All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 19 posts ] 
Author Message
 Post subject: WD my book encryption
PostPosted: September 12th, 2019, 16:33 
Offline

Joined: August 21st, 2012, 12:15
Posts: 283
Location: India
hi,

the drive is a WD 4tb
WD40EZRZ-00WN9B0

A brief story so far...
The drive came from client, not spinning upon power on.
inspecting original pcb, rom looked soldered.
arranged working pcb, ROM physically transferred, drive does not power on.
(drive did spin up on working pcb prior to ROM swap)
Read the original ROM and found it to be EMPTY (00).

Upon further enquiry, the client informs that the drive was originally from an enclosure, which when failed was given for recovery to another recovery center , who returned the drive back after some time telling that recovery is not possible.

i have managed to build the ROM , using it in the original PCB, the drive now detects with proper model,serial and capacity, checked all the heads, working fine, backed up resources and have access to data area(start to end)...but Encrypted

Got the original enclosure from the client, tried to fix it but was not successful.
So arranged for similar enclosure pcb
original PCB....4061-705149-a00 rev AD....with asmedia ASM 105 1W controller
Donor PCB......4061-705149-000 rev AA ...with asmedia ASM 105 1W controller

Transferred the u2 ROM on the Enclosure PCB , but the data is not getting de-crypted.
So tried using PC3000 utility to decrypt ,but it is not finding the key....
Modules checking in SA reports errors in modules 25 and 38 (modules are read properly)
checked the modules with another similar working encrypted drive , but do not know how to continue further

attaching the mods (donor and patient)..

Any idea how to proceed would be great
Thanks

P.S.(surprisingly / confusingly..... PC 3000 did find the encyption keys from sa of the working(donor) encrypted drive , but the data was still not getting decrypted)


Attachments:
DONOR ENCRYPTION MODULES.rar [633 Bytes]
Downloaded 114 times
patient38.rar [356 Bytes]
Downloaded 112 times
patient25.rar [326 Bytes]
Downloaded 115 times
Top
 Profile  
 
 Post subject: Re: WD my book encryption
PostPosted: September 12th, 2019, 17:57 
Offline
User avatar

Joined: September 8th, 2009, 18:21
Posts: 12129
Location: Australia
According to the following thread, the Asmedia bridge does not do encryption:

viewtopic.php?t=38828&p=274732

Could we see modules 02h, 124h and 127h?

viewtopic.php?f=1&t=35866

_________________
A backup a day keeps DR away.


Top
 Profile  
 
 Post subject: Re: WD my book encryption
PostPosted: September 13th, 2019, 11:18 
Offline

Joined: August 21st, 2012, 12:15
Posts: 283
Location: India
fzabkar wrote:
According to the following thread, the Asmedia bridge does not do encryption:


Bit confused as i have this donor
Donor PCB......4061-705149-000 rev AA ...with asmedia ASM 105 1W controller
with a 3tb WD30EZRX-00D8PB0 WORKING drive...
Without the enclosure, data area is definitely encrypted


fzabkar wrote:
Could we see modules 02h, 124h and 127h?


attached the modules along with a snap of the modules checking report

Thanks


Attachments:
ERROR.PNG
ERROR.PNG [ 32.91 KiB | Viewed 4486 times ]
MODULES.rar [1.46 KiB]
Downloaded 109 times
Top
 Profile  
 
 Post subject: Re: WD my book encryption
PostPosted: September 13th, 2019, 15:50 
Offline
User avatar

Joined: September 8th, 2009, 18:21
Posts: 12129
Location: Australia
Your drive appears to be a SED.

Module 02

Code:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

00000860                    00 00 00 00 00 00 01

_________________
A backup a day keeps DR away.


Top
 Profile  
 
 Post subject: Re: WD my book encryption
PostPosted: September 13th, 2019, 16:55 
Offline
User avatar

Joined: September 8th, 2009, 18:21
Posts: 12129
Location: Australia
Is there a SmartWare VCD at the end of your drive's user area? If so, does it appear encrypted?

Could we see the original bridge PCB? It may be possible to repair it.

_________________
A backup a day keeps DR away.


Top
 Profile  
 
 Post subject: Re: WD my book encryption
PostPosted: September 16th, 2019, 9:06 
Offline

Joined: August 21st, 2012, 12:15
Posts: 283
Location: India
Thanks @ fzabkar

Quote:
Could we see the original bridge PCB? It may be possible to repair it.

But i have a working(donor) identical PCB(exactly similar in all ways) ... i have tried replacing the u2 (ROM) ,but the drive is not getting decrypted.
Wont the donor PCB be sufficient enough to recover the data?
Still I would like to attempt repair of the faulty PCB for the sake of knowledge.
Sadly, my best attempts to Scan the PCB not adequate enough to identify components clearly, but the below link has a good image of the same PCB
https://www.amazon.com/4061-705149-000- ... B00QU854TS


Top
 Profile  
 
 Post subject: Re: WD my book encryption
PostPosted: September 16th, 2019, 9:23 
Offline

Joined: August 21st, 2012, 12:15
Posts: 283
Location: India
fzabkar wrote:
Is there a SmartWare VCD at the end of your drive's user area? If so, does it appear encrypted?

.


attached start and ending sector
Quite a lot of sectors till the end of the drive(without data ?) shows similar sectors like the ending sectors


Attachments:
sectors.rar [688 Bytes]
Downloaded 112 times
Top
 Profile  
 
 Post subject: Re: WD my book encryption
PostPosted: September 16th, 2019, 16:06 
Offline
User avatar

Joined: September 8th, 2009, 18:21
Posts: 12129
Location: Australia
My understanding is that there must be a SmartWare VCD at the end of the user area. The bridge would need to serve this up to the OS in unencrypted form.

Your final (?) sector (7813971632) is encrypted. My Google searches suggest that the total user capacity seen via the bridge should be 7813971632 sectors, in which case the last sector of the user area should be 7813971631. This means that sector 7813971632 would be the first sector of the VCD. :?

The IDEMA capacity for a 4TB drive is 7814037168 sectors. This means that the VCD area should have a size of 65536 sectors (= 7814037168 - 7813971632).

AISI, the data in the range from sector 0 to 7813971631 should be encrypted, while sectors 7813971632 to 7814037167 should contain a non-encrypted VCD. At least that's how it would work for a non-SED. However, your drive is a SED, so I don't know what you should expect to see in these same places.

Were your previous sector dumps taken via SATA or via USB?

_________________
A backup a day keeps DR away.


Top
 Profile  
 
 Post subject: Re: WD my book encryption
PostPosted: September 16th, 2019, 17:41 
Offline
User avatar

Joined: September 8th, 2009, 18:21
Posts: 12129
Location: Australia
AISI, this is the block diagram for My Books with an encrypting bridge and a non-SED HDD:

Code:
.-------------.
|   USB mass  |
|   storage   |                           encrypted
|   device    |                           by bridge
|             |-.                             |
| - decrypted |  `-.                          |
|   User Area |     ` .------------.       .------+------+-----+------.
'-------------'       | encrypting | SATA  | User |  VCD | key | passw|
                 USB  | USB - SATA |-------| Area |      |     | hint |   HDD (non-SED)
.-------------.       | bridge     |       '------+------+-----+------'
| SmartWare   |     , '------------'                  |
| Virtual CD  |  ,-´                                  |
|             |-´                                    not
'-------------'                                    encrypted

_________________
A backup a day keeps DR away.


Top
 Profile  
 
 Post subject: Re: WD my book encryption
PostPosted: September 17th, 2019, 2:05 
Offline
User avatar

Joined: September 8th, 2009, 18:21
Posts: 12129
Location: Australia
I would measure these test points on donor and patient:

Attachment:
regs.jpg
regs.jpg [ 238.14 KiB | Viewed 4287 times ]
Attachment:
U4_MOSFET_switch.jpg
U4_MOSFET_switch.jpg [ 234.28 KiB | Viewed 4287 times ]


The +3.3V regulator may actually be +2.5V, and the +1.2V regulator could be closer to 1V.

_________________
A backup a day keeps DR away.


Top
 Profile  
 
 Post subject: Re: WD my book encryption
PostPosted: September 17th, 2019, 21:41 
Offline
User avatar

Joined: September 8th, 2009, 18:21
Posts: 12129
Location: Australia
I've been reading the following document:

Self-Encrypting Drive User's Guide (Part 1) - Seagate:
https://www.seagate.com/files/staticfiles/support/docs/manual/Interface%20manuals/100515636c.pdf

It states that a SED's user area can be divided into data bands, with each band having its own encryption key and password. A SED ships from the factory with a single band (0) whose range is from LBA 0 to LBA(max). I'm thinking that the bridge may divide the SED into two bands, 0 and 1, with 0 being allocated to the user's data, and band 1 to the VCD. This would enable the user's data to be encrypted independently of the VCD (which must remain non-encrypted).

This then begs the question, if there are two data bands, how does the drive identify itself via a regular SATA port? Does it default to band 0, with all other bands being invisible unless specifically selected? Or do the LBAs corresponding to band 1 return abort errors?

_________________
A backup a day keeps DR away.


Top
 Profile  
 
 Post subject: Re: WD my book encryption
PostPosted: September 18th, 2019, 1:06 
Offline
User avatar

Joined: March 6th, 2010, 3:46
Posts: 433
Location: Kolding | Denmark
Maybe your case is "encrypted" by WD Cloud file system ?

_________________
Digitalsupport Data Recovery
https://digitalsupport.dk


Top
 Profile  
 
 Post subject: Re: WD my book encryption
PostPosted: September 18th, 2019, 17:47 
Offline
User avatar

Joined: September 8th, 2009, 18:21
Posts: 12129
Location: Australia
digisupport wrote:
Maybe your case is "encrypted" by WD Cloud file system ?

IIRC, a warranty check against the serial number identifies the product as a My Book.

I think there is a problem with the drive's reported capacity, namely 7813971633 LBAs. The full size of the drive, according to module 02, is 0x01D1C0BEB0 (= 7 814 037 168).

_________________
A backup a day keeps DR away.


Top
 Profile  
 
 Post subject: Re: WD my book encryption
PostPosted: September 18th, 2019, 21:30 
Offline
User avatar

Joined: September 8th, 2009, 18:21
Posts: 12129
Location: Australia
fzabkar wrote:
I think there is a problem with the drive's reported capacity, namely 7813971633 LBAs. The full size of the drive, according to module 02, is 0x01D1C0BEB0 (= 7 814 037 168).

Code:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

00000140                       00 01 10 3F A8 6F 76 00 1F
00000150  40 C9 D1 01 00 00 00 AF BE C0 D1 01 00 00 00 AF
00000160  BE C0 D1 01 00 00 00 AF BE C0 D1 01 00 00 00 00

These are the 4 reported capacities from one of the resource depositories:

    0x01D1C9401F + 1 = 7 814 594 592 <--- ???
    0x01D1C0BEAF + 1 = 7 814 037 168 (x 3)

_________________
A backup a day keeps DR away.


Top
 Profile  
 
 Post subject: Re: WD my book encryption
PostPosted: September 27th, 2019, 2:31 
Offline

Joined: August 21st, 2012, 12:15
Posts: 283
Location: India
thanks for the efforts and
Sorry for delay in answering

fzabkar wrote:
AISI, the data in the range from sector 0 to 7813971631 should be encrypted, while sectors 7813971632 to 7814037167 should contain a non-encrypted VCD. At least that's how it would work for a non-SED. However, your drive is a SED, so I don't know what you should expect to see in these same places.

Were your previous sector dumps taken via SATA or via USB?


my previous dumps were taken via SATA
Now when connected via USB i can see following sectors (beyond the encrypted data area ?)
i am attaching the sectors (last encrypted data sector + sectors beyond that )
also attached snaps of start and end of the said sectors
thanks


Attachments:
last sector.JPG
last sector.JPG [ 156.08 KiB | Viewed 3688 times ]
START AFTER ENCRYPTION.JPG
START AFTER ENCRYPTION.JPG [ 152.34 KiB | Viewed 3688 times ]
sectors.rar [4.21 KiB]
Downloaded 83 times
Top
 Profile  
 
 Post subject: Re: WD my book encryption
PostPosted: September 27th, 2019, 2:33 
Offline

Joined: August 21st, 2012, 12:15
Posts: 283
Location: India
fzabkar wrote:
I would measure these test points on donor and patient:

The +3.3V regulator may actually be +2.5V, and the +1.2V regulator could be closer to 1V.

i will get back with the readings


Top
 Profile  
 
 Post subject: Re: WD my book encryption
PostPosted: September 27th, 2019, 2:43 
Offline

Joined: August 21st, 2012, 12:15
Posts: 283
Location: India
digisupport wrote:
Maybe your case is "encrypted" by WD Cloud file system ?

very little help from client on this matter.
he does not have much idea about how it was being configured
this is all the info he can give

" this drive was never used (connected)in any other system other than the original one it was installed in.
this drive was always being used in that system for regular backups.
he is sure he was not using any password to access his data
power problem caused the whole setup to fail.
he discarded the old system , brought a new system(thinking all his data is safe in the backup).
He gave the drive to his vendor for recovery....."


Top
 Profile  
 
 Post subject: Re: WD my book encryption
PostPosted: September 27th, 2019, 3:47 
Offline
User avatar

Joined: September 8th, 2009, 18:21
Posts: 12129
Location: Australia
Via USB, the drive is reporting a capacity of 976746240 x 8 = 7813969920 LBAs. I don't understand why it would report only 7813971633 LBAs via SATA??? That only allows 1713 LBAs for the VCD???

Moreover, why would it report a capacity which is not aligned with a physical sector?

_________________
A backup a day keeps DR away.


Top
 Profile  
 
 Post subject: Re: WD my book encryption
PostPosted: October 4th, 2019, 10:38 
Offline

Joined: March 7th, 2009, 12:43
Posts: 925
Location: Angel Data Recovery
You have double encryption. SED plus USB bridge, thats is why encryption pattern different in sector0 and beyond 7813971632
When you tried 3TB donor drive (without SED) in same box, only one encryption layer was aplyed.
Switch SED ON and put in patient drive to Donor BOX (with transfered ROM from patient one) .
Or make a clone from patient drive (using SED keys in DE) and decrypt it aftewards with original bridge ROM .

_________________
Angel Data Recovery


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 19 posts ] 

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group