Data recovery and disk repair questions and discussions related to old-fashioned SATA, SAS, SCSI, IDE, MFM hard drives - any type of storage device that has moving parts
September 6th, 2016, 14:35
lcoughey wrote:ISTM that way too much time has been spent on this project. I can't speak for other labs, but if it is something that is recoverable with DIY methods, it would have taken 1-2 days for a data recovery pro to have fully recovered the data at relatively low price. My lab charges $350 CAD (about $275 USD) for such cases.
ISTM that you don't understand how users value their own time.
September 6th, 2016, 15:41
fzabkar wrote:Your bridge IC appears to be a JMicron JMS538S which confirms that your bridge PCB does indeed handle the encryption.
When connected on its own, the PCB identifies as a WD My Book 1140. This means that the "ROM" must be valid.
- Code:
idVendor: 0x1058 = Western Digital Technologies, Inc.
idProduct: 0x1140
bcdDevice: 0x1016
iManufacturer: 0x01
English (United States) "Western Digital"
iProduct: 0x02
English (United States) "My Book 1140"
iSerialNumber: 0x05
English (United States) "5743415A4148353037363230"
However, when the PCB is attached to your HDD, the USB mass storage device identifies as a JMicron USB to ATA/ATAPI Bridge. Therefore ISTM that there is a problem in the Smartware area at the end of the drive's user area.
- Code:
idVendor: 0x152D = JMicron Technology Corp.
idProduct: 0x0539
bcdDevice: 0x0100
iManufacturer: 0x01
English (United States) "JMicron"
iProduct: 0x02
English (United States) "USB to ATA/ATAPI Bridge"
iSerialNumber: 0x05
English (United States) "57442D5743415A4148353037363230"
IIUC, your key sector would suggest that the Smartware area begins at sector 0xE8DF8800, ie LBA 3906963456.
- Code:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00000000 57 44 76 31 89 D4 00 00 00 88 DF E8 00 00 00 00 WDv1‰Ô...ˆßè....
^^^^^^^^^^^
ISTM that your best DIY approach would be reallymine. Perhaps cloning the drive with ddrescue or HDDSuperClone would be advisable. You might also consider applying the mod_02 patch with HDDSuperTool just in case the drive has a "slow responding" problem.
Ok Let me check and get back to you.
Best Regards
Golr
September 7th, 2016, 17:38
You can copy the Smartware sectors (3906963456 - 3907029167) to a binary image and then open this image in 7-Zip. If everything is OK, then I believe that the first directory should be "WD Unlocker" (at least in some implementations of Smartware).
September 8th, 2016, 2:21
fzabkar wrote:You can copy the Smartware sectors (3906963456 - 3907029167) to a binary image and then open this image in 7-Zip. If everything is OK, then I believe that the first directory should be "WD Unlocker" (at least in some implementations of Smartware).
You are absolutely right. I followed the process and was able to recover the Smartware.
Best Regards,
Golr
September 8th, 2016, 3:20
So the VCD appears to be OK, the bridge firmware is valid, the key sector is present, but the bridge identifies as a JMicron. Weird.
It looks like reallymine is the way to go.
September 8th, 2016, 3:36
fzabkar wrote:So the VCD appears to be OK, the bridge firmware is valid, the key sector is present, but the bridge identifies as a JMicron. Weird.
Could this be because the PCB can't find the VCD as the drive was initialized?
September 11th, 2016, 15:31
I have now managed to check the content of your uploaded key sector.
It needed some programming work, but now it's done.
I am now able to solve your case...if it is possible to take a whole encrypted image from the drive.
Please use dmde to take that image because dmde doesn't compress the image file.
If you have done that, then I'll tell you what to do next.
September 11th, 2016, 15:40
Roberto wrote:I have now managed to check the content of your uploaded key sector.
It needed some programming work, but now it's done.
Nice!
September 12th, 2016, 0:45
Roberto wrote:I have now managed to check the content of your uploaded key sector.
It needed some programming work, but now it's done.
I am now able to solve your case...if it is possible to take a whole encrypted image from the drive.
Please use dmde to take that image because dmde doesn't compress the image file.
If you have done that, then I'll tell you what to do next.
Hello Roberto,
Thanks a lot for your work! I have taken the image of the drive by dmde. What should I do next?
Best Regards,
Golr
September 12th, 2016, 14:02
Golr wrote:Thanks a lot for your work! I have taken the image of the drive by dmde. What should I do next?
Golr
You're welcome. Please check your private messages!
I need your private email to send you a written program.
But I still have to do some work with the written source code.
I want to compile it in a different language therefore I have to translate it first.
You can use this program to decrypt the taken image.
You need another location with enough free space for the decrypted image.
After the decrypted image is written... you can use dmde to copy this to another hard drive.
The hard drive will contain the unencrypted files.
Don't know if the partitions will also be available.. this depends of the state of your encrypted hdd.
But at least you will be able to scan for lost files.
Please don't forget to come back to tell your results.
Best Regards,
Roberto
September 19th, 2016, 6:59
@Golr
Sorry for the long delay
I have now managed to send you the decryption program
Please check it and come back here to tell us if it worked.
Best Regards,
Roberto
September 19th, 2016, 7:22
Roberto wrote:@Golr
Sorry for the long delay
I have now managed to send you the decryption program
Please check it and come back here to tell us if it worked.
Best Regards,
Roberto
nice work.
please let us know the outcome as well.
September 19th, 2016, 11:17
Roberto wrote:@Golr
Sorry for the long delay
I have now managed to send you the decryption program
Please check it and come back here to tell us if it worked.
Best Regards,
Roberto
Dear Roberto,
Thank you so much for sending me the tool. I am currently waiting for another disk to put the decrypted image in. I'll test out your software as soon as I get it and let you know the outcome.
Best Regards!
September 25th, 2016, 2:23
Success!!
I was able to recover ALL of my data. fzabkar's guideline was the way to do it. Can't thank him enough!
Here are the steps I took (in case someone needs it in future):
1. connected the drive in a desktop machine's sata port.
2. taken an image (.bin) of the whole drive by DMDE.
3. downloaded and compiled reallymine for my platform (windows 7 ultimate x64)
4. created a decrypted image (.bin) of the image taken by dmde.
syntax: "reallymine <path\filename-of-encrypted-image> <path\filename-of-decrypted-image>"
5. used a software named Active Partition Recovery to open the decrypted .bin file and it showed my lost drive in excellent condition. Even the partition name was intact!
@Roberto
Thanks so much again for sending me your tool but I wasn't able to use it. I tried from command prompt in admin mode in both x86 and x64 Windows but it shows the following:
and then:
But thanks again for your efforts.
Also thanks to everyone else who has tried to help with their comments and suggestions.
Best Regards!
Golr
September 25th, 2016, 4:08
Golr wrote:Success!!
Great to here you had success.
Golr wrote:@Roberto
Thanks so much again for sending me your tool but I wasn't able to use it. I tried from command prompt in admin mode in both x86 and x64 Windows but it shows the following:
and then:
But thanks again for your efforts.
Golr
You're welcome.
I had forgotten to tell you, you have to install dot net 4.5 to make the application executable.
Best Regards,
Roberto
September 25th, 2016, 6:34
Golr wrote:@Roberto
Thanks so much again for sending me your tool but I wasn't able to use it.
Golr
If you find some time... maybe you could try decrypting the encrypted image with my tool,
despite of the fact that you already have your important data.
I would like to have the confirmation that my tool is working and would be happy about your feedback.
You can download .dot Net Framework from the microsoft homepage:
https://www.microsoft.com/de-de/downloa ... x?id=30653There is also an offline installer:
https://www.microsoft.com/de-de/downloa ... x?id=42642With .dot Net Framework installed there should be no problems in running the application.
Best Regards,
Roberto
October 7th, 2017, 0:37
Roberto, Hi Roberto.
I'm very grateful for your help. Can you send me password to unrar file ImageDecrypt_v1.0_build2310.rar?
Tks so much Bro.
October 18th, 2017, 15:31
Spildit wrote:nakata_1 wrote:Roberto, Hi Roberto.
I'm very grateful for your help. Can you send me password to unrar file ImageDecrypt_v1.0_build2310.rar?
Tks so much Bro.
Please read -
viewtopic.php?f=1&t=35048
Tks so much for support.
October 18th, 2017, 22:35
nice choice on protector.. it is do-able, but a pig to reverse engineer
Powered by phpBB © phpBB Group.