XTS mode #39

themaddoctor · 2017-05-06T02:00:21Z

If anyone is interested, I recently ran across a 500GB Symwave-encrypted drive that was AES in XTS mode with a 512-bit key. The keyblock used both wrapped pieces. Strangely, the second half of each piece was the same, so it really only had 192 bits of protection (XTS uses twice as many bits for the same protection).

andlabs · 2017-05-06T04:59:52Z

Can you provide a key sector and the top of the disk so I can add it to reallymine? Identifying might require adding the vendor-specific stuff too; I need to get back to that :S

themaddoctor · 2017-05-06T13:48:23Z

Identification is easy: The key sector has two wrapped keys. In ECB mode, the second one is all zeroes. But in XTS mode, they are both nonzero.

I can post it after the "client" agrees to pay for my service.

themaddoctor · 2017-05-06T14:02:18Z

Also, it looks like bytes 8-15 are 02 00 00 00 02 00 00 00 for XTS
and 00 00 00 00 02 00 00 00 for ECB. But I only have 4 examples,
so maybe.

andlabs · 2017-05-06T17:09:26Z

That would be the Symwave chip. Interesting that there are situations where the second wrapped DEK is used (I assumed it was unused in my code, but I still read it anyway)... What are the byte values in that case, if not all zero? And what do you mean "bytes 8-15"? Do you mean the bytes before the wrapped keys?

themaddoctor · 2017-05-06T17:22:04Z

Yes, the bytes immediately preceding the wrapped keys.

I'll probably have an answer Monday and can upload the key sector etc.

themaddoctor · 2017-05-09T00:28:27Z

Key sector:

00000000  57 4d 59 53 3e 67 01 f8  02 00 00 00 02 00 00 00  |WMYS>g.ø........|
00000010  f7 f4 74 34 95 a6 e3 5f  f9 47 88 fe ee 1b 26 06  |÷ôt4.¦ã_ùG.þî.&.|
00000020  ff 4f 2d f2 33 15 ec a9  15 57 80 e1 94 38 a2 f4  |ÿO-ò3.ì©.W.á.8¢ô|
00000030  31 db de fb b9 a2 45 7a  09 c0 40 e9 1d c8 bb c1  |1ÛÞû¹¢Ez.À@é.È»Á|
00000040  f5 67 7f c4 41 8e 71 9a  bd 90 ea f4 06 78 b6 02  |õg.ÄA.q.½.êô.x¶.|
00000050  d1 d7 ba 00 66 84 15 1d  0a 3b d4 bb e3 ee c6 ea  |Ñ×º.f....;Ô»ãîÆê|
00000060  0f b6 50 6e 1a 36 30 8c  8e 25 9b fa 32 26 6b 6a  |.¶Pn.60..%.ú2&kj|
00000070  04 02 72 61 c0 a9 f3 65  a1 b4 b5 55 0c d4 e7 c7  |..raÀ©óe¡´µU.ÔçÇ|
00000080  f1 52 3b f2 46 b3 e8 69  00 00 00 00 00 00 00 00  |ñR;òF³èi........|
00000090  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000001c0  00 60 37 3a 00 00 00 00  00 02 00 00 00 00 00 00  |.`7:............|
000001d0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000200

Key:
423b72e15d0d91d798d99f5d32a6a61100482021ae80623354572021f0556232e49071ed4819dd90773b0a1d79f8cc4f00482021ae80623354572021f0556232

First few sectors:

00000000  5d ee 70 33 f5 70 78 35  ca 6d 47 06 24 99 62 00  |]îp3õpx5ÊmG.$.b.|
00000010  5b af ba 59 a0 6d d4 ea  92 d7 00 08 b9 ea 19 59  |[¯ºY mÔê.×..¹ê.Y|
00000020  01 0b fe 5c 87 ce 9b 15  ea ca 32 13 27 ac 34 8f  |..þ\.Î..êÊ2.'¬4.|
00000030  7a a0 cb 81 eb c6 1b 13  d2 41 ec 78 97 3e 18 b0  |z Ë.ëÆ..ÒAìx.>.°|
00000040  ac a8 91 5c cb 99 ad c9  45 73 d8 16 60 7d 0e 96  |¬¨.\Ë.ÉEsØ.`}..|
00000050  1c 8d 3c 6a 0d bf e4 fd  7e 90 fe 55 e8 2b 94 fd  |..<j.¿äý~.þUè+.ý|
00000060  1a c0 1a 49 b0 bb 92 1b  f2 22 a4 b9 83 e8 33 b9  |.À.I°»..ò"¤¹.è3¹|
00000070  36 9a 21 9c 44 0b 79 15  3c 54 29 1a 71 cb 60 5f  |6.!.D.y.<T).qË`_|
00000080  48 dc ff 55 f3 9a bc 91  92 a5 3e 21 1b 9b 74 fe  |HÜÿUó.¼..¥>!..tþ|
00000090  d9 0c 87 a1 d2 2d 44 9c  7a 90 41 5a 2e 1f 21 4a  |Ù..¡Ò-D.z.AZ..!J|
000000a0  47 35 d6 dd 82 36 9f a5  f3 f7 7c 35 3a e1 9f 86  |G5ÖÝ.6.¥ó÷|5:á..|
000000b0  69 90 1e bc 39 ec 7d f6  25 73 1b 7d 98 29 c0 93  |i..¼9ì}ö%s.}.)À.|
000000c0  1d 53 54 b9 4b 3a b9 71  13 12 5b 38 0e 48 b5 fa  |.ST¹K:¹q..[8.Hµú|
000000d0  a3 e0 a7 44 af c0 de fa  25 cb 01 0d f1 cb 2b bf  |£à§D¯ÀÞú%Ë..ñË+¿|
000000e0  a0 23 27 cf 41 00 8f cd  2f a4 a8 ec 5f 66 93 77  | #'ÏA..Í/¤¨ì_f.w|
000000f0  65 cb 05 58 43 fc 14 b6  61 8c d7 68 95 18 c5 b4  |eË.XCü.¶a.×h..Å´|
00000100  0a d3 61 be ba 73 b8 1a  a9 ba e8 9a 1e 96 da d8  |.Óa¾ºs¸.©ºè...ÚØ|
00000110  dc 85 a5 67 79 83 c8 e0  8d bf 5b 15 8b 4b 3b 1e  |Ü.¥gy.Èà.¿[..K;.|
00000120  d9 99 e0 af ff ae 96 6c  68 bf 47 bc b0 58 dc 4e  |Ù.à¯ÿ®.lh¿G¼°XÜN|
00000130  1a e9 89 63 f5 6e 44 c0  d8 d8 61 60 b8 34 02 ac  |.é.cõnDÀØØa`¸4.¬|
00000140  46 1d 01 ab 48 6b 10 d5  31 a4 e6 7e 27 cf 7e 71  |F..«Hk.Õ1¤æ~'Ï~q|
00000150  28 37 f4 41 11 73 d3 af  ed d7 b8 6b 8f e5 4e f9  |(7ôA.sÓ¯í×¸k.åNù|
00000160  79 bc a1 f0 72 ba b8 bc  6a 65 e9 14 a9 e3 78 c4  |y¼¡ðrº¸¼jeé.©ãxÄ|
00000170  f9 80 83 b5 9f c2 5b 92  06 79 8c 5d 16 9c 75 3c  |ù..µ.Â[..y.]..u<|
00000180  f8 4f 9e 82 91 96 9e 6c  ef 4e 9b f6 41 9a 01 65  |øO.....lïN.öA..e|
00000190  c8 15 5e ba 62 b6 01 a1  2b 5b 33 56 ed cb 58 fe  |È.^ºb¶.¡+[3VíËXþ|
000001a0  e3 b0 7c f6 d5 ae 69 92  67 c8 bd a5 91 f3 2c 61  |ã°|öÕ®i.gÈ½¥.ó,a|
000001b0  64 a5 9c be ef 7f e4 27  00 41 99 1f 07 b0 23 8f  |d¥.¾ï.ä'.A...°#.|
000001c0  82 58 b6 20 ae e9 92 86  82 a3 08 de 2e 16 11 b5  |.X¶ ®é...£.Þ...µ|
000001d0  27 e0 4c 93 2e 44 01 d4  1a 72 a8 9c 42 2f 9d 51  |'àL..D.Ô.r¨.B/.Q|
000001e0  30 a5 6e de 52 de 11 bf  ac 9e c5 0b 95 c9 a8 6d  |0¥nÞRÞ.¿¬.Å..É¨m|
000001f0  83 ea cf 10 7a 16 ed 16  94 aa cb 70 48 69 b6 47  |.êÏ.z.í..ªËpHi¶G|
00000200  8f 9b 18 c3 db 8e fa bc  cd aa 82 0c 43 3a 1e 1e  |...ÃÛ.ú¼Íª..C:..|
00000210  6b b7 bb 50 4f 14 52 f6  fb 0d 5f 7f 96 69 09 65  |k·»PO.Röû._..i.e|
00000220  af 4e b9 14 a7 ae 41 f4  23 d8 fc c6 0c c7 a9 47  |¯N¹.§®Aô#ØüÆ.Ç©G|
00000230  9a 78 14 1a 5e 88 87 f4  d2 8e d4 65 3e 47 65 62  |.x..^..ôÒ.Ôe>Geb|
00000240  0d 81 08 92 95 a6 df 21  a2 4e 2a 7a e8 17 39 f1  |.....¦ß!¢N*zè.9ñ|
00000250  f3 1d 07 9c ec d0 ea b9  ef 6f 0b 28 c7 b8 e2 96  |ó...ìÐê¹ïo.(Ç¸â.|
00000260  e5 fd e1 4e 2d 78 7b 34  ab bc d9 db 59 69 d8 5d  |åýáN-x{4«¼ÙÛYiØ]|
00000270  bd 0a d0 24 9e e9 f0 a6  cc 0e 23 09 1a 2a 83 e7  |½.Ð$.éð¦Ì.#..*.ç|
00000280  2c 3a 60 97 08 f0 86 92  ed 00 37 3e 24 e3 64 e5  |,:`..ð..í.7>$ãdå|
00000290  ae be 4a 5c 26 e8 0c 35  23 37 ee 80 39 10 f3 d8  |®¾J\&è.5#7î.9.óØ|
000002a0  8a 88 78 72 d2 71 da ea  6b 14 ab 3b a4 31 64 bc  |..xrÒqÚêk.«;¤1d¼|
000002b0  b6 e4 ca e9 27 22 a8 6a  68 7b fc d9 62 62 bc 2a  |¶äÊé'"¨jh{üÙbb¼*|
000002c0  9b b2 f7 de a6 54 62 6b  a2 30 09 70 dc d8 6d f7  |.²÷Þ¦Tbk¢0.pÜØm÷|
000002d0  43 ea 90 54 b0 c4 ff fc  17 0f d1 03 20 da 12 c3  |Cê.T°Äÿü..Ñ. Ú.Ã|
000002e0  91 fb b5 a5 4f 14 7f d5  df 30 15 44 33 ef 62 57  |.ûµ¥O..Õß0.D3ïbW|
000002f0  0d a8 d7 e5 c8 62 04 29  86 8a 3c f6 b6 47 f6 38  |.¨×åÈb.)..<ö¶Gö8|
00000300  00 e8 f8 8b 67 1b 05 94  70 ac 05 56 53 be 29 90  |.èø.g...p¬.VS¾).|
00000310  4f a5 36 42 9c 0d 83 3c  13 d1 fc 25 b3 47 4d d3  |O¥6B...<.Ñü%³GMÓ|
00000320  b9 b0 3b 76 46 04 04 ca  f1 bc 80 23 58 0f 3e d1  |¹°;vF..Êñ¼.#X.>Ñ|
00000330  7e 4b 9f d1 80 79 8a 1d  7a 9a 32 bf ac 8d 73 d9  |~K.Ñ.y..z.2¿¬.sÙ|
00000340  85 1c a6 a5 89 00 65 aa  a1 e8 48 64 b0 d1 f2 51  |..¦¥..eª¡èHd°ÑòQ|
00000350  eb 1f 0c db 17 36 87 e3  3f a3 21 f2 c2 73 99 7f  |ë..Û.6.ã?£!òÂs..|
00000360  0b 83 90 7f a8 59 e7 52  04 63 19 35 d3 da ff 22  |....¨YçR.c.5ÓÚÿ"|
00000370  3a 36 65 47 01 c1 e6 23  37 5d 77 c8 e4 dd bd d3  |:6eG.Áæ#7]wÈäÝ½Ó|
00000380  04 1d ac 3b 09 71 81 f9  b5 52 7b 8a ab 93 84 45  |..¬;.q.ùµR{.«..E|
00000390  4e 53 98 1f 03 2f 5a 8c  de 52 8a 13 01 9c 59 be  |NS.../Z.ÞR....Y¾|
000003a0  c0 28 b5 db f5 cd dd f1  94 c0 96 20 98 e0 d5 73  |À(µÛõÍÝñ.À. .àÕs|
000003b0  54 ea c8 50 a0 90 5b 1c  a0 36 92 64 c8 62 31 55  |TêÈP .[. 6.dÈb1U|
000003c0  af 24 b0 ee 69 4d 48 01  bf 9d 52 aa 5c c5 bc 1a  |¯$°îiMH.¿.Rª\Å¼.|
000003d0  86 5c d4 cc c1 94 5c 51  38 a6 0f ed 93 a2 b0 2b  |.\ÔÌÁ.\Q8¦.í.¢°+|
000003e0  70 d2 98 36 5a 42 5e 7c  71 52 29 85 96 9e 6c 66  |pÒ.6ZB^|qR)...lf|
000003f0  be 74 66 f2 72 00 bb e5  1a 56 f1 26 9e 41 91 a2  |¾tfòr.»å.Vñ&.A.¢|
00000400  07 b2 1d df 7e d5 ab 21  be 67 14 a3 da fa b4 40  |.².ß~Õ«!¾g.£Úú´@|
00000410  17 f2 6e e3 2b 4d f5 af  40 e5 01 f8 33 38 71 3e  |.ònã+Mõ¯@å.ø38q>|
00000420  42 ca 25 fa 54 58 c9 f1  5a 8a 1b 73 60 92 c6 5a  |BÊ%úTXÉñZ..s`.ÆZ|
00000430  bf be 4f 26 f5 d8 5f 10  9f d3 66 32 cc d1 1e a6  |¿¾O&õØ_..Óf2ÌÑ.¦|
00000440  7e 96 fe e0 b7 b9 a1 21  3c 6e c3 63 89 d9 d8 a6  |~.þà·¹¡!<nÃc.ÙØ¦|
00000450  b2 d8 8c ab 7e b0 db 62  53 bf 4c e4 62 3d 33 9d  |²Ø.«~°ÛbS¿Läb=3.|
00000460  42 19 1f ca f2 18 d3 30  b6 29 5e 39 d0 d9 ec 06  |B..Êò.Ó0¶)^9ÐÙì.|
00000470  d0 06 97 af 78 a9 e7 2b  23 b0 36 6f 82 8d 85 52  |Ð..¯x©ç+#°6o...R|
00000480  f3 65 10 2d 26 08 31 0e  35 d6 d4 18 ed 14 39 11  |óe.-&.1.5ÖÔ.í.9.|
00000490  7c 30 0c d4 82 82 e4 11  64 b2 87 4c ea ae 20 78  ||0.Ô..ä.d².Lê® x|
000004a0  36 67 26 1b c5 6e 33 54  2c 17 e1 d9 25 ec 9b a3  |6g&.Ån3T,.áÙ%ì.£|
000004b0  61 da 25 c2 2f fa c9 cc  39 26 92 2b e9 01 57 82  |aÚ%Â/úÉÌ9&.+é.W.|
000004c0  fe 02 45 6b 52 c1 c5 2b  4f 35 4e fd 0f d8 83 f3  |þ.EkRÁÅ+O5Ný.Ø.ó|
000004d0  b3 c9 b9 26 f3 35 d3 f3  65 7a fe eb 2e 88 0c ef  |³É¹&ó5Óóezþë...ï|
000004e0  9a c7 ec 35 b3 ef e3 cc  27 50 4c e4 1d da 23 59  |.Çì5³ïãÌ'PLä.Ú#Y|
000004f0  99 e6 b1 77 10 f0 e6 4c  11 a4 3e 04 c7 ba c6 29  |.æ±w.ðæL.¤>.ÇºÆ)|
00000500  f5 f4 e0 49 54 41 f9 4d  f4 89 06 48 e2 8f 59 08  |õôàITAùMô..Hâ.Y.|
00000510  0c 82 f1 6c c5 34 a9 4f  09 e5 4a e5 a0 56 ea 07  |..ñlÅ4©O.åJå Vê.|
00000520  6c f6 15 75 c6 a5 cb f3  17 2d 11 9d e1 5f c9 f1  |lö.uÆ¥Ëó.-..á_Éñ|
00000530  38 92 72 36 06 9a 28 37  14 6c d7 11 e9 87 61 06  |8.r6..(7.l×.é.a.|
00000540  5a 0c 2c 5a 89 74 93 c8  9d 93 19 ba 34 16 c9 4a  |Z.,Z.t.È...º4.ÉJ|
00000550  39 39 c3 f0 b2 15 57 70  85 b7 6e 19 c3 f1 a6 95  |99Ãð².Wp.·n.Ãñ¦.|
00000560  2a 86 e3 7d 7f 91 bb 20  23 bd c4 ec 76 be a3 6a  |*.ã}..» #½Äìv¾£j|
00000570  b0 90 26 e2 1b 6b 56 94  03 fc e3 ec 5b f0 81 42  |°.&â.kV..üãì[ð.B|
00000580  0d f2 f7 63 61 04 b7 cd  c1 12 8a 1d e6 ff 8a a8  |.ò÷ca.·ÍÁ...æÿ.¨|
00000590  59 f2 4b 94 e2 87 1b ec  92 d5 85 97 73 6e 20 e0  |YòK.â..ì.Õ..sn à|
000005a0  2e 5d c3 03 95 97 f4 ad  ba 37 5a f1 68 3d 6e db  |.]Ã...ôº7Zñh=nÛ|
000005b0  55 53 f6 59 b5 ec d7 7d  a8 0c ce 94 81 6c b9 4b  |USöYµì×}¨.Î..l¹K|
000005c0  79 cb 76 ca 8b 01 7a a0  4f ad 03 9d b9 0f 54 d8  |yËvÊ..z O..¹.TØ|
000005d0  ba 67 66 c8 62 7f d2 8e  7f 1c f3 b5 f4 33 79 de  |ºgfÈb.Ò...óµô3yÞ|
000005e0  73 2b a1 9c fa cf 7c 22  71 ec 24 b0 20 3a 1a 4a  |s+¡.úÏ|"qì$° :.J|
000005f0  68 00 93 76 d9 88 b9 84  9f cd 91 a4 3e f4 60 61  |h..vÙ.¹..Í.¤>ô`a|
00000600  1d 81 7a 67 5b fb 22 da  4f 61 c6 fa bc 33 4e 09  |..zg[û"ÚOaÆú¼3N.|
00000610  e1 cb 03 e6 4a 9f da fd  f9 3a a1 c6 9b fa af 23  |áË.æJ.Úýù:¡Æ.ú¯#|
00000620  be 38 01 d1 97 d0 f5 70  ad 4c a2 e4 aa 46 0a c0  |¾8.Ñ.ÐõpL¢äªF.À|
00000630  a9 81 63 cb 98 4c e5 f6  ee fa 78 6f 7d 01 23 db  |©.cË.Låöîúxo}.#Û|
00000640  84 50 41 8a 47 1d b4 66  a1 80 d6 47 3e 09 10 e4  |.PA.G.´f¡.ÖG>..ä|
00000650  f2 25 4d 50 4a b9 55 27  79 ca 26 59 25 d0 85 8e  |ò%MPJ¹U'yÊ&Y%Ð..|
00000660  b7 98 39 26 71 68 ff 0a  9b df f2 3d dc 01 6c 2f  |·.9&qhÿ..ßò=Ü.l/|
00000670  c9 fb 43 6e 9d ea 6a 8c  b3 e1 fc 7b 0d 59 ff 9c  |ÉûCn.êj.³áü{.Yÿ.|
00000680  4d 4e 93 3e 6e 91 1a 03  0c f7 88 a5 bf ae a0 86  |MN.>n....÷.¥¿® .|
00000690  4a 7c 94 a4 d9 e4 2e f3  42 19 79 ad 86 7e 91 3d  |J|.¤Ùä.óB.y.~.=|
000006a0  0f f9 d8 23 9c d2 60 42  5d 7b d5 74 67 60 9c b1  |.ùØ#.Ò`B]{Õtg`.±|
000006b0  79 a8 85 30 a1 23 02 ec  0d 57 e1 43 01 6d d1 c9  |y¨.0¡#.ì.WáC.mÑÉ|
000006c0  8f 23 30 d1 cf 61 65 3f  f5 e5 7f 7d 27 73 4d 35  |.#0ÑÏae?õå.}'sM5|
000006d0  75 93 6e 8b 76 7c cd 75  c7 8a 3e e1 9f b5 9f 75  |u.n.v|ÍuÇ.>á.µ.u|
000006e0  71 74 cc 0d f9 03 05 7e  96 21 dd cc 19 76 5a cb  |qtÌ.ù..~.!ÝÌ.vZË|
000006f0  b2 a3 7c 7b b0 96 5b 5c  b9 95 9b db 4e 19 62 3d  |²£|{°.[\¹..ÛN.b=|
00000700  43 74 6d ea c0 80 13 ac  01 5c 3e 46 8c 60 df 89  |CtmêÀ..¬.\>F.`ß.|
00000710  9b d5 49 0f 46 05 57 55  10 84 dd 8b bf ca 54 a5  |.ÕI.F.WU..Ý.¿ÊT¥|
00000720  e6 c0 15 ce 3d c5 e5 19  bd e1 4f 5b c8 b4 50 66  |æÀ.Î=Åå.½áO[È´Pf|
00000730  bf 92 3a cb 2a f8 71 da  4c 9a 64 98 cb a3 f7 fc  |¿.:Ë*øqÚL.d.Ë£÷ü|
00000740  33 83 27 9d 03 bc 41 fa  9a 24 bb 59 e4 5a c8 38  |3.'..¼Aú.$»YäZÈ8|
00000750  da b1 00 fd b4 fc 9c c4  45 b7 8b 35 82 64 77 df  |Ú±.ý´ü.ÄE·.5.dwß|
00000760  77 dd 50 f4 a4 e0 23 7f  6d c3 eb 9c 89 17 c9 f2  |wÝPô¤à#.mÃë...Éò|
00000770  f4 5e 98 cd e3 7a e3 12  3b a5 00 1c a9 40 ea df  |ô^.Íãzã.;¥..©@êß|
00000780  61 f4 1f d7 ea 90 ff 5a  d8 65 1a ed 84 87 34 b7  |aô.×ê.ÿZØe.í..4·|
00000790  52 e5 c9 17 39 9d 12 fd  1b 39 61 80 25 3c c1 a0  |RåÉ.9..ý.9a.%<Á |
000007a0  4e 9b fa e9 82 73 a7 e4  0e 1f 43 8e de b1 e8 fd  |N.úé.s§ä..C.Þ±èý|
000007b0  a9 cd 01 a5 dc 4d 11 d9  7d 3f 53 ca 6b 93 83 db  |©Í.¥ÜM.Ù}?SÊk..Û|
000007c0  9b 34 d4 1e ce d7 81 1f  86 a6 d5 f2 c0 1f 57 97  |.4Ô.Î×...¦ÕòÀ.W.|
000007d0  c7 9f 7e 22 41 81 3e 3d  2f b9 a6 aa 88 19 20 11  |Ç.~"A.>=/¹¦ª.. .|
000007e0  d1 07 e3 01 51 20 ac 3b  02 d8 66 41 f8 3a 11 b9  |Ñ.ã.Q ¬;.ØfAø:.¹|
000007f0  69 12 b1 51 74 37 0c 0e  34 91 eb 23 42 0a 58 e2  |i.±Qt7..4.ë#B.Xâ|
00000800

MrDecay · 2017-05-09T00:31:05Z

You guys are killing it. Great job. Keep up the good work

…

On May 8, 2017 7:28 PM, "themaddoctor" ***@***.***> wrote: Key sector: 00000000 57 4d 59 53 3e 67 01 f8 02 00 00 00 02 00 00 00 |WMYS>g.ø........| 00000010 f7 f4 74 34 95 a6 e3 5f f9 47 88 fe ee 1b 26 06 |÷ôt4.¦ã_ùG.þî.&.| 00000020 ff 4f 2d f2 33 15 ec a9 15 57 80 e1 94 38 a2 f4 |ÿO-ò3.ì©.W.á.8¢ô| 00000030 31 db de fb b9 a2 45 7a 09 c0 40 e9 1d c8 bb c1 |1ÛÞû¹¢Ez.À@é.È»Á| 00000040 f5 67 7f c4 41 8e 71 9a bd 90 ea f4 06 78 b6 02 |õg.ÄA.q.½.êô.x¶.| 00000050 d1 d7 ba 00 66 84 15 1d 0a 3b d4 bb e3 ee c6 ea |Ñ×º.f....;Ô»ãîÆê| 00000060 0f b6 50 6e 1a 36 30 8c 8e 25 9b fa 32 26 6b 6a |.¶Pn.60..%.ú2&kj| 00000070 04 02 72 61 c0 a9 f3 65 a1 b4 b5 55 0c d4 e7 c7 |..raÀ©óe¡´µU.ÔçÇ| 00000080 f1 52 3b f2 46 b3 e8 69 00 00 00 00 00 00 00 00 |ñR;òF³èi........| 00000090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 000001c0 00 60 37 3a 00 00 00 00 00 02 00 00 00 00 00 00 |.`7:............| 000001d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 00000200 Key: 423b72e15d0d91d798d99f5d32a6a61100482021ae80623354572021f055 6232e49071ed4819dd90773b0a1d79f8cc4f00482021ae80623354572021f0556232 First few sectors: 00000000 5d ee 70 33 f5 70 78 35 ca 6d 47 06 24 99 62 00 |]îp3õpx5ÊmG.$.b.| 00000010 5b af ba 59 a0 6d d4 ea 92 d7 00 08 b9 ea 19 59 |[¯ºY mÔê.×..¹ê.Y| 00000020 01 0b fe 5c 87 ce 9b 15 ea ca 32 13 27 ac 34 8f |..þ\.Î..êÊ2.'¬4.| 00000030 7a a0 cb 81 eb c6 1b 13 d2 41 ec 78 97 3e 18 b0 |z Ë.ëÆ..ÒAìx.>.°| 00000040 ac a8 91 5c cb 99 ad c9 45 73 d8 16 60 7d 0e 96 |¬¨.\Ë.ÉEsØ.`}..| 00000050 1c 8d 3c 6a 0d bf e4 fd 7e 90 fe 55 e8 2b 94 fd |..<j.¿äý~.þUè+.ý| 00000060 1a c0 1a 49 b0 bb 92 1b f2 22 a4 b9 83 e8 33 b9 |.À.I°»..ò"¤¹.è3¹| 00000070 36 9a 21 9c 44 0b 79 15 3c 54 29 1a 71 cb 60 5f |6.!.D.y.<T).qË`_| 00000080 48 dc ff 55 f3 9a bc 91 92 a5 3e 21 1b 9b 74 fe |HÜÿUó.¼..¥>!..tþ| 00000090 d9 0c 87 a1 d2 2d 44 9c 7a 90 41 5a 2e 1f 21 4a |Ù..¡Ò-D.z.AZ..!J| 000000a0 47 35 d6 dd 82 36 9f a5 f3 f7 7c 35 3a e1 9f 86 |G5ÖÝ.6.¥ó÷|5:á..| 000000b0 69 90 1e bc 39 ec 7d f6 25 73 1b 7d 98 29 c0 93 |i..¼9ì}ö%s.}.)À.| 000000c0 1d 53 54 b9 4b 3a b9 71 13 12 5b 38 0e 48 b5 fa |.ST¹K:¹q..[8.Hµú| 000000d0 a3 e0 a7 44 af c0 de fa 25 cb 01 0d f1 cb 2b bf |£à§D¯ÀÞú%Ë..ñË+¿| 000000e0 a0 23 27 cf 41 00 8f cd 2f a4 a8 ec 5f 66 93 77 | #'ÏA..Í/¤¨ì_f.w| 000000f0 65 cb 05 58 43 fc 14 b6 61 8c d7 68 95 18 c5 b4 |eË.XCü.¶a.×h..Å´| 00000100 0a d3 61 be ba 73 b8 1a a9 ba e8 9a 1e 96 da d8 |.Óa¾ºs¸.©ºè...ÚØ| 00000110 dc 85 a5 67 79 83 c8 e0 8d bf 5b 15 8b 4b 3b 1e |Ü.¥gy.Èà.¿[..K;.| 00000120 d9 99 e0 af ff ae 96 6c 68 bf 47 bc b0 58 dc 4e |Ù.à¯ÿ®.lh¿G¼°XÜN| 00000130 1a e9 89 63 f5 6e 44 c0 d8 d8 61 60 b8 34 02 ac |.é.cõnDÀØØa`¸4.¬| 00000140 46 1d 01 ab 48 6b 10 d5 31 a4 e6 7e 27 cf 7e 71 |F..«Hk.Õ1¤æ~'Ï~q| 00000150 28 37 f4 41 11 73 d3 af ed d7 b8 6b 8f e5 4e f9 |(7ôA.sÓ¯í×¸k.åNù| 00000160 79 bc a1 f0 72 ba b8 bc 6a 65 e9 14 a9 e3 78 c4 |y¼¡ðrº¸¼jeé.©ãxÄ| 00000170 f9 80 83 b5 9f c2 5b 92 06 79 8c 5d 16 9c 75 3c |ù..µ.Â[..y.]..u<| 00000180 f8 4f 9e 82 91 96 9e 6c ef 4e 9b f6 41 9a 01 65 |øO.....lïN.öA..e| 00000190 c8 15 5e ba 62 b6 01 a1 2b 5b 33 56 ed cb 58 fe |È.^ºb¶.¡+[3VíËXþ| 000001a0 e3 b0 7c f6 d5 ae 69 92 67 c8 bd a5 91 f3 2c 61 |ã°|öÕ®i.gÈ½¥.ó,a| 000001b0 64 a5 9c be ef 7f e4 27 00 41 99 1f 07 b0 23 8f |d¥.¾ï.ä'.A...°#.| 000001c0 82 58 b6 20 ae e9 92 86 82 a3 08 de 2e 16 11 b5 |.X¶ ®é...£.Þ...µ| 000001d0 27 e0 4c 93 2e 44 01 d4 1a 72 a8 9c 42 2f 9d 51 |'àL..D.Ô.r¨.B/.Q| 000001e0 30 a5 6e de 52 de 11 bf ac 9e c5 0b 95 c9 a8 6d |0¥nÞRÞ.¿¬.Å..É¨m| 000001f0 83 ea cf 10 7a 16 ed 16 94 aa cb 70 48 69 b6 47 |.êÏ.z.í..ªËpHi¶G| 00000200 8f 9b 18 c3 db 8e fa bc cd aa 82 0c 43 3a 1e 1e |...ÃÛ.ú¼Íª..C:..| 00000210 6b b7 bb 50 4f 14 52 f6 fb 0d 5f 7f 96 69 09 65 |k·»PO.Röû._..i.e| 00000220 af 4e b9 14 a7 ae 41 f4 23 d8 fc c6 0c c7 a9 47 |¯N¹.§®Aô#ØüÆ.Ç©G| 00000230 9a 78 14 1a 5e 88 87 f4 d2 8e d4 65 3e 47 65 62 |.x..^..ôÒ.Ôe>Geb| 00000240 0d 81 08 92 95 a6 df 21 a2 4e 2a 7a e8 17 39 f1 |.....¦ß!¢N*zè.9ñ| 00000250 f3 1d 07 9c ec d0 ea b9 ef 6f 0b 28 c7 b8 e2 96 |ó...ìÐê¹ïo.(Ç¸â.| 00000260 e5 fd e1 4e 2d 78 7b 34 ab bc d9 db 59 69 d8 5d |åýáN-x{4«¼ÙÛYiØ]| 00000270 bd 0a d0 24 9e e9 f0 a6 cc 0e 23 09 1a 2a 83 e7 |½.Ð$.éð¦Ì.#..*.ç| 00000280 2c 3a 60 97 08 f0 86 92 ed 00 37 3e 24 e3 64 e5 |,:`..ð..í.7>$ãdå| 00000290 ae be 4a 5c 26 e8 0c 35 23 37 ee 80 39 10 f3 d8 |®¾J\&è.5#7î.9.óØ| 000002a0 8a 88 78 72 d2 71 da ea 6b 14 ab 3b a4 31 64 bc |..xrÒqÚêk.«;¤1d¼| 000002b0 b6 e4 ca e9 27 22 a8 6a 68 7b fc d9 62 62 bc 2a |¶äÊé'"¨jh{üÙbb¼*| 000002c0 9b b2 f7 de a6 54 62 6b a2 30 09 70 dc d8 6d f7 |.²÷Þ¦Tbk¢0.pÜØm÷| 000002d0 43 ea 90 54 b0 c4 ff fc 17 0f d1 03 20 da 12 c3 |Cê.T°Äÿü..Ñ. Ú.Ã| 000002e0 91 fb b5 a5 4f 14 7f d5 df 30 15 44 33 ef 62 57 |.ûµ¥O..Õß0.D3ïbW| 000002f0 0d a8 d7 e5 c8 62 04 29 86 8a 3c f6 b6 47 f6 38 |.¨×åÈb.)..<ö¶Gö8| 00000300 00 e8 f8 8b 67 1b 05 94 70 ac 05 56 53 be 29 90 |.èø.g...p¬.VS¾).| 00000310 4f a5 36 42 9c 0d 83 3c 13 d1 fc 25 b3 47 4d d3 |O¥6B...<.Ñü%³GMÓ| 00000320 b9 b0 3b 76 46 04 04 ca f1 bc 80 23 58 0f 3e d1 |¹°;vF..Êñ¼.#X.>Ñ| 00000330 7e 4b 9f d1 80 79 8a 1d 7a 9a 32 bf ac 8d 73 d9 |~K.Ñ.y..z.2¿¬.sÙ| 00000340 85 1c a6 a5 89 00 65 aa a1 e8 48 64 b0 d1 f2 51 |..¦¥..eª¡èHd°ÑòQ| 00000350 eb 1f 0c db 17 36 87 e3 3f a3 21 f2 c2 73 99 7f |ë..Û.6.ã?£!òÂs..| 00000360 0b 83 90 7f a8 59 e7 52 04 63 19 35 d3 da ff 22 |....¨YçR.c.5ÓÚÿ"| 00000370 3a 36 65 47 01 c1 e6 23 37 5d 77 c8 e4 dd bd d3 |:6eG.Áæ#7]wÈäÝ½Ó| 00000380 04 1d ac 3b 09 71 81 f9 b5 52 7b 8a ab 93 84 45 |..¬;.q.ùµR{.«..E| 00000390 4e 53 98 1f 03 2f 5a 8c de 52 8a 13 01 9c 59 be |NS.../Z.ÞR....Y¾| 000003a0 c0 28 b5 db f5 cd dd f1 94 c0 96 20 98 e0 d5 73 |À(µÛõÍÝñ.À. .àÕs| 000003b0 54 ea c8 50 a0 90 5b 1c a0 36 92 64 c8 62 31 55 |TêÈP .[. 6.dÈb1U| 000003c0 af 24 b0 ee 69 4d 48 01 bf 9d 52 aa 5c c5 bc 1a |¯$°îiMH.¿.Rª\Å¼.| 000003d0 86 5c d4 cc c1 94 5c 51 38 a6 0f ed 93 a2 b0 2b |.\ÔÌÁ.\Q8¦.í.¢°+| 000003e0 70 d2 98 36 5a 42 5e 7c 71 52 29 85 96 9e 6c 66 |pÒ.6ZB^|qR)...lf| 000003f0 be 74 66 f2 72 00 bb e5 1a 56 f1 26 9e 41 91 a2 |¾tfòr.»å.Vñ&.A.¢| 00000400 07 b2 1d df 7e d5 ab 21 be 67 14 a3 da fa b4 40 |.².ß~Õ«!¾g.£Úú´@| 00000410 17 f2 6e e3 2b 4d f5 af 40 e5 01 f8 33 38 71 3e |.ònã+Mõ¯@å.ø38q>| 00000420 42 ca 25 fa 54 58 c9 f1 5a 8a 1b 73 60 92 c6 5a |BÊ%úTXÉñZ..s`.ÆZ| 00000430 bf be 4f 26 f5 d8 5f 10 9f d3 66 32 cc d1 1e a6 |¿¾O&õØ_..Óf2ÌÑ.¦| 00000440 7e 96 fe e0 b7 b9 a1 21 3c 6e c3 63 89 d9 d8 a6 |~.þà·¹¡!<nÃc.ÙØ¦| 00000450 b2 d8 8c ab 7e b0 db 62 53 bf 4c e4 62 3d 33 9d |²Ø.«~°ÛbS¿Läb=3.| 00000460 42 19 1f ca f2 18 d3 30 b6 29 5e 39 d0 d9 ec 06 |B..Êò.Ó0¶)^9ÐÙì.| 00000470 d0 06 97 af 78 a9 e7 2b 23 b0 36 6f 82 8d 85 52 |Ð..¯x©ç+#°6o...R| 00000480 f3 65 10 2d 26 08 31 0e 35 d6 d4 18 ed 14 39 11 |óe.-&.1.5ÖÔ.í.9.| 00000490 7c 30 0c d4 82 82 e4 11 64 b2 87 4c ea ae 20 78 ||0.Ô..ä.d².Lê® x| 000004a0 36 67 26 1b c5 6e 33 54 2c 17 e1 d9 25 ec 9b a3 |6g&.Ån3T,.áÙ%ì.£| 000004b0 61 da 25 c2 2f fa c9 cc 39 26 92 2b e9 01 57 82 |aÚ%Â/úÉÌ9&.+é.W.| 000004c0 fe 02 45 6b 52 c1 c5 2b 4f 35 4e fd 0f d8 83 f3 |þ.EkRÁÅ+O5Ný.Ø.ó| 000004d0 b3 c9 b9 26 f3 35 d3 f3 65 7a fe eb 2e 88 0c ef |³É¹&ó5Óóezþë...ï| 000004e0 9a c7 ec 35 b3 ef e3 cc 27 50 4c e4 1d da 23 59 |.Çì5³ïãÌ'PLä.Ú#Y| 000004f0 99 e6 b1 77 10 f0 e6 4c 11 a4 3e 04 c7 ba c6 29 |.æ±w.ðæL.¤>.ÇºÆ)| 00000500 f5 f4 e0 49 54 41 f9 4d f4 89 06 48 e2 8f 59 08 |õôàITAùMô..Hâ.Y.| 00000510 0c 82 f1 6c c5 34 a9 4f 09 e5 4a e5 a0 56 ea 07 |..ñlÅ4©O.åJå Vê.| 00000520 6c f6 15 75 c6 a5 cb f3 17 2d 11 9d e1 5f c9 f1 |lö.uÆ¥Ëó.-..á_Éñ| 00000530 38 92 72 36 06 9a 28 37 14 6c d7 11 e9 87 61 06 |8.r6..(7.l×.é.a.| 00000540 5a 0c 2c 5a 89 74 93 c8 9d 93 19 ba 34 16 c9 4a |Z.,Z.t.È...º4.ÉJ| 00000550 39 39 c3 f0 b2 15 57 70 85 b7 6e 19 c3 f1 a6 95 |99Ãð².Wp.·n.Ãñ¦.| 00000560 2a 86 e3 7d 7f 91 bb 20 23 bd c4 ec 76 be a3 6a |*.ã}..» #½Äìv¾£j| 00000570 b0 90 26 e2 1b 6b 56 94 03 fc e3 ec 5b f0 81 42 |°.&â.kV..üãì[ð.B| 00000580 0d f2 f7 63 61 04 b7 cd c1 12 8a 1d e6 ff 8a a8 |.ò÷ca.·ÍÁ...æÿ.¨| 00000590 59 f2 4b 94 e2 87 1b ec 92 d5 85 97 73 6e 20 e0 |YòK.â..ì.Õ..sn à| 000005a0 2e 5d c3 03 95 97 f4 ad ba 37 5a f1 68 3d 6e db |.]Ã...ôº7Zñh=nÛ| 000005b0 55 53 f6 59 b5 ec d7 7d a8 0c ce 94 81 6c b9 4b |USöYµì×}¨.Î..l¹K| 000005c0 79 cb 76 ca 8b 01 7a a0 4f ad 03 9d b9 0f 54 d8 |yËvÊ..z O..¹.TØ| 000005d0 ba 67 66 c8 62 7f d2 8e 7f 1c f3 b5 f4 33 79 de |ºgfÈb.Ò...óµô3yÞ| 000005e0 73 2b a1 9c fa cf 7c 22 71 ec 24 b0 20 3a 1a 4a |s+¡.úÏ|"qì$° :.J| 000005f0 68 00 93 76 d9 88 b9 84 9f cd 91 a4 3e f4 60 61 |h..vÙ.¹..Í.¤>ô`a| 00000600 1d 81 7a 67 5b fb 22 da 4f 61 c6 fa bc 33 4e 09 |..zg[û"ÚOaÆú¼3N.| 00000610 e1 cb 03 e6 4a 9f da fd f9 3a a1 c6 9b fa af 23 |áË.æJ.Úýù:¡Æ.ú¯#| 00000620 be 38 01 d1 97 d0 f5 70 ad 4c a2 e4 aa 46 0a c0 |¾8.Ñ.ÐõpL¢äªF.À| 00000630 a9 81 63 cb 98 4c e5 f6 ee fa 78 6f 7d 01 23 db |©.cË.Låöîúxo}.#Û| 00000640 84 50 41 8a 47 1d b4 66 a1 80 d6 47 3e 09 10 e4 |.PA.G.´f¡.ÖG>..ä| 00000650 f2 25 4d 50 4a b9 55 27 79 ca 26 59 25 d0 85 8e |ò%MPJ¹U'yÊ&Y%Ð..| 00000660 b7 98 39 26 71 68 ff 0a 9b df f2 3d dc 01 6c 2f |·.9&qhÿ..ßò=Ü.l/| 00000670 c9 fb 43 6e 9d ea 6a 8c b3 e1 fc 7b 0d 59 ff 9c |ÉûCn.êj.³áü{.Yÿ.| 00000680 4d 4e 93 3e 6e 91 1a 03 0c f7 88 a5 bf ae a0 86 |MN.>n....÷.¥¿® .| 00000690 4a 7c 94 a4 d9 e4 2e f3 42 19 79 ad 86 7e 91 3d |J|.¤Ùä.óB.y.~.=| 000006a0 0f f9 d8 23 9c d2 60 42 5d 7b d5 74 67 60 9c b1 |.ùØ#.Ò`B]{Õtg`.±| 000006b0 79 a8 85 30 a1 23 02 ec 0d 57 e1 43 01 6d d1 c9 |y¨.0¡#.ì.WáC.mÑÉ| 000006c0 8f 23 30 d1 cf 61 65 3f f5 e5 7f 7d 27 73 4d 35 |.#0ÑÏae?õå.}'sM5| 000006d0 75 93 6e 8b 76 7c cd 75 c7 8a 3e e1 9f b5 9f 75 |u.n.v|ÍuÇ.>á.µ.u| 000006e0 71 74 cc 0d f9 03 05 7e 96 21 dd cc 19 76 5a cb |qtÌ.ù..~.!ÝÌ.vZË| 000006f0 b2 a3 7c 7b b0 96 5b 5c b9 95 9b db 4e 19 62 3d |²£|{°.[\¹..ÛN.b=| 00000700 43 74 6d ea c0 80 13 ac 01 5c 3e 46 8c 60 df 89 |CtmêÀ..¬.\>F.`ß.| 00000710 9b d5 49 0f 46 05 57 55 10 84 dd 8b bf ca 54 a5 |.ÕI.F.WU..Ý.¿ÊT¥| 00000720 e6 c0 15 ce 3d c5 e5 19 bd e1 4f 5b c8 b4 50 66 |æÀ.Î=Åå.½áO[È´Pf| 00000730 bf 92 3a cb 2a f8 71 da 4c 9a 64 98 cb a3 f7 fc |¿.:Ë*øqÚL.d.Ë£÷ü| 00000740 33 83 27 9d 03 bc 41 fa 9a 24 bb 59 e4 5a c8 38 |3.'..¼Aú.$»YäZÈ8| 00000750 da b1 00 fd b4 fc 9c c4 45 b7 8b 35 82 64 77 df |Ú±.ý´ü.ÄE·.5.dwß| 00000760 77 dd 50 f4 a4 e0 23 7f 6d c3 eb 9c 89 17 c9 f2 |wÝPô¤à#.mÃë...Éò| 00000770 f4 5e 98 cd e3 7a e3 12 3b a5 00 1c a9 40 ea df |ô^.Íãzã.;¥..©@êß| 00000780 61 f4 1f d7 ea 90 ff 5a d8 65 1a ed 84 87 34 b7 |aô.×ê.ÿZØe.í..4·| 00000790 52 e5 c9 17 39 9d 12 fd 1b 39 61 80 25 3c c1 a0 |RåÉ.9..ý.9a.%<Á | 000007a0 4e 9b fa e9 82 73 a7 e4 0e 1f 43 8e de b1 e8 fd |N.úé.s§ä..C.Þ±èý| 000007b0 a9 cd 01 a5 dc 4d 11 d9 7d 3f 53 ca 6b 93 83 db |©Í.¥ÜM.Ù}?SÊk..Û| 000007c0 9b 34 d4 1e ce d7 81 1f 86 a6 d5 f2 c0 1f 57 97 |.4Ô.Î×...¦ÕòÀ.W.| 000007d0 c7 9f 7e 22 41 81 3e 3d 2f b9 a6 aa 88 19 20 11 |Ç.~"A.>=/¹¦ª.. .| 000007e0 d1 07 e3 01 51 20 ac 3b 02 d8 66 41 f8 3a 11 b9 |Ñ.ã.Q ¬;.ØfAø:.¹| 000007f0 69 12 b1 51 74 37 0c 0e 34 91 eb 23 42 0a 58 e2 |i.±Qt7..4.ë#B.Xâ| 00000800 — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#39 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AQE6xUaiwzPGCabfRn-MRiuRt8dsYIxuks5r37MsgaJpZM4NSlR7> .

themaddoctor · 2017-05-09T00:39:45Z

Updated tutorial on the way

themaddoctor · 2017-05-09T00:42:16Z

Here's a script I used to decrypt the first few sectors. Note that the IV
is the sector number, but maybe in the wrong byte order compared to
a standard AES-XTS.

#!/bin/bash

INFILE="$1"
OUTFILE="$2"
SIZE=`stat "$INFILE" | grep Size | awk '{print $2}'`
SECTORS=`expr $SIZE / 512`

rm -f "$OUTFILE"

i=0
while [ $i -lt $SECTORS ]; do
    IV=`printf "%032x" $i`
    dd if="$INFILE" skip=$i count=1 status=none | \
        openssl enc -d -aes-256-xts -K `cat dek-512.hex` -nopad -iv $IV \
        >> "$OUTFILE"
    i=`expr $i + 1`
    PERCENT=`expr \( 100 \* $i \) / $SECTORS`
    echo -e -n "\r$i / $SECTORS $PERCENT%"
  done
echo

themaddoctor · 2017-05-09T18:41:42Z

symwaves.pdf

andlabs · 2017-06-01T04:22:28Z

I'll go through all of this once #38 is confirmed.

MrDecay · 2017-06-13T06:20:28Z

finally got around. to compiling the reallymine-concurrent-decryption, either i compiled it wrong with no errors...because it was pretty fast on 4 cores running on my Virtual Machine. but the it failed to Decrypt a jmicron (It Found the DEK & Confirmed it with the Maddoctors Methods of extracting the Dek)., release 2 Decrypts extremely slow.. and Release 1 Decrypts at a decent speed did about 1 gig per minute ...

…

On Wed, May 31, 2017 at 11:22 PM, Pietro Gagliardi ***@***.*** > wrote: I'll go through all of this once #38 <#38> is confirmed. — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#39 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AQE6xRAKIOE0Ii_hx8f8bXImi1ssCf5Rks5r_jyEgaJpZM4NSlR7> .

andlabs · 2017-06-13T13:59:16Z

I would like to fix concurrency bugs then =P Could you figure out what's different between the two decryptions and post in that issue?

themaddoctor · 2017-07-05T05:52:36Z

Found another XTS Symwave. This one is 2TB Here is the keyblock (sector 3907026307):

00000000  57 4d 59 53 7f 2c 01 f8  02 00 00 00 02 00 00 00  |WMYS.,.�........|
00000010  88 44 80 9a 53 33 2d ed  a0 57 81 8e fe 7e 2e 51  |.D..S3-��W..�~.Q|
00000020  49 54 16 1b 7d d4 1b 15  53 c0 62 77 90 60 8c f4  |IT..}�..S�bw.`.�|
00000030  91 1c a5 07 68 96 a1 c2  78 dd c6 fa 62 e6 f3 21  |..�.h.��x���b��!|
00000040  f6 2b 00 71 ac c2 f6 99  bd 2a bf 3a ae 61 21 b0  |�+.q���.�*�:�a!�|
00000050  4e de e1 91 ec 66 fc 0a  2b 1f e0 36 0a ff ed be  |N��.�f�.+.�6.���|
00000060  0f b6 50 6e 1a 36 30 8c  8e 25 9b fa 32 26 6b 6a  |.�Pn.60..%.�2&kj|
00000070  04 02 72 61 c0 a9 f3 65  a1 b4 b5 55 0c d4 e7 c7  |..ra��e���U.���|
00000080  f1 52 3b f2 46 b3 e8 69  00 00 00 00 00 00 00 00  |�R;�F��i........|
00000090  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000a0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000b0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000c0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000d0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000e0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000f0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000100  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000110  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000120  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000130  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000140  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000150  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000160  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000170  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000180  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000190  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001a0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001b0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001c0  00 88 df e8 00 00 00 00  00 02 00 00 00 00 00 00  |..��............|
000001d0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001e0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001f0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|

Here is the key:
0c5fa48cddff914fc04f910ae2f04e97253720200d013439b94a202155c83438362ddf4a1729dca90d52330855b54eac253720200d013439b94a202155c83438
It has the same repetition of bytes 16-31 into 46-63 as the last example had.

The decryption is exactly the same as the previous example. The MBR was corrupted by Windows, but here are sectors 0 and 1:

00000000  33 c0 8e d0 bc 00 7c 8e  c0 8e d8 be 00 7c bf 00  |3�.м.|.�.ؾ.|�.|
00000010  06 b9 00 02 fc f3 a4 50  68 1c 06 cb fb b9 04 00  |.�..���Ph..���..|
00000020  bd be 07 80 7e 00 00 7c  0b 0f 85 0e 01 83 c5 10  |��..~..|......�.|
00000030  e2 f1 cd 18 88 56 00 55  c6 46 11 05 c6 46 10 00  |���..V.U�F..�F..|
00000040  b4 41 bb aa 55 cd 13 5d  72 0f 81 fb 55 aa 75 09  |�A��U�.]r..�U�u.|
00000050  f7 c1 01 00 74 03 fe 46  10 66 60 80 7e 10 00 74  |��..t.�F.f`.~..t|
00000060  26 66 68 00 00 00 00 66  ff 76 08 68 00 00 68 00  |&fh....f�v.h..h.|
00000070  7c 68 01 00 68 10 00 b4  42 8a 56 00 8b f4 cd 13  ||h..h..�B.V..��.|
00000080  9f 83 c4 10 9e eb 14 b8  01 02 bb 00 7c 8a 56 00  |..�..�.�..�.|.V.|
00000090  8a 76 01 8a 4e 02 8a 6e  03 cd 13 66 61 73 1c fe  |.v..N..n.�.fas.�|
000000a0  4e 11 75 0c 80 7e 00 80  0f 84 8a 00 b2 80 eb 84  |N.u..~......�.�.|
000000b0  55 32 e4 8a 56 00 cd 13  5d eb 9e 81 3e fe 7d 55  |U2�.V.�.]�..>�}U|
000000c0  aa 75 6e ff 76 00 e8 8d  00 75 17 fa b0 d1 e6 64  |�un�v.�..u.����d|
000000d0  e8 83 00 b0 df e6 60 e8  7c 00 b0 ff e6 64 e8 75  |�..���`�|.���d�u|
000000e0  00 fb b8 00 bb cd 1a 66  23 c0 75 3b 66 81 fb 54  |.��.��.f#�u;f.�T|
000000f0  43 50 41 75 32 81 f9 02  01 72 2c 66 68 07 bb 00  |CPAu2.�..r,fh.�.|
00000100  00 66 68 00 02 00 00 66  68 08 00 00 00 66 53 66  |.fh....fh....fSf|
00000110  53 66 55 66 68 00 00 00  00 66 68 00 7c 00 00 66  |SfUfh....fh.|..f|
00000120  61 68 00 00 07 cd 1a 5a  32 f6 ea 00 7c 00 00 cd  |ah...�.Z2��.|..�|
00000130  18 a0 b7 07 eb 08 a0 b6  07 eb 03 a0 b5 07 32 e4  |.��.�.��.�.��.2�|
00000140  05 00 07 8b f0 ac 3c 00  74 09 bb 07 00 b4 0e cd  |....��<.t.�..�.�|
00000150  10 eb f2 f4 eb fd 2b c9  e4 64 eb 00 24 02 e0 f8  |.�����+��d�.$.��|
00000160  24 02 c3 49 6e 76 61 6c  69 64 20 70 61 72 74 69  |$.�Invalid parti|
00000170  74 69 6f 6e 20 74 61 62  6c 65 00 45 72 72 6f 72  |tion table.Error|
00000180  20 6c 6f 61 64 69 6e 67  20 6f 70 65 72 61 74 69  | loading operati|
00000190  6e 67 20 73 79 73 74 65  6d 00 4d 69 73 73 69 6e  |ng system.Missin|
000001a0  67 20 6f 70 65 72 61 74  69 6e 67 20 73 79 73 74  |g operating syst|
000001b0  65 6d 00 00 00 63 7b 9a  ac 7f e3 cb ed 2b 00 00  |em...c{.�.���+..|
000001c0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001d0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001e0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001f0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 55 aa  |..............U�|
00000200  c5 95 41 45 2d c2 c0 3d  6f 31 99 9d ca 9c 3b d1  |�.AE-��=o1..�.;�|
00000210  0d ac 55 0e 31 2e ac 2b  3e 87 ae 54 6d 24 84 66  |.�U.1.�+>.�Tm$.f|
00000220  ad 38 e1 3e c1 c4 16 d9  1a dd 06 71 ee e3 52 00  |�8�>��.�.�.q��R.|
00000230  12 2b 30 f4 b9 c4 81 7d  6b 82 fa c5 39 35 39 10  |.+0���.}k.��959.|
00000240  70 a0 f6 92 20 cb f1 8e  f9 e0 80 f1 74 b8 f3 d9  |p��. ��.��.�t���|
00000250  3f 87 7a 7e bc 06 51 83  6d 46 fb 68 78 68 cb 7e  |?.z~�.Q.mF�hxh�~|
00000260  46 b3 8e c4 f2 24 f0 81  76 0b ea 98 ef 92 76 92  |F�.��$�.v.�.�.v.|
00000270  91 3d 91 dc 47 1e 5e 86  09 5f 92 cb 18 86 f7 e2  |.=.�G.^.._.�..��|
00000280  cf 45 6e 02 6b 24 3a 3d  a3 a3 b1 ee 05 df f5 df  |�En.k$:=����.���|
00000290  32 3a 77 c4 c7 cd 65 d7  65 6d a1 f5 a7 78 6c 9b  |2:w���e�em���xl.|
000002a0  f9 dc 6e 90 da 90 ef 1c  a7 f9 fa f5 0a f0 d0 ab  |��n.�.�.����.�Ы|
000002b0  bf 09 b8 da 8c e0 a8 e6  88 87 79 34 33 8d e1 2f  |�.��.���..y43.�/|
000002c0  be d1 39 b1 72 f8 0d 99  b1 fe 1d 8e b9 bf 81 68  |��9�r�..��..��.h|
000002d0  17 71 a6 42 1c d5 da 5f  a2 2a ce 2e 58 a6 e2 2d  |.q�B.��_�*�.X��-|
000002e0  9a 87 ab 81 80 78 4b f9  ce e3 59 c2 ad d4 b9 f1  |..�..xK���YԹ�|
000002f0  97 eb 1f ba 4c 3f 01 33  ee cd 4d ba 65 d1 94 97  |.�.�L?.3��M�e�..|
00000300  13 66 e5 e5 3f c2 ce 43  0d db 20 ab b3 da cd 19  |.f��?��C.� ����.|
00000310  4f e6 8a db 49 68 a9 70  d6 65 23 6e 8d e2 2a e3  |O�.�Ih�p�e#n.�*�|
00000320  8a 65 61 f8 cf c0 57 44  bb ab ce 60 51 db 72 81  |.ea���WD���`Q�r.|
00000330  e8 55 3d 0a 8f 9d 30 06  8d d9 f9 48 82 8c af 80  |�U=...0..��H..�.|
00000340  34 6d 24 a3 58 28 0c 82  d8 62 f3 91 40 db eb 89  |4m$�X(..�b�.@��.|
00000350  d9 3e fd 01 40 fc 76 41  7e a2 ce 5e 13 4c b4 bf  |�>�.@�vA~��^.L��|
00000360  a2 be 52 24 e5 6a 08 bf  d0 62 ef 79 22 0e 79 bc  |��R$�j.��b�y".y�|
00000370  39 82 08 13 8a b4 a7 fd  42 65 2b 47 03 6c b8 92  |9....���Be+G.l�.|
00000380  54 ed d8 8c c2 77 38 60  f8 ee a6 f5 cc 1a bd b2  |T��.�w8`�����.��|
00000390  71 e3 42 41 15 b5 b3 ac  c0 99 22 56 f8 ec 07 0c  |q�BA.����."V��..|
000003a0  1f 88 bb 43 bf d2 7e c8  57 98 a3 46 e9 53 51 f5  |..�C��~�W.�F�SQ�|
000003b0  51 b5 ce ea 41 48 35 59  bc c0 a3 f4 fb c4 bf 3f  |Q���AH5Y����Ŀ?|
000003c0  65 71 2f 99 b7 59 38 2d  13 f6 c6 2d 05 89 bb 2a  |eq/.�Y8-.��-..�*|
000003d0  23 0a eb 88 fd 6f 9e 04  3e 91 52 02 f3 b0 e1 34  |#.�.�o..>.R.���4|
000003e0  81 f1 21 15 bc 35 87 bb  27 bf 43 04 4d eb ca ca  |.�!.�5.�'�C.M���|
000003f0  06 d0 77 3e d8 07 b9 d0  91 03 00 78 c6 93 c1 70  |.�w>�.��...x�.�p|

Sector 1 decrypts to all zeroes.

themaddoctor · 2017-07-05T05:54:46Z

P.S. Regarding the way ReallyMine handles passwords on Symwaves, my opinion is that it should NOT use the hardcoded key to get the KEK. This allows someone to circumvent the password protection on a stolen drive. I ain't no lawyer, but I think that would make RM illegal in the US, under the DMCA of 2000.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

XTS mode #39

XTS mode #39

themaddoctor commented May 6, 2017

andlabs commented May 6, 2017

themaddoctor commented May 6, 2017

themaddoctor commented May 6, 2017

andlabs commented May 6, 2017 •

edited

Loading

themaddoctor commented May 6, 2017

themaddoctor commented May 9, 2017

MrDecay commented May 9, 2017 via email

themaddoctor commented May 9, 2017

themaddoctor commented May 9, 2017

themaddoctor commented May 9, 2017

andlabs commented Jun 1, 2017

MrDecay commented Jun 13, 2017 via email

andlabs commented Jun 13, 2017

themaddoctor commented Jul 5, 2017

themaddoctor commented Jul 5, 2017

XTS mode #39

XTS mode #39

Comments

themaddoctor commented May 6, 2017

andlabs commented May 6, 2017

themaddoctor commented May 6, 2017

themaddoctor commented May 6, 2017

andlabs commented May 6, 2017 • edited Loading

themaddoctor commented May 6, 2017

themaddoctor commented May 9, 2017

MrDecay commented May 9, 2017 via email

themaddoctor commented May 9, 2017

themaddoctor commented May 9, 2017

themaddoctor commented May 9, 2017

andlabs commented Jun 1, 2017

MrDecay commented Jun 13, 2017 via email

andlabs commented Jun 13, 2017

themaddoctor commented Jul 5, 2017

themaddoctor commented Jul 5, 2017

andlabs commented May 6, 2017 •

edited

Loading