Halt and Catch Fire
Got a disk for cheap off ebay, since the user forgot the ata password. Turned out the disk was
0xDEAD anyway, but I’ve learned a bit more about the ata/pata commands.
If you got a locked disk and do not care much for the contents read on.
First thing first: you really do want to go pay HddGuru a visit, they host some really great tools like mhdd (which lets you send ata commands directly to the disk), a forum, and of course the ATA/ATAPI-8 revision 2b — AT Attachment — 8 ATA/ATAPI Command Set (January 10, 2006). A not-in-any-way-dull list of all the stuff you can send to your disk, including
HCF but sadly lacking
Ok, let’s grab/burn our Ultimate boot CD (mhdd is under the diagnostic tools btw) and fire it up.
Select your locked disk (1 usually) and let’s ask
IDENTIFY to the bugger. Yes, that’s way too much info.
The first thing to look for is the 8th bit in the 128th word, 0 is security=high, 1 is security=maximum.
If it’s zero we’re in luck, and we can either unlock the disk with the regular password (assuming you know it, I did not) or with the master password (you can find some of them on the net, just google for your model number). (edit: I’ve collected the passwords I’ve found here)
UNLOCK, and reply
1 when asked [that means we’re using the master’s password], and enter our password.
If we do not get an error [
ERR turns red on the top of the screen] we’re good to go, if we do there’s 4 more tries with the password before we need to powercycle the disk.
If we get the password right a
DISPWD (followed by
1 and the password again) will stop all this locking nonsense for good.
Oh, right, there’s maximum security too.
Well, that’s more satisfacting if slow as a glacier.
Just send an
ERASE PREPARE followed by an
ERASE UNIT and after an hour or so you can go and
DISPWD it for good. Yes that will erase it completely, told you it was more satisfacting.
list of interesting stuff from
- bit 8 in word 128: security, 0=high 1=maximum
- word 92: if it’s 0xFFFE the master password is unchanged (and you could get lucky and find it on the net)
- words 89 and 90: how long will it take to ERASE the disk
- word 88: which kind of dma the disk supports
- byte 2 in word 53: wheter the fields in word 88 are valid or not (wtf?)
list of interesting links:
- Paragon’s website, everything you’ll need for hdd and laptop unlocking
- Techspots’ mobile computer forum, the aforementioned dude can be found here as well
- Mike’s page on unlocking dell laptops
- and something for toshibas as well
Happy disk hacking everyone
tags for the spiders: how-to howto unlock a password protected hard disk hdd