Breaking Hard Drive Encrypted Enclosures
Presenter: Robert Fearn
Format: 30 mins
Location: The Amphitheatre
Encrypted hard drive enclosures provide a challenge to security and forensic investigators. For a company wishing to provide secure data in transit, validation is required to ensure the ‘Military Grade Encryption’ statements found on brochures is substantiated and worthy of financial investment. For the forensic investigator, the challenge lies in determining attack vectors to access the evidential data without the necessary passcodes that may have been conveniently forgotten. Both situations require a common workflow, from teardown, component identification and reverse engineering to identify possible security implementation flaws.
In this talk a commonly available 2.5” SATA hard drive USB enclosure was investigated. The SATA hard drive was not supplied allowing the user to choose the appropriate hard drive capacity that was suitable for their requirements. The device under investigation touted 256 AES real time data encryption, USB 3.0 5Gbits/s transfer speeds, built-in independent keypad for up to a 12 digit PIN and permanently restricts access after a certain number of user passcode entries have been attempted.
The enclosure was investigated broken into subsystems and each subsystem was investigated by either analysing buses and reverse engineering data protocols, dumping flash memory and examining the hard drive content and automated brute forcing passcodes.
Common inexpensive tools were used including a Bus analyser, a flash memory reader and a Raspberry PI and some simple interfacing circuity. The end result was a process used to determine passcodes and access the decrypted hard drive content.