reallymine
reallymine copied to clipboard
andlabs
getdek input/output error Linux
After a while trying to set reallymine up via a VM virtual machine, I mounted my WD MyPassport onto it, and tried the command:
root@host:~/code/bin# ./reallymine getdek ../../../dev/sdb
I have to run the reallymine command like that or else it doesn't pick it up.
Anyway, the error I get from this is:
error running getdek: read ../../../dev/sdb: input/output error
Any help appreciated, thank you.
In the source code I found this: " encrypted must exist; should not be a device\n"
I think it's written to work from image files only, to avoid wearing out or damaging hardware devices. That's good for keeping your still-encrypted data safe, but of course, it's a problem if you don't have another drive large enough to store the image.
That's my situation, actually, and I had to think a minute before I remembered, I never actually used this application itself to recover my data. I just decoded the key using the information here, then mounted the drive through the encrypted loopback device.
Would probably be useful if the application could at least extract keys from the device itself, instead of requiring a whole image be extracted for processing...
I could extract your key for you, to do what athomic1 is talking about, if you send me the last 3MB of the disk (after the USB board is removed).
The file being a device file is not the issue. Does the hard drive have damage?
Yeah. I use devices all the time....
Did you add the encrypted non USB..drive as a physical drive in your vm
On Mar 17, 2017 9:11 AM, "Pietro Gagliardi" [email protected] wrote:
The file being a device file is not the issue. Does the hard drive have damage?
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/andlabs/reallymine/issues/32#issuecomment-287364132, or mute the thread https://github.com/notifications/unsubscribe-auth/AQE6xT8fEd8_NNZuYs75c2G6KZoxVxtUks5rmpSjgaJpZM4MfP_9 .
Sorry for the very delayed response.
@themaddoctor would it be possible to go through that step with me? @andlabs I am pretty sure the hard drive is fully functionable. @MrDecay Not sure if I am honest.
I was on vacation. But now I can post an answer.
Like I said above, I need to see the last 3MB of the disk. Or, you could run this script like this: sudo findkeyblock.sh /dev/sdX where you replace "sdX" with the correct name for your WD disk on your linux system. Save the following into "findkeyblock.sh" before you try to run it:
#!/bin/bash
FILE="$1"
DEVICE="`echo $FILE | cut -d / -f 3`"
SIZE=`cat /proc/partitions | grep -e "$DEVICE" | awk '{print $3}' | head -n 1`
SIZE=`expr $SIZE \* 2`
LOWERLIMIT=`expr $SIZE - 8192` # 4 MB should be enough
for i in `seq $SIZE -1 $LOWERLIMIT`; do
FIRSTLINE=`dd if=/dev/$DEVICE skip=$i count=1 status=none | xxd -p | head -n 1`
if [ `echo $FIRSTLINE | grep "^57447631"` ]; then
echo "found JMicron keyblock at sector $i"
break
fi
if [ `echo $FIRSTLINE | grep "^574d5953"` ]; then
echo "found Symwave keyblock at sector $i"
break
fi
if [ `echo $FIRSTLINE | grep "^57440114"` ]; then
echo "found Initio keyblock at sector $i"
break
fi
if [ `echo $FIRSTLINE | grep "^53496e45"` ]; then
echo "found PLX keyblock at sector $i"
break
fi
done
echo "dumping to keyblock-$i.bin"
dd if=/dev/$DEVICE skip=$i count=1 of=keyblock-$i.bin status=none
Do you know how I would find the device name in /dev? How would I identify it?
I have no idea how to get the 3MB of the disk.
Thank you for all your help.
Edit: found the device name, I run the script and it doesn't do much. Just blank line. Does it take time?
Edit 2: The script worked. It dumped a keyblock.bin file. What should I do with this?
What is the name of the keyblock file? (That tells me where it was found.)
cat keyblock-* | hexdump -C dumps it to terminal. Copy that output and paste it here.
I think I dumped the wrong thing. I think I was drumping the WD Unlocker (sr1) until I realised that when I uplugged the device, sdb also was removed when I ran the command lsblk. The name of the bin file is: keyblock-53248.bin.
When I ran reallymine again trying it on the sdb drive, I get the input / output error once again.
So I further tried your script... here is that I get.
Screenshot: http://i.imgur.com/qA5IbdW.png Text: dd: error reading '/dev/sdb': Input/output error dd: closing input file '/dev/sdb': Bad file descriptor
The number in the name of the keyblock needs to be much larger.
Is this a 500GB passport drive? Have you or have you not removed the USB bridge?
Nothing we do can help you if the USB bridge is still active.
Sorry. I am very basic on all this stuff, I missed the part that I was supposed to do that. Would you be able to inform me on the step to do so? I appreciate all the help @themaddoctor
First of all, Kali linux is for experienced users, and meant to be used for penetration testing.
Second, if you cannot remove the USB-SATA bridge card, then you probably have a drive in which it is integrated onto the disk-control board.
There is a photo on page 14 or 15 of these slides, showing how to disable the firmware that blocks you from seeing the raw disk, by running a wire to ground pin E20. It does not always work. You alone have the responsibility for any damage that you do. If this works, you can run my script on the raw disk.
https://www.slideshare.net/GunnarAlendal/got-hw-cryptoslideshardwear-54091606
So you're saying for any of this to work, I would have to pyhsically open the drive myself?
It's a WD MyPassport 0748.
Hmm okay, then these errors I am getting should go? @themaddoctor
I will talk to my friend about it after some research you gave me, thank you.