Do you like my hacking? If so, please consider leaving something in the
Fediverse (Mastodon etc): @Sprite_tm@social. spritesmods.com
Say I was a bad guy who wanted the info on the HD, but didn't know the password. What could I do to get the data anyway?
From the info on the previous pages, the first attack method that comes to mind is the so-called "evil maid"-attack. This attack works in two steps: first, you leave your encrypted device unattended, for example in a hotel room. Then, the attacker (the "evil maid") sneaks in and does something to the device: for example install a keylogger. You return, use your encrypted device and your keys are stored or sent over the Internet. The next day, the evil maid returns and erases all traces she's ever been there.
This device is quite vulnerable to the attack: it can be opened and tampered with. Moreover, if someone were to insert a microcontroller that would capture the password the PIC sends to the INIC, the hard disk still could be decrypted after the user has changed its password on the keypad.
A more common scenario would be that the hard disk is stolen or found. How well would the encryption keep the info from the attacker then?
As far as I can see, the easiest point of attack would be the PIC. The password that guards its data is only 6 to 16 digits in size, which is even in the worst-case-scenario millions of times easier to crack than the 256-bit AES-encryption the drive uses. Besides, while the INIC can be expected to be reasonably safe due to its NIST-certification, no such thing can be said about the PIC.
So, let's see if we can tease some information about the password out of the PIC. That doesn't have to be difficult: the first thing I noticed was that the led blinks differently when a (wrong) password of a certain size is entered: if the password is wrong but has the correct amount of digits, the LED will blink 3 times. When the password has the wrong amount of digits, the led will blink 4 times in total. This makes life much easier for an attacker: if you know the complexity of the password you'll have to guess you can decide how to continue your attack.
Perhaps it's possible to gather even more info about the password from the pic by paying close attention to what the PIC does.