How to unlock password protected WD external hard disk on Manjaro?

I been using WD external hard disk on Windows for years. I just switched to Manjaro few weeks ago. The hard disk is unable to be unlocked on Manjaro as it was on Windows because the unlock password exe file (using wine) simply does not work in Linux.

The solution I could find on web only works on Linux Ubuntu (as below)

So, is there any way I can unlock the hard disk on Manjaro? I do not want to use virtual machine as it is very resources heavy.

You cannot unlock a drive locked with a Windows encryption application.

You will have to load Windows - unlock the device - copy the data to an unencrypted device. After applying some heavy searching - encrypt the data using an opensource encryption which works on both platforms.

Python files are portable - as long as any imported libraries are available - python works identical on Manjaro and Ubuntu.

DISCLAIMER: You will have to work out which libraries are needed for import.

2 Likes

Working on python or .py files to find out which one would work on Manjaro would be quite challenging for me as a new user. Anyway, I guess that what I have to sort out.

For the time being, I figured out I can remove the password on Windows and just use the unencrypted disk on Manjaro. That would defeat the purpose of having an encryptable external hard disk. But until it has been worked out, I need to go with this.

@linux-aarhus has already given you the solution. Now that you have the drive unencrypted, copy the contents and install an open source multi-platform encrytion software.

1 Like

Okay, got it. Not sure if this is the solution I want. As you said, I can use software like Veracrypt to encrypt my files. I somehow prefer to use the default encryption method provided by the manufacturer.

It is much more straight forward, I can share my hard disk with my friends and just tell them the password. If I use external software, I would need to teach my friends how to set that up and may need to explain some technical terms to them as well. If possible, I prefer to have WD security utilities package in Manjaro.

Sorry, but I don't see the need for encrypting an entire drive you are sharing around. It would make more sense to merely encrypt a folder on the drive containing your sensitive data and leave your media files etc that you want to share unencypted.

Do as you please, but I would personally not use proprietary software for encrypting any of my data.

5 Likes

@tbg Thank you for your feedback.
Actually it is the sensitive data I want to share with my friends. I want to share all the data with my friends and prevent others from assessing the data.

1 Like

I took a closer look at the link you provided.

It appears quite self contained and quite easy to setup.

I don't have a WD drive - but I can give you a list of commands you can run to make that particular script workable on Manjaro.


First thing is to get the uility into your path by creating a folder ~/.local/bin.

mkdir ~/.local/bin

Then cd into the folder

cd ~/.local/bin

Download the file from the original git repo using wget

wget https://raw.githubusercontent.com/0-duke/wdpassport-utils/master/wdpassport-utils.py

Make the downloaded script file executable

chmod +x wdpassport-utils.py

The local bin folder - even if it did not exist - is in your path - check it by running

which wdpassport-utils.py

According to the repo - the script has two dependencies

  • lsscsi
  • py_sg

The package lssci is in the repo - so install it with pacman

sudo pacman -Syu lsscsi

The py_sg package is a python package and because we do not run pip as root or using sudo - we install it for the user only

pip install --user py_sg

With that package installed - it should now be possible to run decrypt your wd device by running the command

wdpassport-utils.py

Now you test it - feedback is welcome.

2 Likes

Hi @linux-aarhus, I followed all the steps above, when I executed the last one, the following came out:

[abc bin]$ wdpassport-utils.py
File "/home/abc/.local/bin/wdpassport-utils.py", line 13
except ImportError, e:
^
SyntaxError: invalid syntax

Oh - the script is probably python2 then. Make a backup copy of the file

cd ~/.local/bin

cp wdpassport-utils.py wdpassport-utils.py.bak

Then convert it to python3

2to3 -w wdpassport-utils.py

Try again

This is what I got:

[abc bin]$ wdpassport-utils.py
File "/home/abc/.local/bin/wdpassport-utils.py", line 360
if (sec_status == 0x00 or sec_status == 0x02):
^
TabError: inconsistent use of tabs and spaces in indentation

This is the .py file

Even I don't have a device I checked the conversion.

I found the same as you - the thought it would be enough to install the py_sg as user is not working on my system. So I think my initial idea - to create a virtual environment is necessary.

I have gone over the wdpassport-utils.py and fixed the indentations and some other code issues - it seems python have radically changed since the script was written 5 years ago.

The age of the script also indicates - it may not work with your device - but that is on you.


Because python 3 is now used the py_sg don't work.

We need the py3_sg package instead - I have modified the script to display the py3_sg package dependency in the import error message.


To make this work without messing with system python - do as follow

sudo pacman -Syu virtualenvwrapper

Source the wrapper

source /usr/bin/virtualenvwrapper

Create a virtual environment

mkvirtualenv wd-util

This will make the wd-util the working python and you can install the py3_sg package

pip install py3_sg

Then run the wdpassport script with sudo

(wd-util) /data/projects/wd-util >>> sudo ./wdpassport-utils.py -h           [1]
WD Passport Ultra linux utility v0.1 by duke
usage: wdpassport-utils.py [-h] [-s] [-u] [-m] [-c] [-e] [-d DEVICE]

optional arguments:
  -h, --help            show this help message and exit
  -s, --status          Check device status and encryption type
  -u, --unlock          Unlock
  -m, --mount           Enable mount point for an unlocked device
  -c, --change_passwd   Change (or disable) password
  -e, --erase           Secure erase device
  -d DEVICE, --device DEVICE
                        Force device path (ex. /dev/sdb). Usually you don't
                        need this option.

Next time you need the wdpassport script just activate the environment

workon wd-util
wdpassport-utils.py
decativate

DISCLAIMER

I have no way of verifying if the script works as intended.

ANY USE OF THE BELOW SCRIPT IS ON YOU
I ASSUME NO RESPONSIBILITY IF YOU WRECK YOUR DEVICE

The read calls in py3_sg is different than the read calls in py_sg making it impossible for me to know if it is read_as_bin_str or read_into_buf.

  • line 107
  • line 142
Refactored wdpassport-utils.py
#!/usr/bin/env python
import sys
import os
import struct
import getpass
from hashlib import sha256
from random import randint
import argparse
import subprocess

try:
    import py3_sg as py_sg
except ImportError as e:
    print("You need to install the \"py3_sg\" module.")
    sys.exit(1)

BLOCK_SIZE = 512
HANDSTORESECURITYBLOCK = 1
DEVICE = None


# Print fail message with red leading characters
def fail(msg):
    return "\033[91m" + "[!]" + "\033[0m" + " " + msg


# Print fail message with green leading characters
def success(msg):
    return "\033[92m" + "[*]" + "\033[0m" + " " + msg


# Print fail message with blue leading characters
def question(msg):
    return "\033[94m" + "[+]" + "\033[0m" + " " + msg


def title(msg):
    return "\033[93m" + msg + "\033[0m"


# Return if the current user is root
def is_root_user():
    if os.geteuid() != 0:
        return False
    else:
        return True


# Convert an integer to his human-readable secure status
def sec_status_to_str(security_status):
    if security_status == 0x00:
        return "No lock"
    elif security_status == 0x01:
        return "Locked"
    elif security_status == 0x02:
        return "Unlocked"
    elif security_status == 0x06:
        return "Locked, unlock blocked"
    elif security_status == 0x07:
        return "No keys"
    else:
        return "unknown"


# Convert an integer to his human-readable cipher algorithm
def cipher_id_to_str(cipher_id):
    if cipher_id == 0x10:
        return "AES_128_ECB"
    elif cipher_id == 0x12:
        return "AES_128_CBC"
    elif cipher_id == 0x18:
        return "AES_128_XTS"
    elif cipher_id == 0x20:
        return "AES_256_ECB"
    elif cipher_id == 0x22:
        return "AES_256_CBC"
    elif cipher_id == 0x28:
        return "AES_256_XTS"
    elif cipher_id == 0x30:
        return "Full Disk Encryption"
    else:
        return "unknown"


# Transform "cdb" in char[]
def _scsi_pack_cdb(cdb):
    return struct.pack('{0}B'.format(len(cdb)), *cdb)


# Convert int from host byte order to network byte order
def htonl(num):
    return struct.pack('!I', num)


# Convert int from  host byte order to network byte order
def htons(num):
    return struct.pack('!H', num)


# Call the device and get the selected block of Handy Store.
def read_handy_store(page):
    cdb = [0xD8, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x01, 0x00]
    i = 2
    for c in htonl(page):
        cdb[i] = ord(c)
        i += 1
    data = py_sg.read(DEVICE, _scsi_pack_cdb(cdb), BLOCK_SIZE)
    return data


# Calculate checksum on the returned data
def hsb_checksum(data):
    c = 0
    for i in range(510):
        c = c + ord(data[i])
    c = c + ord(data[0])  # Some WD Utils count data[0] twice, some other not ...
    r = (c * -1) & 0xFF
    return hex(r)


# Call the device and get the encryption status.
# The function returns three values:
##
# SecurityStatus: 
# 0x00 => No lock
# 0x01 => Locked
# 0x02 => Unlocked
# 0x06 => Locked, unlock blocked
# 0x07 => No keys
# CurrentChiperID
# 0x10 =>	AES_128_ECB
# 0x12 =>	AES_128_CBC
# 0x18 =>	AES_128_XTS
# 0x20 =>	AES_256_ECB
# 0x22 =>	AES_256_CBC
# 0x28 =>	AES_256_XTS
# 0x30 =>	Full Disk Encryption
# KeyResetEnabler (4 bytes that change every time)

def get_encryption_status():
    cdb = [0xC0, 0x45, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x30, 0x00]
    data = py_sg.read(DEVICE, _scsi_pack_cdb(cdb), BLOCK_SIZE)
    if ord(data[0]) != 0x45:
        print(fail("Wrong encryption status signature %s" % hex(ord(data[0]))))
        sys.exit(1)
    #  SecurityStatus, CurrentChiperID, KeyResetEnabler
    return ord(data[3]), ord(data[4]), data[8:12]


# Call the device and get the first block of Handy Store.
# The function returns three values:
# 
# Iteration - number of iteration (hashing) in password generation
# Salt - salt used in password generation
# Hint - hint of the password if used. TODO.
def read_handy_store_block1():
    signature = [0x00, 0x01, 0x44, 0x57]
    sector_data = read_handy_store(1)
    # Check if retrieved Checksum is correct
    if hsb_checksum(sector_data) != hex(ord(sector_data[511])):
        print(fail("Wrong HSB1 checksum"))
        sys.exit(1)
    # Check if retrieved Signature is correct
    for i in range(0, 4):
        if signature[i] != ord(sector_data[i]):
            print(fail("Wrong HSB1 signature."))
            sys.exit(1)

    iteration = struct.unpack_from("<I", sector_data[8:])
    salt = sector_data[12:20] + chr(0x00) + chr(0x00)
    hint = sector_data[24:226] + chr(0x00) + chr(0x00)
    return iteration[0], salt, hint


# Perform password hashing with requirements obtained from the device
def mk_password_block(passwd, iteration, salt):
    """
    :param passwd:
    :param iteration:
    :param salt:
    :return:
    """
    clean_salt = ""
    for i in range(len(salt) / 2):
        if ord(salt[2 * i]) == 0x00 and ord(salt[2 * i + 1]) == 0x00:
            break
        clean_salt = clean_salt + salt[2 * i]

    password = clean_salt + passwd
    password = password.encode("utf-16")[2:]

    for i in range(iteration):
        password = sha256(password).digest()

    return password


# Unlock the device
def unlock():
    cdb = [0xC1, 0xE1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x28, 0x00]
    sec_status, cipher_id, key_reset = get_encryption_status()
    # Device should be in the correct state 
    if sec_status == 0x00 or sec_status == 0x02:
        print(fail("Your device is already unlocked!"))
        return
    elif sec_status != 0x01:
        print(fail("Wrong device status!"))
        sys.exit(1)
    if cipher_id == 0x10 or cipher_id == 0x12 or cipher_id == 0x18:
        pwblen = 16
    elif cipher_id == 0x20 or cipher_id == 0x22 or cipher_id == 0x28:
        pwblen = 32
    elif cipher_id == 0x30:
        pwblen = 32
    else:
        print(fail("Unsupported cipher %s" % cipher_id))
        sys.exit(1)

    # Get password from user
    print(question("Insert password to Unlock the device"))
    passwd = getpass.getpass()

    iteration, salt, hint = read_handy_store_block1()

    pwd_hashed = mk_password_block(passwd, iteration, salt)
    pw_block = [0x45, 0x00, 0x00, 0x00, 0x00, 0x00]
    for c in htons(pwblen):
        pw_block.append(ord(c))

    pwblen = pwblen + 8
    cdb[8] = pwblen

    try:
        # If there aren't exceptions the unlock operation is OK.
        py_sg.write(DEVICE, _scsi_pack_cdb(cdb), _scsi_pack_cdb(pw_block) + pwd_hashed)
        print(success("Device unlocked."))
    except:
        # Wrong password or something bad is happened.
        print(fail("Wrong password."))
        pass


# Change device password
# If the new password is empty the device state change and become "0x00 - No lock" meaning encryption is no more used.
# If the device is unencrypted a user can choose a password and make the whole device encrypted.
# 
# DEVICE HAS TO BE UNLOCKED TO PERFORM THIS OPERATION
##
def change_password():
    cdb = [0xC1, 0xE2, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x48, 0x00]
    sec_status, cipher_id, key_reset = get_encryption_status()
    if sec_status != 0x02 and sec_status != 0x00:
        print(fail("Device has to be unlocked or without encryption to perform this operation"))
        sys.exit(1)
    if cipher_id == 0x10 or cipher_id == 0x12 or cipher_id == 0x18:
        pwblen = 16
    elif cipher_id == 0x20 or cipher_id == 0x22 or cipher_id == 0x28:
        pwblen = 32
    elif cipher_id == 0x30:
        pwblen = 32
    else:
        print(fail("Unsupported cipher %s" % cipher_id))
        sys.exit(1)

    print(question("Insert the OLD password"))
    old_passwd = getpass.getpass()
    print(question("Insert the NEW password"))
    new_passwd = getpass.getpass()
    print(question("Confirm the NEW password"))
    new_passwd2 = getpass.getpass()
    if new_passwd != new_passwd2:
        print(fail("Password confirmation doesn't match the given password"))
        sys.exit(1)

    # Both passwords shouldn't be empty
    if len(old_passwd) <= 0 and len(new_passwd) <= 0:
        print(fail("Both passwords shouldn't be empty"))
        sys.exit(1)

    iteration, salt, hint = read_handy_store_block1()
    pw_block = [0x45, 0x00, 0x00, 0x00, 0x00, 0x00]
    for c in htons(pwblen):
        pw_block.append(ord(c))

    if len(old_passwd) > 0:
        old_passwd_hashed = mk_password_block(old_passwd, iteration, salt)
        pw_block[3] = pw_block[3] | 0x10
    else:
        old_passwd_hashed = ""
        for i in range(32):
            old_passwd_hashed = old_passwd_hashed + chr(0x00)

    if len(new_passwd) > 0:
        new_passwd_hashed = mk_password_block(new_passwd, iteration, salt)
        pw_block[3] = pw_block[3] | 0x01
    else:
        new_passwd_hashed = ""
        for i in range(32):
            new_passwd_hashed = new_passwd_hashed + chr(0x00)

    if pw_block[3] & 0x11 == 0x11:
        pw_block[3] = pw_block[3] & 0xEE

    pwblen = 8 + 2 * pwblen
    cdb[8] = pwblen
    try:
        # If exception isn't raised the unlock operation gone ok.
        py_sg.write(DEVICE, _scsi_pack_cdb(cdb), _scsi_pack_cdb(pw_block) + old_passwd_hashed + new_passwd_hashed)
        print(success("Password changed."))
    except:
        # Wrong password or something bad is happened.
        print(fail("Error changing password"))
        pass


# Change the internal key used for encryption, every data on the device would be permanently unaccessible.
# Device forgets even the partition table so you have to make a new one.
def secure_erase(cipher_id=0):
    cdb = [0xC1, 0xE3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00]
    status, current_cipher_id, key_reset = get_encryption_status()

    if cipher_id == 0:
        cipher_id = current_cipher_id

    pw_block = [0x45, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00]

    if cipher_id == 0x10 or cipher_id == 0x12 or cipher_id == 0x18:
        pwblen = 16
        pw_block[3] = 0x01
    elif cipher_id == 0x20 or cipher_id == 0x22 or cipher_id == 0x28:
        pwblen = 32
        pw_block[3] = 0x01
    elif cipher_id == 0x30:
        pwblen = 32
    # pw_block[3] = 0x00
    else:
        print(fail("Unsupported cipher %s" % cipher_id))
        sys.exit(1)

    # Set the actual lenght of pw_block (8 bytes + pwblen pseudorandom data)
    cdb[8] = pwblen + 8
    # Fill pw_block with random data
    for rand_byte in os.urandom(pwblen):
        pw_block.append(ord(rand_byte))

    # key_reset needs to be retrieved immidiatly before the reset request
    # status, current_cipher_id, key_reset = get_encryption_status()
    key_reset = get_encryption_status()[2]
    i = 2
    for c in key_reset:
        cdb[i] = ord(c)
        i += 1

    try:
        py_sg.write(DEVICE, _scsi_pack_cdb(cdb), _scsi_pack_cdb(pw_block))
        print(success("Device erased. You need to create a new partition on the device (Hint: fdisk and mkfs)"))
    except:
        # Something bad is happened.
        print(fail("Something wrong."))
        pass


# Get device info through "lsscsi" command
def get_device_info(device=None):
    if device is None:
        grep_string = "Passport"
    else:
        grep_string = device

    # Ex. from the following string 
    # "[23:0:0:0]   disk    WD       My Passport 0820 1012  /dev/sdb"
    # We extract 
    p = subprocess.Popen(
        "lsscsi | grep " + grep_string + " | grep -oP \"\/([a-zA-Z]+)\/([a-zA-Z0-9]+)\"",
        shell=True,
        stdout=subprocess.PIPE)
    # /dev/sdb
    complete_path = p.stdout.read().rstrip()
    p = subprocess.Popen(
        "lsscsi | grep " + grep_string + " | grep -oP \"\/([a-zA-Z]+)\/([a-zA-Z0-9]+)\" | cut -d '/' -f 3",
        shell=True,
        stdout=subprocess.PIPE)
    # sdb
    relative_path = p.stdout.read().rstrip()
    p = subprocess.Popen(
        "lsscsi -d|grep " + grep_string + "|cut -d ':' -f 1|cut -d '[' -f 2",
        shell=True,
        stdout=subprocess.PIPE)
    # 23
    host_number = p.stdout.read().rstrip()
    return complete_path, relative_path, host_number


# Enable mount operations 
# Tells the system to scan the "new" (unlocked) device
def enable_mount(device):
    sec_status, cipher_id, key_reset = get_encryption_status()
    # Device should be in the correct state 
    if sec_status == 0x00 or sec_status == 0x02:
        rp, hn = get_device_info(device)[1:]
        p = subprocess.Popen(
            "echo 1 > /sys/block/" + rp + "/device/delete", shell=True)
        p = subprocess.Popen(
            "echo \"- - -\" > /sys/class/scsi_host/host" + hn + "/scan", shell=True)
        print(success("Now depending on your system you can mount your device or it will be automagically mounted."))
    else:
        print(fail("Device needs to be unlocked in order to mount it."))


# Main function, get parameters and manage operations
def main(argv):
    global DEVICE
    print(title("WD Passport Ultra linux utility v0.1 by duke"))
    parser = argparse.ArgumentParser()
    parser.add_argument("-s", "--status", required=False, action="store_true",
                        help="Check device status and encryption type")
    parser.add_argument("-u", "--unlock", required=False, action="store_true", help="Unlock")
    parser.add_argument("-m", "--mount", required=False, action="store_true",
                        help="Enable mount point for an unlocked device")
    parser.add_argument("-c", "--change_passwd", required=False, action="store_true",
                        help="Change (or disable) password")
    parser.add_argument("-e", "--erase", required=False, action="store_true", help="Secure erase device")
    parser.add_argument("-d", "--device", dest="device", required=False,
                        help="Force device path (ex. /dev/sdb). Usually you don't need this option.")

    args = parser.parse_args()

    if not is_root_user():
        print(fail("You need to have root privileges to run this script."))
        sys.exit(1)

    if len(sys.argv) == 1:
        args.status = True

    if args.device:
        device = args.device
    else:
        # Get occurrences of "Passport" devices
        p = subprocess.Popen(
            "lsscsi | grep Passport | wc -l", shell=True, stdout=subprocess.PIPE)
        if int(p.stdout.read().rstrip()) > 1:
            print(fail(
                "Multiple occurences of \"My Passport\" detected. "
                "You should specify a device manually (with -d option)."))
            sys.exit(1)
        device = get_device_info()[0]

    try:
        DEVICE = open(device, "r+b")
    except:
        print(fail("Something wrong opening device \"%s\"" % device))
        sys.exit(1)

    if args.status:
        status, cipher_id, key_reset = get_encryption_status()
        print(success("Device state"))
        print("\tSecurity status: %s" % sec_status_to_str(status))
        print("\tEncryption type: %s" % cipher_id_to_str(cipher_id))
    if args.unlock:
        unlock()
    if args.change_passwd:
        change_password()

    if args.erase:
        print(question("Any data on the device will be lost. Are you sure you want to continue? [y/N]"))
        r = sys.stdin.read(1)
        if r.lower() == 'y':
            secure_erase(0)
        else:
            print(success("Ok. Bye."))

    if args.mount:
        enable_mount(device)


if __name__ == "__main__":
    main(sys.argv[1:])
2 Likes

I backed up the Windows encryption software and am using a similar drive with btrfs. If I decided to use encryption I will probably use the Linux compatible option, LUKS or fscrypt.
I also read about wdpassport-utils.py and py_sg but chose not to use it.

Not sure if I followed correctly, it ended up "py3_sg has no read attribute":

[ abc ~]$ sudo pacman -Syu python-virtualenvwrapper
:: Synchronizing package databases...
core is up to date
extra is up to date
community is up to date
multilib is up to date
:: Some packages should be upgraded first...
resolving dependencies...
looking for conflicting packages...
[ abc ~]$ source /usr/bin/virtualenvwrapper.sh
[ abc ~]$ mkvirtualenv wd-util
Using base prefix '/usr'
New python executable in /home/abc/.virtualenvs/wd-util/bin/python
Installing setuptools, pip, wheel...
done.
(wd-util) [abc ~]$ pip install py3_sg
Requirement already satisfied: py3_sg in ./.virtualenvs/wd-util/lib/python3.8/site-packages (0.0.2)
(wd-util) [abc ~]$ cd /home/abc/.local/bin/
(wd-util) [abc bin]$ sudo ./wdpassport-utils.py -h
[sudo] password for bin:
WD Passport Ultra linux utility v0.1 by duke
usage: wdpassport-utils.py [-h] [-s] [-u] [-m] [-c] [-e] [-d DEVICE]

optional arguments:
-h, --help show this help message and exit
-s, --status Check device status and encryption type
-u, --unlock Unlock
-m, --mount Enable mount point for an unlocked device
-c, --change_passwd Change (or disable) password
-e, --erase Secure erase device
-d DEVICE, --device DEVICE
Force device path (ex. /dev/sdb). Usually you don't need this option.
(wd-util) [abc bin]$ sudo ./wdpassport-utils.py -m
WD Passport Ultra linux utility v0.1 by duke
Traceback (most recent call last):
File "./wdpassport-utils.py", line 477, in
main(sys.argv[1:])
File "./wdpassport-utils.py", line 473, in main
enable_mount(device)
File "./wdpassport-utils.py", line 397, in enable_mount
sec_status, cipher_id, key_reset = get_encryption_status()
File "./wdpassport-utils.py", line 142, in get_encryption_status
data = py_sg.read(DEVICE, _scsi_pack_cdb(cdb), BLOCK_SIZE)
AttributeError: module 'py3_sg' has no attribute 'read'

That is what I referred to.

Also the script is five (5) years old - many things could have been changed so I deem it pretty unsafe - unless you know exactly what you are doing - and forgive me - you do not strike me as such person.

@eugen-b I would implement Linux encryption as well if the hard disk only for personal use.
In this case, I go with the proprietary software because the hard disk shared with many others.


Cross platform encryption using Java

https://spi.dod.mil/ewizardFAQ.htm


Doing something cross platform will require rethinking of what your routines.

Windows != Linux and you can't transfer your previous workflow 1:1 - that is not possible.

1 Like

@linux-aarhus Thanks. You have been spending quite some time on this.
Okay, I think I got to stop. I have changed a lot of settings, run commands, create files and folders today (not sure how all these can affect my system).
Until we have a solid script or support in the future, I would only proceed with open source encryption atm.

It is even simpler than you think :slight_smile:

When you try this - pick the sgN with the highest number - in the output below it is sg16
When the device is unlocked and you probe the partitions (ignore the message on srX) your device will show up as sdX with one partition - sdX1

➜  ~ sudo pacman -Syu sg_utils
➜  ~ git clone  https://github.com/KenMacD/wdpassport-utils
➜  ~ cd wdpassport-utils
➜  ~ python cookpw.py 'yourcurrentpassword' > password.bin
➜  ~ sudo dmesg | grep sg | grep "type 13"
[13512.688114] scsi 16:0:0:1: Attached scsi generic sg15 type 13
[22514.749694] ses 16:0:0:1: Attached scsi generic sg15 type 13
[22861.830784] ses 16:0:0:2: Attached scsi generic sg16 type 13
[29238.454123] ses 17:0:0:2: Attached scsi generic sg16 type 13
[29642.642985] ses 17:0:0:2: Attached scsi generic sg16 type 13
[30168.537443] ses 17:0:0:1: Attached scsi generic sg15 type 13
[30180.806948] ses 17:0:0:1: Attached scsi generic sg15 type 13
[32478.555956] ses 17:0:0:2: Attached scsi generic sg16 type 13
➜  ~ sudo sg_raw -s 40 -i password.bin /dev/sg16 c1 e1 00 00 00 00 00 00 28 00
➜  ~ sudo partprobe
➜  ~ lsblk
➜  ~ mkdir ~/wdc
➜  ~ sudo mount /dev/sdX1 ~/wdc

When you are done sync and unmount

➜  ~ sync
➜  ~ sudo umount ~/wdc
5 Likes

@linux-aarhus Thank you very much, you are legendary! In fact, I never expect to work on this anytime soon after my last post two days ago.

Let me summarise what going on my machine:
~ sudo pacman -Syu sg3_utils
~ git clone https://github.com/KenMacD/wdpassport-utils
~ cd wdpassport-utils
~ python cookpw.py mypassword > password.bin
~ sudo dmesg | grep sg | grep "type 13"
[ 3656.181439] scsi 4:0:0:2: Attached scsi generic sg4 type 13
[ 4420.718463] ses 4:0:0:2: Attached scsi generic sg4 type 13
~ sudo sg_raw -s 40 -i password.bin /dev/sg4 c1 e1 00 00 00 00 00 00 28 00
SCSI Status: Good
~ sudo partprobe

I do not need to execute the remaining of the command because the hard disk automatically mounted after this. To unmount the hard disk, I can just unmount it as normal usb drive.

Forum kindly sponsored by