August 4th, 2016, 19:06
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00000000 52 4F 59 4C 01 00 1E 00 27 01 01 00 B9 1B 92 B9 ROYL....'...¹.’¹
00000010 4E 4F 54 5F 49 4E 49 54 00 00 00 00 00 00 00 00 NOT_INIT........
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000030 00 00 20 20 20 20 20 20 20 20 20 20 20 20 20 20 ..
00000040 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
00000050 00 00 57 44 43 57 44 43 57 44 43 57 44 43 57 44 ..WDCWDCWDCWDCWD
00000060 43 57 44 43 57 44 43 57 44 43 57 44 43 57 44 43 CWDCWDCWDCWDCWDC
00000070 57 00 FE FF 00 00 00 00 00 00 00 00 00 00 00 00 W.þÿ............
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00000000 52 4F 59 4C 01 00 1E 00 24 01 01 00 C9 77 97 BE ROYL....$...Éw—¾
00000010 4E 4F 54 5F 49 4E 49 54 00 00 00 00 00 00 00 00 NOT_INIT........
August 5th, 2016, 17:25
August 5th, 2016, 18:59
By forcing SA access and manipulating the SA area 0x124 and 0x127 we were able to unlock the HDD and disable the SATA AES encryption.
We located the location of the ATA password and some (unknown) connection to the AES password in different SAs from the internal 2.5" SATA HDD.
August 5th, 2016, 19:44
August 10th, 2016, 9:56
fzabkar wrote:@dx486, is there any reason why you can't provide us with the USBDeview or UVCView output?
What is the full model number, including the suffix, eg WD10JMVW-11AJGS1?
Can you remove the PCB from the drive and upload a detailed photo of the component side?
"andlabs" needs to identify the bridge IC in order to determine the type of encryption being used. Then we need to bypass the bridge in order to search for the key sector. That said, if you have a SED drive, then the key will be in the System Area (SA), not in the user area, IIUC.
Waiting for your info ...
August 10th, 2016, 15:50
August 10th, 2016, 16:34
August 11th, 2016, 14:33
August 11th, 2016, 17:30
dx486 wrote:I will try to use reallymine but I could not connect the drive via SATA. I see there are [12 pins] - USB port and [2 pins] on the drive. They don't seem compatible with SATA cables. I have found this article but it is an old one and my drive seems different.
August 18th, 2016, 16:27
August 18th, 2016, 18:10
August 19th, 2016, 4:30
August 23rd, 2016, 13:21
dx486 wrote:What exactly does cause this counter to be reset? Turning the power for the drive on and off?
dx486 wrote:Does anybody know where does WD Security software store the counter for wrong entries?
dx486 wrote:Can a "USB-over-TCP/IP program" be a solution?
August 23rd, 2016, 16:36
dx486 wrote:Just to note here for others who may be interested: A friend told me to use a USB relay like this one. He told me to cut the cable and connect red cable to the relay. :)
August 27th, 2016, 7:33
fzabkar wrote:dx486 wrote:Just to note here for others who may be interested: A friend told me to use a USB relay like this one. He told me to cut the cable and connect red cable to the relay.
You would need to write a batch routine to test 4 passwords, then send a command to switch off the relay, wait for 1 second, switch the relay back on, and then wait for a few seconds for the drive to spin up again.
August 27th, 2016, 13:46
August 29th, 2016, 12:55
dx486 wrote:fzabkar wrote:dx486 wrote:Just to note here for others who may be interested: A friend told me to use a USB relay like this one. He told me to cut the cable and connect red cable to the relay.
You would need to write a batch routine to test 4 passwords, then send a command to switch off the relay, wait for 1 second, switch the relay back on, and then wait for a few seconds for the drive to spin up again.
Do you think using this method might decrease the drive's lifespan?
August 29th, 2016, 13:24
drHDD wrote:It will take a lot of time to check significant number of passwords.
September 27th, 2016, 18:55
October 5th, 2016, 18:51
fzabkar wrote:reallymine now supports password entry. One could probably use a shell script to try a list of passwords, but I expect that it would be slow.
From the author ...
http://www.hddoracle.com/viewtopic.php? ... 9638#p9638
sdb 8:16 0 931,5G 0 disk
sr0 11:0 1 30M 0 rom /run/media/dx486/WD Unlocker
% sudo ./reallymine-linux-amd64 dumpkeysector /dev/sdb outfile.bin
error running dumpkeysector: read /dev/sdb: input/output error
Powered by phpBB © phpBB Group.