WD20EARX-00PASB0 MyBook decryption
Posted: 27.04.21, 23:59
I'm looking for help with decrypting a WD MyBook (WDBACW0020HBK-01) drive. The HDD is a WD20EARX-00PASB0, and the bridge is a JMS538S. Password is unknown.
After some reading through the 'got HW crypto?' paper (https://eprint.iacr.org/2015/1002.pdf), the reallymine and linux-mybook-tools gits, I attempted decrypting with PC3k, but the key still required the user password. I saw a recent post by someone else with the same issue. I started diving into the processes outlined in the 'got HW crypto?' paper to see if I could figure it out myself. I started trying to code something to try to brute force the KEK with the salt and iterations described in the paper, but my coding ability is minimal. I had a look at the RNG vulnerability, but it's beyond my knowledge without a lot more hours put into this. So, of course, I've got to the point now where I know I need help. I was able to dump the necessary eDEK blob with the ASCII WDv1 bytes, and the first 2mb of the drive (which was indicated as needed in the linux-mybook-tools git).
Anyone able to help?
After some reading through the 'got HW crypto?' paper (https://eprint.iacr.org/2015/1002.pdf), the reallymine and linux-mybook-tools gits, I attempted decrypting with PC3k, but the key still required the user password. I saw a recent post by someone else with the same issue. I started diving into the processes outlined in the 'got HW crypto?' paper to see if I could figure it out myself. I started trying to code something to try to brute force the KEK with the salt and iterations described in the paper, but my coding ability is minimal. I had a look at the RNG vulnerability, but it's beyond my knowledge without a lot more hours put into this. So, of course, I've got to the point now where I know I need help. I was able to dump the necessary eDEK blob with the ASCII WDv1 bytes, and the first 2mb of the drive (which was indicated as needed in the linux-mybook-tools git).
Anyone able to help?