reallymine
reallymine copied to clipboard
andlabs
Forgot password of WD My Passport Ultra
Hello,
I have forgotten my password. I have an idea about the password but I can't find it.
This is the forum page where I heard about you. You can find more information about my problem there.
Can you please help me? If you would like I can pay for your time and expertise if you can help me access my files.
Can you run reallymine briefly (until it either asks for a password or starts the decryption) to see if the type of encryption used can be detected?
(Note to self: make a standalone program for this.)
Thank you for your reply. I get following error message when I run
$ go build
symwave.go:9:2: cannot find package "github.com/mendsley/gojwe" in any of:
/usr/lib/go/src/pkg/github.com/mendsley/gojwe (from $GOROOT)
($GOPATH not set)
This is a debian system.
Okay, I installed those files in that directory and build command worked. Now I get following error:
$ sudo ./reallymine-master /dev/sdb ~/wd.img
Finding key sector...
[BUG] error reading sector in FindKeySectorAndBridge(): read /dev/sdb: input/output error
Please report to andlabs on github.com/andlabs/reallymine.
Ugh, it'd be great if Unix systems were more descriptive than "input/output error"... Actually, are you connecting the hard drive directly to the computer, or is it still in the WD case?
It is still in its original case & form. I connect it to my computer via USB port, using a USB 3.0 cable.
Yeah; reallymine won't work if the drive is still in the chasis, as it's the USB bridge that controls access to the drive when you have the wrong password. I'm not sure if there's a way to write a password recovery tool with the drive still in the chasis...
How many guesses have you made so far?
No. If its a smartware password I'm not sure if reallymine is the tool for this situtation. Since the drive is working. ..
On Aug 3, 2016 9:25 AM, "dx486" [email protected] wrote:
Should I try to remove the case and connect it in another way?
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/andlabs/reallymine/issues/4#issuecomment-237237047, or mute the thread https://github.com/notifications/unsubscribe-auth/AQE6xfAhsFpsNuoxswANh24sMf4gN6Xgks5qcJwygaJpZM4JZFLG .
I removed the case. Now how should/can I connect this drive to the computer to let reallymine work?
I probably remember the letters/words in the password. I think there are some numbers at the end of it and I can't remember them.
You'll need to use either an external SATA case or connector, or connect the drive to an internal SATA port and power connector, if any are available. You'll need cables for these, too, if you don't have them already. Once you have that set up, the drive should show up somewhere among your devices. Just where will depend on what system you're running. You might have to monitor system logs to see it.
Assuming the drive is working, and nothing critical has been overwritten, ReallyMine MIGHT be able to recover your data without the password. If I remember correctly, all it needs is the encryption keys/data stored on the disk itself. The password is just used to generate and match the key. I might be wrong on that, though. It's been awhile since I read that paper...
I'd say, just get the drive connected as described, and try to run ReallyMine against it. It should tell you whether it finds the key, and can decrypt it.
Good luck!
So its possible to decrypt smartware passwords? Or does the smartware just blocks access to the file system?
On Aug 3, 2016 9:38 PM, "athomic1" [email protected] wrote:
You'll need to use either an external SATA case or connector, or connect the drive to an internal SATA port and power connector, if any are available. You'll need cables for these, too, if you don't have them already. Once you have that set up, the drive should show up somewhere among your devices. Just where will depend on what system you're running. You might have to monitor system logs to see it.
Assuming the drive is working, and nothing critical has been overwritten, ReallyMine MIGHT be able to recover your data without the password. If I remember correctly, all it needs is the encryption keys/data stored on the disk itself. The password is just used to generate and match the key. I might be wrong on that, though. It's been awhile since I read that paper...
I'd say, just get the drive connected as described, and try to run ReallyMine against it. It should tell you whether it finds the key, and can decrypt it.
Good luck!
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/andlabs/reallymine/issues/4#issuecomment-237436642, or mute the thread https://github.com/notifications/unsubscribe-auth/AQE6xRD5d06q6qd3QXExEF0kHPVh0jYPks5qcVC4gaJpZM4JZFLG .
Symwave bridge chips do not store the encryption key in a secure way, allowing them to be decrypted without a password. With other bridge chips, you're out of luck.*
Technical details: for all these firmwares, the mechanism is the same: the password is used to generate a special encryption key (the "KEK") that encrypts the real encryption key (the "DEK"). The correct way to deal with the KEK is to not store it on the drive, instead having the unlocking program that you run on your computer generate it each time you enter the password. The same password will produce the same KEK. This way, you need the password to decrypt the data. However, Symwave stores the KEK on the drive, encrypting it with a fixed master key stored on the firmware. Oops. (Symwave also thinks RFC 3394 key wrapping saves them. It doesn't.)
*Note that the other bridge chip firmwares get some very subtle things about random number generation for producing DEKs wrong, so in theory I could write a program to brute-force the DEK out. This will take more time and require more resources than I have available right now. The paper that discusses the bridge chips has details.
I have arranged a desktop computer to try this. I have opened the case and I realized that SATA connector cable and power cables do not seem like to fit anywhere.
There are [12 pins] - [USB port] - [2 pins] on the drive. Here is a close picture of the pins.
Here is another picture of the drive and its case.
Could you please tell me how exactly can I make this connection? I have found this article but I am not sure if it is relevant or if there is any easier method... This method seems almost impossible for me to apply.
This is a tough one. Take a picture from the back . so I can see the circuit board number
On Aug 10, 2016 7:21 AM, "dx486" [email protected] wrote:
I have arranged a desktop computer to try this. I have opened the case and I realized that SATA connector cable and power cables do not seem like to fit anywhere.
There are [12 pins] - [USB port] - [2 pins] on the drive. Here https://dl.dropboxusercontent.com/u/38580782/Pictures/WD%20My%20Passport%20Ultra%20bare.png is a picture.
Could you please tell me how exactly can I make this connection? I have found this article http://www.datarecoverytools.co.uk/2010/05/05/how-to-connect-and-recover-usb-only-western-digital-drives-with-hd-doctor-suite/ but I am not sure if it is relevant or if there is any easier method... This method seems almost impossible for me to apply.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/andlabs/reallymine/issues/4#issuecomment-238849987, or mute the thread https://github.com/notifications/unsubscribe-auth/AQE6xaFdnCELSNUey4AMf8I4M1GO74oDks5qecIygaJpZM4JZFLG .
Can you take a picture of a view from the side you're trying to plug into a SATA cable?
From the side where I am trying to use a SATA cable: https://dl.dropboxusercontent.com/u/38580782/Pictures/WD%20My%20Passport%20Ultra%20bare.png
Back of the drive: https://dl.dropboxusercontent.com/u/38580782/Pictures/WD%20My%20Passport%20Ultra%20circuit.jpg
Front of the drive: https://dl.dropboxusercontent.com/u/38580782/Pictures/WD%20My%20Passport%20Ultra%20small.png
Right; the USB bridge circuit is still attached to the drive. On the 3.5" MyBook towers, it's a separate board that can be detached easily (I forget if by pulling or unscrewing) to expose the normal SATA connectors; not sure about yours, though...
Total different creature. In this case 2 options from a physical point. And this is all hoping you can decrypt the drive. Option 1 like the article states. Remove 4 coupling capacitors and bypass the usb bridge chip(encryption chip) ×extremely difficult soldering from a novice point×. Option 2 locate a compatible sata version of the circuit board and move the u12 serial eprom from the USB board. Not ad difficult. But just as hard if you have limited solder skills....but this all just in case you can decrypt the sectors
On Aug 10, 2016 3:20 PM, "Pietro Gagliardi" [email protected] wrote:
Right; the USB bridge circuit is still attached to the drive. On the MyBook towers, it's a separate board that can be detached easily (I forget if by pulling or unscrewing); not sure about that one, though...
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/andlabs/reallymine/issues/4#issuecomment-238991233, or mute the thread https://github.com/notifications/unsubscribe-auth/AQE6xSHy_KKAUlVwsVXPxu0o3Aeru59Wks5qejKPgaJpZM4JZFLG .
@MrDecay I have no solder skills. I guess I am locked at this point. I may ask for professional help for SATA connection, if I can find. My other desperate options: 1. brute force the password using a Windows app/script (if I remember the words correctly) (if I can find a coder to program it), 2. manually enter passwords (I already tried more than 200 times, no avail), 3. pay to people who claim to be able to decrypt these drives. (I need to trust them first to post my drive, not easy).
Yes at this point. I would say be patient. Give me some time to get out of work. And I can look for some ideas.
We can all agree that the symptom here is "smartware" security and not the USB bridge encryption system.
@pietro ,could you clarify if reallymine can decrypt this drive if we could dump the encrypted sectors?
On Aug 10, 2016 4:00 PM, "dx486" [email protected] wrote:
@MrDecay https://github.com/MrDecay I have no solder skills. I guess I am locked at this point. I may ask for professional help for SATA connection, if I can find. My other desperate options: 1. brute force the password using a Windows app/script (if I remember the words correctly) (if I can find a coder to program it), 2. manually enter passwords (I already tried more than 200 times, no avail), 3. pay to people who claim to be able to decrypt these drives. (I need to trust them first to post my drive, not easy).
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/andlabs/reallymine/issues/4#issuecomment-239002807, or mute the thread https://github.com/notifications/unsubscribe-auth/AQE6xUPnCzsWoHN8bTWHiNAMNM-8Q3XDks5qejvwgaJpZM4JZFLG .
Not in its current state. Because the password is used to protect the encryption key, I'd need to brute-force the encryption key somehow, as I described above, and I don't have the time to implement those algorithms right now (nor do I have a reliable way of testing them, apart from looking for things that "look like" a MBR, GPT, or APM partition map)
@andlabs Do you think it would be a good idea to have that missing part of the job done by hiring a freelance programmer? How many hours of work would be needed for that job approximately? Would you write the job description and check the job if we would do that? I may consider finance that project as an open source software support.
@MrDecay I would be very happy if you would be able to come with some ideas. Thank you.
Just to note here:
"AIUI, the drive is a SED (VID/PID = 1058/0810):
http://www.hddoracle.com/viewtopic.php? ... 9069#p9069
This means that encryption is handled by the drive rather than the bridge. Therefore I don't think that reallymine would be applicable in your case. You could always ask the author, though.
Note that your drive will have a locked SA which means that you will need special techniques to gain access:
viewtopic.php?f=1&t=33822&p=236436
You could wait for WDMarvel (US$15) to add this feature (if it doesn't have it already?)."
The only person I knew about smartware bypass was Einstein on hddguru but last I heard it was a closed off project
On Aug 11, 2016 6:20 AM, "dx486" [email protected] wrote:
Just to note here:
"AIUI, the drive is a SED (VID/PID = 1058/0810):
http://www.hddoracle.com/viewtopic.php? ... 9069#p9069
This means that encryption is handled by the drive rather than the bridge. Therefore I don't think that reallymine would be applicable in your case. You could always ask the author, though.
Note that your drive will have a locked SA which means that you will need special techniques to gain access:
viewtopic.php?f=1&t=33822&p=236436
You could wait for WDMarvel (US$15) to add this feature (if it doesn't have it already?)."
Source http://forum.hddguru.com/viewtopic.php?p=236910#p236910.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/andlabs/reallymine/issues/4#issuecomment-239134134, or mute the thread https://github.com/notifications/unsubscribe-auth/AQE6xSw3gt9n7hPb0gOSSnBsWV0FXPGGks5qewWBgaJpZM4JZFLG .