July 25th, 2016, 9:48
July 25th, 2016, 10:40
July 25th, 2016, 15:14
July 25th, 2016, 17:05
drHDD wrote:How much you gonna pay for this software?
July 27th, 2016, 3:50
Kum Ruzvelt wrote:drHDD wrote:How much you gonna pay for this software?
Download for free from torrent or warez sites
July 27th, 2016, 3:51
jermy wrote:I don't know if there is one but you can definitely write one (if you have the necessary skills)
The problem is the law side, I don't know who is gonna do it for you (if you don't find it or you dont have the skills to DIY)
July 27th, 2016, 15:32
reallymine is a program that decrypts the encrypted hard drives of Western Digital MyBook and MyPassport external hard drives (and some rebranded derivatives).
Currently, it can only decrypt JMicron and Initio bridge chip-based devices that use AES-256-ECB encryption. I'd love to expand this to cover Symwave [already done] and PLX/Oxford Semiconductor bridge chips and the other known encryption modes, but I need your help; see below. It also does not currently handle entering passwords; if your drive is password-protected (and the bridge chip requires a password) but most of the work is already there (in kek.go); I just need to write the code that actually lets you type in a password, and then we'll be fine.
July 27th, 2016, 15:53
July 27th, 2016, 18:25
The INIC-3608 microprocessor is based on an ARC 600 CPU to bridge USB to SATA once again. This chip does not have a hardware accelerated AES engine. At first this seemed rather suspicious, as the package of the device advertises with hardware based encryption. If done in software there is no chance with an observed clock speed below 100 Mhz to encrypt at USB3.0 speed. Nevertheless as advertised, the MP-Slim and MP-Ultra do hardware accelerated AES encryption, but not on the bridge. It turns out, the HDD controller is doing the en- and decryption of user data. The USB to SATA is performing the user authentication and supports the standard VSCs from WD.
We tried to connect the SATA HDD directly over the PCB [4] for accessing a raw sector, but did not succeed. The data access is restricted by a set ATA-password in the SATA-HDD. The bridge is therefore doing user authentication by setting an ATA password, once the user generates his password. If the user does not supply a password, the user data is inaccessible when connecting directly to the SATA ports.
Finally, we were able to bypass the ATA password with commercial tools. Nevertheless, this is not an off-the-self solution offered, so we worked our way through to the AES protection. We located the location of the ATA password and some (unknown) connection to the AES password in different SAs from the internal 2.5" SATA HDD. After resetting the ATA password, we had complete access to the decrypted user data, as the SATA chip decrypted on-the-fly. Regardless of the user-password, KEK or DEK.
Facing a protected HDD is not new problem for HDD forensics. As there are already existing commercial solutions (e.g PC-3000), we analyzed the HDD directly with those tools. Their approach seems to follow a straight pattern, which allows SA access by overwriting the RAM/ROM and bypass security features like ATA passwords and optionally AES keys. By forcing SA access and manipulating the SA area 0x124 and 0x127 we were able to unlock the HDD and disable the SATA AES encryption. Note that this works always, independent of the chosen user password and bridge status.
July 28th, 2016, 8:20
fzabkar wrote:The way that I would approach this problem is to adapt the code in reallymine.Locate the "key sector" on the HDD.
Identify the bridge IC and the corresponding encryption algorithm.
Locate a sector that is known to be filled with encrypted zeros.
Extract the 16-byte pattern corresponding to 16 zeros.
Use reallymine to decrypt this 16-byte sequence by using passwords from a dictionary file.
Stop if result is 16 zeros, else try next password.
July 28th, 2016, 8:40
July 28th, 2016, 9:45
einstein9 wrote:@ dx486
Download this App. from WD website
Run it, and tell me ur Drive FW
http://download.wdc.com/fwupdater/Win/W ... pdater.zip
and the Release Date of ur Drive also (Printed on HDD Sticker, i.e. Jan. 2014)
July 28th, 2016, 15:55
---===>Device Information<===---
English product name: "My Book 1140"
ConnectionStatus:
Current Config Value: 0x00 -> Device Bus Speed: Full
Device Address: 0x02
Open Pipes: 0
*!*ERROR: No open pipes!
===>Device Descriptor<===
bLength: 0x12
bDescriptorType: 0x01
bcdUSB: 0x0210
bDeviceClass: 0x00 -> This is an Interface Class Defined Device
bDeviceSubClass: 0x00
bDeviceProtocol: 0x00
bMaxPacketSize0: 0x40 = (64) Bytes
idVendor: 0x1058 = Western Digital Technologies, Inc.
idProduct: 0x1140
bcdDevice: 0x1012
iManufacturer: 0x01
English (United States) "Western Digital"
iProduct: 0x02
English (United States) "My Book 1140"
iSerialNumber: 0x05
English (United States) "574D43315431323833333632"
bNumConfigurations: 0x01
July 30th, 2016, 4:02
dx486 wrote:einstein9 wrote:@ dx486
Download this App. from WD website
Run it, and tell me ur Drive FW
http://download.wdc.com/fwupdater/Win/W ... pdater.zip
and the Release Date of ur Drive also (Printed on HDD Sticker, i.e. Jan. 2014)
Thank you for your help.
Drive FW: v1.049
I don't see a date on the drive. I see:
P/N: WDBZFP0010BBK-03
S/N: WX7...H67
3514B R/N: D8B DAAHFA
I alsa see a part number and lot number on a sticker attached on its USB 3.0 cable.
July 31st, 2016, 13:20
einstein9 wrote:Ref. Link: http://www.cheadledatarecovery.co.uk/wp ... tWare1.jpg
i mean like this form : Dec. 5th 2009 (as in imaged attached)
August 3rd, 2016, 13:14
August 3rd, 2016, 13:19
August 3rd, 2016, 16:28
August 3rd, 2016, 19:05
August 3rd, 2016, 20:16
Powered by phpBB © phpBB Group.