HDD GURU FORUMS
http://forum.hddguru.com/

WD my book encryption
http://forum.hddguru.com/viewtopic.php?f=11&t=38894		 Page 1 of 2
Author:  sathyan [ September 12th, 2019, 16:33 ]
Post subject:  WD my book encryption
hi,

the drive is a WD 4tb
WD40EZRZ-00WN9B0

A brief story so far...
The drive came from client, not spinning upon power on.
inspecting original pcb, rom looked soldered.
arranged working pcb, ROM physically transferred, drive does not power on.
(drive did spin up on working pcb prior to ROM swap)
Read the original ROM and found it to be EMPTY (00).

Upon further enquiry, the client informs that the drive was originally from an enclosure, which when failed was given for recovery to another recovery center , who returned the drive back after some time telling that recovery is not possible.

i have managed to build the ROM , using it in the original PCB, the drive now detects with proper model,serial and capacity, checked all the heads, working fine, backed up resources and have access to data area(start to end)...but Encrypted

Got the original enclosure from the client, tried to fix it but was not successful.
So arranged for similar enclosure pcb
original PCB....4061-705149-a00 rev AD....with asmedia ASM 105 1W controller
Donor PCB......4061-705149-000 rev AA ...with asmedia ASM 105 1W controller

Transferred the u2 ROM on the Enclosure PCB , but the data is not getting de-crypted.
So tried using PC3000 utility to decrypt ,but it is not finding the key....
Modules checking in SA reports errors in modules 25 and 38 (modules are read properly)
checked the modules with another similar working encrypted drive , but do not know how to continue further

attaching the mods (donor and patient)..

Any idea how to proceed would be great
Thanks

P.S.(surprisingly / confusingly..... PC 3000 did find the encyption keys from sa of the working(donor) encrypted drive , but the data was still not getting decrypted)

Attachments:
DONOR ENCRYPTION MODULES.rar [633 Bytes]
Downloaded 880 times
patient38.rar [356 Bytes]
Downloaded 912 times
patient25.rar [326 Bytes]
Downloaded 884 times
Author:  fzabkar [ September 12th, 2019, 17:57 ]
Post subject:  Re: WD my book encryption
According to the following thread, the Asmedia bridge does not do encryption:

viewtopic.php?t=38828&p=274732

Could we see modules 02h, 124h and 127h?

viewtopic.php?f=1&t=35866
Author:  sathyan [ September 13th, 2019, 11:18 ]
Post subject:  Re: WD my book encryption
fzabkar wrote:
According to the following thread, the Asmedia bridge does not do encryption:


Bit confused as i have this donor
Donor PCB......4061-705149-000 rev AA ...with asmedia ASM 105 1W controller
with a 3tb WD30EZRX-00D8PB0 WORKING drive...
Without the enclosure, data area is definitely encrypted


fzabkar wrote:
Could we see modules 02h, 124h and 127h?


attached the modules along with a snap of the modules checking report

Thanks

Attachments:
ERROR.PNG
ERROR.PNG [ 32.91 KiB | Viewed 29460 times ]
MODULES.rar [1.46 KiB]
Downloaded 884 times
Author:  fzabkar [ September 13th, 2019, 15:50 ]
Post subject:  Re: WD my book encryption
Your drive appears to be a SED.

Module 02

Code:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

00000860                    00 00 00 00 00 00 01
Author:  fzabkar [ September 13th, 2019, 16:55 ]
Post subject:  Re: WD my book encryption
Is there a SmartWare VCD at the end of your drive's user area? If so, does it appear encrypted?

Could we see the original bridge PCB? It may be possible to repair it.
Author:  sathyan [ September 16th, 2019, 9:06 ]
Post subject:  Re: WD my book encryption
Thanks @ fzabkar

Quote:
Could we see the original bridge PCB? It may be possible to repair it.

But i have a working(donor) identical PCB(exactly similar in all ways) ... i have tried replacing the u2 (ROM) ,but the drive is not getting decrypted.
Wont the donor PCB be sufficient enough to recover the data?
Still I would like to attempt repair of the faulty PCB for the sake of knowledge.
Sadly, my best attempts to Scan the PCB not adequate enough to identify components clearly, but the below link has a good image of the same PCB
https://www.amazon.com/4061-705149-000- ... B00QU854TS
Author:  sathyan [ September 16th, 2019, 9:23 ]
Post subject:  Re: WD my book encryption
fzabkar wrote:
Is there a SmartWare VCD at the end of your drive's user area? If so, does it appear encrypted?

.


attached start and ending sector
Quite a lot of sectors till the end of the drive(without data ?) shows similar sectors like the ending sectors

Attachments:
sectors.rar [688 Bytes]
Downloaded 874 times
Author:  fzabkar [ September 16th, 2019, 16:06 ]
Post subject:  Re: WD my book encryption
My understanding is that there must be a SmartWare VCD at the end of the user area. The bridge would need to serve this up to the OS in unencrypted form.

Your final (?) sector (7813971632) is encrypted. My Google searches suggest that the total user capacity seen via the bridge should be 7813971632 sectors, in which case the last sector of the user area should be 7813971631. This means that sector 7813971632 would be the first sector of the VCD. :?

The IDEMA capacity for a 4TB drive is 7814037168 sectors. This means that the VCD area should have a size of 65536 sectors (= 7814037168 - 7813971632).

AISI, the data in the range from sector 0 to 7813971631 should be encrypted, while sectors 7813971632 to 7814037167 should contain a non-encrypted VCD. At least that's how it would work for a non-SED. However, your drive is a SED, so I don't know what you should expect to see in these same places.

Were your previous sector dumps taken via SATA or via USB?
Author:  fzabkar [ September 16th, 2019, 17:41 ]
Post subject:  Re: WD my book encryption
AISI, this is the block diagram for My Books with an encrypting bridge and a non-SED HDD:

Code:
.-------------.
|   USB mass  |
|   storage   |                           encrypted
|   device    |                           by bridge
|             |-.                             |
| - decrypted |  `-.                          |
|   User Area |     ` .------------.       .------+------+-----+------.
'-------------'       | encrypting | SATA  | User |  VCD | key | passw|
                 USB  | USB - SATA |-------| Area |      |     | hint |   HDD (non-SED)
.-------------.       | bridge     |       '------+------+-----+------'
| SmartWare   |     , '------------'                  |
| Virtual CD  |  ,-´                                  |
|             |-´                                    not
'-------------'                                    encrypted
Author:  fzabkar [ September 17th, 2019, 2:05 ]
Post subject:  Re: WD my book encryption
I would measure these test points on donor and patient:

Attachment:
regs.jpg
regs.jpg [ 238.14 KiB | Viewed 29261 times ]
Attachment:
U4_MOSFET_switch.jpg
U4_MOSFET_switch.jpg [ 234.28 KiB | Viewed 29261 times ]


The +3.3V regulator may actually be +2.5V, and the +1.2V regulator could be closer to 1V.
Author:  fzabkar [ September 17th, 2019, 21:41 ]
Post subject:  Re: WD my book encryption
I've been reading the following document:

Self-Encrypting Drive User's Guide (Part 1) - Seagate:
https://www.seagate.com/files/staticfiles/support/docs/manual/Interface%20manuals/100515636c.pdf

It states that a SED's user area can be divided into data bands, with each band having its own encryption key and password. A SED ships from the factory with a single band (0) whose range is from LBA 0 to LBA(max). I'm thinking that the bridge may divide the SED into two bands, 0 and 1, with 0 being allocated to the user's data, and band 1 to the VCD. This would enable the user's data to be encrypted independently of the VCD (which must remain non-encrypted).

This then begs the question, if there are two data bands, how does the drive identify itself via a regular SATA port? Does it default to band 0, with all other bands being invisible unless specifically selected? Or do the LBAs corresponding to band 1 return abort errors?
Author:  digisupport [ September 18th, 2019, 1:06 ]
Post subject:  Re: WD my book encryption
Maybe your case is "encrypted" by WD Cloud file system ?
Author:  fzabkar [ September 18th, 2019, 17:47 ]
Post subject:  Re: WD my book encryption
digisupport wrote:
Maybe your case is "encrypted" by WD Cloud file system ?

IIRC, a warranty check against the serial number identifies the product as a My Book.

I think there is a problem with the drive's reported capacity, namely 7813971633 LBAs. The full size of the drive, according to module 02, is 0x01D1C0BEB0 (= 7 814 037 168).
Author:  fzabkar [ September 18th, 2019, 21:30 ]
Post subject:  Re: WD my book encryption
fzabkar wrote:
I think there is a problem with the drive's reported capacity, namely 7813971633 LBAs. The full size of the drive, according to module 02, is 0x01D1C0BEB0 (= 7 814 037 168).

Code:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

00000140                       00 01 10 3F A8 6F 76 00 1F
00000150  40 C9 D1 01 00 00 00 AF BE C0 D1 01 00 00 00 AF
00000160  BE C0 D1 01 00 00 00 AF BE C0 D1 01 00 00 00 00

These are the 4 reported capacities from one of the resource depositories:

    0x01D1C9401F + 1 = 7 814 594 592 <--- ???
    0x01D1C0BEAF + 1 = 7 814 037 168 (x 3)
Author:  sathyan [ September 27th, 2019, 2:31 ]
Post subject:  Re: WD my book encryption
thanks for the efforts and
Sorry for delay in answering

fzabkar wrote:
AISI, the data in the range from sector 0 to 7813971631 should be encrypted, while sectors 7813971632 to 7814037167 should contain a non-encrypted VCD. At least that's how it would work for a non-SED. However, your drive is a SED, so I don't know what you should expect to see in these same places.

Were your previous sector dumps taken via SATA or via USB?


my previous dumps were taken via SATA
Now when connected via USB i can see following sectors (beyond the encrypted data area ?)
i am attaching the sectors (last encrypted data sector + sectors beyond that )
also attached snaps of start and end of the said sectors
thanks

Attachments:
last sector.JPG
last sector.JPG [ 156.08 KiB | Viewed 28662 times ]
START AFTER ENCRYPTION.JPG
START AFTER ENCRYPTION.JPG [ 152.34 KiB | Viewed 28662 times ]
sectors.rar [4.21 KiB]
Downloaded 827 times
Author:  sathyan [ September 27th, 2019, 2:33 ]
Post subject:  Re: WD my book encryption
fzabkar wrote:
I would measure these test points on donor and patient:

The +3.3V regulator may actually be +2.5V, and the +1.2V regulator could be closer to 1V.

i will get back with the readings
Author:  sathyan [ September 27th, 2019, 2:43 ]
Post subject:  Re: WD my book encryption
digisupport wrote:
Maybe your case is "encrypted" by WD Cloud file system ?

very little help from client on this matter.
he does not have much idea about how it was being configured
this is all the info he can give

" this drive was never used (connected)in any other system other than the original one it was installed in.
this drive was always being used in that system for regular backups.
he is sure he was not using any password to access his data
power problem caused the whole setup to fail.
he discarded the old system , brought a new system(thinking all his data is safe in the backup).
He gave the drive to his vendor for recovery....."
Author:  fzabkar [ September 27th, 2019, 3:47 ]
Post subject:  Re: WD my book encryption
Via USB, the drive is reporting a capacity of 976746240 x 8 = 7813969920 LBAs. I don't understand why it would report only 7813971633 LBAs via SATA??? That only allows 1713 LBAs for the VCD???

Moreover, why would it report a capacity which is not aligned with a physical sector?
Author:  DR-Kiev [ October 4th, 2019, 10:38 ]
Post subject:  Re: WD my book encryption
You have double encryption. SED plus USB bridge, thats is why encryption pattern different in sector0 and beyond 7813971632
When you tried 3TB donor drive (without SED) in same box, only one encryption layer was aplyed.
Switch SED ON and put in patient drive to Donor BOX (with transfered ROM from patient one) .
Or make a clone from patient drive (using SED keys in DE) and decrypt it aftewards with original bridge ROM .
Author:  sywong2000 [ January 28th, 2021, 8:19 ]
Post subject:  Re: WD my book encryption
Hi fzabkar

I have a similar case and there's no power to the drive. LED is not flashing so looks like there're something wrong with the power supply.
On the PCB board I measure L6 (the 150 coil) and nearby capacitors give 5v.
However no voltage on C7 C8. Nor the one below R38, no 1.2v. Just 0.

So it's APM4532 damage?

Thank you
Stephen
Page 1 of 2 All times are UTC - 5 hours [ DST ]
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/