themaddoctor
commented
1 year ago The EEPROM blob has two copies of the same encrypted DEK.
The other stuff looks like random garbage. I decrypted it with the DEK and got more random garbage.
Open ojfd opened 1 year ago
themaddoctor
commented
1 year ago The EEPROM blob has two copies of the same encrypted DEK.
The other stuff looks like random garbage. I decrypted it with the DEK and got more random garbage.
themaddoctor
commented
1 year ago Maybe it's XTS mode.
themaddoctor
commented
1 year ago Yes, it is XTS mode. I decrypted the HDD sectors to get:
00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 000001b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe |................| 000001c0 ff ff ee fe ff ff 01 00 00 00 ff 97 cb e8 00 00 |................| 000001d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 000001f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 aa |..............U.| 00000200 c7 b0 00 7e eb bb 33 1f 19 45 af 42 67 2a 7c 8c |...~..3..E.Bg*|.| 00000210 64 f4 59 f1 d4 4f df 0f 0f a6 7a 82 85 93 d2 c5 |d.Y..O....z.....| 00000220 eb d9 6b f1 93 d2 77 dc e7 4c dc 8a 66 c9 75 b9 |..k...w..L..f.u.| 00000230 bf 06 af ab 46 25 fe 7e 22 ed 66 fe 2d 79 ed ee |....F%.~".f.-y..| 00000240 cf d6 b9 e9 b3 16 20 f7 ae 6c 5c 4f 21 f4 ea 94 |...... ..l\O!...| 00000250 35 53 d1 f9 d5 9b d5 e5 6f d1 13 61 05 c5 31 e7 |5S......o..a..1.| 00000260 81 93 d7 09 c5 71 a2 a9 4b fa 7d bc 0d 20 4d 47 |.....q..K.}.. MG| 00000270 86 02 05 5e 36 5b fb 39 ec 50 bd 45 5a 32 87 df |...^6[.9.P.EZ2..| 00000280 48 d9 c6 00 e9 80 c4 da f7 67 f8 09 87 a5 fb b7 |H........g......| 00000290 8e 5e a5 76 a2 54 26 c6 4b 0f ad 58 35 64 b4 5c |.^.v.T&.K..X5d.| 000002a0 7d 2c 22 18 63 b1 9a 4b 35 15 05 d6 45 e4 ca c8 |},".c..K5...E...| 000002b0 79 a0 cb fd 3b 80 ae 4e b2 dd 78 c9 4d a5 43 48 |y...;..N..x.M.CH| ...
The beginning is an obvious MBR with a partition table.
Is this from the 2TB drive?
ojfd
commented
1 year ago Yes, the same WD Green 2TB drive. Different firmware + earlier SmartWare formatter.
ojfd
commented
1 year ago What about this? Different firmware, later formatter. Still no keyblocks.
00000000 53 49 6E 45 01 00 00 00 02 00 64 01 38 F9 01 00 |SInE......d.8...|
00000010 00 00 ED 6D AA DB 72 50 E0 8A 98 BC F3 FB DD 14 |...m..rP........|
00000020 1F BB 2B 58 64 C5 D3 A2 E8 FE 52 BA 87 DA C1 01 |..+Xd.....R.....|
00000030 1A 44 53 31 BF 2F DB 0C F9 46 49 DA A2 C5 C4 56 |.DS1./...FI....V|
00000040 DA 0C 1A D8 85 74 11 9E 57 52 B0 83 06 0D 8F CD |.....t..WR......|
00000050 11 F3 FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
00000060 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|It is ECB mode and the filesystem is FAT32.
themaddoctor
commented
1 year ago But the FAT32 partition might not be the main data partition. Have to read the GPT table to find out.
themaddoctor
commented
1 year ago If this is formatted for Mac, then they sometimes put a FAT32 partition to store the actual partition table, or something like that. Maybe so Windows machines can still use it. I'm not sure.
themaddoctor
commented
1 year ago Logical sector size: 512 bytes Disk identifier (GUID): 3175949A-8996-44A7-BA55-2B53FC3742E8 Partition table holds up to 128 entries First usable sector is 34, last usable sector is 3905656798 Partitions will be aligned on 8-sector boundaries Total free space is 262157 sectors (128.0 MiB)
Number Start (sector) End (sector) Size Code Name 1 40 409639 200.0 MiB EF00 EFI System Partition 2 409640 3905394647 1.8 TiB AF00 My Book
themaddoctor
commented
1 year ago There is not enough of the disk in the zip file to identify the filesystem at sector 409640.
themaddoctor
commented
1 year ago Can you do others in XTS mode? I'm wondering if you can increase the key length, so that the two halves are different.
ojfd
commented
1 year ago There is not enough of the disk in the zip file to identify the filesystem at sector 409640.
Do you need it? (I don't).
themaddoctor
commented
1 year ago No. The hex codes say it is HFS+.
ojfd
commented
1 year ago Can you do others in XTS mode?
I can, but what's the point of such exercise? It creates no blobs on the drive hence I won't be able to provide their locations.
I'm wondering if you can increase the key length, so that the two halves are different.
What do you mean by 'increase the key lenght'?
themaddoctor
commented
1 year ago The point is to know how the full DEK is made from the two pieces. There are only two choices: part1 + part2 or part2 + part1. In the sample you sent, both parts are the same.
I don't know what the software interface looks like. To choose XTS was there a thing to click on? Did it allow for 512-bit key versus 256-bit key? (XTS is considered to only be only as secure as half of its key length, so for full 256-bit security, you need 512 bits. Reusing 256 of them means that you only get 128-bit security. Another sloppy thing about WD encryption.)
themaddoctor
commented
1 year ago In the future, now that we know what is on the EEPROM, people who lose their keys can find someone to read their chip, and from that be able to decrypt their disks.
themaddoctor
commented
1 year ago In the past there have been more people without blobs on their disks than with blobs, for the OXUF943SE. Knowing why is a big step toward helping them.
ojfd
commented
1 year ago I don't know what the software interface looks like. To choose XTS was there a thing to click on? Did it allow for 512-bit key versus 256-bit key?
No and no. screenshots.zip
The samples I've posted were from the drives without password set. Do you want me to apply a password? A long one? If so, you choose.
themaddoctor
commented
1 year ago A password would only change the KEK, not the DEK, so no.
Your screenshot says that security cannot be set unless the VCD is enabled. What does it look like when it is enabled? Curous to see what the options are.
ojfd
commented
1 year ago .. now that we know what is on the EEPROM, people who lose their keys can find someone to read their chip, and from that be able to decrypt their disks.
Assuming the EPROM is intact!
WD software writes to firmware configuration sectors all the time - update firmware, erase disk, set password, show/hide virtual CD and so on. At first it erases those sectors and then writes a new data. Any disruption - a power failure, software hang, pulled cable and you end up with empty EPROM. Been there done that. Not readable and not recognized by any software anymore. All the blobs are probably gone. Maybe only hardware EPROM reader can rescue some data, but I'm not sure. Erased is erased, right?
ojfd
commented
1 year ago Did it allow for 512-bit key versus 256-bit key?
From the OXUF943 datasheet:
Integrated hardware cipher engine supporting AES encryption / decryption (over USB and FireWire):
themaddoctor
commented
1 year ago Most complain that their MyBook simply stopped working. Some on the internet say that power to the bridge board is responsible. The point is that users in this position (broken MyBook, working disk) never messed with the security settings, so writing to the EEPROM would never have been interrupted. These users are surprised to find out that their drives are encrypted at all. They just want their data back. They don't know how to read an EEPROM, but maybe they can find someone who can; then, now that we know what to expect, they can get their keys.
themaddoctor
commented
1 year ago WD probably does not support all modes and keylengths. So far, all have been 256-bit keys and except for one, all have been ECB mode. How did you cause XTS to happen?
ojfd
commented
1 year ago Your screenshot says that security cannot be set unless the VCD is enabled. What does it look like when it is enabled?
What do you say about this couple?
00000000 53 49 6E 45 01 00 00 00 02 00 64 01 82 F6 01 00 |SInE......d.....|
00000010 00 00 75 D5 CD 2D 3E CE 51 23 9D 99 26 8E 43 D6 |..u..->.Q#..&.C.|
00000020 CC 38 73 BF EE 6E 32 C7 F4 A4 34 42 5D 5D 84 7A |.8s..n2...4B]].z|
00000030 0B E4 3C 41 48 CF 5D 43 23 91 83 35 B8 62 CC BB |..<AH.]C#..5.b..|
00000040 FE D6 1A D8 85 74 11 9E 57 52 B0 83 06 0D 8F CD |.....t..WR......|
00000050 11 F3 FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
00000060 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|How did you cause XTS to happen?
I flashed different firmware and used older version of SmartWare.
themaddoctor
commented
1 year ago ECB mode, formatted for Mac.
Logical sector size: 512 bytes Disk identifier (GUID): 8CBF09C6-F3E9-43C5-9866-21DF36B0A341 Partition table holds up to 128 entries First usable sector is 34, last usable sector is 3905656798 Partitions will be aligned on 8-sector boundaries Total free space is 262157 sectors (128.0 MiB)
Number Start (sector) End (sector) Size Code Name 1 40 409639 200.0 MiB EF00 EFI System Partition 2 409640 3905394647 1.8 TiB AF00 My Book
ojfd
commented
1 year ago By different firmware, I ment firmware for different WD device. Screenshots tell it all. It might have been an accident. I'll check.
themaddoctor
commented
1 year ago Here's how to tell the difference between ECB and XTS: With ECB you see repeated blocks of 16 bytes:
hexdump -C -n 64 -v ojfd-6TB-OXUF943SE-block0.bin 00000000 d7 af f8 9d 7c 9d 27 c0 22 43 e2 44 2f ee db ea |....|.'."C.D/...| 00000010 d7 af f8 9d 7c 9d 27 c0 22 43 e2 44 2f ee db ea |....|.'."C.D/...| 00000020 d7 af f8 9d 7c 9d 27 c0 22 43 e2 44 2f ee db ea |....|.'."C.D/...| 00000030 d7 af f8 9d 7c 9d 27 c0 22 43 e2 44 2f ee db ea |....|.'."C.D/...|
With XTS, blocks do hot repeat:
hexdump -C -n 64 -v ojfd-2TB-OXUF943SE-XTS-start.bin 00000000 ba e5 ca 0f 69 d5 af cd 8f db c3 50 b0 05 1a 46 |....i......P...F| 00000010 3b d3 2a c8 cd f7 35 b8 97 e7 f3 8e cd d1 c1 bf |;.*...5.........| 00000020 00 0c 85 91 a4 7e 7a d3 0a f6 70 32 25 8f b6 ba |.....~z...p2%...| 00000030 02 3f db 13 b6 86 90 34 fc 94 6c 72 c5 40 cc 86 |.?.....4..lr.@..|
ojfd
commented
1 year ago Trying old SmartWare formatter again.
00000000 53 49 6E 45 01 00 00 00 02 00 64 03 38 4B 01 00 |SInE......d.8K..|
00000010 00 00 8D 24 4A 03 E9 C4 A7 1F 6F 17 A3 01 39 CD |...$J.....o...9.|
00000020 67 6F 62 A2 79 1B 57 29 01 F7 84 49 F6 3F F4 99 |gob.y.W)...I.?..|
00000030 EA 34 35 B2 D2 63 0B 04 2A DC 28 53 C9 36 DD 51 |.45..c..*.(S.6.Q|
00000040 F5 85 1A D8 85 74 11 9E 57 52 B0 83 06 0D 8F CD |.....t..WR......|
00000050 11 F3 8D 24 4A 03 E9 C4 A7 1F 6F 17 A3 01 39 CD |...$J.....o...9.|
00000060 67 6F 62 A2 79 1B 57 29 01 F7 84 49 F6 3F F4 99 |gob.y.W)...I.?..|
00000070 EA 34 35 B2 D2 63 0B 04 2A DC 28 53 C9 36 DD 51 |.45..c..*.(S.6.Q|
00000080 F5 85 1A D8 85 74 11 9E 57 52 B0 83 06 0D 8F CD |.....t..WR......|
00000090 11 F3 FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
000000A0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|XTS mode, GTP partition table with no partitions.
ojfd
commented
1 year ago ojfd
commented
1 year ago btw, virtual CD part is now ~800 MB!
/dev/disk2
0: GUID_partition_scheme *2.0 TB disk2 1: EFI 209.7 MB disk2s1 2: Apple_HFS My Book 2.0 TB disk2s2 /dev/disk3
0: CD_partition_scheme *804.4 MB disk3 1: CD_ROM_Mode_1 700.4 MB disk3s0
WD WDC WD20EARX-00PASB0 Total Size: 2.0 TB (1999696297984 Bytes) (exactly 3905656832 512-Byte-Blocks)
WD Virtual CD Total Size: 804.4 MB (804421632 Bytes) (exactly 1571136 512-Byte-Blocks)
themaddoctor
commented
1 year ago The partitions didn't show up here.
fdisk -l ojfd-2-start-decrypted.bin GPT PMBR size mismatch (3905656831 != 6441) will be corrected by w(rite).
Disk ojfd-2-start-decrypted.bin: 3.1 MiB, 3298304 bytes, 6442 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: dos Disk identifier: 0x00000000
Device Boot Start End Blocks Id System ojfd-2-start-decrypted.bin1 1 3905656831 1952828415+ ee GPT
gdisk -l ojfd-2-start-decrypted.bin GPT fdisk (gdisk) version 0.8.10
Partition table scan: MBR: protective BSD: not present APM: not present GPT: not present
Creating new GPT entries. Disk ojfd-2-start-decrypted.bin: 6442 sectors, 3.1 MiB Logical sector size: 512 bytes Disk identifier (GUID): A390B999-FFD5-405B-89BD-40B8702C8EBA Partition table holds up to 128 entries First usable sector is 34, last usable sector is 6408 Partitions will be aligned on 2048-sector boundaries Total free space is 6375 sectors (3.1 MiB)
Number Start (sector) End (sector) Size Code Name
themaddoctor
commented
1 year ago Maybe the XTS is messed up and only correctly decrypted the first block. Hold on...
themaddoctor
commented
1 year ago Yep. Not sure how the tweak is constructed for the XTS mode. It doesn 't match the way it was done for the Symwave chip.
themaddoctor
commented
1 year ago Yep. Not sure how the tweak is constructed for the XTS mode. It doesn 't match the way it was done for the Symwave chip.
themaddoctor
commented
1 year ago The endianness of the tweak was wrong. Now I see:
gdisk -l ojfd-2-start-decrypted.bin GPT fdisk (gdisk) version 0.8.10
Warning! Disk size is smaller than the main header indicates! Loading secondary header from the last sector of the disk! You should use 'v' to verify disk integrity, and perhaps options on the experts' menu to repair the disk. Caution: invalid backup GPT header, but valid main header; regenerating backup header from main header.
Warning! Error 25 reading partition table for CRC check! Warning! One or more CRCs don't match. You should repair the disk!
Partition table scan: MBR: protective BSD: not present APM: not present GPT: damaged
Caution: Found protective or hybrid MBR and corrupt GPT. Using GPT, but disk verification and recovery are STRONGLY recommended.
Disk ojfd-2-start-decrypted.bin: 6442 sectors, 3.1 MiB Logical sector size: 512 bytes Disk identifier (GUID): 3A6B6F72-7ECD-45CE-9382-8D37823E048E Partition table holds up to 128 entries First usable sector is 34, last usable sector is 3905656798 Partitions will be aligned on 8-sector boundaries Total free space is 262157 sectors (128.0 MiB)
Number Start (sector) End (sector) Size Code Name 1 40 409639 200.0 MiB EF00 EFI System Partition 2 409640 3905394647 1.8 TiB AF00 My Book
themaddoctor
commented
1 year ago I'm very curious to see if you can force an XTS keyblock blob to be written to the disk, and what it contains.
ojfd
commented
1 year ago Any ideas other than trying the password route? Btw, this firmware has only two instances of SInE in it.
ojfd
commented
1 year ago Caution: Found protective or hybrid MBR and corrupt GPT. Using GPT, but disk verification and recovery are STRONGLY recommended.
Interestingly, the "industry standard" repair tool on a Mac reported no problems. I've been using it to fix difficult cases for over a two decades.
themaddoctor
commented
1 year ago It's because you only sent the first N blocks.
themaddoctor
commented
1 year ago Any ideas other than trying the password route?
I have no ideas.
ojfd
commented
1 year ago Password didn't change anything, still no blobs on the disk.
Did you checked that 'for analysis' text file? See if you with your knowledge can identify anything ECB/XTS related in it. I might try to swap their places for test purposes. A wild idea, I know.
themaddoctor
commented
1 year ago I have not found anything from a surface-level view. Do you know which processor it is based on? I don't remember. I don't even remember if I ever knew. Maybe I can decompile it.
Both of the XTS EEPROM blocks you sent begin with this: 53 49 6e 45 01 00 00 00 02 00 64 03
All of the ECB EEPROM blocks start with this: 53 49 6e 45 01 00 00 00 02 00 64 01
Looks like the 01/03 is a marker.
ojfd
commented
1 year ago ARM7 Thumb2, if we're both talking about apollo-xx-xx-.
Looks like the 01/03 is a marker.
Then 02 probably is CBC
themaddoctor
commented
1 year ago Do you mean CBC?
themaddoctor
commented
1 year ago I really don't know what to do with Apollo. There are some interesting strings in it, but the object dump was gobbly gook to me.
The PI KEK appears at 0x3c8d0, btw.
ojfd
commented
1 year ago The other PI is at 0x3c8f0, CRC32 at 0x3d838, CRC16 at 0x3dc3c
I have it open in this https://www.hopperapp.com/download.html (for Linux too, scroll down) but have only limited success. That's why I hoped andlabs would chime in. apollo screen.zip
ojfd
commented
1 year ago There must be part responsible for responses to these commands https://github.com/KenMacD/wdpassport-utils/blob/master/WD_Encryption_API.txt but I can not locate it yet.
ojfd
commented
1 year ago To make sure that it was no incident, I flashed the "wrong" firmware again and used the older version of WD SmartWare. At a first glance it looks like XTS encryption to me. Then I set password to abc123 and then changed it to def456. In both cases no blobs were created on the disk and (!) both EPROM blobs were identical. This means there is no backup of previous password in the EPROM!
One interesting detail - with drive on the bridge board, I zeroed 1GB at the beginning of the drive and next time I wanted to format it with SmartWare, it asked for password (def456) and then unlocked it. So, it's the EPROM that was ment to store passwords in the first place, not the drive.
abc123
00000000 53 49 6E 45 01 00 00 00 04 00 64 03 D7 3E 01 00 |SInE......d..>..|
00000010 00 00 AD 9B E0 49 68 6B 01 37 03 96 2C C9 14 BB |.....Ihk.7..,...|
00000020 41 53 3D 5B 5C EA EF E8 7E 80 55 8B 77 D9 41 AB |AS=[\...~.U.w.A.|
00000030 B7 C8 51 24 EC 8F 04 30 EB B1 A2 B1 8F 5B 62 EA |..Q$...0.....[b.|
00000040 3D 2E AD 00 89 B3 0D CB EF A1 E7 C5 75 9A E2 DB |=...........u...|
00000050 1F 5F AD 9B E0 49 68 6B 01 37 03 96 2C C9 14 BB |._...Ihk.7..,...|
00000060 41 53 3D 5B 5C EA EF E8 7E 80 55 8B 77 D9 41 AB |AS=[\...~.U.w.A.|
00000070 B7 C8 51 24 EC 8F 04 30 EB B1 A2 B1 8F 5B 62 EA |..Q$...0.....[b.|
00000080 3D 2E AD 00 89 B3 0D CB EF A1 E7 C5 75 9A E2 DB |=...........u...|
00000090 1F 5F FF FF FF FF FF FF FF FF FF FF FF FF FF FF |._..............|
000000A0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|def456
00000000 53 49 6E 45 01 00 00 00 06 00 64 03 90 00 01 00 |SInE......d.....|
00000010 00 00 98 9C AD BD C5 1D 00 03 B3 61 35 2B 4B C4 |...........a5+K.|
00000020 04 AC 74 D8 0B B3 40 8E C6 EB AB CA 93 CC EC 4E |..t...@........N|
00000030 45 A1 4C 09 37 EC 17 5C 49 43 C3 51 08 27 F0 BA |E.L.7..\IC.Q.'..|
00000040 B9 94 B0 95 18 FB E4 3C F5 B4 6B F7 CC 93 C6 9F |.......<..k.....|
00000050 30 F7 98 9C AD BD C5 1D 00 03 B3 61 35 2B 4B C4 |0..........a5+K.|
00000060 04 AC 74 D8 0B B3 40 8E C6 EB AB CA 93 CC EC 4E |..t...@........N|
00000070 45 A1 4C 09 37 EC 17 5C 49 43 C3 51 08 27 F0 BA |E.L.7..\IC.Q.'..|
00000080 B9 94 B0 95 18 FB E4 3C F5 B4 6B F7 CC 93 C6 9F |.......<..k.....|
00000090 30 F7 FF FF FF FF FF FF FF FF FF FF FF FF FF FF |0...............|
000000A0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|P.S. Here's a bunch of interesting tidbits I found inside one of the frameworks. hdrs2015.zip
themaddoctor, I have MyBook Studio Firewire enclosure with Oxford Semi OXUF943SE chip and I have gained quite a bit of knowledge about it during past few months (SInE blob locations etc.). In your FAQ you mention that there is not a lot of information regarding this chip's implementation. Since there isn't email address provided anywhere, please post what pieces of puzzle are you missing. I don't wan't to spam the issues page with excessive information that maybe nobody would read.
These two screenshots are from the freshly initialized 2TB WD Green drive, no password set. Drive connected to machine (Mac) via generic USB adapter. Blobs are on the part of the drive that is seen by the system as a read only CDROM, when it is in WD MyBook enclosure.
Cheers,