reallymine
reallymine copied to clipboard
andlabs
Have the correct sector for the decryption Key, just cannot figure out the key from the HEX output
drive is 2TB, Initio INIC-1607E from what i can gather.
Here is the hex output '00000000 57 44 01 14 00 00 00 00 00 02 00 00 00 00 00 00 |WD..............| 00000010 00 00 00 00 e8 cb 98 00 00 00 00 00 e8 cb 98 00 |................| 00000020 00 00 00 00 00 14 e0 00 20 00 00 00 00 00 00 00 |........ .......| 00000030 00 00 00 00 00 00 00 00 00 00 00 00 57 44 01 14 |............WD..| 00000040 10 be 31 b7 3c fc d1 0d 77 ca 9b 17 c4 b3 8f 02 |..1.<...w.......| 00000050 69 2f 60 ea 9b af 86 cf 22 42 5d 6b 3c 43 52 28 |i/`....."B]k<CR(| 00000060 e0 7c 43 ac 3d 5e e4 a9 00 ef 8a 9a d5 f2 20 9a |.|C.=^........ .| 00000070 20 e8 5c 13 8a f8 c5 51 f6 ec e0 c8 42 10 c9 0d | .....Q....B...| 00000080 23 3c ce 08 2d 1a f8 e1 10 0f 30 e4 4b 4b ab c4 |#<..-.....0.KK..| 00000090 3f 1e 29 8a c7 a3 b9 41 cb 79 54 0c a4 4e 0f 58 |?.)....A.yT..N.X| 000000a0 9e b7 6b 94 56 bf 1f 19 ca 0e c4 bf 6a 1b 58 d6 |..k.V.......j.X.| 000000b0 1b e5 76 c8 29 27 be 23 80 f4 13 ac c7 93 a7 5e |..v.)'.#.......^| 000000c0 b5 95 87 66 e7 46 2c b3 dc 70 f9 ef a1 b2 d8 59 |...f.F,..p.....Y| 000000d0 24 4d 3b 3f c8 18 33 65 1d 87 2d 61 7c e0 dc f8 |$M;?..3e..-a|...| 000000e0 47 96 93 28 b6 e4 2b 73 51 a7 63 ec d5 34 29 a2 |G..(..+sQ.c..4).| 000000f0 6d da 96 98 9e 7e 17 1c 2e 35 4a 7b f9 e6 4d 59 |m....~...5J{..MY| 00000100 d5 25 96 a8 31 55 52 ac dd 3c 12 b9 04 bc 2b 37 |.%..1UR..<....+7| 00000110 3b a9 f7 9e d9 24 23 13 98 37 bf 0d 94 bc e4 a7 |;....$#..7......| 00000120 ab 5a 69 9e bf 31 b2 89 63 2e ef 6e ac a5 f9 ce |.Zi..1..c..n....| 00000130 b0 f5 59 7b 70 ee 29 ac 77 37 38 f6 17 8a 44 d4 |..Y{p.).w78...D.| 00000140 8b 9a 02 b4 49 3f 89 63 c6 bb d0 a0 dc 5a 24 76 |....I?.c.....Z$v| 00000150 5c 61 d1 09 0f 87 2d 5b 76 18 67 b7 5c 05 00 fb |\a....-[v.g....| 00000160 bc 26 27 5c 9b e4 93 03 91 47 a9 24 50 9d bc 57 |.&'.....G.$P..W| 00000170 43 00 00 e0 d5 c4 13 5d 53 d9 4a 9d 73 8c 51 8b |C......]S.J.s.Q.| 00000180 78 fc 42 43 cc ee e4 e3 e3 a5 f5 88 6b dc c4 1d |x.BC........k...| 00000190 ee 13 62 d2 7a 02 06 ac 9d 0d 3e 98 91 cf bf a9 |..b.z.....>.....| 000001a0 3e f7 2b 1e 8c 69 dc a6 a5 0d 39 6c 2d 9f bc a1 |>.+..i....9l-...| 000001b0 f3 74 47 52 5c 3a c1 bd c6 69 10 e6 7a 42 97 84 |.tGR:...i..zB..| 000001c0 74 db 5d 9b 7f 2c 46 84 a2 6c 92 d0 a8 fe 6c 03 |t.]..,F..l....l.| 000001d0 89 8b e2 4c 18 6f 75 20 5a 86 9b 24 80 aa 0a 69 |...L.ou Z..$...i| 000001e0 22 78 bb f4 d9 56 10 a9 15 2b a0 a3 28 71 29 2e |"x...V...+..(q).| 000001f0 a7 c9 c2 81 89 d4 09 9d 12 02 3f bc bc b7 3d ce |..........?...=.| 00000200 '
The drive, while in the WD enclosure did have a password. I have removed that and connected it to an external USB SATA connector. Also when I run the dd and the offset to create a .bin file, then run reallymine against that bin file with no options I am prompted for a password. I assumed that the password was stored in the hex dump of that sector.
The password is not stored in that sector, nor anywhere else. From the password, a key is calculated. That key unlocks the disk key.
What was the password?
ah ok, I am not aware of the password, that is why the drive was given to me, to get passed the system/enclosure password
Then I can't help you. I can only help people who own their disks recover passwords.
I hope you understand. You don't own the disk, and you didn't say that the owner asked for your help, only that it was given to you. I can't risk doing anything illegal.
no I completely understand, I am a penetration tester by trade (legally) I was contacted by a family friend to look into this. They gave me what they thought the password was, but that did not work. I did not want to build something to brute force the password based on that password. that is where I came across this tool. but like I said I do completely understand and I thank you for your help
I hope you understand. You don't own the disk, and you didn't say that the owner asked for your help, only that it was given to you. I can't risk doing anything illegal.
you can also take a look at my public GitHub page on what I have done in the past. but I do understand the legal aspect/risk that you do not have to tackle
I think you know what I would suggest as far as breaking the password. Take a look at my project "linux-mybook-tools" for information about the KDF and how the disk key is stored. There is a PDF there that is written for nonexperts, but I'm sure a pentester can figure out what's going on.