As far as hobbies go, auditing high security external hard drives is not terribly popular. But it’s what [Raphaël Rigo] is into, and truth be told, we’re glad it’s how he gets his kicks. Not only does it make for fascinating content for us to salivate over, but it’s nice to know there’s somebody with his particular skill set out there keeping an eye out for dodgy hardware.

The latest device to catch his watchful eye is the Aigo “Patriot” SK8671. In a series of posts on his blog, [Raphaël] tears down the drive and proceeds to launch several attacks against it until he finally stumbles upon the trick to dump the user’s encryption PIN. It’s not exactly easy, it did take him about a week of work to sort it all out, but it’s bad enough that you should probably take this particular item off the wishlist on your favorite overseas importer.

[Raphaël] treats us to a proper teardown, including gratuitous images of chips under the microscope. He’s able to identify a number of components on the board, including a PM25LD010 SPI flash chip, Jmicron JMS539 USB-SATA controller, and Cypress CY8C21434 microcontroller. By hooking his logic analyzer up to the SPI chip he was able to dump its contents, but didn’t find anything that seemed particularly useful.

The second post in the series has all the gory details on how he eventually gained access to the CY8C21434 microcontroller, including a description of the methods which didn’t work (something we always love to see). X force keygen autocad 2019. [Raphaël] goes into great detail about the attack that eventually busted the device open: “cold boot stepping”. This method allowed him to painstakingly copy the contents of the chip’s flash; pulling 8192 bytes from the microcontroller took approximately 48 hours. By comparing flash dumps he was able to eventually discover where the PIN was being stored, and as an added bonus, found it was in plaintext. A bit of Python later, and he had a tool to pull the PIN from the drive’s chip.

This isn’t the first time we’ve seen a “secure” hard drive that ended up being anything but. We’ve even been witness to a safe being opened over Bluetooth. Seems like this whole “Security by Obscurity” thing might not be such a hot idea after all…

Page 1 of 2
[ 25 posts ] Go to page1, 2Next
Previous topic Next topic
AuthorMessage
Posted: January 28th, 2010, 19:56

Joined: November 17th, 2009, 18:01
Posts: 106
Location: 6 Feet Under
I have had about 10 drives from western digitals newest models with smartware (ex. WDBAAF0020HBK) that the componets on the external controller board have failed, unfortunately when I hook the drives to the computer the drive looks as though it is encrypted. I had spent a good amount of time verifying with the clients and they all swore they never passworded / encrypted their drives. What I did was I bought one of these drives, put data onto it, then removed it from the enclosure and hooked it up to my computer via usb adapter, and the same issue, data is on the drive everywhere it should be, but is encrypted, however when I use the controller card the data is there and usuable. Has anyone else run into this and has anyone come up with a solution for this issue?


Top
Posted: January 28th, 2010, 22:16

Joined: August 12th, 2008, 13:11
Posts: 3241
Location: USA
WD's best-selling My Book Essential USB external Hard Drive features WD SmartWare Software that backs up your Data automatically and continuously, shows your backup as it happens, and brings back lost files effortlessly. Secure the drive with military-grade, 256-bit hardware-based Encryption and password protection.

Ugh.

_________________
You don't have to backup all of your files, just the ones you want to keep.


Top
Posted: January 28th, 2010, 23:37

Joined: November 17th, 2009, 18:01
Posts: 106
Location: 6 Feet Under
I realized they had hardware encryption, but I still would have figured client would have to enable it, however I researched the topic and understand now. Hmm, any suggestions for how to get around this when I have a failed controller board?


Top
Posted: January 29th, 2010, 10:49

Joined: June 23rd, 2008, 11:26
Posts: 481
Location: Austin, TX
We had a WD come in a couple weeks ago with the same issue. We removed the drive from the enclosure and realized that all the data was encrypted. Then we did some research and noticed that the controller card in the external enclosure that has the USB connection is what stores the encryption information. At least from our tests of that one specific drive.
They fried that controller, luckily one of our engineers was able to get it working again. So we hooked up the drive back to the external enclosure, plugged it in through USB and the data was there waiting for extraction.
The client will have no idea that it is encrypted since it is encrypted from the manufacturer.
That is as far as our research went, since we were able to get the data back.
so you need both the drive and the enclosure working


Top
Posted: January 29th, 2010, 13:27

Joined: November 17th, 2009, 18:01
Posts: 106
Location: 6 Feet Under
We had a WD come in a couple weeks ago with the same issue. We removed the drive from the enclosure and realized that all the data was encrypted. Then we did some research and noticed that the controller card in the external enclosure that has the USB connection is what stores the encryption information. At least from our tests of that one specific drive.
They fried that controller, luckily one of our engineers was able to get it working again. So we hooked up the drive back to the external enclosure, plugged it in through USB and the data was there waiting for extraction.
The client will have no idea that it is encrypted since it is encrypted from the manufacturer.
That is as far as our research went, since we were able to get the data back.
so you need both the drive and the enclosure working

Thanks, that's pretty much the conclusion had come to, but I just wanted to see if there were any other ways to do it besides the solution I've come up with


Top
Posted: January 30th, 2010, 23:41

Joined: January 6th, 2010, 7:38
Posts: 72
Location: Australia
What wd have done here seems pointless or am I missing something??? I mean, what is the point of having an encryption scheme between two components that travel together in the same case - how does this make one's data safer??


Top
Posted: February 1st, 2010, 10:03

Joined: June 23rd, 2008, 11:26
Posts: 481
Location: Austin, TX
What wd have done here seems pointless or am I missing something??? I mean, what is the point of having an encryption scheme between two components that travel together in the same case - how does this make one's data safer??

Surprisingly i am still confused on this as well. Unless the client is supposed to put a password on first time use. If not the default encryption seems a little unnecessary. Since if you were to lose the device it is not like just the drive would get lost.
There may be more to this, but I have yet to see it


Top
Posted: February 1st, 2010, 14:20

Joined: January 6th, 2010, 7:38
Posts: 72
Location: Australia
What wd have done here seems pointless or am I missing something??? I mean, what is the point of having an encryption scheme between two components that travel together in the same case - how does this make one's data safer??

Surprisingly i am still confused on this as well. Unless the client is supposed to put a password on first time use. If not the default encryption seems a little unnecessary. Since if you were to lose the device it is not like just the drive would get lost.
There may be more to this, but I have yet to see it

Glad I'm not the only one bemused by this
Please, someone tell us we've got it wrong, that wd haven't created a system were the data is padlocked but with no way to take the key out of the padlock


Top
Posted: February 1st, 2010, 16:16

Joined: August 12th, 2008, 13:11
Posts: 3241
Location: USA
Typically drives like this come with some sort of manufacturer software to put a password to the encryption (for a similar example see any flash drive with a SanDisk controller).

_________________
You don't have to backup all of your files, just the ones you want to keep.


Top
Posted: February 1st, 2010, 22:40

Joined: January 6th, 2010, 7:38
Posts: 72
Location: Australia
Ah, ok. So the data is always encrypted and if you have not nominated a password, then the data will always be decrypted when plugged into another m/c.
If you have nominated a password, then you'll be asked to enter that password when the drive is plugged to another m/c.
So by not nominating a password, the key is indeed left in the padlock - fair enough, but unfortunately if the hardware goes up in smoke, that key is lost.
Would be better for all if no password = no encryption


Top
Posted: February 1st, 2010, 23:07

Joined: August 12th, 2008, 13:11
Posts: 3241
Location: USA
And that's what makes recovering data from SanDisk flash drives fun!

_________________
You don't have to backup all of your files, just the ones you want to keep.


Top
Posted: February 2nd, 2010, 17:38

Joined: November 17th, 2009, 18:01
Posts: 106
Location: 6 Feet Under
And even better the 2.5' drives are encrypted and the controller is built onto the LB, should be a fun new obstacle


Top
Posted: February 2nd, 2010, 18:24

Joined: August 12th, 2008, 13:11
Posts: 3241
Location: USA

_________________
You don't have to backup all of your files, just the ones you want to keep.


Top
Posted: February 2nd, 2010, 19:20

Joined: July 16th, 2008, 17:52
Posts: 490
Location: Long Beach, California
I hope you have your IR BGA rework station ready

Sigh, the future of data recovery is IR BGA reworking all day, and rebuilding controller algorithms all night..


Top
Posted: February 2nd, 2010, 20:53

Joined: August 12th, 2008, 13:11
Posts: 3241
Location: USA

_________________
You don't have to backup all of your files, just the ones you want to keep.


Top
Posted: March 1st, 2010, 10:32

Joined: November 17th, 2009, 18:01
Posts: 106
Location: 6 Feet Under
I hope you have your IR BGA rework station ready

Sigh, the future of data recovery is IR BGA reworking all day, and rebuilding controller algorithms all night..

Unfortunately seems you are right, since my original post I am starting to see an outbreak of this issue from all across the board, not just WD


Top
Posted: March 1st, 2010, 11:15

Joined: March 22nd, 2009, 0:19
Posts: 272
Location: behind the platter
My guess is the built-in hardware/software encryption is going to make thing a bit harder..
ATA is no longer seen as a safe enough protection, so the newer and harder one to break is already on the market.
Started to see Bit-Lock to Go encrypted drives with damaged original MB that has the key chip now..
It seems that the DR price will never go down but to go up with the new technology keeps coming out and make it so much harder to get the data back from the hard drives.
Data Security & Personal Data Protection can also stop clients from getting their data back. May be it's time for some one to explain general public when to pick the protected hard drive over average non-protected hard drive. Over Used protection devices can financially hurt people in the case of their data loss
For most computer users at home to include myself really don't need hardware encrypted hard drives for the family photos and personal financial data. If the bad guys hack into our computer, even the drive was encrypted, they are going to see everything since the data was already unencrypted by myself by logging into the computer or leaving it on.
If the computer was off, there is no need for the encrypted drives to protect your data from hackers, because more than likey you don't have that top secret materials that hackers will try to break in even your computer was off.
It seems people are over reacting to the data security and end up costing themself more in case of the drive failure or misuse of the encryption devices. (I.E, mis-set the password or lost keys or hard drive crash)

Last edited by hddmania on March 1st, 2010, 11:24, edited 1 time in total.

Top
Posted: March 1st, 2010, 11:21

Joined: November 17th, 2009, 18:01
Posts: 106
Location: 6 Feet Under
Honestly to me it seems like they are trying to kill the Data Recovery industry, offing encryption that the end user does not notice, and does really not get a benefit from, then when they send it for recovery it cant be done. Needless to say my facility is working on a solution


Top
Posted: March 1st, 2010, 12:39

Joined: August 12th, 2008, 13:11
Posts: 3241
Location: USA
Needless to say my facility is working on a solution

Well when you crack 256-bit AES watch out for the NSA at your door

_________________
You don't have to backup all of your files, just the ones you want to keep.


Top
Posted: March 1st, 2010, 15:12

Joined: November 17th, 2009, 18:01
Posts: 106
Location: 6 Feet Under
Needless to say my facility is working on a solution

Well when you crack 256-bit AES watch out for the NSA at your door

Can't go into detail, but we have some tricks up our sleeves


Top
Page 1 of 2
[ 25 posts ] Go to page1, 2Next