Hi,

I am trying to access the serial port of a Seagate Self Encrypted Drive ST320LT014 with firmware 0001DEM7 but the serial port appears to be disabled.
Please note I have tried with several similar drives and I get the same errors as described below, all drives are working fine and it makes no difference if they are encrypted or not. The serial port always seems to be disabled.

I would like to know if anyone could help and if you know of a way to enable the serial port on those drives (i.e.: a secret factory handshake? because the standard CTRL+z does not work)

The reason I want to access the serial port is because I want to see what is in memory of those SED HDD board. I read a few articles stating that with older encrypted drives (and not SED) it was possible to extract the passwords from the HDD board memory. I’d like to check if that’s the case for those SED drives. Obviously, if the serial port is disabled then those articles/technics may not apply!

I can connect to the serial port OK (through a USB to TTL with the correct Rx/Tx connection) but I am getting the following errors:

1. If the drive is only powered and there are no DATA cable connected, with any key I press I am getting: (00h) -Serial Port Not Ready

2. If the drive is powered on AND there is a data cable connected, with any key I press I am getting: (1Ah) -TCG Serial Port Disabled

I am no electronic guru, I tried to unscrew the drive board and look for some “transistor” but cannot find anything obvious nor do I really know what to look for!
So really, I am just wondering if there is a way to either re-enable that serial port, or other means to access that HDD board memory to see how the drive password is stored.
(when the drive is locked, you get a prompt for a password at boot).

Thanks!
XorSum

Adapting special FW will help you get access to the serial port , but it won't help you to get access to the user area, due encryption .

_________________
Angel Data Recovery

There is no way for a regular user to unlock serial port (with original FW)

_________________
SAN, NAS, RAID, Server, and HDD Data Recovery.

Thank you both for the quick reply!
Sorry if it is a stupid question, but by FW, you mean a custom Firmware? If that's the case, where do I start to build such custom firmware? I would have thought I need some kind of sourcecode?

I understand it would not give me access to the user area, but I am more interested into what kind of information one would be able to access through the serial port. As that seagate HDD SED prompts for a username/password as soon as the drive is powered up I am wondering if serial access to the drive could also get access to that username/password.
I would expect such info to be protected/encrypted but that's why I am trying to access the serial port on that drive, to check how such info is protected.

I recently came accross that article: http://blacklotus89.wordpress.com/2013/ ... ty-lock-2/
which seems to indicate the security might not be as good as you think, but for that technic to work the serial port had to be enabled.

I also read some other articles such as this one:
http://malthus.zapto.org/viewtopic.php?f=24&t=123
where you could maybe use similar info to check if the serial port is physically disabled (which I think it isn't because of the first error I get: serial port not ready).

I was hoping there might be a "secret" factory handshake out there that could re-enable the serial port for that drive. Or if a custome FW needs to be build, how can it be done?

Thanks again for your help
XorSum

A custom firmware can be as simple as unpacking a regular original firmware, changing one byte, re-calculating the checksums, repacking and flashing back to the device... to writing a whole new firmware

I am sure you can imagine the rather large amount of learning required to do each step for a particular device.

It may not always to be even possible to do, or realistic.

Too many questions on the forum regarding passwords and security , in my opinion.

Hi,
I think changing the bits of an already compiled FW might work but would indeed require so much effort to be successful/lucky.
It would appear there isn't an easy way to bypass those drives security, a good thing I guess, as they are supposed to be secure!

Maybe some kind of serial port fuzzing might find something...

Anyway, better keep this thread short as I understand this is not a security specific fourum!
Thanks again for your answers.
XorSum

Aren't they Samsung origin ?
Have you tried baud rate 57600 ?

_________________
data recovery Poland

I wonder if some people actually read the first post before replying

_________________
SAN, NAS, RAID, Server, and HDD Data Recovery.

I have the same problem