The KEK in your case is just 32 times a zero byte, i.e (hexadecimal):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
instead of the default one (hexadecimal):
03 14 15 92 65 35 89 79 32 38 46 26 43 38 32 79 fc eb ea 6d 9a ca 76 86 cd c7 b9 d9 bc c7 cd 86
This means that given the following edek (encrypted DEK sector from 25.rpm):
Code:
57 44 01 14 00 00 00 00 02 70 00 00 00 00 00 00
00 00 00 00 3a 37 88 00 00 00 00 00 3a 37 88 00
00 00 00 00 00 00 c8 00 20 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 57 44 01 14
e4 c9 b8 be 69 db fa 9d e0 c2 39 fc 95 2c 0f 78
1c 12 f5 96 a6 56 a5 30 be 4c 77 7f 2f 57 07 1e
d2 19 5c c0 07 28 95 24 2a a1 1e 1b 1b 85 2b 1e
96 36 c8 f1 e0 f4 17 c6 9a 1d 86 b6 8a 62 f8 c1
09 94 df ca 50 f6 e8 31 4f 54 30 b5 2a 51 e2 fe
33 ad 33 45 4b 0d ce de 3d 5f e3 b7 86 32 cb c3
34 11 54 e9 8c 3f a7 22 10 76 6a 68 f0 6a 75 df
4e 6e d4 05 86 b8 75 26 67 07 a3 fe fe a9 d9 60
b4 bf 48 d3 0f ed e2 5d c0 d7 1b df 3b 8a 5b 85
13 55 e3 5e d5 85 16 8a e8 32 b3 07 02 77 88 c1
57 d3 33 2d 2c ed e8 f8 26 0a 46 e8 ae 15 99 7a
81 0f 6b e2 eb 43 fc 3e be 7c 7b fd d4 c7 92 59
d0 f4 3b 8f 67 e4 81 4b 55 7c ac cc 8c bc cd c4
00 dc e3 62 54 7e 34 04 fc f9 7b 17 29 a6 2a d8
3d 22 db 71 71 0b 1d 2c 67 53 22 12 4f bf d0 4d
bd ac 64 e4 e4 7a 20 83 e2 16 41 35 85 42 8f 37
9b 90 d4 91 37 68 f2 e9 9a 5b 00 51 2d 96 b1 21
d6 1e 5c 2e e8 10 16 15 f9 b6 88 c3 f1 aa 0e 21
39 c6 53 3e 0c b9 31 68 a7 e7 40 48 81 ef 46 97
df 84 b7 20 f5 2e 8e d6 e7 87 8b 13 e9 49 d5 62
b6 eb 5e 6a ac 2a f2 82 cd 82 39 94 b2 02 03 20
5a 54 6a c2 de 47 67 9d 12 8c c0 19 0b 33 df ad
05 a2 f0 f3 0a 60 43 94 5b 75 b4 a6 e8 e4 20 b2
1e 43 d7 8b 8d 46 98 a0 71 01 1a 71 5b 89 eb 7b
58 0f d0 70 3e 55 92 cb 20 38 96 c4 0e 45 ab 7f
78 49 fb c5 fc 38 1e 22 9a 3b 80 45 e8 19 7f 21
46 b3 bd cd 01 cc cb 07 e5 d9 aa 40 40 8a 83 47
54 c5 b5 b5 40 cd 82 a9 4d 8e 00 70 08 d4 a1 4e
it can be decrypted (AES-256-ECB) to:
Code:
57 44 01 14 00 00 00 00 02 70 00 00 00 00 00 00
00 00 00 00 3a 37 88 00 00 00 00 00 3a 37 88 00
00 00 00 00 00 00 c8 00 20 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 57 44 01 14
00 00 2d 02 00 00 00 00 00 00 00 00 00 00 00 00
00 00 bd 04 00 00 00 00 00 00 00 00 00 00 00 00
00 00 f8 76 00 00 00 00 00 00 00 00 00 00 00 00
00 00 ce 13 00 00 00 00 00 00 00 00 00 00 00 00
00 00 75 3f 00 00 00 00 00 00 00 00 00 00 00 00
00 00 30 8e 00 00 00 00 00 00 00 00 00 00 00 00
00 00 d4 e3 00 00 00 00 00 00 00 00 00 00 00 00
00 00 15 99 00 00 00 00 00 00 00 00 00 00 00 00
00 00 5b a8 00 00 00 00 00 00 00 00 00 00 00 00
00 00 bf b7 00 00 00 00 00 00 00 00 00 00 00 00
00 00 07 22 00 00 00 00 00 00 00 00 00 00 00 00
00 00 eb 45 00 00 00 00 00 00 00 00 00 00 00 00
00 00 27 14 00 00 00 00 00 00 00 00 00 00 00 00
00 00 b1 4a 00 00 00 00 00 00 00 00 00 00 00 00
00 00 be 6c 00 00 00 00 00 00 00 00 00 00 00 00
00 00 e6 28 00 00 00 00 00 00 00 00 00 00 00 00
00 00 4a 91 00 00 00 00 00 00 00 00 00 00 00 00
00 00 b9 8b 00 00 00 00 00 00 00 00 00 00 00 00
00 00 e0 91 00 00 00 00 00 00 00 00 00 00 00 00
00 00 a7 e8 00 00 00 00 00 00 00 00 00 00 00 00
00 00 41 a5 00 00 00 00 00 00 00 00 00 00 00 00
27 5d ba 35 a0 d0 39 9b 00 00 00 20 6c d5 f6 6f
c2 15 5e b2 5b 51 0e 55 38 a9 5b b1 27 df 90 00
82 c5 0c e6 c5 31 19 38 6e 52 8c 90 00 00 08 5e
00 00 cb 24 00 00 00 00 00 00 00 00 00 00 00 00
00 00 14 22 00 00 00 00 00 00 00 00 00 00 00 00
00 00 44 12 00 00 00 00 00 00 00 00 00 00 00 00
00 00 45 8f 00 00 00 00 00 00 00 00 00 00 00 00
(you actually also need to byte-swap the output afterwards, as projects like reallymine are also able to do.. but that's just a straightforward thing...)
What is probably more important for you is, that this means the DEK is (hexadecimal again): 6ff6d56cb25e15c2550e515bb15ba9380090df27e60cc582381931c5908c526e
and the AES key for decrypting the data is therefore (just rearrange the DEK bytes as reallymine etc are also automatically doing): 38a95bb15b510e55c2155eb26cd5f66f6e528c90c531193882c50ce627df9000
The only remaining questions are why the KEK is all-zeros and if you succeed in using this KEK/AES key to decrypt the data.
I hope you (or your client) gets the data back soon. Good luck.