User avatar
Jared
Forum Admin
Posts: 3301
Joined: Mon Jan 12, 2015 12:32 pm
Location: Providence, RI
Contact: Website Facebook Twitter Skype YouTube Google+

Brute Force Through WD Password Protection

Thu May 19, 2016 2:11 pm

So I'm considering looking into setting up a hardware brute force decryption machine for the purpose of breaking WD's encryption. Perhaps something like this: https://sagitta.pw/hardware/gpu-compute-nodes/invictus/ only homemade.

According to this article it seems that it's totally doable to crack the user password once you have the key sector stored in the SA. From what the article explains most WD encryption works like this:

User password is used to generate Key Encryption Key (KEK)
KEK is then used to encrypt Disk Encryption Key (DEK - what we normally use to decrypt data)
This results in a eDEK which can be read the normal way by PC-3000 in lieu of the DEK (which was replaced with the eDEK).

So a brute force attack would basically be running every possible AES-256 password possible to see which one results in the key for the eDEK so it can be decrypted back to the DEK and used in PC-3000 to decrypt.

A simple open source tool like hashcat could probably be employed and run on hardware with multiple GPUs to accomplish it.

Of course such a service would only be offered to law enforcement agencies. Doing this commercially would simply be unethical.

jol
Data Recovery Pro
Posts: 641
Joined: Thu Jan 29, 2015 11:31 pm

Brute Force Through WD Password Protection

Fri May 20, 2016 12:22 am

Jared wrote:So a brute force attack would basically be running every possible AES-256 password possible to see which one results in the key for the eDEK

Brute forcing AES-256 will take you awhile
Just kidding it will take billions of years to do that
https://www.reddit.com/r/theydidthemath ... _a_aes256/
Or in other words "impossible"

User avatar
pclab
Forum Moderator
Posts: 1505
Joined: Tue Jan 13, 2015 4:55 pm
Contact: Website Facebook

Brute Force Through WD Password Protection

Fri May 20, 2016 3:09 am

I just wonder if it's profitable....
www.pclab.com.pt
facebook.com/PCLAB.Assistencia.Tecnica

User avatar
Jared
Forum Admin
Posts: 3301
Joined: Mon Jan 12, 2015 12:32 pm
Location: Providence, RI
Contact: Website Facebook Twitter Skype YouTube Google+

Brute Force Through WD Password Protection

Fri May 20, 2016 8:28 am

Not according to every article I've read. Would take a billion years if you didn't have the eDEK and had to just gust guess the DEK. However guessing a user pass is much faster as they rarely are 64 digits in length. Most user passwords I've seen are around 10 characters. Also they made the mistake of using a date stamp as part of the DEK and while I've yet to investigate how to use that to help, supposedly it drops the time necessary down to a few hours.

Though it's assumed they did fix that on the latest version.

Sent from my SM-N900V using Tapatalk

jol
Data Recovery Pro
Posts: 641
Joined: Thu Jan 29, 2015 11:31 pm

Brute Force Through WD Password Protection

Fri May 20, 2016 9:55 am

Jared wrote: However guessing a user pass is much faster as they rarely are 64 digits in length.

Digits only ?
Jared wrote:Most user passwords I've seen are around 10 characters.

And what you gonna do with this guy ?
The password I choose was 64 characters long

User avatar
Jared
Forum Admin
Posts: 3301
Joined: Mon Jan 12, 2015 12:32 pm
Location: Providence, RI
Contact: Website Facebook Twitter Skype YouTube Google+

Brute Force Through WD Password Protection

Fri May 20, 2016 10:18 am

jol wrote:Digits only ?


Characters, digits. Potato, parsnip. What's the difference?

jol wrote:And what you gonna do with this guy ?
The password I choose was 64 characters long


Probably give up. Or do it CIA style and waterboard the password out of him.

HaQue
Forum Moderator
Posts: 224
Joined: Mon Jan 12, 2015 7:56 pm

Brute Force Through WD Password Protection

Fri May 20, 2016 11:18 am

I'm with Jared on this. but not brute force... using a decent wordlist with some well defined rules can bring some pretty good results. a 64 char pass would be very uncommon, as well as anything over 9 chars.

But I don't agree with doing it only for law enforcement. Ive seen too many people just screwed because of the lost password. and if it is theirs, the benefit is most times they can give you some info of a likely password, making it much easier. Why should regular people have to lose their files just because it looks kind of questionable? just some basic proof required and I would be happy to do it. Obviously It would be not blindly done for anyone, but I don't like the general public getting screwed

jol
Data Recovery Pro
Posts: 641
Joined: Thu Jan 29, 2015 11:31 pm

Brute Force Through WD Password Protection

Fri May 20, 2016 11:55 am

Jared wrote:
jol wrote:Digits only ?


Characters, digits. Potato, parsnip. What's the difference?

A Hugh difference, if its only digits, then brute force will taka much less time then brute forcing every possible combination of Characters + digits + Potato + parsnip ;)

User avatar
DRUG
Data Recovery Noob
Posts: 28
Joined: Wed Apr 13, 2016 8:01 pm
Location: Porto, Portugal
Contact: Website Skype

Brute Force Through WD Password Protection

Wed Jun 01, 2016 7:28 am

The best way to do this would be with a GPU station. https://www.digitalintelligence.com/pro ... erstation/

However you must keep in mind that this tool and service are kinda of hard to pay off.

1- Power consumption, using this beauties will kill your bill.
2- you wont have many clients willing to pay.
3- hardware lifetime (this kind of hardware usage will make is lifespan short)

If this is a tool for a top notch forensic lab ? Of course.
Would this be viable on a DRlab ? Not in my opinion :/

P.S: You should also setup cracking ranges, like: password is between 4 chars and 10 chars, uses characters with numbers(ANkey) uses symbols, bla bla bla, this would reduce your cracking time!
Digital Forensics & Incident Response
Certified Engineer on SafeGuard Encryption

HaQue
Forum Moderator
Posts: 224
Joined: Mon Jan 12, 2015 7:56 pm

Brute Force Through WD Password Protection

Fri Jun 03, 2016 4:57 am

Okay, for the record I don't know anything about the implementation in WD HDDs.. but, I am thinking:

do you know what algorithm you can use to simulate the WD? I mean, what exactly are you going to process? Have you ripped some code from the WD or are able to somehow know what to test against? and how will you know if you have found the key?

When AES is implemented, I assume there isn't one simple algorithm used everywhere, I mean surely you would not:

stored passkey = AES-256(user_password)

would it not make sense to implement AES in some small algorithm? Then it would be extremely difficult to figure out how to use even knowledge of AES to decrypt it?

something like :

temp = backward(user_password)
temp = temp+temp
stored passkey = AES-256(temp)

then you can bang away at AES-256 as much as you want but you won't find the key.

or have I got it wrong and there is knowledge of how to compare a key to an encrypted one without using the drive?

Return to “Digital Forensics”

Who is online

Users browsing this forum: No registered users and 0 guests