reallymine
reallymine copied to clipboard
andlabs
"Permission Denied" error, please help
I'm attempting to decrypt my WD 2tb drive that came from a WD Mybook using a 4060-705149-000 Rev A board. Every time I attempt to run reallymine on it, I get a the error "Permission denied". Tried running chown on the drive which fixed that error but gave me and Input/output error. The connection method is just a simple hard drive doc. Not sure where to go from here. Any help would be great.
What OS are you running? Undo the chown (or reboot if your system uses udev) and run reallymine with sudo.
I'm running Ubuntu 15.04.
Something's still being wonky, though. I disconnected the drive and rebooted. Then ran it with sudo like you said. This time it says "sudo: reallymine: command not found". Some sort of permissions issue with go or reallymine maybe?
I also ran lsblk -m and it says I have read-write permission.
If the executable exists, maybe it's not in one of the defined search paths? You might have to use the full path to the executable, or if you're in the same directory, try './reallymine'. I think Windows might automatically check your current directory for an executable, but many/most Linux systems won't do that unless you include './' in your path list.
Hmm, nope. Still doesn't work. I tried running it as './reallymine' as you said, but it still won't run. I also tried running chmod -rwx on reallymine but that didn't do anything.
I know this is a double post, but I think it my be important.
I took the drive over to my Windows machine and ran FTK lite (Forensic tool kit) on it, and found that the entire drive was marked as unallocated space. Just a sea of 0s. Last time I had access to this drive, it had right around 500 gigs data on it. I'm not sure if FTK is just mistaking it for unallocated space because it can't read it, or if somehow without my knowledge got formatted somehow. Still though, if it hasn't overwritten multiple times there should be fragments there.
So at this point, I'm rather confused. I know this isn't directly linked to reallymine, but it might give clues as to why it's not working.
chmod -rwx removes all the access bits. You want chmod +rwx.
Yes, sudo uses a different search path. You'll need to specify its path, either relative or absolute.
On Linux, what happens if you run sudo xxd /dev/whatever0 | less and navigate a bit? (If you don't have xxd, try hexdump -Cv instead.)
Does reallymine work on Windows for you? Not sure if you'd need to run it as admin to be able to do anything, but it might be worth a shot as a last resort. You'd need to identify the \\PhysicalDrive# number...
Yes, dump the encrypted MBR for us (replace "whatever" with the right thing): sudo dd if=/dev/whatever count=1 | hexdump -C
Also, sectors 2048 and 2049, to see if Windows "initialized" it: sudo dd if=/dev/whatever skip=2048 count=2 | hexdump -C
Also dump some other sectors, so we can see what the encryption might be: sudo dd if=/dev/whatever skip=3907024904 count=1 | hexdump -C sudo dd if=/dev/whatever skip=3907024928 count=1 | hexdump -C sudo dd if=/dev/whatever skip=3907026307 count=1 | hexdump -C
BTW, I had a bit of trouble building reallymine on linux. I had to download two other packages, and change all of the paths that were hardcoded into the source. Did you build successfully? Maybe you are trying to execute the wrong thing.
@themaddoctor you only needed to set up a $GOPATH and run go get github.com/andlabs/reallymine; that would have done all the work and dropped the executable in $GOPATH/bin. More info. Admittedly yes, expecting people to set up a Go environment might not work out in the long run, depending on how popular the language becomes in my particular niche of systmes programming (as opposed to web servers)...
OK, I think I may have narrowed it down to a hardware issue.
Everything I've run on this drive has come back either with a permission error or a I/O error. Including running sudo xxd as @andlabs and sudo dd on it as @themaddoctor said. I finally decided to run dmesg on it and it came back with more errors than I can count. Tons of I/O errors, mainly.
Now the question is what's wrong with it? The reason I lost access to the data was due to a power-surge that fried part of the USB bridge. I didn't think that that would fry part of the drive too, but IDK, I'm no HDD expert. It's still strange though, since the 'data access' light on the HDD dock indicates that it has access, and the drive also doesn't make any of the typical 'bad drive noises'.
What do you guys think? Where does one go from here?
Try connecting to an internal SATA port, to eliminate the possibility of a bad cable or bad dock.