unlocking buffalo drive in linux

[pierce]

   

Has anyone managed to figure out a good way to unlock buffalo drives from linux?

 

I have one of the HD-PX500U2 drives.  Running slme.exe in wine is no help (not surprising) since it is unable to enumerate the locked devices.  I also tried sending ATA unlock commands (0xf2) to the drive with hdparm, and didn't have much luck with that method either.

 

When the encryption mode is "released", the drive works fine in linux.  I can also access it if I unlock the drive in windows with vmware, and quickly move the USB connection back to my linux host OS.

 

How are these drives being locked?  Are they using some industry standard (like ATA locking etc), or is it some wacky proprietary system?

 

I am also concerned about the fact that I can change/remove the password without any of my files being re-encrypted etc.  Does that mean that the symmetric key is being stored somewhere on the drive in plain text?  I also worry about when that symmetric key was randomly generated.  I don't remember generating it, so I would hope that at the very least, different keys are put into each unit at the factory.  I work as a security consultant, and store highly confidential client data on my drive, so I like to know the data is safe.  Thank you.

[pierce]

   Seriously? What part of using the drive in Linux violates the warranty? There was nothing on the box that said that Linux users are not allowed to use this piece of hardware. I wasn't asking for hacked firmware, or custom hardware mods. I am curious if anyone has gotten the device working in the operating system that I use 99% of the time.

I paid a reasonable amount of money for this device, and if it was easier to get working in Linux, I would recommend it to more of my friends. As it stands it works well, but I would like to see it work better.

Can someone who actually represents Buffalo confirm/deny that using the drive in my operating system somehow voids the warranty?

[Colin137]

I doubt that anyone has gotten SecureLockWare to work on Linux; I certainly haven't heard of it. I recommend removing the encryption on a Windows machine (this will remove the data, so back it up first!), then using a Linux-friendly encryption tool such as TrueCrypt.

 

I'm not sure what part of your OP Memoryman thinks threatens the warranty, but I can tell you that using Linux with the device does not void your warranty. We simply cannot support Linux. I've heard good things about TrueCrypt, but haven't used it myself, and Buffalo obviously does not support or recommend TrueCrypt, that's merely a suggestion.

 

 

Also, to answer your questions in your OP, the device uses a hardware chip to handle the drive encryption. The encryption keys are not stored on the drive itself.

Message Edited by Colin137 on 09-16-2009 10:54 PM

[drocknation]

   Thank you colin for responding to the post.  What you have said made sense.  I as a linux user and a user of Buffalo products I am glad that someone who represents Buffalo can clarify on this issue.  I was appalled by the original response.  I was thinking that it was a rep of buff and couldn't beleive they would respond like that.

[pierce]

   Thanks much for the clarification :-)

TrueCrypt is nice, but I am really looking for a hardware accelerated solution. I'll keep poking at it for a bit and will post an update if I have any interesting findings.

Word of warning: Many vendors still mistakenly package cleartext keys with their devices, and just because the key is in the firmware, or on a chip, does not mean that the key is unreadable. Last I checked, it takes about 10k USD of hardware (which many hardware hackers have lying around) to decap and probe a chip to pull off keys hidden in hardware. Of the devices I have audited professionally, I was always able to pull the keys out via software (no fancy hardware required). The proper way to do things is to take a hash of the user's pass phrase, and set that hash as the key, also make sure it gets wiped immediately when the device is unplugged (which could very well be how things are done with this particular device).

Even if there are weaknesses in the implementation (not saying that there are), and even if I can't get the password locking working in Linux, this was still a good purchase. Thanks again.

[gunghang]

I use Linux Mint 15.
I set up a Virtual Box for Windows 7 and XP.
Using Windows 7, I connected the hard drive as a USB device to the virtual box.
I unlocked the hard drive.

I then shut down Windows 7.

The hard drive then "returned" to the Linux host.  It remained unlocked.

It's a meandering way to do it, but it works, and I have direct access to the drive while in Linux Mint.