I have a Sandisk Cruzer Orbit 16 GB and it had my disk encryption keys for my 2 laptops.
Since yesterday it has been showing that it is Sandisk Firebird and now it shows a partition of 64 MB.
Nobody had access to it. I vaguely remmber WIndows prompting me to install drivers for Firebird
I checked this drive on a unix OS and the system does indeed read Sandisk Firebird.
I am totally helples now. I cannot read my files since the encryption keys were on that USB drive
dd shows all 00000.
Is there any way I can read just one file… the encryption key file.
Yes I was stupid not to have a backup but it’s a new pendrive and I trusted Sandisk for atleast a few weeks.
That’s not good. But the drive you said is 16 GB and you’re only seeing 64 MB, so maybe your file(s) are still there. Something happened; power surge, quick removal, nearby magnetic field, whatever, caused the partition table to change. If the files on the drive are really important I would look for a data recovery company to try to recover you files. Preferrably a local one where you can walk in with it and talk to the techs. It may cost you $100 but if it’s that important it may be worth it.
You can also just search online for open source file recovery software. It may not be 100% guarrantee but it’s worth the try here. Sorry that you have to experience this the hard way.
I researched a little and I realised that if I change the PID to 557C (which is now something else of Firebird6sp9) then there is some hope. I shooted some CHinese and Russian tools for that but none of them seem to be able to do that.
I am sure all users of Sandisk would want such a tool. I know a few other manufacturers who provide Firmware flashing utilities.
I have another exactly same pen drive and that works. I understand that the data is stil there and there are a few services online / offline which can dissolder the chip and replace to make it work but that is too risky.
Anyways I ended up making a list of passwords for the encryption key of the disk which is locked. It seems it will take around a few years to brute force them
Also there is no tool readily available to do that.
Maybe I will wait for some backdoor / side channel attack to come up in years ahead or a superfast cluster computer to help accelerate the BF.