reallymine
reallymine copied to clipboard
andlabs
Drive Possibly Initialized After Being Removed From Case
Summary:
- I'm able to get the DEK and decryption steps from reallymine ( output below )
bridge type Initio
DEK: C218A4929FFCDDE0C35B332864963F9XXXXXXXXXXXXX946CD244B59DB4
decryption steps: swaplongs decrypt swaplongs
- From @themaddoctor 's guide, my, kb.bin has WD as expected.
00000000 57 44 01 14 00 00 00 00 00 00 00 00 00 00 00 00 |WD..............|
However, when I run the following, I'm not getting "data", I instead get.
sudo file -s /dev/sdc
/dev/sdc: DOS/MBR boot sector MS-MBR Windows 7 english at offset 0x163 "Invalid partition table" at offset 0x17b "Error loading operating system" at offset 0x19a "Missing operating system", disk signature 0x61008fbb
So it seems it was encrypted, but after taking it out I'm thinking the person I'm helping unknowing initialized the drive or similar. I don't use Windows so not sure the term, but when plugging the drive into another external case and connecting it to the computer, I think that triggers a prompt about initializing the drive. Maybe that's OS X.
In any event, is recovery possible in this situation? Is it possible/needed to "encrypt" the MBR of the drive back using the information from the utility or guide?
It depends on whether the data partition was affected. If WindowSucks repartitioned the drive, then it wipes the first sector of each partition with zeroes. I might be able to fix that.
If the drive was reformatted, you need professional help or a lot of luck and good tools.
If only the MBR is affected, then we can bypass it easily.
Are you "helping" someone for free, or getting paid? Either way, I want 30%.
The information I need to determine how much damage was done can be found with the following few commands. Please post the output in a reply. If I need more info, I'll let you know.
cat /proc/partitions | grep sdc fdisk -l /dev/sdc sudo dd if=/dev/sdc skip=2048 count=2 | hexdump -C
I also need the full key, or a copy of the keyblock. I just noticed that you X'ed out some.
@themaddoctor , I'm doing it for free, but can offer a PayPal donation or similar if we can get this data.
Output is below:
cat /proc/partitions | grep sdc
8 32 488386584 sdc
fdisk -l /dev/sdc
Disk /dev/sdc: 465.8 GiB, 500107862016 bytes, 976773168 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x61008fbb
00000000 81 25 66 be fc 2c 86 76 86 20 16 e6 0e f7 c6 bb |.%f..,.v. ......|
00000010 0c 78 a1 15 77 1e ac 4b b4 b8 b8 95 8e 4c 2d 10 |.x..w..K.....L-.|
00000020 8b 2c 78 ea 28 41 82 67 d8 82 7d 7f 5a 2c c8 bc |.,x.(A.g..}.Z,..|
00000030 5d f2 f4 3d 45 e4 cf ef ac ab 76 f3 63 3f 91 ac |]..=E.....v.c?..|
00000040 d3 00 67 ec 25 2b 9c 36 e6 97 f0 f8 d1 2e 5a 91 |..g.%+.6......Z.|
00000050 ad 57 82 a5 b8 7c 20 9a 5e 4c ce 00 e3 ad bc 91 |.W...| .^L......|
00000060 16 f4 d8 76 a9 b4 1e 7e 4a 55 01 76 7b fd 76 22 |...v...~JU.v{.v"|
00000070 fa 13 2b 89 19 af 90 2a bc 96 56 44 08 43 aa 5d |..+....*..VD.C.]|
00000080 f9 c8 9e fb 99 79 82 c2 ac cd c2 3c 51 2a cb aa |.....y.....<Q*..|
00000090 5b 1f 6c f9 60 32 50 2d a2 0f 4d ee 6b 81 03 3a |[.l.`2P-..M.k..:|
000000a0 12 90 33 4c 10 19 76 08 18 6e 64 b3 1c 49 3c 8e |..3L..v..nd..I<.|
000000b0 c6 31 81 26 8f 19 10 e1 e8 ac cd fc dd ec 1b 0c |.1.&............|
000000c0 e2 b4 82 d2 af b2 e1 29 aa 3e b0 45 15 ad f3 b2 |.......).>.E....|
000000d0 61 da 7b 0a 48 7a d5 f8 4b a2 7f 86 55 fe df ce |a.{.Hz..K...U...|
000000e0 48 3a 05 f6 fe 47 2c fa 00 33 d5 f2 9c 1b 2a 74 |H:...G,..3....*t|
000000f0 b5 85 fc 5d 3a 7f ad 7c 49 7a c9 60 cd 19 4a 32 |...]:..|Iz.`..J2|
00000100 88 d8 b9 77 1d f4 aa 16 57 ad 23 b7 f9 23 b0 27 |...w....W.#..#.'|
00000110 52 90 4a 3f 87 ab b6 d8 03 df ad 48 0f ea f0 40 |R.J?.......H...@|
00000120 28 3d 93 72 40 bf de cf 55 47 ba af 74 c7 cb aa |([email protected]...|
00000130 c9 35 b9 c2 b1 81 90 9f 91 ce f9 62 f7 3c 64 91 |.5.........b.<d.|
00000140 1c cc 11 fb 66 d1 4b 91 1e 6c 16 af eb 96 ea 78 |....f.K..l.....x|
00000150 89 3d f0 88 d3 2a d5 a7 6f 39 d4 e6 d8 67 7f 8c |.=...*..o9...g..|
00000160 43 09 55 62 1e 04 c2 14 c2 96 d8 19 50 3a 69 23 |C.Ub........P:i#|
00000170 6c 47 78 04 19 a9 60 e7 79 74 1e 59 74 6c e3 42 |lGx...`.yt.Ytl.B|
00000180 bf 42 a0 14 bb 73 80 18 60 06 b8 9c 07 8d 56 0e |.B...s..`.....V.|
00000190 d0 11 7f f3 d9 21 9b 30 48 2b 8c 16 2f 5a 7b 25 |.....!.0H+../Z{%|
000001a0 41 a3 d1 97 ee 34 fc b6 e5 ae fd 44 8a fc 62 9f |A....4.....D..b.|
000001b0 0b 52 4a 6f 4c 22 e7 f4 08 3c f8 a5 93 48 cf eb |.RJoL"...<...H..|
000001c0 8b 7b cd db 57 49 fc 87 4f 4b 16 2b 58 4d 92 2b |.{..WI..OK.+XM.+|
000001d0 fb 55 65 ca 8f 50 91 32 b8 2e 72 04 77 d3 29 4f |.Ue..P.2..r.w.)O|
000001e0 9c 18 72 f5 ce d9 28 f6 07 60 37 0a b5 16 c3 9a |..r...(..`7.....|
000001f0 ce c1 24 0f 31 05 17 fb ce 75 a0 d7 c9 49 ec 5e |..$.1....u...I.^|
00000200 35 86 ce 97 05 f6 a9 59 73 3d b7 a5 b1 b3 b9 54 |5......Ys=.....T|
00000210 2e 42 94 46 d9 37 c1 1a 5a 1b c1 9f 7a 8d 82 81 |.B.F.7..Z...z...|
00000220 32 01 fe 1a 82 af f2 46 14 ed 60 c1 e3 2e df cb |2......F..`.....|
*
00000250 d2 ef 53 e4 b3 0a 87 e1 01 fb b7 ee 05 75 83 af |..S..........u..|
00000260 ad 04 e7 65 e4 0a de 6d 75 e0 30 07 03 fe 1f 80 |...e...mu.0.....|
00000270 21 a2 83 e2 51 1a 4c 22 aa a7 6e ef 71 23 7a 12 |!...Q.L"..n.q#z.|
00000280 af 54 1b 04 1e 7d 13 8f 86 42 24 5c 1c 5a e1 13 |.T...}...B$\.Z..|
00000290 d7 11 30 38 58 ff 8b 0f e5 e9 30 81 da db b1 7f |..08X.....0.....|
000002a0 f3 a1 ce 58 1b 5f 3b d9 9d 23 00 9c df 82 d5 3d |...X._;..#.....=|
000002b0 1b a0 a4 8a 00 3d f3 04 01 5f 17 74 a7 11 1d 84 |.....=..._.t....|
000002c0 00 5d b1 37 1a d4 4e 31 af 15 28 b7 37 99 f5 b9 |.].7..N1..(.7...|
000002d0 a3 c1 34 03 7d d3 57 6b 36 cc 0d fe 8b 53 d7 c5 |..4.}.Wk6....S..|
000002e0 50 02 69 fc 75 4c ae 65 b5 98 2e ea 7c e4 15 63 |P.i.uL.e....|..c|
000002f0 91 76 84 1e b6 7f 4a cc 4e 23 bd 73 66 b8 2a b4 |.v....J.N#.sf.*.|
00000300 83 27 41 57 99 04 25 01 f4 49 02 a6 90 91 56 9c |.'AW..%..I....V.|
00000310 98 29 0a a5 f6 58 a7 a9 59 00 b0 29 99 e8 4e 5e |.)...X..Y..)..N^|
00000320 71 39 1c de ac 8e 5c 22 2a d2 dd 0b bb d6 6e 40 |q9....\"*.....n@|
00000330 ad 00 1f eb 58 e3 9a 53 f5 0f c4 62 fc 03 38 65 |....X..S...b..8e|
00000340 d7 d5 61 b5 7b 9a 24 49 05 3a f6 91 03 0a a2 d3 |..a.{.$I.:......|
00000350 21 44 c1 86 77 30 9a fc a3 e9 9c 26 7f f8 87 d9 |!D..w0.....&....|
00000360 e8 f2 cf a9 2f 51 13 de cf 22 9a 7b bc 6d 4b 89 |..../Q...".{.mK.|
00000370 19 5d 07 b8 47 f5 22 a8 17 2e 58 4c f3 a8 42 8a |.]..G."...XL..B.|
00000380 1b 91 50 fd ab 8d 4d 9e 14 4d f4 d7 8d 43 56 d1 |..P...M..M...CV.|
00000390 04 4f ff 61 b3 ef c5 5d e3 e0 bf a6 53 0e 1f dc |.O.a...]....S...|
000003a0 af b2 52 ff d0 ed 27 98 4e f2 7d 4d e5 8a b4 04 |..R...'.N.}M....|
000003b0 3a b6 5c 40 fd 22 91 d2 20 ec ca c0 8b 6d e6 67 |:.\@.".. ....m.g|
000003c0 d9 cb e4 51 b3 74 fa 82 ca 7a dd 82 de fe a3 35 |...Q.t...z.....5|
000003d0 b6 c2 77 ba 25 5b dc 92 50 02 5e e6 a8 de 87 6e |..w.%[..P.^....n|
000003e0 89 ad 2e ff a1 b0 0c 72 bd 8a 51 0a 72 44 02 70 |.......r..Q.rD.p|
000003f0 88 7b 96 86 2c 08 cb 1e 1b ca 2b 13 d2 71 dd 21 |.{..,.....+..q.!|
00000400
Full Key
./reallymine-linux-amd64 getdek /dev/sdc
bridge type Initio
DEK: C218A4929FFCDDE0C35B332864963F90D77655E8300451C70D946CD244B59DB4
decryption steps: swaplongs decrypt swaplongs
If it was just initialized.. Only the Mbr gets damages..decrypt as usual and mount the partition at 2048 and not the whole drive...but like maddoctor said. Anything past this is considered extensive damage to the structure. Either way you need to decrypt first to work on anything ...
On Jun 2, 2017 7:16 AM, "conrad10781" [email protected] wrote:
@themaddoctor https://github.com/themaddoctor , I'm doing it for free, but can offer a PayPal donation or similar if we can get this data.
Output is below:
cat /proc/partitions | grep sdc 8 32 488386584 sdc
fdisk -l /dev/sdc Disk /dev/sdc: 465.8 GiB, 500107862016 bytes, 976773168 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: dos Disk identifier: 0x61008fbb
00000000 81 25 66 be fc 2c 86 76 86 20 16 e6 0e f7 c6 bb |.%f..,.v. ......| 00000010 0c 78 a1 15 77 1e ac 4b b4 b8 b8 95 8e 4c 2d 10 |.x..w..K.....L-.| 00000020 8b 2c 78 ea 28 41 82 67 d8 82 7d 7f 5a 2c c8 bc |.,x.(A.g..}.Z,..| 00000030 5d f2 f4 3d 45 e4 cf ef ac ab 76 f3 63 3f 91 ac |]..=E.....v.c?..| 00000040 d3 00 67 ec 25 2b 9c 36 e6 97 f0 f8 d1 2e 5a 91 |..g.%+.6......Z.| 00000050 ad 57 82 a5 b8 7c 20 9a 5e 4c ce 00 e3 ad bc 91 |.W...| .^L......| 00000060 16 f4 d8 76 a9 b4 1e 7e 4a 55 01 76 7b fd 76 22 |...v...~JU.v{.v"| 00000070 fa 13 2b 89 19 af 90 2a bc 96 56 44 08 43 aa 5d |..+......VD.C.]| 00000080 f9 c8 9e fb 99 79 82 c2 ac cd c2 3c 51 2a cb aa |.....y.....<Q..| 00000090 5b 1f 6c f9 60 32 50 2d a2 0f 4d ee 6b 81 03 3a |[.l.
2P-..M.k..:| 000000a0 12 90 33 4c 10 19 76 08 18 6e 64 b3 1c 49 3c 8e |..3L..v..nd..I<.| 000000b0 c6 31 81 26 8f 19 10 e1 e8 ac cd fc dd ec 1b 0c |.1.&............| 000000c0 e2 b4 82 d2 af b2 e1 29 aa 3e b0 45 15 ad f3 b2 |.......).>.E....| 000000d0 61 da 7b 0a 48 7a d5 f8 4b a2 7f 86 55 fe df ce |a.{.Hz..K...U...| 000000e0 48 3a 05 f6 fe 47 2c fa 00 33 d5 f2 9c 1b 2a 74 |H:...G,..3....*t| 000000f0 b5 85 fc 5d 3a 7f ad 7c 49 7a c9 60 cd 19 4a 32 |...]:..|Iz...J2| 00000100 88 d8 b9 77 1d f4 aa 16 57 ad 23 b7 f9 23 b0 27 |...w....W.#..#.'| 00000110 52 90 4a 3f 87 ab b6 d8 03 df ad 48 0f ea f0 40 |R.J?.......H...@| 00000120 28 3d 93 72 40 bf de cf 55 47 ba af 74 c7 cb aa |([email protected]...| 00000130 c9 35 b9 c2 b1 81 90 9f 91 ce f9 62 f7 3c 64 91 |.5.........b.<d.| 00000140 1c cc 11 fb 66 d1 4b 91 1e 6c 16 af eb 96 ea 78 |....f.K..l.....x| 00000150 89 3d f0 88 d3 2a d5 a7 6f 39 d4 e6 d8 67 7f 8c |.=.....o9...g..| 00000160 43 09 55 62 1e 04 c2 14 c2 96 d8 19 50 3a 69 23 |C.Ub........P:i#| 00000170 6c 47 78 04 19 a9 60 e7 79 74 1e 59 74 6c e3 42 |lGx....yt.Ytl.B| 00000180 bf 42 a0 14 bb 73 80 18 60 06 b8 9c 07 8d 56 0e |.B...s.......V.| 00000190 d0 11 7f f3 d9 21 9b 30 48 2b 8c 16 2f 5a 7b 25 |.....!.0H+../Z{%| 000001a0 41 a3 d1 97 ee 34 fc b6 e5 ae fd 44 8a fc 62 9f |A....4.....D..b.| 000001b0 0b 52 4a 6f 4c 22 e7 f4 08 3c f8 a5 93 48 cf eb |.RJoL"...<...H..| 000001c0 8b 7b cd db 57 49 fc 87 4f 4b 16 2b 58 4d 92 2b |.{..WI..OK.+XM.+| 000001d0 fb 55 65 ca 8f 50 91 32 b8 2e 72 04 77 d3 29 4f |.Ue..P.2..r.w.)O| 000001e0 9c 18 72 f5 ce d9 28 f6 07 60 37 0a b5 16 c3 9a |..r...(..7.....| 000001f0 ce c1 24 0f 31 05 17 fb ce 75 a0 d7 c9 49 ec 5e |..$.1....u...I.^| 00000200 35 86 ce 97 05 f6 a9 59 73 3d b7 a5 b1 b3 b9 54 |5......Ys=.....T| 00000210 2e 42 94 46 d9 37 c1 1a 5a 1b c1 9f 7a 8d 82 81 |.B.F.7..Z...z...| 00000220 32 01 fe 1a 82 af f2 46 14 ed 60 c1 e3 2e df cb |2......F.......| * 00000250 d2 ef 53 e4 b3 0a 87 e1 01 fb b7 ee 05 75 83 af |..S..........u..| 00000260 ad 04 e7 65 e4 0a de 6d 75 e0 30 07 03 fe 1f 80 |...e...mu.0.....| 00000270 21 a2 83 e2 51 1a 4c 22 aa a7 6e ef 71 23 7a 12 |!...Q.L"..n.q#z.| 00000280 af 54 1b 04 1e 7d 13 8f 86 42 24 5c 1c 5a e1 13 |.T...}...B$.Z..| 00000290 d7 11 30 38 58 ff 8b 0f e5 e9 30 81 da db b1 7f |..08X.....0.....| 000002a0 f3 a1 ce 58 1b 5f 3b d9 9d 23 00 9c df 82 d5 3d |...X.;..#.....=| 000002b0 1b a0 a4 8a 00 3d f3 04 01 5f 17 74 a7 11 1d 84 |.....=....t....| 000002c0 00 5d b1 37 1a d4 4e 31 af 15 28 b7 37 99 f5 b9 |.].7..N1..(.7...| 000002d0 a3 c1 34 03 7d d3 57 6b 36 cc 0d fe 8b 53 d7 c5 |..4.}.Wk6....S..| 000002e0 50 02 69 fc 75 4c ae 65 b5 98 2e ea 7c e4 15 63 |P.i.uL.e....|..c| 000002f0 91 76 84 1e b6 7f 4a cc 4e 23 bd 73 66 b8 2a b4 |.v....J.N#.sf..| 00000300 83 27 41 57 99 04 25 01 f4 49 02 a6 90 91 56 9c |.'AW..%..I....V.| 00000310 98 29 0a a5 f6 58 a7 a9 59 00 b0 29 99 e8 4e 5e |.)...X..Y..)..N^| 00000320 71 39 1c de ac 8e 5c 22 2a d2 dd 0b bb d6 6e 40 |q9...."*.....n@| 00000330 ad 00 1f eb 58 e3 9a 53 f5 0f c4 62 fc 03 38 65 |....X..S...b..8e| 00000340 d7 d5 61 b5 7b 9a 24 49 05 3a f6 91 03 0a a2 d3 |..a.{.$I.:......| 00000350 21 44 c1 86 77 30 9a fc a3 e9 9c 26 7f f8 87 d9 |!D..w0.....&....| 00000360 e8 f2 cf a9 2f 51 13 de cf 22 9a 7b bc 6d 4b 89 |..../Q...".{.mK.| 00000370 19 5d 07 b8 47 f5 22 a8 17 2e 58 4c f3 a8 42 8a |.]..G."...XL..B.| 00000380 1b 91 50 fd ab 8d 4d 9e 14 4d f4 d7 8d 43 56 d1 |..P...M..M...CV.| 00000390 04 4f ff 61 b3 ef c5 5d e3 e0 bf a6 53 0e 1f dc |.O.a...]....S...| 000003a0 af b2 52 ff d0 ed 27 98 4e f2 7d 4d e5 8a b4 04 |..R...'.N.}M....| 000003b0 3a b6 5c 40 fd 22 91 d2 20 ec ca c0 8b 6d e6 67 |:.@.".. ....m.g| 000003c0 d9 cb e4 51 b3 74 fa 82 ca 7a dd 82 de fe a3 35 |...Q.t...z.....5| 000003d0 b6 c2 77 ba 25 5b dc 92 50 02 5e e6 a8 de 87 6e |..w.%[..P.^....n| 000003e0 89 ad 2e ff a1 b0 0c 72 bd 8a 51 0a 72 44 02 70 |.......r..Q.rD.p| 000003f0 88 7b 96 86 2c 08 cb 1e 1b ca 2b 13 d2 71 dd 21 |.{..,.....+..q.!| 00000400Full Key
./reallymine-linux-amd64 getdek /dev/sdc bridge type Initio DEK: C218A4929FFCDDE0C35B332864963F90D77655E8300451C70D946CD244B59DB4 decryption steps: swaplongs decrypt swaplongs
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/andlabs/reallymine/issues/41#issuecomment-305769696, or mute the thread https://github.com/notifications/unsubscribe-auth/AQE6xfAwDTiWieAVTzE3Akx39g1TEHUTks5r__0BgaJpZM4NuL3Q .
Understood. I think we're good then. I have a decrypted.img about 25GB in ( of 500GB ), and while understanding that is not complete, I'm able to attempt a mount of a copy of that with the following error
Failed to read last sector (975398910): Invalid argument
I was just doing some exploring and other research while this was going on to make sure I didn't overlook something and find out in 20+ days that I needed to consider BLAH and have to restart the process all over again.
Your partition looks unaffected. It decrypts to
00000000 eb 52 90 4e 54 46 53 20 20 20 20 00 02 08 00 00 |ëR.NTFS .....|
00000010 00 00 00 00 00 f8 00 00 3f 00 ff 00 00 08 00 00 |.....ø..?.ÿ.....|
00000020 00 00 00 00 80 00 80 00 ff 67 23 3a 00 00 00 00 |........ÿg#:....|
00000030 00 00 0c 00 00 00 00 00 7f 36 a2 03 00 00 00 00 |.........6¢.....|
00000040 f6 00 00 00 01 00 00 00 a8 1c 93 42 5f 93 42 3c |ö.......¨..B_.B<|
etc.
This might work: sudo dmsetup create wd-part1 --table '0 976771120 linear /dev/sdc 2048' Then /dev/mapper/wd-part1 is your encrypted first partition (plus junk at the end). It still needs to be decrypted.
If you instead want to work from the decrypted image, sudo losetup -o 1048576 -f /path/to/decrypted/image can set up a loop device to the decrypted partition.
Run your partial 25gb image through photorec. If you get any decrypted user content then you can be comfortable that your on the right track
On Jun 2, 2017 7:42 AM, "conrad10781" [email protected] wrote:
Understood. I think we're good then. I have a decrypted.img about 25GB in ( of 500GB ), and while understanding that is not complete, I'm able to attempt a mount of a copy of that with the following error
Failed to read last sector (975398910): Invalid argument
I was just doing some exploring and other research while this was going on to make sure I didn't overlook something and find out in 20+ days that I needed to consider BLAH and have to restart the process all over again.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/andlabs/reallymine/issues/41#issuecomment-305774963, or mute the thread https://github.com/notifications/unsubscribe-auth/AQE6xVegZMxtvKkuquvWZ_Dro_7GKEFoks5sAANHgaJpZM4NuL3Q .
Sweet, then he should be able to do a complete recovery from what is known.
On Jun 2, 2017 7:47 AM, "themaddoctor" [email protected] wrote:
@MrDecay https://github.com/mrdecay, I've already checked that the partition is unaffected.
— You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub https://github.com/andlabs/reallymine/issues/41#issuecomment-305775959, or mute the thread https://github.com/notifications/unsubscribe-auth/AQE6xUblkDX0WwXw5O7CgqxjUfVT4T2aks5sAARpgaJpZM4NuL3Q .
@themaddoctor , there is no way to tie
--table '0 976771120 linear /dev/sdc 2048'
Into the instructions to mount from your PDF so that the partition could be mounted without waiting ~20+ days to complete the full decrypt?
When you get to the end of page 8, and get "data" instead of "DOS/MBR...", do this:
sudo dmsetup create wd-part1 --table '0 976771120 linear /dev/mapper/wd 2048'
and see what happens. If the disk automatically pops up, great. If not, try
sudo mkdir -p /mnt/wd1 sudo mount -t ntfs-3g /dev/mapper/wd-part1 /mnt/wd1
@themaddoctor that seems to have done the trick. Much easier this way as there was ~50GB of data on the drive.
If @themaddoctor and @andlabs have donation links, I'd be happy to contribute.
Thanks again!
@themaddoctor , it's okay with me. I still have a value of my time and others, and you just saved me multiple weeks of checking on the status of the decryption, and potentially having to do anything else.
I've already copied 49GB of the 53GB of data on the drive ( it took me ~24 hours to get to 25GB ), so this was well worth it.
I thought of something. Can you donate 1½ hours? There is a movie called Earthlings. Could you watch it? No, it's not about flying saucers and our extraterrestrial overlords.