Sorry if I reply to this very old thread... but since the only correct answer wasn't given yet, let me catch that up for you.
If we have a look at the research paper titled "got HW crypto? On the (in)security of a Self-Encrypting Drive series" from the researchers Gunnar Alendal, Christian Kison, modg et al. (i.e. the paper all of the WD decryption solutions are using for these type of drives), we quickly find out that the correct user set password for the locked drive mentioned here (by the OP):
https://forum.hddguru.com/viewtopic.php ... 88#p131488 is "chooseapassword" (without quotes). This can be done by just hashing all candidate passwords (and in this case it is really an easy password that is present in every normal word list a password cracker uses) with sha256 for 1000 times (first iteration is using the utf-16le password salted with a *constant* salt "WDC." - without quotes -). The constant salt, by the way, makes this attack even more easy because the attacker can precompute the whole password list (e.g. a mapping from pass(+constant salt)->KEK can be pre-computed... but as already mentioned, with an easy password like this one it isn't even worth the trouble, disk space, precomputation time etc,... it can be done on-the-fly even with an old CPU).
This means that the KEK in this case is determined by 1000 times sha256 () of the utf-16le form of "WDC." concatened with "chooseapassword" which is:
4e583ccf1052ec67c89c09750440b45a80f3ba81c355c3b22432c1acae00e20b
instead of the default KEK (if no user password was set):
03141592653589793238462643383279fcebea6d9aca7686cdc7b9d9bcc7cd86
Therefore, given this edek (encrypted DEK blob from
https://forum.hddguru.com/viewtopic.php ... 88#p131488, image was named "VCD sector locked"):
Code:
57 44 01 14 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 74 5b 78 00 00 00 00 00 74 5b 78 00
00 00 00 00 00 14 e0 00 20 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 57 44 01 14
00 f9 9d 9f 92 9c c5 73 bc 87 93 2c a0 65 0f ed
75 5a b4 82 5e d7 7a 36 1b 1e 67 88 f1 aa ea 4c
23 4a 8f 5a b6 cc c5 3b 89 7e da ed be c0 67 8f
df 96 66 13 5d 9a 06 cb 26 a9 33 35 37 96 07 72
6d 28 b1 8c ef 65 67 f4 04 63 71 7c ca c0 9b 5c
34 19 3e 12 8b 31 d7 92 8e 1d d6 fb 2f fa 86 22
3a b8 9f 4b ec 82 85 f9 57 92 d7 83 cc 6f 7f 11
90 42 21 72 fc 5c 59 90 ee 85 d6 9a 7f 53 fa f9
e6 87 6e 0e 2f b1 69 04 86 a3 13 6f 6f 92 bd a0
8b be 43 d9 8f b8 4a cd 63 24 0f 5c 17 28 d2 cb
fc 22 0a 0b 20 59 6c 1d 3d 37 3e 0a 32 4a f8 ad
98 86 53 04 3a 12 be d0 cd d3 2d 9b 29 63 d9 12
56 f8 09 ee 18 d8 83 85 7c 19 ce b3 72 4d 28 59
e2 d1 41 21 6a 53 1d 1b b4 ea 7d 0e eb 74 91 df
69 3d 3e 64 3b c2 2a df 91 ee be cc 01 9d 08 db
56 ad a5 34 c9 30 a0 56 18 6c 84 0e d6 fd f1 7e
b3 b9 58 98 64 ad 0c ff ae a7 3e b4 ac 53 ac 30
07 e3 33 86 4f d8 4f 6d ae 10 c0 ae 5c b5 d4 29
a9 f1 78 87 91 5c 5d 31 64 a3 a6 55 56 37 88 d5
a1 21 21 cf 1b 28 ef 9a 07 e5 4a da cc 1f e6 c1
55 68 46 2f ec e6 ed b5 20 b7 e0 1d b9 e8 f5 f1
ae 7d b5 f5 ef b9 32 86 15 7e ce 76 30 8b a2 db
67 49 28 60 3b 27 8b 41 09 a3 64 45 4c 00 fa 35
cd f3 2e bb 90 52 3f bc 05 85 53 02 fe 55 18 c2
b3 ac d9 d8 59 80 81 1d f0 71 d9 f3 11 ed 9d 80
71 53 3a 78 82 43 fe 4b 75 f3 f4 cc 67 ad ad f7
c6 11 bd 8c bc 1b 83 7e dd 87 19 e7 55 be 3b f9
33 41 d9 3b e1 ef 2d 0a 71 7a 6f c6 c5 b4 b4 ad
we can decrypt it with the user password "chooseapassword" (without quotes) and therefore KEK 4e583ccf1052ec67c89c09750440b45a80f3ba81c355c3b22432c1acae00e20b to:
Code:
57 44 01 14 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 74 5b 78 00 00 00 00 00 74 5b 78 00
00 00 00 00 00 14 e0 00 20 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 57 44 01 14
00 00 74 65 00 00 00 00 00 00 00 00 00 00 00 00
00 00 c2 23 00 00 00 00 00 00 00 00 00 00 00 00
00 00 f2 4f 00 00 00 00 00 00 00 00 00 00 00 00
00 00 db 62 00 00 00 00 00 00 00 00 00 00 00 00
00 00 68 5c 00 00 00 00 00 00 00 00 00 00 00 00
00 00 12 84 00 00 00 00 00 00 00 00 00 00 00 00
00 00 2f c9 00 00 00 00 00 00 00 00 00 00 00 00
00 00 b1 ee 00 00 00 00 00 00 00 00 00 00 00 00
00 00 18 ce 00 00 00 00 00 00 00 00 00 00 00 00
00 00 5b b0 00 00 00 00 00 00 00 00 00 00 00 00
00 00 4a 47 00 00 00 00 00 00 00 00 00 00 00 00
00 00 53 69 00 00 00 00 00 00 00 00 00 00 00 00
00 00 5e 46 00 00 00 00 00 00 00 00 00 00 00 00
00 00 c8 7a 00 00 00 00 00 00 00 00 00 00 00 00
00 00 da 6a 00 00 00 00 00 00 00 00 00 00 00 00
00 00 ba 65 00 00 00 00 00 00 00 00 00 00 00 00
00 00 42 a8 00 00 00 00 00 00 00 00 00 00 00 00
00 00 89 9d 00 00 00 00 00 00 00 00 00 00 00 00
00 00 21 f3 00 00 00 00 00 00 00 00 00 00 00 00
00 00 77 c1 00 00 00 00 00 00 00 00 00 00 00 00
00 00 6f e6 00 00 00 00 00 00 00 00 00 00 00 00
27 5d ba 35 86 cd 6a ce 00 00 00 20 cb a4 59 67
f9 fe 45 f7 7b 58 de 79 50 80 bf d1 95 db d2 5f
08 20 d5 e5 bf 0b 99 ce be b2 88 16 00 00 25 35
00 00 21 63 00 00 00 00 00 00 00 00 00 00 00 00
00 00 1d 36 00 00 00 00 00 00 00 00 00 00 00 00
00 00 a7 44 00 00 00 00 00 00 00 00 00 00 00 00
00 00 85 d7 00 00 00 00 00 00 00 00 00 00 00 00
(actually the output needs to be byte-swapped after the decryption, as also automatically done by tools like reallymine, but I stick here to this format because also the paper "got HW crypto?" uses this form of output)
This decrypted eDEK shows us that the DEK is:
6759a4cbf745fef979de587bd1bf80505fd2db95e5d52008ce990bbf1688b2be
and that the AES key is therefore (just rearrange the bytes, as tools like reallymine also automatically do):
5080bfd17b58de79f9fe45f7cba45967beb28816bf0b99ce0820d5e595dbd25f
Therefore the only correct answer (in my opinion) is that the password is "chooseapassword" (without quotes) and the AES key is 5080bfd17b58de79f9fe45f7cba45967beb28816bf0b99ce0820d5e595dbd25f (hexadecimal version of it).
I'm not sure why this wasn't mentioned in the previous posts, it was kind of confusing to me that several forum users are mentioning the DEK (and AES key) of the already unlocked disk (for which the OP already knew the keys).
Hope these facts help others in the future and that this answer helps to get rid of the confusion within this thread (about the AES key which was already known to the poster from the beginning and that he/she only posted to show the difference between edeks from locked and unlocked drives).