Are all WD MyBook Essentials hardware encrypted?

[Dave Grant]

I have a couple of 2TB WD MyBook Essentials, which I now use as 1 of 3 backup copies for my photos/videos (the other copies are on a 4TB Seagate drive in my PC and another 4TB Seagate drive in an enclosure).

Am I correct in understanding that all MyBook Essentials are hardware encrypted, and that the encryption can't be turned off?

If so, I am considering ditching them as one of my backups.

I would rather pay for a couple of extra enclosures, crack open the MyBooks, format the drives and put them in the new enclosures. At least I then only have to worry about the disks themselves failing.

Any thoughts would be appreciated.

 

[drtweak]

Yes there is ALWAYS hardware encryption on those guys, and if the the Circuit board fails it will be a PITA to get it all back.

I do the same thing as you. I have 3 2TB drives in my PC. Two of them are in a Raid 0 and i have a 4TB that i do a mirror back up every other week. I still need to get another 2Tb as a backup for the extra one. But I use hard drive caddies for all of them for hot swap and easy removal. This way something happens i grab those 3 drives and i could care less about anything else. My Backup drives i keep in my fire/water proof case.

But yea if i was in your position I'd crack them open.

 

[Dave Grant]

Thanks for your help.

I cracked the first one open tonight. Not too difficult, I just worked a flat head screwdriver around the case, popping the fasteners as I went. Just a few more internal screws and the drive was free.

I put the drive into the USB3 enclosure, but every time I tried to format it, the format failed with "windows could not complete the format" (or words to that effect).

I then plugged the drive directly into spare sata data and power cables inside the PC.

After that, the format worked fine, and the disk is now happily sitting in its new enclosure getting the backup copied over to it.

Thanks again.

 

[drtweak]

Sweet. The one thing i would have done first though is go to the Disk Management and delete all the partitions first and the recreate the partitions but if it formatted fine you should be good

 

[jshardlo]

I had the circuit board fail in a 2TB Essential drive - it is still under warranty but when I asked WD support how to recover the encrypted drive contents they did not seem to know that it is encrypted! Is there an authoritative source for this info? It certainly seems to be as when I remove it and connect directly using a SATA to USB3 cable and then look at it from Linux the system report no partition table on the disk (but there was a huge NTFS partition on it when the circuit board still worked and no reason why it should have disappeared)...

 

[drtweak]

I'm not too sure of the encryption on WD drives but if it is a SED (Self Encrypting Drive) then it is always encrypted no matter what just if you never set a password then it is just open to anyone. The thing is it is a hardware encryption so replacing the circuit board would most likely prevent you from ever accessing the data again since they most likely encrypt differently and are unable to access it.

But again that is assuming they work like that

 

[jshardlo]

Western Digital need to be more transparent about how this works. In my case I would not have purchased this drive knowing what I now know. The failure of a small circuit board should not result in complete data loss when the drive itself is still working fine.

 

[drtweak]

That IS how ever the whole point of Encryption, so that if it is stolen that no one can get the data off of there. Also you got to read more into hard drives and circuit board failures and what exactly you need to do in order to the the files off. Even on non encrypted drives just swapping the board might not always work, and might even make it worse.

Always have a backup buddy

 

[jshardlo]

This whole saga has played out now so I thought it was worth documenting the 'solution'...

Yes we didn't have a backup and that was stupid - however I got all the data back and this is how in case it helps anyone with this specific

type of drive.

The failure was in the circuit board, the 2TB SATA drive had no problem but the data on it is scrambled somehow and doesn't make sense

if you attach it directly using a SATA or USB to SATA interface.

I got no help from WD support - they even claimed that the data is not scrambled and that I could recover it by direct connection of the

drive. This is clearly not the case. If you connect the drive to a Linux system and do "parted -l" it reports that the drive has an unreadable

disk label (or something like that).

So anyway - I intended to return the drive which was still under warrantly and get a replacement and I figured it might work if I just copy all

the data off the drive and store it and then restore it on the new drive when it arrived.

I bought a Seagate 2TB drive and mounted it on the same Linux system as the WD disk.

Then used a command like this:

dd if=/dev/hdd bs=64k | gzip > /mnt/seagate/bigfile.gz

I used gzip just to be safe as the file might have otherwise overflowed the available space on the seagate disk.

Then I returned the disk to WD and waited for my replacement.

When it arrived I check to see if the new drive is also scrambling the data on the disk.

Using the USB3 interface from the WD disk itself I ran "parted -l" and it reported a big NTFS partition.

Then removing the drive from the case and using a normal SATA/USB cable I connected it and ran "parted -l" again. It reported

"unreadable disk label". So the new drive is also the type that scrambles the data.

At this point I say scramble rather than encrypt because I'm not convinced this is really encryption. If it was then you'd expect different

keys for different circuit boards. But as you'll see below my new circuit is able to 'see' the data from the old drive...

So next I wrote the data from the old disk back onto the new disk with this:

gzip -dc /mnt/seagate/bigfile.gz | dd of=/dev/hdd bs=64k

(Make sure /dev/hdd really is the target disk - I found the order the /dev devices get assigned can depend what order they are plugged in

so just be careful - I used the "parted -l" command to make sure I was writing to the one that has "unreadable disk label" so I don't

overwrite the disk that actually has the compressed data file)

Once this completed - it took about 36 hours - I plugged the WD circuit board back into it, plugged it in (with all finger crossed) and was

really pleased to see that the disk mounted with a big NTFS partition with all the data that we thought we'd lost...

I hope this might help someone with a similar problem.

 

[drtweak]

Glad you got everything worked out!

I'm pretty sure the drive is being encrypted but the drive is self is not a SED (Self Encrypting Drive) where the encrypting hardware is on the drive itself and not a 3rd party hardware/software, and the USB adapter is what did all the encrypting. The reason WHY the new board worked was because you don't have any password set for the drive. Without setting a password there isn't any protection. You can take a SED drive, where ALL the data is encrypted ALL the time, and toss it into any machine and it will read it without issue. You then put a password on there though what ever means and then it is locked up. It seems to me that the USB Adapter did all the encrypting so when you tossed the drive itself in the drive doesn't know how to read the encryption because it didn't do the encrypting and because there is no "Password" the new board was able to read the drive just fine.

Pretty sure that is what is going on. As of late I have been doing a LOT of research and a LOT of testing on SED/Encryption dude to a big client of mine wanting 30+ laptops encrypted.

But yea now go buy another drive or go and by the $99 dollar of carbonite that does the USB backup!