WD My Passport Decryption Tool

[Roberto]

Hi Guys,

I have received some requests for my image decryption tool.
This "small" program is able to decrypt encrypted images from a WD My Passport or WD My Book hard drive.
This of course works only as long as the encryption key is known, because the key must be passed.

Please forgive my late feedback, but I've had a lot to do and on the job it was very stressful.
This is also one of the reasons why I unfortunately have to inform you that I will not offer the program in the future free of charge.

To be able to pass the encryption key to the mentioned image decryption tool, the key has to be found first.
With most hard disks this is possible without great effort, if
- there is no defect in the hard drive
- the password is known or there is no password set
- the corresponding mechanisms are known

If, however, the case occurs, that someone has forgotten his password or defects on the hard drive are present, the effort can rise immeasurably.

The actual and important program - which I have not offered here - is nevertheless able to find the appropriate key.
The development of this program has taken a very long time, more specifically, about half a year of man's hours.

If someone is still interested in decrypting a protected drive and is willing to pay a reasonable price for the very high and complex effort that has been put into the program, he is, of course, most sincerely welcome.

Best Regards,
Roberto

Attachments

The Image Decryption Tool (if key is known)

[DR-Kiev]

It would be much useful if you add function to bruteforce user passphrase. We noticing cases, when customers set the password, make it remember by OS, and forgetting after awhile. Re-installing or crashing windows/mac , making unable to get access to the data.

[Roberto]

Password breaking function has already been implemented.
I can for example use dictionary attack for finding passwords.
Of course there is the possibility to create dictionaries with combinations/permutations from given default passwords of the user.

See this video file: https://c.web.de/@417764451819719706/ErwQEw6nSt2n83wvXnbGfw

Attachments

[Roberto]

Because some users have asked, I would like to share some more information:

For the image decryption tool itself I do not want to charge a fee, because it's "useless" without the correct encryption key.
The correct encryption key can be obtained for a small fee.
The user / recovery lab then receives the key and can use the latest version of the tool for image decryption.

I expect $*** for an easy case (for example: forgotten password which can be bruteforced from default user passwords).
For a more complicated case I would require $*** (for example: forgotten password which can not be bruteforced).

For companies I would estimate $*** for easy cases and $*** for more complicated cases.
Please do not hesitate to let me know if the expected prices are reasonable in your eyes.

Of course there is the possibility to buy a cheaper "Package Price" for an annual cost and decrypt an "unlimited" number of drives.
What would you say is a reasonable price for such a "package license"?

The Passport-Breaker-Tool itself from the video - which is getting the correct encryption keys - is of course not for resale, at least not for ordinary sums .
If you are an authority or a big data recovery company please send me a private message for an individual offer.

The image decryption tool supports all chips because it only decodes the encrypted data with the correct key.

Best Regards,
Roberto

[Roberto]

Because there were some further questions, I want to clarify some:

There are 2 Options to use my Decryption Service:

1.Option
----------
The user or dr-company sends his drive to me and I'm doing all the work for decryption.
No need for the user to deal with the matter.

2.Option
----------
If the user or data recovery company has some skills in handling password protected drives,
then the procedure can be as follows:

- The User is taking an image from a protected drive
At this stage the image is somehow "useless" because it is encrypted.

- The User sends me only 2 special sectors from his image
From this 2 sectors I can compute or extract the correct encryption key with my Passport-Breaker-Tool.

- After my tool has found the key, the user receives the "happy" message that his key could be found
Now he can pay.

- After he paid, he receives the correct encryption key and the image decryption tool
With the correct drive encryption key in his hand, the tool can now decrypt his image.
Now his image is not useless anymore... because it contains all his data... unencrypted.
He can now mount his data or restore it to another drive.
In some rare cases if the MBR was destroyed on his drive he has to search for lost files or lost partitions before he can access his data.


Advantages
-------------

- The user can retain his data if he has forgotten the password
--> In most cases there is no need to know the user password, my Passport-Breaker-Tool can obtain the correct drive key without the user password

- For the second option there is no need to give the data (or the hdd) out of the hand.

- In many cases the encrypted data can be accessed with the original usb bridge
--> No need to buy a compatible usb donor or connect to a compatible SATA board

- In the other cases there is no need to get the original usb bridge working (or a compatible donor)
--> The encrypted data of the HDD can be accessed with a compatible SATA board

- There is no need for the user to handle with the different encryption chips (JMicron, Initio (INIC), Symwave, PLX (OXUF))
--> The different handling for the different chip types is all done by my passport-breaker-tool (see video above).

I hope I could clarify some.

Best Regards,
Roberto

[octothuluh]

Testimonial time!

I had a client who brought me a drive from a 4 TB WD MyBook for data recovery. When the drive stopped mounting the client removed the drive from the enclosure and trashed the enclosure. I had been trying to decrypt the drive using ReallyMine but for some reason the decryption process has been very slow going. The source drive was beginning to fail so I made a sector by sector clone of the drive and attempted to decrypt it but after 5 days I only had 80 GB of the 4 TB drive decrypted. I also made an image of the failing drive using DDRescue and tried running ReallyMine on the .IMG file and got the same result. I also tried using ReallyMine on multiple different workstation with different hardware and using different Linux Distros....same results. I messaged the developer of ReallyMine through GitHub and he was also stumped as to why the process was running so slow.

Spildit recommended that I talk to Roberto about trying to use his tool to decrypt the drive. Roberto's tool was able to decrypt the drive in a couple days and all of my client's data was recovered flawlessly!

Many thanks to Roberto for this excellent tool. Keep up the great work!

The time it will save you makes it well worth the money you spend on it!

Fraser

[Doomer]

Do you support key generation for JMicron only or for Initio chips too? (I assume you're using RNG flaws)

[Roberto]

Do you support key generation for JMicron only or for Initio chips too? (I assume you're using RNG flaws)

This is usually not necessary for Initio Chips, therefore it remains future work for my program.
But in the meantime Initio can be "bypassed" more easily than JMicron by other methods

[Doomer]

But in the meantime Initio can be "bypassed" more easily than JMicron by other methods

I'm asking because Initio (USB2.0 version) had a bug in FW that sometimes puts garbage in all copies of the key and key generation would be helpful, although such drives are not that common anymore

[JGAN]

But in the meantime Initio can be "bypassed" more easily than JMicron by other methods

I'm asking because Initio (USB2.0 version) had a bug in FW that sometimes puts garbage in all copies of the key and key generation would be helpful, although such drives are not that common anymore

I asked Roberto the same thing and sent him a couple sectors from an affected drive. He said he would try it in his software

[Roberto]

I'm asking because Initio (USB2.0 version) had a bug in FW that sometimes puts garbage in all copies of the key and key generation would be helpful, although such drives are not that common anymore

Yes, it would be very helpful, of course.
But as long as I do not get a lot of jobs that include the mentioned models, it is not really profitable for me to implement a key-creating solution.

[Doomer]

But as long as I do not get a lot of jobs that include the mentioned models, it is not really profitable for me to implement a key-creating solution.

Yeah, that's the problem that stops most of the people

[kaeding]

Would one of you be willing to upload a sample of the keyblock sector and an encrypted sector
from an OXUF-chipped drive, so that I can see what you are dealing with?

[Roberto]

Would one of you be willing to upload a sample of the keyblock sector and an encrypted sector
from an OXUF-chipped drive, so that I can see what you are dealing with?

I do not understand what this should help you,
but here you go:

Attachments

[kaeding]

Thank you. Are they both from the same disk? Should the Crypted_sector decrypt to all zeroes?

[memofixdave]

Roberto,
We are a data recovery company in Canada and we have a client who used a WD utility to do a quick format on a 2TB WD Passport and it appears to have changed the original encryption key in the process.

Can you de-crypt this drive for us if we send it to you? Please email me at davidf at memofix.com to discuss

[Roberto]

Are they both from the same disk?

No I fear not
Why do you want to know that?

Should the Crypted_sector decrypt to all zeroes?

Yes should decrypt to zeros.

[kaeding]

Then you're right: They don't help me.
I can only learn if I have a decrypted sector and a keyblock from the same disk.
Thank you.

[Roberto]

Please email me at davidf at memofix.com to discuss

You have a new email.

Best Regards

[Jason0528]

Hi Roberto,

Can you PM me your email address?

Thanks,

Jason