WD My Cloud Duo 8Tb NAS Encryption Issue

Moderators: Roman_TS, Maxim_TS, Filipp_TS

User avatar
DataMedics
Advanced user
Posts: 579
Joined: 15.12.15
Reputation: 16 / (163)

WD My Cloud Duo 8Tb NAS Encryption Issue

Postby DataMedics » 31.01.17, 22:37

I've got a couple NAS drives here (I don't have the NAS though) which appear to be WD encrypted. When I scan for the key it only finds the "Self Encrypting HDD" key, no others. However, if I use that key the data is still encrypted. It changes obviously, but it's still scrambled. I know usually two keys are found, and you just have to determine which is the correct one. I'm wondering if this is one that's not yet supported by PC-3000.?.?

I've attached modules 25 and 38 to this post for you to look at. Didn't find any key sectors in the latter LBA's of the drive, so it's just the SA copies. Both drives appear to use the same key starting with IVP0, and it's the same key in both module 25 and 38. Any insights on this one?
Attachments
25 & 38.rar
(925 Bytes) Downloaded 191 times

User avatar
DataMedics
Advanced user
Posts: 579
Joined: 15.12.15
Reputation: 16 / (163)

Re: WD My Cloud Duo 8Tb NAS Encryption Issue

Postby DataMedics » 02.02.17, 01:05

Bump! I really need an answer on this. Need to know if the customer is just screwed or if we'll need to just wait for the software to catch up to this one.

User avatar
300ddr
User
Posts: 233
Joined: 18.01.12
Reputation: 3 / (28)

Re: WD My Cloud Duo 8Tb NAS Encryption Issue

Postby 300ddr » 02.02.17, 08:56

Dang, don't have an answer for you. But, interesting to hear that WD NAS drives are encrypted now. That's new AFAIK. Did you raw scan drive to confirm it's encrypted? Is SED checked in HDD ID (did you try checking/unchecked then searching for key?)? Did you fix mod 2?

User avatar
DataMedics
Advanced user
Posts: 579
Joined: 15.12.15
Reputation: 16 / (163)

Re: WD My Cloud Duo 8Tb NAS Encryption Issue

Postby DataMedics » 02.02.17, 21:43

Yes, I raw scanned both with and without using the SED decryption key. Not a single file found either way, and manually looking at the data it's clearly encrypted both ways. No visible text or file signatures to be found. I've got two drives as it was a RAID 1, both are in the same condition.

After reviewing the case in more detail with the customer it seems the NAS was working perfectly fine until they attached a second NAS to the network. On initial configuration using the WD utility to set up the new NAS it apparently sent the signal to both NASes telling them to set up a new RAID 1. At that point, the NAS with all the data became blank though still functional. So I'm thinking that it likely just reset the encryption key, and unfortunately didn't leave any remnants behind that I can find of the old key.


drdoc
New user
Posts: 124
Joined: 07.12.11
Reputation: 2 / (20)

Re: WD My Cloud Duo 8Tb NAS Encryption Issue

Postby drdoc » 04.10.17, 09:17

I have the same situation. wd with 2 4tb striped
drives encrypted

Ace - whats the answer
skype: wayne_horner
Alandata Data Recovery


ThomasH
New user
Posts: 77
Joined: 11.01.12
Reputation: 2 / (21)

Re: WD My Cloud Duo 8Tb NAS Encryption Issue

Postby ThomasH » 01.02.18, 20:54

MyBook Duo (Encrypted?) VS My Cloud Home (KDDFS)
I thought I'd mention this in case it helps, even if it's not applicable with certainty to this case, however, it might be, since yours is a 'My Cloud'. Also, you might have both complications to fight through...
I've run into a 2 or 3 MyBook Duos (none lately though), and I never figured out the encryption. I just got my first new (July 2017) single-drive My Cloud Home drive. The internal drive had fw+bad sector issues, but cloned with only 3 bad sectors. DE/Rstudio/UFS Explorer see the main partition as EXT/EXT4 (which was different if I recall compared to regular MyBook Duos that were actually encrypted and had no partition access...from memory). On this single-drive My Cloud Home drive, no actual customer files were accessable via normal means or with software I'm aware of (on the SATA-direct-connected clone), though you could tell space was occupied in extremely long paths...just no doc, jpg, etc file access. I attached the clone (on another WD drive just in case) to the SATA-network adapter PCB and hooked up the drive to our network. Once I had the user's email login and password, I was then able to access the data both via the WD Cloud webpage and with the WD discovery software you can download for the drive. At this point we realized the customer had access too :), so make sure to have it on a local-only network, or that you've somehow blocked the necessary ports during the recovery process or you might give out a freebie.
The file system that Windows Explorer names the mapped network drive as is 'KDDFS', which I think is WD-proprietary.
I got lucky with this one that the clone is 99.9999%+ perfect, but I worry what may happen with these when that's not the case, since I couldn't figure out a way to do much else but depend on the WD system to work on its own after the cloning.


AJ2008
Posts: 1330
Joined: 25.11.08
Reputation: 10 / (104)

Re: WD My Cloud Duo 8Tb NAS Encryption Issue

Postby AJ2008 » 02.02.18, 15:27

Some newer models have encryption keys somehow related to ATA security. did these have ATA locks on them after removal from enclosure?


Return to “PC-3000 Express, UDMA-E, Portable”

Who is online

Users browsing this forum: No registered users and 1 guest