June 19th, 2014, 20:58
kahunadude wrote:Is the code located on the drive (if so, any idea where it might be?) or on the control board?
Also, what backup program do you recommend? The WD Smartware software does not appear to be very flexible.
in order to bypass the password verification process altogether?
June 20th, 2014, 1:31
June 20th, 2014, 2:16
June 21st, 2014, 14:35
HaQue wrote:....seems to me in hindsight, a key bit of research would be that if you do not intend to encrypt your data, don't buy a HDD that encrypts.
This sort of info is getting more and more abstracted from the user, and general population is losing the ability to understand the tech they are using.
...
June 21st, 2014, 15:50
HaQue wrote:And BlackST.. I bet there is interest in other areas as well, which I think you are alluding to... Wouldnt a Snowden expose on hard drive encryption breaking be very interesting!
June 21st, 2014, 16:42
February 10th, 2017, 18:48
February 10th, 2017, 18:54
February 10th, 2017, 18:54
October 14th, 2017, 17:17
57 44 01 14 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 74 5b 78 00 00 00 00 00 74 5b 78 00
00 00 00 00 00 14 e0 00 20 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 57 44 01 14
00 f9 9d 9f 92 9c c5 73 bc 87 93 2c a0 65 0f ed
75 5a b4 82 5e d7 7a 36 1b 1e 67 88 f1 aa ea 4c
23 4a 8f 5a b6 cc c5 3b 89 7e da ed be c0 67 8f
df 96 66 13 5d 9a 06 cb 26 a9 33 35 37 96 07 72
6d 28 b1 8c ef 65 67 f4 04 63 71 7c ca c0 9b 5c
34 19 3e 12 8b 31 d7 92 8e 1d d6 fb 2f fa 86 22
3a b8 9f 4b ec 82 85 f9 57 92 d7 83 cc 6f 7f 11
90 42 21 72 fc 5c 59 90 ee 85 d6 9a 7f 53 fa f9
e6 87 6e 0e 2f b1 69 04 86 a3 13 6f 6f 92 bd a0
8b be 43 d9 8f b8 4a cd 63 24 0f 5c 17 28 d2 cb
fc 22 0a 0b 20 59 6c 1d 3d 37 3e 0a 32 4a f8 ad
98 86 53 04 3a 12 be d0 cd d3 2d 9b 29 63 d9 12
56 f8 09 ee 18 d8 83 85 7c 19 ce b3 72 4d 28 59
e2 d1 41 21 6a 53 1d 1b b4 ea 7d 0e eb 74 91 df
69 3d 3e 64 3b c2 2a df 91 ee be cc 01 9d 08 db
56 ad a5 34 c9 30 a0 56 18 6c 84 0e d6 fd f1 7e
b3 b9 58 98 64 ad 0c ff ae a7 3e b4 ac 53 ac 30
07 e3 33 86 4f d8 4f 6d ae 10 c0 ae 5c b5 d4 29
a9 f1 78 87 91 5c 5d 31 64 a3 a6 55 56 37 88 d5
a1 21 21 cf 1b 28 ef 9a 07 e5 4a da cc 1f e6 c1
55 68 46 2f ec e6 ed b5 20 b7 e0 1d b9 e8 f5 f1
ae 7d b5 f5 ef b9 32 86 15 7e ce 76 30 8b a2 db
67 49 28 60 3b 27 8b 41 09 a3 64 45 4c 00 fa 35
cd f3 2e bb 90 52 3f bc 05 85 53 02 fe 55 18 c2
b3 ac d9 d8 59 80 81 1d f0 71 d9 f3 11 ed 9d 80
71 53 3a 78 82 43 fe 4b 75 f3 f4 cc 67 ad ad f7
c6 11 bd 8c bc 1b 83 7e dd 87 19 e7 55 be 3b f9
33 41 d9 3b e1 ef 2d 0a 71 7a 6f c6 c5 b4 b4 ad
57 44 01 14 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 74 5b 78 00 00 00 00 00 74 5b 78 00
00 00 00 00 00 14 e0 00 20 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 57 44 01 14
00 00 74 65 00 00 00 00 00 00 00 00 00 00 00 00
00 00 c2 23 00 00 00 00 00 00 00 00 00 00 00 00
00 00 f2 4f 00 00 00 00 00 00 00 00 00 00 00 00
00 00 db 62 00 00 00 00 00 00 00 00 00 00 00 00
00 00 68 5c 00 00 00 00 00 00 00 00 00 00 00 00
00 00 12 84 00 00 00 00 00 00 00 00 00 00 00 00
00 00 2f c9 00 00 00 00 00 00 00 00 00 00 00 00
00 00 b1 ee 00 00 00 00 00 00 00 00 00 00 00 00
00 00 18 ce 00 00 00 00 00 00 00 00 00 00 00 00
00 00 5b b0 00 00 00 00 00 00 00 00 00 00 00 00
00 00 4a 47 00 00 00 00 00 00 00 00 00 00 00 00
00 00 53 69 00 00 00 00 00 00 00 00 00 00 00 00
00 00 5e 46 00 00 00 00 00 00 00 00 00 00 00 00
00 00 c8 7a 00 00 00 00 00 00 00 00 00 00 00 00
00 00 da 6a 00 00 00 00 00 00 00 00 00 00 00 00
00 00 ba 65 00 00 00 00 00 00 00 00 00 00 00 00
00 00 42 a8 00 00 00 00 00 00 00 00 00 00 00 00
00 00 89 9d 00 00 00 00 00 00 00 00 00 00 00 00
00 00 21 f3 00 00 00 00 00 00 00 00 00 00 00 00
00 00 77 c1 00 00 00 00 00 00 00 00 00 00 00 00
00 00 6f e6 00 00 00 00 00 00 00 00 00 00 00 00
27 5d ba 35 86 cd 6a ce 00 00 00 20 cb a4 59 67
f9 fe 45 f7 7b 58 de 79 50 80 bf d1 95 db d2 5f
08 20 d5 e5 bf 0b 99 ce be b2 88 16 00 00 25 35
00 00 21 63 00 00 00 00 00 00 00 00 00 00 00 00
00 00 1d 36 00 00 00 00 00 00 00 00 00 00 00 00
00 00 a7 44 00 00 00 00 00 00 00 00 00 00 00 00
00 00 85 d7 00 00 00 00 00 00 00 00 00 00 00 00
November 28th, 2017, 21:27
@dan_sm, remember also that the data needs byte-swapping before and after decryption for the drives with the INIC chip.dan_sm wrote:Sorry if I reply to this very old thread... but since the only correct answer wasn't given yet, let me catch that up for you.
If we have a look at the research paper titled "got HW crypto? On the (in)security of a Self-Encrypting Drive series" from the researchers Gunnar Alendal, Christian Kison, modg et al. (i.e. the paper all of the WD decryption solutions are using for these type of drives), we quickly find out that the correct user set password for the locked drive mentioned here (by the OP): <!-- m --><a class="postlink" href="https://forum.hddguru.com/viewtopic.php?p=131488#p131488">https://forum.hddguru.com/viewtopic.php ... 88#p131488</a><!-- m --> is "chooseapassword" (without quotes). This can be done by just hashing all candidate passwords (and in this case it is really an easy password that is present in every normal word list a password cracker uses) with sha256 for 1000 times (first iteration is using the utf-16le password salted with a *constant* salt "WDC." - without quotes -). The constant salt, by the way, makes this attack even more easy because the attacker can precompute the whole password list (e.g. a mapping from pass(+constant salt)->KEK can be pre-computed... but as already mentioned, with an easy password like this one it isn't even worth the trouble, disk space, precomputation time etc,... it can be done on-the-fly even with an old CPU).
This means that the KEK in this case is determined by 1000 times sha256 () of the utf-16le form of "WDC." concatened with "chooseapassword" which is:
4e583ccf1052ec67c89c09750440b45a80f3ba81c355c3b22432c1acae00e20b
instead of the default KEK (if no user password was set):
03141592653589793238462643383279fcebea6d9aca7686cdc7b9d9bcc7cd86
Therefore, given this edek (encrypted DEK blob from <!-- m --><a class="postlink" href="https://forum.hddguru.com/viewtopic.php?p=131488#p131488">https://forum.hddguru.com/viewtopic.php ... 88#p131488</a><!-- m -->, image was named "VCD sector locked"):
- Code:
57 44 01 14 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 74 5b 78 00 00 00 00 00 74 5b 78 00
00 00 00 00 00 14 e0 00 20 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 57 44 01 14
00 f9 9d 9f 92 9c c5 73 bc 87 93 2c a0 65 0f ed
75 5a b4 82 5e d7 7a 36 1b 1e 67 88 f1 aa ea 4c
23 4a 8f 5a b6 cc c5 3b 89 7e da ed be c0 67 8f
df 96 66 13 5d 9a 06 cb 26 a9 33 35 37 96 07 72
6d 28 b1 8c ef 65 67 f4 04 63 71 7c ca c0 9b 5c
34 19 3e 12 8b 31 d7 92 8e 1d d6 fb 2f fa 86 22
3a b8 9f 4b ec 82 85 f9 57 92 d7 83 cc 6f 7f 11
90 42 21 72 fc 5c 59 90 ee 85 d6 9a 7f 53 fa f9
e6 87 6e 0e 2f b1 69 04 86 a3 13 6f 6f 92 bd a0
8b be 43 d9 8f b8 4a cd 63 24 0f 5c 17 28 d2 cb
fc 22 0a 0b 20 59 6c 1d 3d 37 3e 0a 32 4a f8 ad
98 86 53 04 3a 12 be d0 cd d3 2d 9b 29 63 d9 12
56 f8 09 ee 18 d8 83 85 7c 19 ce b3 72 4d 28 59
e2 d1 41 21 6a 53 1d 1b b4 ea 7d 0e eb 74 91 df
69 3d 3e 64 3b c2 2a df 91 ee be cc 01 9d 08 db
56 ad a5 34 c9 30 a0 56 18 6c 84 0e d6 fd f1 7e
b3 b9 58 98 64 ad 0c ff ae a7 3e b4 ac 53 ac 30
07 e3 33 86 4f d8 4f 6d ae 10 c0 ae 5c b5 d4 29
a9 f1 78 87 91 5c 5d 31 64 a3 a6 55 56 37 88 d5
a1 21 21 cf 1b 28 ef 9a 07 e5 4a da cc 1f e6 c1
55 68 46 2f ec e6 ed b5 20 b7 e0 1d b9 e8 f5 f1
ae 7d b5 f5 ef b9 32 86 15 7e ce 76 30 8b a2 db
67 49 28 60 3b 27 8b 41 09 a3 64 45 4c 00 fa 35
cd f3 2e bb 90 52 3f bc 05 85 53 02 fe 55 18 c2
b3 ac d9 d8 59 80 81 1d f0 71 d9 f3 11 ed 9d 80
71 53 3a 78 82 43 fe 4b 75 f3 f4 cc 67 ad ad f7
c6 11 bd 8c bc 1b 83 7e dd 87 19 e7 55 be 3b f9
33 41 d9 3b e1 ef 2d 0a 71 7a 6f c6 c5 b4 b4 ad
we can decrypt it with the user password "chooseapassword" (without quotes) and therefore KEK 4e583ccf1052ec67c89c09750440b45a80f3ba81c355c3b22432c1acae00e20b to:
- Code:
57 44 01 14 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 74 5b 78 00 00 00 00 00 74 5b 78 00
00 00 00 00 00 14 e0 00 20 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 57 44 01 14
00 00 74 65 00 00 00 00 00 00 00 00 00 00 00 00
00 00 c2 23 00 00 00 00 00 00 00 00 00 00 00 00
00 00 f2 4f 00 00 00 00 00 00 00 00 00 00 00 00
00 00 db 62 00 00 00 00 00 00 00 00 00 00 00 00
00 00 68 5c 00 00 00 00 00 00 00 00 00 00 00 00
00 00 12 84 00 00 00 00 00 00 00 00 00 00 00 00
00 00 2f c9 00 00 00 00 00 00 00 00 00 00 00 00
00 00 b1 ee 00 00 00 00 00 00 00 00 00 00 00 00
00 00 18 ce 00 00 00 00 00 00 00 00 00 00 00 00
00 00 5b b0 00 00 00 00 00 00 00 00 00 00 00 00
00 00 4a 47 00 00 00 00 00 00 00 00 00 00 00 00
00 00 53 69 00 00 00 00 00 00 00 00 00 00 00 00
00 00 5e 46 00 00 00 00 00 00 00 00 00 00 00 00
00 00 c8 7a 00 00 00 00 00 00 00 00 00 00 00 00
00 00 da 6a 00 00 00 00 00 00 00 00 00 00 00 00
00 00 ba 65 00 00 00 00 00 00 00 00 00 00 00 00
00 00 42 a8 00 00 00 00 00 00 00 00 00 00 00 00
00 00 89 9d 00 00 00 00 00 00 00 00 00 00 00 00
00 00 21 f3 00 00 00 00 00 00 00 00 00 00 00 00
00 00 77 c1 00 00 00 00 00 00 00 00 00 00 00 00
00 00 6f e6 00 00 00 00 00 00 00 00 00 00 00 00
27 5d ba 35 86 cd 6a ce 00 00 00 20 cb a4 59 67
f9 fe 45 f7 7b 58 de 79 50 80 bf d1 95 db d2 5f
08 20 d5 e5 bf 0b 99 ce be b2 88 16 00 00 25 35
00 00 21 63 00 00 00 00 00 00 00 00 00 00 00 00
00 00 1d 36 00 00 00 00 00 00 00 00 00 00 00 00
00 00 a7 44 00 00 00 00 00 00 00 00 00 00 00 00
00 00 85 d7 00 00 00 00 00 00 00 00 00 00 00 00
(actually the output needs to be byte-swapped after the decryption, as also automatically done by tools like reallymine, but I stick here to this format because also the paper "got HW crypto?" uses this form of output)
This decrypted eDEK shows us that the DEK is:
6759a4cbf745fef979de587bd1bf80505fd2db95e5d52008ce990bbf1688b2be
and that the AES key is therefore (just rearrange the bytes, as tools like reallymine also automatically do):
5080bfd17b58de79f9fe45f7cba45967beb28816bf0b99ce0820d5e595dbd25f
Therefore the only correct answer (in my opinion) is that the password is "chooseapassword" (without quotes) and the AES key is 5080bfd17b58de79f9fe45f7cba45967beb28816bf0b99ce0820d5e595dbd25f (hexadecimal version of it).
I'm not sure why this wasn't mentioned in the previous posts, it was kind of confusing to me that several forum users are mentioning the DEK (and AES key) of the already unlocked disk (for which the OP already knew the keys).
Hope these facts help others in the future and that this answer helps to get rid of the confusion within this thread (about the AES key which was already known to the poster from the beginning and that he/she only posted to show the difference between edeks from locked and unlocked drives).
Powered by phpBB © phpBB Group.