Smartware Password Bypass – Proof of Concept
الاول بالوطن العربي وعالميا بالوصول لفك شفره تكناوجيا
شركه وسترن ديجيتال بالتشفير لانواع الهردسكات المختلفه
والسبب لأنه يناقض تصريحات الشركه بأنه ّامن
Over the past few years, full-disk encryption has become an increasingly popular way of securing user data. Western Digital manufacturers a line of supposedly secure hard drives meant to aid in this endeavor
WD Security utility allows you to set password protection and hardware encryption for your drive to help keep your data private. With this single drive you get compatibility with the latest USB 3.0 devices and backward compatibility with USB 2.0 devices as well.
Passport drives that use the USB bridge for encryption rely on either AES-128 or AES-256 to create an encryption key. The researchers refer to this as the DEK (Data Encryption Key). The DEK is set at the factory (all of the drives tested used a 256-bit DEK). The user is then allowed to set an individual password, called the KEK. The factory-set DEK is itself protected by a static hash value, common to all WD Passport drives, called the KEK8. The KEK8 is hard-coded into the firmware of every drive. once you’ve cracked one WD Passport, you’ve cracked the DEK on every Passport. The diagram below shows the authentication process.
In cryptography, “salting” a password means adding an additional string of information to the original password to make it less vulnerable to dictionary attacks. If the user chooses a password like “abc12345,” but the system salts it by adding #$X,J, the final hash value will be computed for “#$X,J,abc12345.” Salting passwords isn’t bulletproof, but it makes entire groups of passwords more difficult to crack — if the salt is done correctly.
Unfortunately, Western Digital appears to have salted their entire Passport line using a constant, hard-coded, three-digit salt — “WDC.” It can’t be changed, under any circumstances.
“Smartware Password Bypass”
Some of the Articles about it: