step i had to contact the researcher or try some kind brute force. It was too much for my knowledge and i stopped further investigations 5-6 years ago.

[themaddoctor]

Whatever. I guess it really doesn't matter to me any more. Here is your disk encryption key: 7177a8ce4de4c72de1320701ff28e6ffc269d9de93720b622dcf5c45d1699ea0 You can use it in ReallyMine or in my instructions. I haven't recovered the password yet.

[gbatalski]

Hi @themaddoctor the decryption was now completed. It looks, that some gigs of old pictures and letters where found! Many thanks for you assistance! If you wish, i would like to buy you a "beer". Could you please send me a paypal or the like. My email is the github nick \@web.de Thank you again!