Halt and Catch Fire

Got a disk for cheap off ebay, since the user forgot the ata password. Turned out the disk was 0xDEAD anyway, but I’ve learned a bit more about the ata/pata commands.
If you got a locked disk and do not care much for the contents read on.

First thing first: you really do want to go pay HddGuru a visit, they host some really great tools like mhdd (which lets you send ata commands directly to the disk), a forum, and of course the ATA/ATAPI-8 revision 2b — AT Attachment — 8 ATA/ATAPI Command Set (January 10, 2006). A not-in-any-way-dull list of all the stuff you can send to your disk, including HCF but sadly lacking RAISE_FROM_THE_DEAD.

Ok, let’s grab/burn our Ultimate boot CD (mhdd is under the diagnostic tools btw) and fire it up.
Select your locked disk (1 usually) and let’s ask IDENTIFY to the bugger. Yes, that’s way too much info.

The first thing to look for is the 8th bit in the 128th word, 0 is security=high, 1 is security=maximum.

If it’s zero we’re in luck, and we can either unlock the disk with the regular password (assuming you know it, I did not) or with the master password (you can find some of them on the net, just google for your model number). (edit: I’ve collected the passwords I’ve found here)

Let’s type UNLOCK, and reply 1 when asked [that means we’re using the master’s password], and enter our password.
If we do not get an error [ERR turns red on the top of the screen] we’re good to go, if we do there’s 4 more tries with the password before we need to powercycle the disk.
If we get the password right a DISPWD (followed by 1 and the password again) will stop all this locking nonsense for good.

Oh, right, there’s maximum security too.
Well, that’s more satisfacting if slow as a glacier.
Just send an ERASE PREPARE followed by an ERASE UNIT and after an hour or so you can go and DISPWD it for good. Yes that will erase it completely, told you it was more satisfacting.

list of interesting stuff from identify:

  • bit 8 in word 128: security, 0=high 1=maximum
  • word 92: if it’s 0xFFFE the master password is unchanged (and you could get lucky and find it on the net)
  • words 89 and 90: how long will it take to ERASE the disk
  • word 88: which kind of dma the disk supports
  • byte 2 in word 53: wheter the fields in word 88 are valid or not (wtf?)

list of interesting links:

Happy disk hacking everyone

tags for the spiders: how-to howto unlock a password protected hard disk hdd

7 Responses to “Halt and Catch Fire”

  1. […] see my previous post for unlocking […]

  2. […] http://ipv5.wordpres…m/2008/04/10/4/ 27.700000 85.333333 Share this:TwitterFacebookLike this:LikeBe the first to like […]

  3. Please help me ! My hdd seagate ST9160821AS is locked by ATA PASSWORD that I forgot, and I tried already to put the password for master “Seagate+25 space” but it didn’ t work😦

  4. Hello There. I discovered your weblog the use of msn. That is a really smartly written article.
    I’ll make sure to bookmark it and return to learn extra of your helpful information. Thanks for the post.
    I will certainly comeback.

  5. I used to be recommended this web site by
    my cousin. I am now not certain whether this post is written through him as nobody
    else recognize such targeted about my problem. You’re amazing!
    Thank you!

  6. impozite pfa 2018

    “[…]Halt and Catch Fire | I see 0xDEAD disks[…]”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: