All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 15 posts ] 
Author Message
 Post subject: Smartware problem.
PostPosted: May 28th, 2017, 22:06 
Offline

Joined: October 21st, 2007, 8:48
Posts: 1631
Hello!
I have received My passport 500 GB drive (encrypted with Initio)
The customer swear that he didn't put a password.
When the drive connected via USB it shows ABRT and WD smartware shows as protected with smartware password.
When connected via SATA interface the drive scan normally with no defects ( but surely encrypted )
When trying to decrypt via MRT it shows error.
I believe that the customer didn't put any password and it's a FW problem.
Any suggestions?
Thanks in advance.


Top
 Profile  
 
 Post subject: Re: Smartware problem.
PostPosted: May 29th, 2017, 14:21 
Offline

Joined: October 21st, 2007, 8:48
Posts: 1631
Full model : WD5000BMVV-11GNWS0
Encryption IC : INITIO NIC-1607E

Any help will be appreciated.


Top
 Profile  
 
 Post subject: Re: Smartware problem.
PostPosted: May 30th, 2017, 5:55 
Offline

Joined: December 5th, 2011, 5:38
Posts: 1626
Location: Italy
Maybe this can help you:
viewtopic.php?f=28&t=35093

_________________
My firmware database:
https://mega.nz/folder/O01DkBRI#MxP2J6ZNqXDcrX40I8MoQQ


Top
 Profile  
 
 Post subject: Re: Smartware problem.
PostPosted: May 30th, 2017, 6:09 
Offline

Joined: March 7th, 2009, 12:43
Posts: 1080
Location: Angel Data Recovery
Check key sector on the back , most probably, there is garbage.

_________________
Angel Data Recovery


Top
 Profile  
 
 Post subject: Re: Smartware problem.
PostPosted: May 30th, 2017, 6:16 
Offline
User avatar

Joined: September 8th, 2009, 18:21
Posts: 15461
Location: Australia
Does module 25 or 38 have a valid key?

_________________
A backup a day keeps DR away.


Top
 Profile  
 
 Post subject: Re: Smartware problem.
PostPosted: May 30th, 2017, 18:17 
Offline

Joined: October 21st, 2007, 8:48
Posts: 1631
Key sector and the key in module 25 are matched.


Attachments:
Sector.rar [582 Bytes]
Downloaded 420 times
25.rar [807 Bytes]
Downloaded 390 times
Top
 Profile  
 
 Post subject: Re: Smartware problem.
PostPosted: May 30th, 2017, 18:50 
Offline
User avatar

Joined: September 8th, 2009, 18:21
Posts: 15461
Location: Australia
You might like to ask Roberto about his "WD My Passport Decryption Tool":
memberlist.php?mode=viewprofile&u=31982

... or try reallymine:
http://www.hddoracle.com/viewtopic.php?f=22&t=1488

_________________
A backup a day keeps DR away.


Top
 Profile  
 
 Post subject: Re: Smartware problem.
PostPosted: May 30th, 2017, 20:22 
Offline

Joined: October 21st, 2007, 8:48
Posts: 1631
michael chiklis wrote:
Maybe this can help you:
viewtopic.php?f=28&t=35093

My case is different from this topic. I tried to load mod. 25, auto check and load the key sector but MRT gave me error.
DR-Kiev wrote:
Check key sector on the back , most probably, there is garbage.

Key sector and mod. 25 are matched. The problem is the drive is asking for smartware password that doesn't exist.

fzabkar wrote:
You might like to ask Roberto about his "WD My Passport Decryption Tool":
memberlist.php?mode=viewprofile&u=31982

... or try reallymine:
http://www.hddoracle.com/viewtopic.php?f=22&t=1488

That won't help me sir at this case.
Thanks for the replies all. I do really appreciate your replies.

Any thoughts?


Top
 Profile  
 
 Post subject: Re: Smartware problem.
PostPosted: June 1st, 2017, 17:32 
Offline

Joined: October 21st, 2007, 8:48
Posts: 1631
Is it possible to take an image to an identical donor with the same FW, Capacity and encryption(INITIO NIC-1607E)?
Is it possible to decrypt the data?


Top
 Profile  
 
 Post subject: Re: Smartware problem.
PostPosted: June 2nd, 2017, 13:53 
Offline

Joined: March 30th, 2016, 12:29
Posts: 127
Location: Germany
unknown wrote:
Is it possible to take an image to an identical donor with the same FW, Capacity and encryption(INITIO NIC-1607E)?
This will not help in your case. I have checked your key sector... it is not decryptable without password. At least not with my software solution.

unknown wrote:
Is it possible to decrypt the data?
Yes, but it is very complicated... I don't think your client is willing to pay the needed effort.


Top
 Profile  
 
 Post subject: Re: Smartware problem.
PostPosted: June 3rd, 2017, 14:39 
Offline

Joined: October 21st, 2007, 8:48
Posts: 1631
Roberto wrote:
unknown wrote:
Is it possible to take an image to an identical donor with the same FW, Capacity and encryption(INITIO NIC-1607E)?
This will not help in your case. I have checked your key sector... it is not decryptable without password. At least not with my software solution.

unknown wrote:
Is it possible to decrypt the data?
Yes, but it is very complicated... I don't think your client is willing to pay the needed effort.

I don't think so, too. :)
Thank you very much anyway.


Top
 Profile  
 
 Post subject: Re: Smartware problem.
PostPosted: June 3rd, 2017, 15:08 
Offline
User avatar

Joined: September 8th, 2009, 18:21
Posts: 15461
Location: Australia
Is there a "hint" sector?

http://www.hddoracle.com/viewtopic.php?f=3&t=998&p=4459&hilit=password+hint#p4459

_________________
A backup a day keeps DR away.


Top
 Profile  
 
 Post subject: Re: Smartware problem.
PostPosted: June 3rd, 2017, 16:09 
Offline

Joined: October 21st, 2007, 8:48
Posts: 1631
fzabkar wrote:

No.
The WD security said : "No hint".


Top
 Profile  
 
 Post subject: Re: Smartware problem.
PostPosted: October 9th, 2017, 16:23 
Offline

Joined: October 9th, 2017, 16:05
Posts: 3
Location: London
The KEK in your case is just 32 times a zero byte, i.e (hexadecimal):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
instead of the default one (hexadecimal):
03 14 15 92 65 35 89 79 32 38 46 26 43 38 32 79 fc eb ea 6d 9a ca 76 86 cd c7 b9 d9 bc c7 cd 86

This means that given the following edek (encrypted DEK sector from 25.rpm):
Code:
57 44 01 14 00 00 00 00 02 70 00 00 00 00 00 00
00 00 00 00 3a 37 88 00 00 00 00 00 3a 37 88 00
00 00 00 00 00 00 c8 00 20 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 57 44 01 14
e4 c9 b8 be 69 db fa 9d e0 c2 39 fc 95 2c 0f 78
1c 12 f5 96 a6 56 a5 30 be 4c 77 7f 2f 57 07 1e
d2 19 5c c0 07 28 95 24 2a a1 1e 1b 1b 85 2b 1e
96 36 c8 f1 e0 f4 17 c6 9a 1d 86 b6 8a 62 f8 c1
09 94 df ca 50 f6 e8 31 4f 54 30 b5 2a 51 e2 fe
33 ad 33 45 4b 0d ce de 3d 5f e3 b7 86 32 cb c3
34 11 54 e9 8c 3f a7 22 10 76 6a 68 f0 6a 75 df
4e 6e d4 05 86 b8 75 26 67 07 a3 fe fe a9 d9 60
b4 bf 48 d3 0f ed e2 5d c0 d7 1b df 3b 8a 5b 85
13 55 e3 5e d5 85 16 8a e8 32 b3 07 02 77 88 c1
57 d3 33 2d 2c ed e8 f8 26 0a 46 e8 ae 15 99 7a
81 0f 6b e2 eb 43 fc 3e be 7c 7b fd d4 c7 92 59
d0 f4 3b 8f 67 e4 81 4b 55 7c ac cc 8c bc cd c4
00 dc e3 62 54 7e 34 04 fc f9 7b 17 29 a6 2a d8
3d 22 db 71 71 0b 1d 2c 67 53 22 12 4f bf d0 4d
bd ac 64 e4 e4 7a 20 83 e2 16 41 35 85 42 8f 37
9b 90 d4 91 37 68 f2 e9 9a 5b 00 51 2d 96 b1 21
d6 1e 5c 2e e8 10 16 15 f9 b6 88 c3 f1 aa 0e 21
39 c6 53 3e 0c b9 31 68 a7 e7 40 48 81 ef 46 97
df 84 b7 20 f5 2e 8e d6 e7 87 8b 13 e9 49 d5 62
b6 eb 5e 6a ac 2a f2 82 cd 82 39 94 b2 02 03 20
5a 54 6a c2 de 47 67 9d 12 8c c0 19 0b 33 df ad
05 a2 f0 f3 0a 60 43 94 5b 75 b4 a6 e8 e4 20 b2
1e 43 d7 8b 8d 46 98 a0 71 01 1a 71 5b 89 eb 7b
58 0f d0 70 3e 55 92 cb 20 38 96 c4 0e 45 ab 7f
78 49 fb c5 fc 38 1e 22 9a 3b 80 45 e8 19 7f 21
46 b3 bd cd 01 cc cb 07 e5 d9 aa 40 40 8a 83 47
54 c5 b5 b5 40 cd 82 a9 4d 8e 00 70 08 d4 a1 4e


it can be decrypted (AES-256-ECB) to:
Code:
57 44 01 14 00 00 00 00 02 70 00 00 00 00 00 00
00 00 00 00 3a 37 88 00 00 00 00 00 3a 37 88 00
00 00 00 00 00 00 c8 00 20 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 57 44 01 14
00 00 2d 02 00 00 00 00 00 00 00 00 00 00 00 00
00 00 bd 04 00 00 00 00 00 00 00 00 00 00 00 00
00 00 f8 76 00 00 00 00 00 00 00 00 00 00 00 00
00 00 ce 13 00 00 00 00 00 00 00 00 00 00 00 00
00 00 75 3f 00 00 00 00 00 00 00 00 00 00 00 00
00 00 30 8e 00 00 00 00 00 00 00 00 00 00 00 00
00 00 d4 e3 00 00 00 00 00 00 00 00 00 00 00 00
00 00 15 99 00 00 00 00 00 00 00 00 00 00 00 00
00 00 5b a8 00 00 00 00 00 00 00 00 00 00 00 00
00 00 bf b7 00 00 00 00 00 00 00 00 00 00 00 00
00 00 07 22 00 00 00 00 00 00 00 00 00 00 00 00
00 00 eb 45 00 00 00 00 00 00 00 00 00 00 00 00
00 00 27 14 00 00 00 00 00 00 00 00 00 00 00 00
00 00 b1 4a 00 00 00 00 00 00 00 00 00 00 00 00
00 00 be 6c 00 00 00 00 00 00 00 00 00 00 00 00
00 00 e6 28 00 00 00 00 00 00 00 00 00 00 00 00
00 00 4a 91 00 00 00 00 00 00 00 00 00 00 00 00
00 00 b9 8b 00 00 00 00 00 00 00 00 00 00 00 00
00 00 e0 91 00 00 00 00 00 00 00 00 00 00 00 00
00 00 a7 e8 00 00 00 00 00 00 00 00 00 00 00 00
00 00 41 a5 00 00 00 00 00 00 00 00 00 00 00 00
27 5d ba 35 a0 d0 39 9b 00 00 00 20 6c d5 f6 6f
c2 15 5e b2 5b 51 0e 55 38 a9 5b b1 27 df 90 00
82 c5 0c e6 c5 31 19 38 6e 52 8c 90 00 00 08 5e
00 00 cb 24 00 00 00 00 00 00 00 00 00 00 00 00
00 00 14 22 00 00 00 00 00 00 00 00 00 00 00 00
00 00 44 12 00 00 00 00 00 00 00 00 00 00 00 00
00 00 45 8f 00 00 00 00 00 00 00 00 00 00 00 00


(you actually also need to byte-swap the output afterwards, as projects like reallymine are also able to do.. but that's just a straightforward thing...)

What is probably more important for you is, that this means the DEK is (hexadecimal again): 6ff6d56cb25e15c2550e515bb15ba9380090df27e60cc582381931c5908c526e

and the AES key for decrypting the data is therefore (just rearrange the DEK bytes as reallymine etc are also automatically doing): 38a95bb15b510e55c2155eb26cd5f66f6e528c90c531193882c50ce627df9000

The only remaining questions are why the KEK is all-zeros and if using this DEK/AES key to decrypt the data works for you.

I hope you (or your client) gets the data back soon. Good luck.


Top
 Profile  
 
 Post subject: Re: Smartware problem.
PostPosted: October 9th, 2017, 16:36 
Offline

Joined: October 9th, 2017, 16:05
Posts: 3
Location: London
The KEK in your case is just 32 times a zero byte, i.e (hexadecimal):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
instead of the default one (hexadecimal):
03 14 15 92 65 35 89 79 32 38 46 26 43 38 32 79 fc eb ea 6d 9a ca 76 86 cd c7 b9 d9 bc c7 cd 86

This means that given the following edek (encrypted DEK sector from 25.rpm):
Code:
57 44 01 14 00 00 00 00 02 70 00 00 00 00 00 00
00 00 00 00 3a 37 88 00 00 00 00 00 3a 37 88 00
00 00 00 00 00 00 c8 00 20 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 57 44 01 14
e4 c9 b8 be 69 db fa 9d e0 c2 39 fc 95 2c 0f 78
1c 12 f5 96 a6 56 a5 30 be 4c 77 7f 2f 57 07 1e
d2 19 5c c0 07 28 95 24 2a a1 1e 1b 1b 85 2b 1e
96 36 c8 f1 e0 f4 17 c6 9a 1d 86 b6 8a 62 f8 c1
09 94 df ca 50 f6 e8 31 4f 54 30 b5 2a 51 e2 fe
33 ad 33 45 4b 0d ce de 3d 5f e3 b7 86 32 cb c3
34 11 54 e9 8c 3f a7 22 10 76 6a 68 f0 6a 75 df
4e 6e d4 05 86 b8 75 26 67 07 a3 fe fe a9 d9 60
b4 bf 48 d3 0f ed e2 5d c0 d7 1b df 3b 8a 5b 85
13 55 e3 5e d5 85 16 8a e8 32 b3 07 02 77 88 c1
57 d3 33 2d 2c ed e8 f8 26 0a 46 e8 ae 15 99 7a
81 0f 6b e2 eb 43 fc 3e be 7c 7b fd d4 c7 92 59
d0 f4 3b 8f 67 e4 81 4b 55 7c ac cc 8c bc cd c4
00 dc e3 62 54 7e 34 04 fc f9 7b 17 29 a6 2a d8
3d 22 db 71 71 0b 1d 2c 67 53 22 12 4f bf d0 4d
bd ac 64 e4 e4 7a 20 83 e2 16 41 35 85 42 8f 37
9b 90 d4 91 37 68 f2 e9 9a 5b 00 51 2d 96 b1 21
d6 1e 5c 2e e8 10 16 15 f9 b6 88 c3 f1 aa 0e 21
39 c6 53 3e 0c b9 31 68 a7 e7 40 48 81 ef 46 97
df 84 b7 20 f5 2e 8e d6 e7 87 8b 13 e9 49 d5 62
b6 eb 5e 6a ac 2a f2 82 cd 82 39 94 b2 02 03 20
5a 54 6a c2 de 47 67 9d 12 8c c0 19 0b 33 df ad
05 a2 f0 f3 0a 60 43 94 5b 75 b4 a6 e8 e4 20 b2
1e 43 d7 8b 8d 46 98 a0 71 01 1a 71 5b 89 eb 7b
58 0f d0 70 3e 55 92 cb 20 38 96 c4 0e 45 ab 7f
78 49 fb c5 fc 38 1e 22 9a 3b 80 45 e8 19 7f 21
46 b3 bd cd 01 cc cb 07 e5 d9 aa 40 40 8a 83 47
54 c5 b5 b5 40 cd 82 a9 4d 8e 00 70 08 d4 a1 4e


it can be decrypted (AES-256-ECB) to:
Code:
57 44 01 14 00 00 00 00 02 70 00 00 00 00 00 00
00 00 00 00 3a 37 88 00 00 00 00 00 3a 37 88 00
00 00 00 00 00 00 c8 00 20 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 57 44 01 14
00 00 2d 02 00 00 00 00 00 00 00 00 00 00 00 00
00 00 bd 04 00 00 00 00 00 00 00 00 00 00 00 00
00 00 f8 76 00 00 00 00 00 00 00 00 00 00 00 00
00 00 ce 13 00 00 00 00 00 00 00 00 00 00 00 00
00 00 75 3f 00 00 00 00 00 00 00 00 00 00 00 00
00 00 30 8e 00 00 00 00 00 00 00 00 00 00 00 00
00 00 d4 e3 00 00 00 00 00 00 00 00 00 00 00 00
00 00 15 99 00 00 00 00 00 00 00 00 00 00 00 00
00 00 5b a8 00 00 00 00 00 00 00 00 00 00 00 00
00 00 bf b7 00 00 00 00 00 00 00 00 00 00 00 00
00 00 07 22 00 00 00 00 00 00 00 00 00 00 00 00
00 00 eb 45 00 00 00 00 00 00 00 00 00 00 00 00
00 00 27 14 00 00 00 00 00 00 00 00 00 00 00 00
00 00 b1 4a 00 00 00 00 00 00 00 00 00 00 00 00
00 00 be 6c 00 00 00 00 00 00 00 00 00 00 00 00
00 00 e6 28 00 00 00 00 00 00 00 00 00 00 00 00
00 00 4a 91 00 00 00 00 00 00 00 00 00 00 00 00
00 00 b9 8b 00 00 00 00 00 00 00 00 00 00 00 00
00 00 e0 91 00 00 00 00 00 00 00 00 00 00 00 00
00 00 a7 e8 00 00 00 00 00 00 00 00 00 00 00 00
00 00 41 a5 00 00 00 00 00 00 00 00 00 00 00 00
27 5d ba 35 a0 d0 39 9b 00 00 00 20 6c d5 f6 6f
c2 15 5e b2 5b 51 0e 55 38 a9 5b b1 27 df 90 00
82 c5 0c e6 c5 31 19 38 6e 52 8c 90 00 00 08 5e
00 00 cb 24 00 00 00 00 00 00 00 00 00 00 00 00
00 00 14 22 00 00 00 00 00 00 00 00 00 00 00 00
00 00 44 12 00 00 00 00 00 00 00 00 00 00 00 00
00 00 45 8f 00 00 00 00 00 00 00 00 00 00 00 00


(you actually also need to byte-swap the output afterwards, as projects like reallymine are also able to do.. but that's just a straightforward thing...)

What is probably more important for you is, that this means the DEK is (hexadecimal again): 6ff6d56cb25e15c2550e515bb15ba9380090df27e60cc582381931c5908c526e

and the AES key for decrypting the data is therefore (just rearrange the DEK bytes as reallymine etc are also automatically doing): 38a95bb15b510e55c2155eb26cd5f66f6e528c90c531193882c50ce627df9000

The only remaining questions are why the KEK is all-zeros and if you succeed in using this KEK/AES key to decrypt the data.

I hope you (or your client) gets the data back soon. Good luck.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 15 posts ] 

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: suricate.ch and 74 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group