reallymine
reallymine copied to clipboard
Published
20 hours ago •
andlabs
andlabs
WD My Passport Essential WDBAAA5000ABK - keeps asking for a password.
Long story short: a friend lost access to her trusty portable drive and here we are.
Steps I took:
- (windows) from disk management, no partitions detected and asking to put a new label on the disk to make it usable. (hell no)
- (windows) WD tools (WD Security & WD Drive Utilities) are asking for a password to unlock the drive. My friend ensures she never put a password and was using the drive like this for a long time.
- (linux) tried to ddrescue over USB: I/O error - access denied on all sectors
- start reading (whoa, data recovery is something else!)
- (linux) tried to use HDDSuperTool over the USB interface - nothing works, not even drive detection
At this point I call my friend and explains her that she - or needs a professional firm to look at this - or yolo and hope for the best. She tells me to go ahead as the data is important but not worth the money.
- Soldered a sata interface on the disk and disabled the usb interface.
- (linux) drive is detected, HDDSuperTool shows only a master password and no user password, ddrescue creates a full dump.
- (windows) R-Studio does not detect anything on the image, the data must be encrypted, start reading again.
- (linux) use reallymine to try to decrypt the image and it asks me again for a password.
What would be the next logical step?
As per README:
dumplast:
sector at 0x7470A21000
00000000 00 01 44 57 00 00 00 00 e8 03 00 00 57 00 44 00 |..DW........W.D.|
00000010 43 00 2e 00 00 00 00 00 6e 00 6f 00 74 00 72 00 |C.......n.o.t.r.|
00000020 65 00 20 00 63 00 6f 00 6d 00 70 00 61 00 67 00 |e. .c.o.m.p.a.g.|
00000030 6e 00 69 00 65 00 00 00 00 00 00 00 00 00 00 00 |n.i.e...........|
00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000000a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000000b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000000c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000000d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000000e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000000f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000100 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000110 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000120 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000130 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000140 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000150 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000160 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000170 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 72 |...............r|
dumpkeysector:
sector at 0x7470A01000
bridge type Initio
00000000 57 44 01 14 00 00 00 00 02 02 00 00 00 00 00 00 |WD..............|
00000010 00 00 00 00 3a 23 70 00 00 00 00 00 3a 23 70 00 |....:#p.....:#p.|
00000020 00 00 00 00 00 14 e0 00 20 00 00 00 00 00 00 00 |........ .......|
00000030 00 00 00 00 00 00 00 00 00 00 00 00 57 44 01 14 |............WD..|
00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000000a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000000b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000000c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000000d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000000e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000000f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000100 e5 52 45 52 33 4b 4a 4d 20 20 20 30 00 09 14 b8 |.RER3KJM 0....|
00000110 70 42 70 42 00 00 f7 00 0f 41 a4 ce 00 80 00 00 |pBpB.....A......|
00000120 e5 2d 00 44 00 69 00 41 00 4d 00 0f 00 26 4f 00 |.-.D.i.A.M...&O.|
00000130 4e 00 44 00 00 00 ff ff ff ff 00 00 ff ff ff ff |N.D.............|
00000140 e5 24 00 49 00 58 00 37 00 35 00 0f 00 26 4b 00 |.$.I.X.7.5...&K.|
00000150 37 00 55 00 2e 00 58 00 76 00 00 00 69 00 44 00 |7.U...X.v...i.D.|
00000160 e5 49 58 37 35 4b 7e 31 58 56 49 20 00 83 f9 89 |.IX75K~1XVI ....|
00000170 7c 43 db 46 00 00 fa 89 7c 43 15 75 20 02 00 00 ||C.F....|C.u ...|
00000180 e5 2d 00 44 00 69 00 41 00 4d 00 0f 00 78 4f 00 |.-.D.i.A.M...xO.|
00000190 4e 00 44 00 00 00 ff ff ff ff 00 00 ff ff ff ff |N.D.............|
000001a0 e5 24 00 52 00 58 00 37 00 35 00 0f 00 78 4b 00 |.$.R.X.7.5...xK.|
000001b0 37 00 55 00 2e 00 58 00 76 00 00 00 69 00 44 00 |7.U...X.v...i.D.|
000001c0 e5 52 58 37 35 4b 7e 31 58 56 49 10 00 09 b1 b2 |.RX75K~1XVI.....|
000001d0 70 42 70 42 00 00 77 69 13 41 8c 57 00 80 00 00 |pBpB..wi.A.W....|
000001e0 e5 49 57 5a 41 4b 50 4e 41 56 49 20 10 3b 8e 8a |.IWZAKPNAVI .;..|
000001f0 7c 43 db 46 00 00 8f 8a 7c 43 75 57 20 02 00 00 ||C.F....|CuW ...|
decryptkeysector -default:
sector at 0x7470A01000
bridge type Initio
00000000 80 2b 2a a4 f0 25 e7 c5 8a 3b 52 8f c3 3b 68 ff |.+*..%...;R..;h.|
00000010 be 2a 3a 3a 9a c6 68 8f 24 5c 99 2e 5d 50 73 b1 |.*::..h.$\..]Ps.|
00000020 da a9 89 75 91 50 8b 5c a9 86 bd 59 94 e5 a7 8e |...u.P.\...Y....|
00000030 d1 6d 60 18 5a 80 04 56 69 e9 a9 01 0d ae 29 c6 |.m`.Z..Vi.....).|
00000040 03 70 db e9 e1 2d 0c 8f 2d 2f 8b 53 6a 27 d8 be |.p...-..-/.Sj'..|
00000050 03 70 db e9 e1 2d 0c 8f 2d 2f 8b 53 6a 27 d8 be |.p...-..-/.Sj'..|
00000060 03 70 db e9 e1 2d 0c 8f 2d 2f 8b 53 6a 27 d8 be |.p...-..-/.Sj'..|
00000070 03 70 db e9 e1 2d 0c 8f 2d 2f 8b 53 6a 27 d8 be |.p...-..-/.Sj'..|
00000080 03 70 db e9 e1 2d 0c 8f 2d 2f 8b 53 6a 27 d8 be |.p...-..-/.Sj'..|
00000090 03 70 db e9 e1 2d 0c 8f 2d 2f 8b 53 6a 27 d8 be |.p...-..-/.Sj'..|
000000a0 03 70 db e9 e1 2d 0c 8f 2d 2f 8b 53 6a 27 d8 be |.p...-..-/.Sj'..|
000000b0 03 70 db e9 e1 2d 0c 8f 2d 2f 8b 53 6a 27 d8 be |.p...-..-/.Sj'..|
000000c0 03 70 db e9 e1 2d 0c 8f 2d 2f 8b 53 6a 27 d8 be |.p...-..-/.Sj'..|
000000d0 03 70 db e9 e1 2d 0c 8f 2d 2f 8b 53 6a 27 d8 be |.p...-..-/.Sj'..|
000000e0 03 70 db e9 e1 2d 0c 8f 2d 2f 8b 53 6a 27 d8 be |.p...-..-/.Sj'..|
000000f0 03 70 db e9 e1 2d 0c 8f 2d 2f 8b 53 6a 27 d8 be |.p...-..-/.Sj'..|
00000100 e5 e6 99 dd c8 6b 1e 5e c6 6a 72 b0 2a 77 57 2d |.....k.^.jr.*wW-|
00000110 bd c5 78 85 81 00 7e 77 b5 bd db 04 30 fe 5f de |..x...~w....0._.|
00000120 8a f8 c7 ba 95 d4 69 e9 b0 1f be e7 b3 de ad df |......i.........|
00000130 ea 78 3a 02 90 3c 17 2f 1e b8 06 27 09 05 3d 77 |.x:..<./...'..=w|
00000140 63 a6 b0 07 4c 5a af c5 30 4b 7e 8d 1c 54 bc 95 |c...LZ..0K~..T..|
00000150 65 1b 16 53 ad 19 49 94 98 a9 c5 f9 11 82 8a 5b |e..S..I........[|
00000160 21 47 dd ec 90 fd 47 bc c6 34 28 9b 18 2a 6d 1d |!G....G..4(..*m.|
00000170 63 ab 98 e9 cf e6 47 ac 58 e8 37 6c 02 3f 9f 73 |c.....G.X.7l.?.s|
00000180 74 69 00 16 24 8c 41 78 e0 7b 83 cf 53 a7 d7 30 |ti..$.Ax.{..S..0|
00000190 ea 78 3a 02 90 3c 17 2f 1e b8 06 27 09 05 3d 77 |.x:..<./...'..=w|
000001a0 56 d1 dd 26 e5 e0 f9 a1 8a 3c 2d 30 e3 e3 f4 be |V..&.....<-0....|
000001b0 65 1b 16 53 ad 19 49 94 98 a9 c5 f9 11 82 8a 5b |e..S..I........[|
000001c0 46 a0 79 23 3e 3f d2 84 fd c4 8d 6b ab 4a c1 69 |F.y#>?.....k.J.i|
000001d0 ba 78 81 fd 0c a1 89 d1 40 75 6e 2d 66 2b ed 06 |.x......@un-f+..|
000001e0 54 9e 16 1a ae b8 3f 9e 1d de e6 73 18 31 4f b8 |T.....?....s.1O.|
000001f0 a1 53 b5 9a 38 79 d0 a4 c0 f3 a5 01 70 e1 9d 9d |.S..8y......p...|
edit: formatting
You can use HDDSuperTool to dump the "service area" to find out what type of encryption is used on this drive. It's probably something reallymine doesn't handle yet...
Thank you for the swift reply! I'll setup the disk again during the weekend and start dumping the contents. Any details in particular that are useful? I guess I'll start with module 28 as I read it should contain a copy of the key.
Module 25, 28, 32, ... I've read that it can be in one of several. You won't find the key. You will find another "keysector" that needs to be decoded.
I looked carefully at the keysector, and it has far too little entropy to be encrypted like it should be.
Thanks for looking into this, I appreciate all the help hints and insights you are willing to provide.
Just to be 100% sure, you want me to dump those sectors like this? (is dumping from the image ok or do you need them directly from the disk attached over sata?)
dd if=/path/to/myimage of=/dev/null skip=0 count=1 bs=512
dd if=/path/to/myimage of=/dev/null skip=2048 count=1 bs=512
dd if=/path/to/myimage of=/dev/null skip=2049 count=1 bs=512
That's fine. It should not matter if you use an image that was just from dd or dd_rescue, not "decrypted" by any software.
if you're having a problem, try dd if=/path/to/disk/or/image count=1 | hexdump -Cv dd if=/path/to/disk/or/image count=2 skip=2048 | hexdump -Cv
It shouldn't be a problem to get them, I just need to get home and have access to the disk and image. I'll post the sectors and modules tomorrow but didn't want to post irrelevant info, hence my questions....
Here is the first sector:
1+0 records in
1+0 records out
512 bytes copied, 0.324192 s, 1.6 kB/s
00000000 c4 df d4 9c 83 31 ed aa 26 e9 4d 52 3a 18 ce 24 |.....1..&.MR:..$|
00000010 8d da 95 15 28 84 88 fb 98 ef 14 1d 0f 6d f3 97 |....(........m..|
00000020 21 3b bd 80 aa c8 75 79 72 d5 93 a7 77 fc fc b1 |!;....uyr...w...|
00000030 b3 ae 0e 8a ac ff 77 f6 88 5a d4 91 43 ad 67 1f |......w..Z..C.g.|
00000040 e1 69 95 a0 7d e4 b6 ee 3f 40 01 2f 62 94 5d ec |.i..}...?@./b.].|
00000050 ce 3f 99 08 89 fc e2 06 98 05 04 59 aa 2a fa ce |.?.........Y.*..|
00000060 e3 24 7d 71 31 50 d6 d9 97 48 27 1b 8e fb 5d 33 |.$}q1P...H'...]3|
00000070 6d 02 39 3e 9d 30 15 0a 8f 7c 32 4b 2b 93 7c 3d |m.9>.0...|2K+.|=|
00000080 86 61 db 1c 75 23 12 13 9b 7b 02 36 e5 03 7d 9c |.a..u#...{.6..}.|
00000090 a4 72 41 cb 43 42 8a 23 85 0c 82 05 e1 af 69 38 |.rA.CB.#......i8|
000000a0 a6 fb 7d af 60 e6 2d 12 c4 fb 3c 4c 9e 4f cb 4b |..}.`.-...<L.O.K|
000000b0 eb 00 0d 74 3e e7 25 25 35 54 96 06 65 9f a0 46 |...t>.%%5T..e..F|
000000c0 da c3 df 86 3e 4c 25 e8 7e ac 72 f2 05 ea a6 72 |....>L%.~.r....r|
000000d0 f3 20 1f ee 92 7a e0 3d e8 af 1c 32 0a dd db 33 |. ...z.=...2...3|
000000e0 b2 3c d1 c4 f7 ad 10 db 64 ab d8 c3 8d ae 79 37 |.<......d.....y7|
000000f0 64 46 0d c5 e6 e4 b3 f0 15 8f 86 2c 89 18 cd 95 |dF.........,....|
00000100 c6 9a 54 5d cd 4d a3 74 58 47 04 82 05 8d ae 2b |..T].M.tXG.....+|
00000110 62 10 92 99 f5 18 51 81 6b 1f db 37 08 23 b3 5e |b.....Q.k..7.#.^|
00000120 41 fb f8 dd 5b 48 6a b2 6a 2a ac 80 9f de 9c 38 |A...[Hj.j*.....8|
00000130 e9 6a d4 b1 1d 8d 06 f3 e7 5f 5b 5a 12 b6 c0 8d |.j......._[Z....|
00000140 c9 ee 14 f7 30 2c 59 2f f4 72 22 44 00 25 63 5c |....0,Y/.r"D.%c\|
00000150 4b 9a 63 cb 30 3b ce 4b f0 af ca fb 85 bc cb d6 |K.c.0;.K........|
00000160 88 28 95 f6 34 d8 a4 a7 bf 01 ae 78 d1 8b c7 b0 |.(..4......x....|
00000170 43 8c 63 f0 8a 03 9f 28 ed 2f 24 cd 16 ba bd ed |C.c....(./$.....|
00000180 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
00000190 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
000001a0 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
000001b0 36 d7 e9 aa 66 17 21 b8 22 4c 8a d1 b7 85 7a 67 |6...f.!."L....zg|
000001c0 cf 67 d5 fc 17 0f 0a 0c c7 32 eb 02 47 c6 50 a9 |.g.......2..G.P.|
000001d0 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
000001e0 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
000001f0 c8 3e b6 30 1c 00 cd 4c 7e 8f 65 62 97 e8 27 96 |.>.0...L~.eb..'.|
00000200
and 2048-2049:
2+0 records in
2+0 records out
1024 bytes (1.0 kB, 1.0 KiB) copied, 0.00339456 s, 302 kB/s
00000000 4e 3b f0 8a 6f e4 e2 58 68 5c 2f 4d 10 80 18 57 |N;..o..Xh\/M...W|
00000010 28 95 17 38 da b7 c3 44 ea f4 2e 12 67 f9 50 7b |(..8...D....g.P{|
00000020 e3 25 8f 17 a4 aa 40 82 5b 27 b3 d4 19 45 30 77 |.%....@.['...E0w|
00000030 01 7f d4 53 6f 2a 07 6b d9 58 75 50 4a ff 5a 77 |...So*.k.XuPJ.Zw|
00000040 22 59 5d 48 00 b7 f8 e6 55 5c 2e 4b 1c 3e 93 c4 |"Y]H....U\.K.>..|
00000050 71 8e 2b 1c b7 9c ed 7a 4a df 93 34 d7 90 bf ca |q.+....zJ..4....|
00000060 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
00000070 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
00000080 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
00000090 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
000000a0 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
000000b0 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
000000c0 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
000000d0 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
000000e0 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
000000f0 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
00000100 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
00000110 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
00000120 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
00000130 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
00000140 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
00000150 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
00000160 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
00000170 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
00000180 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
00000190 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
000001a0 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
000001b0 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
000001c0 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
000001d0 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
000001e0 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
000001f0 c8 3e b6 30 1c 00 cd 4c 7e 8f 65 62 97 e8 27 96 |.>.0...L~.eb..'.|
00000200 69 f2 bc f9 2b 10 6b 45 9a 1f 4b 15 e7 84 bc 0e |i...+.kE..K.....|
00000210 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
00000220 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
00000230 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
00000240 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
00000250 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
00000260 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
00000270 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
00000280 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
00000290 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
000002a0 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
000002b0 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
000002c0 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
000002d0 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
000002e0 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
000002f0 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
00000300 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
00000310 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
00000320 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
00000330 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
00000340 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
00000350 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
00000360 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
00000370 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
00000380 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
00000390 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
000003a0 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
000003b0 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
000003c0 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
000003d0 6d ed 91 af 50 41 a1 ad b8 b4 13 90 95 14 f4 48 |m...PA.........H|
000003e0 a4 5c 33 39 6b 86 74 a1 f1 a8 d6 9c dd 36 39 f3 |.\39k.t......69.|
000003f0 c8 3e b6 30 1c 00 cd 4c 7e 8f 65 62 97 e8 27 96 |.>.0...L~.eb..'.|
00000400
All I can say so far: It IS encrypted. It is in ECB mode. Looks like a DOS MBR in sector 0.
The keyblock you posted isn't helping, yet. Can you dump sector 976769056 to double-check that it is the same?
Also very curious to see the SA modules.
The chip is an initio INIC-1607E. Sector 976769056 is all zeroes.
1+0 records in
1+0 records out
00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000000a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000000b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000000c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000000d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000000e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000000f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000100 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000110 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000120 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000130 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000140 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000150 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000160 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000170 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000200
512 bytes copied, 0.327102 s, 1.6 kB/s
I am working on the modules now..
And some extra info (while I was in there ;) )
hddsupertool 1.10-1.8 20170129
Finding devices
Q) Quit
R) Refresh drive list
1) /dev/sda (500107862016) WDC WD5000BMVV-11A1CS0 WD-WX80AA907712
---
Device information menu
q) Quit
p) Previous menu
h) Toggle script help
1) Identify device
2) Smart info
Enter your choice:
> 1
1
Raw buffer:
0: 7a 42 ff 3f 37 c8 10 00 00 00 00 00 3f 00 00 00 zB.?7.......?...
10: 00 00 00 00 20 20 20 20 57 20 2d 44 58 57 30 38 .... W -DXW08
20: 41 41 30 39 37 37 32 31 00 00 00 40 32 00 31 30 [email protected]
30: 30 2e 41 31 31 30 44 57 20 43 44 57 30 35 30 30 0.A110DW CDW0500
40: 4d 42 56 56 31 2d 41 31 43 31 30 53 20 20 20 20 MBVV1-A1C10S
50: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 10 80 ..
60: 00 00 00 2f 01 40 00 00 00 00 07 00 ff 3f 10 00 .../.@.......?..
70: 3f 00 10 fc fb 00 10 01 ff ff ff 0f 00 00 07 00 ?...............
80: 03 00 78 00 78 00 78 00 78 00 00 00 00 00 00 00 ..x.x.x.x.......
90: 00 00 00 00 00 00 1f 00 06 1f 00 00 4c 00 44 00 ............L.D.
a0: fe 01 00 00 6b 74 09 7f 63 61 69 74 09 be 63 61 ....kt..cait..ca
b0: 7f 40 43 00 43 00 fe 00 fe ff 00 00 fe 80 00 00 [email protected]...........
c0: 00 00 00 00 00 00 00 00 30 60 38 3a 00 00 00 00 ........0`8:....
d0: 00 00 00 00 00 00 00 00 01 50 e2 4e 9a 03 b5 6a .........P.N...j
e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 40 ...............@
f0: 18 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .@..............
100: 29 00 00 00 00 00 00 00 00 00 d3 16 00 00 00 00 )...............
110: 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 ................
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
190: 00 00 00 00 00 00 00 00 00 00 00 00 37 70 00 00 ............7p..
1a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1b0: 00 00 18 15 00 00 00 00 00 00 00 00 1e 10 00 00 ................
1c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1d0: 00 00 00 00 01 00 00 10 00 00 00 00 00 00 00 00 ................
1e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a5 56 ...............V
Model= WDC WD5000BMVV-11A1CS0
Serial= WD-WX80AA907712
Firmware revision= 01.01A01
supports 48 bit commands = 1
total addressable sectors= 976773168
words per logical sector= 0
Size in bytes= 500107862016
Size in MiB= 476940
logical sectors per physical sector(2^x)= 0
enhanced_security_erase_supported= 1
security_count_expired= 0
security_frozen= 1
security_locked= 0
security_enabled= 0
security_supported= 1
error_recovery_control= 0
long_sector_access =1
drive look ahead supported= 1
drive look ahead status= 1
write_uncorrectable supported= 0
---
Device information menu
q) Quit
p) Previous menu
h) Toggle script help
1) Identify device
2) Smart info
Enter your choice:
> 2
2
Smart structure version= 16
ID# FLAG VALUE WORST THRESH RAW DATA ATTRIBUTE NAME
1 0x002f 200 200 51 0x00000000000000 Read Error Rate
3 0x0027 174 143 21 0x000000000008d2 Spin-Up Time
4 0x0032 99 99 0 0x00000000000643 Start/Stop Count
5 0x0033 200 200 140 0x00000000000000 Reallocated Sectors Count
7 0x002e 100 253 0 0x00000000000000 Seek Error Rate
9 0x0032 100 100 0 0x00000000000274 Power-On Hours Count
10 0x0033 100 100 51 0x00000000000000 Spin Retry Count
11 0x0032 100 100 0 0x00000000000000 Calibration Retries
12 0x0032 99 99 0 0x000000000004ae Power Cycle Count
192 0x0032 200 200 0 0x000000000002dd Power-Off Retract Cycles
193 0x0032 198 198 0 0x00000000001aeb Load/Unload Cycles
194 0x0022 119 99 0 0x0000000000001c Temperature
196 0x0032 200 200 0 0x00000000000000 Reallocation Events
197 0x0032 200 200 0 0x00000000000000 Current Pending Sectors
198 0x0030 100 253 0 0x00000000000000 Off-line Uncorrectable
199 0x0032 200 200 0 0x00000000000000 UDMA CRC Error Rate
200 0x0009 100 253 51 0x00000000000000 Write Error Rate
This keyblock was in sector 17 of module 25 (hex):
00000000 57 44 01 14 00 00 00 00 02 02 00 00 00 00 00 00 |WD..............|
00000010 00 00 00 00 3a 23 70 00 00 00 00 00 3a 23 70 00 |....:#p.....:#p.|
00000020 00 00 00 00 00 14 e0 00 20 00 00 00 00 00 00 00 |......à. .......|
00000030 00 00 00 00 00 00 00 00 00 00 00 00 57 44 01 14 |............WD..|
00000040 f0 26 e6 6c 59 02 bd 4a 52 d7 76 be 11 03 62 12 |ð&ælY.½JR×v¾..b.|
00000050 81 7c c5 08 29 57 73 0f a6 84 cc c7 13 ea 52 20 |.|Å.)Ws.¦.ÌÇ.êR |
00000060 25 bb dc cc 7d 91 61 80 df b5 95 36 97 10 4c 09 |%»ÜÌ}.a.ßµ.6..L.|
00000070 e5 14 0d 3b 2f 26 63 2d 8d b3 21 29 30 0f 35 34 |å..;/&c-.³!)0.54|
00000080 6f a7 5b df 8a 84 0c 27 88 56 a6 bf 37 8e 38 39 |o§[ß...'.V¦¿7.89|
00000090 e2 96 11 9a 6e 0c d1 7a 25 29 c2 b5 ae 30 fd 3f |â...n.Ñz%)µ®0ý?|
000000a0 e2 de 58 cc fa 76 e4 82 a8 20 74 9b e5 e1 de 14 |âÞXÌúvä.¨ t.åáÞ.|
000000b0 0c 96 4c d7 57 71 74 59 3f ff c2 2d 78 c1 77 a0 |..L×WqtY?ÿÂ-xÁw |
000000c0 a3 2b 01 d8 a4 40 3a 9c d6 99 8a 47 79 b0 46 71 |£+.ؤ@:.Ö..Gy°Fq|
000000d0 34 ad 8b e5 5d 03 02 05 65 22 74 8c c6 76 02 28 |4.å]...e"t.Æv.(|
000000e0 4c de d0 da 00 da 3a 8a a3 29 2f 18 9c 32 ee 35 |LÞÐÚ.Ú:.£)/..2î5|
000000f0 de d5 30 0b 72 4a 34 97 12 aa 5a 2e 78 32 2c 3a |ÞÕ0.rJ4..ªZ.x2,:|
00000100 44 3b 52 d2 c7 a4 99 f3 8a 1a 88 85 75 f5 dc 16 |D;RÒǤ.ó....uõÜ.|
00000110 b5 14 75 9d 22 20 4b 45 40 66 9d cd 46 73 6b 8f |µ.u." KE@f.ÍFsk.|
00000120 9d 26 53 1d 00 f0 73 7b ad 04 4d c8 f3 f1 c6 37 |.&S..ðs{.MÈóñÆ7|
00000130 03 52 8a de 4f 0a 2a e2 ab fb e4 fb 5d ec 5d 0a |.R.ÞO.*â«ûäû]ì].|
00000140 65 c5 c3 b9 99 b4 73 75 8e 0f 4c 37 e0 e8 6d b8 |eÅù.´su..L7àèm¸|
00000150 23 ab db 29 6d 31 df 8f ee a8 0d 42 de 33 9c 49 |#«Û)m1ß.î¨.BÞ3.I|
00000160 be 74 2c a4 2e 88 8f 7d 44 14 c9 8f 10 62 62 c5 |¾t,¤...}D.É..bbÅ|
00000170 f7 f0 80 c4 d0 c1 c8 f8 23 14 57 db 90 e8 cc 9e |÷ð.ÄÐÁÈø#.WÛ.èÌ.|
00000180 58 10 d8 5a 46 9f 7c 42 c5 22 31 22 e4 1f ea 95 |X.ØZF.|BÅ"1"ä.ê.|
00000190 9c da 63 af a5 47 e4 e9 72 8c 9f f0 ff 35 d6 0e |.Úc¯¥Gäér..ðÿ5Ö.|
000001a0 d7 11 85 0d 6e 05 15 2c c6 9d 9a da 72 1e 43 ff |×...n..,Æ..Úr.Cÿ|
000001b0 9e 99 86 00 76 69 08 74 d7 ce d1 54 57 2f 62 ce |....vi.t×ÎÑTW/bÎ|
000001c0 5d c6 d6 df 34 6d 88 da 01 70 cf 35 97 b5 74 d2 |]ÆÖß4m.Ú.pÏ5.µtÒ|
000001d0 03 2b a9 ac d7 83 32 65 4f 54 8c 0e 49 ef 71 c0 |.+©¬×.2eOT..IïqÀ|
000001e0 25 0b 13 67 cc fe 29 b0 7d 0d 39 d8 a8 1d 35 8c |%..gÌþ)°}.9ب.5.|
000001f0 b6 86 bd fe 93 04 39 1b aa 8b 1c f0 ee af 94 23 |¶.½þ..9.ª..ðî¯.#|
The key is b9f5f121f611416f4343ee4847f2ddfd03109682d97d46c6bf545f29fbee557a
What must have happened is that the keyblock in the user data area was corrupted, and that confused the firmware. Very luckily, the keyblock in the service area was intact.
@stynoo since you have a "working" INIC-chipped drive, would you be willing to help with research? If so, can you try a status call to the drive?
sg_raw -r 1k /dev/whatever c0 45 00 00 00 00 00 30
And if that works without error, would you be willing to do about 10,000 of them and dump the output into a file? It would help me to work out how the on-board random-number generator works. Something like
for i in seq 1 10000; do sg_raw -r 1k /dev/whatever c0 45 00 00 00 00 00 30 >> statusdump.txt; done
And lastly, I would want the manufacture date from the label on the drive.
Thanks a lot!
Well look at this!
# file decrypted.img
decrypted.img: DOS/MBR boot sector MS-MBR XP english at offset 0x12c "Invalid partition table" at offset 0x144 "Error loading operating system" at offset 0x163 "Missing operating system", disk signature 0x21968; partition 1 : ID=0xc, start-CHS (0x0,32,33), end-CHS (0x3ff,254,63), startsector 2048, 975398912 sectors
For later reference; I used this:
# reallymine decryptfile crypted.img decrypted.img b9f5f121f611416f4343ee4847f2ddfd03109682d97d46c6bf545f29fbee557a 'swaplongs decrypt swaplongs'
would you be willing to help with research?
You don't have to ask, let me decrypt this and I'll provide whatever info you need from that disk...
When you're done with recovery, remind me to tell you how to fix the disk so it works like it used to (hopefully).
The recovery just finished and the data is safe.
Here goes:
root@tinker:~# sg_raw -r 1k /dev/sdc c0 45 00 00 00 00 00 30
SCSI Status: Check Condition
Sense Information:
Fixed format, current; Sense key: Illegal Request
Additional sense: Invalid command operation code
Error 9 occurred, no data received
But wait, there is no way that I will trust any more data to this disk, besides the sata conversion disabled the usb interface. So if you @themaddoctor or @andlabs would accept I am willing to ship the disk to you on my own expense (after a zero-fill ofcourse).
The status comman only works through the USB connection.
How is it that adding the SATA disabled the USB? I would have thought that you could use either at this point.
To enable SATA, you have to remove four capacitors to disable the USB bridge. Those are waaaaay to small to repair for me.
Yeah, I see.
Yes, I would like this disk. Thank you. I'll try to replace the capacitors, because I want to talk to the Initio chip and pry out its secrets.
Before you zero out, could you dump sector 976769032 real quick, just to make sure it's the same keyblock that you found with reallymine?
My email is thomas dot a dot kaeding at gmail dot com. Won't post my physical address online.
No worries, I still have the raw images.
00000000 57 44 01 14 00 00 00 00 02 02 00 00 00 00 00 00 |WD..............|
00000010 00 00 00 00 3a 23 70 00 00 00 00 00 3a 23 70 00 |....:#p.....:#p.|
00000020 00 00 00 00 00 14 e0 00 20 00 00 00 00 00 00 00 |........ .......|
00000030 00 00 00 00 00 00 00 00 00 00 00 00 57 44 01 14 |............WD..|
00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000000a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000000b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000000c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000000d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000000e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000000f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000100 e5 52 45 52 33 4b 4a 4d 20 20 20 30 00 09 14 b8 |.RER3KJM 0....|
00000110 70 42 70 42 00 00 f7 00 0f 41 a4 ce 00 80 00 00 |pBpB.....A......|
00000120 e5 2d 00 44 00 69 00 41 00 4d 00 0f 00 26 4f 00 |.-.D.i.A.M...&O.|
00000130 4e 00 44 00 00 00 ff ff ff ff 00 00 ff ff ff ff |N.D.............|
00000140 e5 24 00 49 00 58 00 37 00 35 00 0f 00 26 4b 00 |.$.I.X.7.5...&K.|
00000150 37 00 55 00 2e 00 58 00 76 00 00 00 69 00 44 00 |7.U...X.v...i.D.|
00000160 e5 49 58 37 35 4b 7e 31 58 56 49 20 00 83 f9 89 |.IX75K~1XVI ....|
00000170 7c 43 db 46 00 00 fa 89 7c 43 15 75 20 02 00 00 ||C.F....|C.u ...|
00000180 e5 2d 00 44 00 69 00 41 00 4d 00 0f 00 78 4f 00 |.-.D.i.A.M...xO.|
00000190 4e 00 44 00 00 00 ff ff ff ff 00 00 ff ff ff ff |N.D.............|
000001a0 e5 24 00 52 00 58 00 37 00 35 00 0f 00 78 4b 00 |.$.R.X.7.5...xK.|
000001b0 37 00 55 00 2e 00 58 00 76 00 00 00 69 00 44 00 |7.U...X.v...i.D.|
000001c0 e5 52 58 37 35 4b 7e 31 58 56 49 10 00 09 b1 b2 |.RX75K~1XVI.....|
000001d0 70 42 70 42 00 00 77 69 13 41 8c 57 00 80 00 00 |pBpB..wi.A.W....|
000001e0 e5 49 57 5a 41 4b 50 4e 41 56 49 20 10 3b 8e 8a |.IWZAKPNAVI .;..|
000001f0 7c 43 db 46 00 00 8f 8a 7c 43 75 57 20 02 00 00 ||C.F....|CuW ...|
00000200
1+0 records in
1+0 records out
512 bytes copied, 0,000700507 s, 731 kB/s
I'll send you a mail when my friend confirms that her data is saved.