I am curious if anyone have an idea... #136
Comments
|
"I was expecting to find repetitions in those bytes, but there are not any!" I can recover the destroyed key after an erase only for the JMS538S chip. |
|
For the OXUF943SE chip, there is a backup keyblock. I don't know if it is overwritten in a quick erase. |
|
I don't know what controller is this.. I haven't opened it yet. |
|
I also was trying to disable drive encryption so that the usb bridge becomes transparent, but I didn't find a way. |
|
I use the cryptsetup program and the AES module built into my kernel to use my drive after I took it out of the case and installed it into my desktop. |
|
Also.. it seems that is the drive to have encryption and not the bridge: |
I have a 14 TB My book in it's enclosure.
I reverse engineered all WD apps and got my personal list of commands for the drive (which does not differ much from the known one).
I have notice this:
If you do an ERASE (rekey) and then try to read the raw drive (still in the enclosure) you will find "apparently random" data all over the drive, BUT only in the blocks that have been written at least once. In any other block, you wil find ZEROES.
Also:
I wrote a TB of zeroes and then issued the erase.
Now, obviously in that terabyte of data I have "random" bytes.
BUT... I was expecting to find repetitions in those bytes, but there are not any!
What is happening is that the drinve encryption key changes when you issue the erase command, so when you read back the data you read data encrypted with KEY "A" and decrypted with key "B".
I also found out that the HANDY STORE, stays the same and while WD uses only one block, 16 blocks of 512 are available.
Do you have any idea how to retrieve the encryption key?
After an erase the default is gone.
(not talking about the password)
The text was updated successfully, but these errors were encountered: