The SD card on the camera was intact but encrypted. Decrypting the data required a key stored on a separate SOM board, but the SOM was damaged. The investigation team delivered the SOM and SD card to the camera manufacturer in Newfoundland, and they were able to decrypt the card.
They found a couple of images, but
No data with a timestamp after May 16th was found on the camera, so it is likely that none of the data recorded on the SD Card were of the accident voyage or dive.
After all that work...
If you're interested in data recovery, you will enjoy reading this report, about 10 pages, clearly written. The technical language ment I that they didn't see a LUKS header on the card so they figured it was a custom dm_crypt setup.
Wow. SubC’s software engineering needs some work. They thought the camera’s file system was unencrypted, when it was encrypted. They didn’t know where the keys were to decrypt it. It turned out the key was written unencrypted to a UFS storage device. There was a file written to /mnt/nas/Stills, which indicates that the camera was to writing to a remote file system that wasn’t mounted.
I'm confused. Why are decryption keys in NVRAM? That seems to negate the purpose of at-rest encryption if you can retrieve keys from the device even after shutdown.
Well they're encrypting an SD card, so this still defends against its being removed from the camera and stolen or left in a bar or something.
But honestly from the rest of the story it sounds like the camera manufacturer was selling their pressure housing moreso than the off-the-shelf camera hardware inside, and was not particularly concerned with whether/how the storage was encrypted.
The "carrier" that everything rides on within the housing is clearly FDM printed as well. I assume these cameras (rated to 6,000 meters) are rather low volume products.
The SD card on the camera was intact but encrypted. Decrypting the data required a key stored on a separate SOM board, but the SOM was damaged. The investigation team delivered the SOM and SD card to the camera manufacturer in Newfoundland, and they were able to decrypt the card.
They found a couple of images, but
After all that work...If you're interested in data recovery, you will enjoy reading this report, about 10 pages, clearly written. The technical language ment I that they didn't see a LUKS header on the card so they figured it was a custom dm_crypt setup.
Previous discussion (October 17th): https://news.ycombinator.com/item?id=45613898
Also a good video from Scott Manley: https://youtu.be/qMUjCZ7MMWQ
Report on unrecoverable SSDs:
https://data.ntsb.gov/Docket/Document/docBLOB?ID=19169363&Fi...
Full docket:
https://data.ntsb.gov/Docket/?NTSBNumber=DCA23FM036
Wow. SubC’s software engineering needs some work. They thought the camera’s file system was unencrypted, when it was encrypted. They didn’t know where the keys were to decrypt it. It turned out the key was written unencrypted to a UFS storage device. There was a file written to /mnt/nas/Stills, which indicates that the camera was to writing to a remote file system that wasn’t mounted.
I'm confused. Why are decryption keys in NVRAM? That seems to negate the purpose of at-rest encryption if you can retrieve keys from the device even after shutdown.
Well they're encrypting an SD card, so this still defends against its being removed from the camera and stolen or left in a bar or something.
But honestly from the rest of the story it sounds like the camera manufacturer was selling their pressure housing moreso than the off-the-shelf camera hardware inside, and was not particularly concerned with whether/how the storage was encrypted.
What's with the entire dev board crammed in there? Is that... normal? What board is it?
It appears to be a Teensy 3.2
The "carrier" that everything rides on within the housing is clearly FDM printed as well. I assume these cameras (rated to 6,000 meters) are rather low volume products.
The small board on the left is unmistakably a Teensy 3.2:
https://www.pjrc.com/store/teensy32.html
As to what it's doing in there, I have no idea.
Looks like a pi zero