Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't dump on mac os x #58

Open
thomasbrunstrom opened this issue Dec 28, 2017 · 5 comments
Open

Can't dump on mac os x #58

thomasbrunstrom opened this issue Dec 28, 2017 · 5 comments

Comments

@thomasbrunstrom
Copy link

Hello, I have a WD My Passport Air which I'm trying to decrypt (lost password) but all i get from the command line is the following:

$ reallymine dumpkeysector /dev/disk3 outfile.bin 
error running dumplast: non-empty sector not found

$ reallymine decrypt /dev/disk3 test2.img
error running decrypt: key sector not found

So my question is: Am I doing something wrong or is there anything else I can try?

I'm running on mac os x sierra if that's any importance.
The WD Security program finds the hard drive and asking me for the password (which i can't remember). And I'm using the right path to the drive. /dev/disk3.

The model on the case says 3214B R/n: D98, CBADDA. Let me know if you need any more information like P/N or S/N. (Don't know if that's something i should keep secret?)
@themaddoctor
Copy link

Won't work for passports unless you bypass the encryption chip. Some older models had the chip on a separate board, but for the newer ones, it is integrated into the disk controller board.

To use decryption software, the bare drive has to be connected to the computer with a nonWD enclosure or directly by SATA. With MyBook models, you can take the drive out of the case and remove the USB bridge card. For the new Passports, you can't.

There are ways to bypass the encryption chip. If you google it, you might find something. Someone once shared this link with me:
http://blog.acelaboratory.com/pc-3000-hdd-how-to-solder-a-sata-adapter-to-the-usb-western-digital-drive.html
Follow it at your own risk.

Even if you do bypass the encryption chip and get to the bare (encrypted) data, recovering a lost password might require more than ReallyMine. (it depends on which chip was used on your drive)

@andlabs
Copy link
Owner

andlabs commented Dec 28, 2017
edited
Loading

Does dumplast work? If not, you may need to use sudo.

@uayebforever uayebforever mentioned this issue Apr 24, 2018
Open
@gribbg
Copy link

gribbg commented Jun 27, 2018
edited
Loading

I had the same "sector not found" issue with dumpkeysector, decrypt, and dumplast on MacOS Sierra.

# reallymine dumplast /dev/disk5 dumplast0627.out
error running dumplast: non-empty sector not found

I believe I have been able to work around the issues by using decryptfile after manually extracting the sectors and DEK based on @themaddoctor's instructions, but it has been very slow (more than 24 hours each to make disk image and run decryption on that image).

I can post the steps I used if there is interest and after I confirm that it worked.

One small concern, I got lots of errors like this while the decrypt was running:

fatal error: systemstack called from unexpected goroutine

@andlabs
Copy link
Owner

andlabs commented Jun 27, 2018

For that fatal error, I probably need to rebuild with a newer Go.

Yes, it's slow. #38 is the relevant issue, but I'm getting people telling me it doesn't actually work... and I don't know why.

@themaddoctor
Copy link

If you have the JMS538S chip, could you please post your keyblock? (hexdump -C kb.bin) Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@andlabs @thomasbrunstrom @themaddoctor @gribbg