MHDD Scripting with Seagate PATA HDD

Data recovery and HDD repair discussions

Data recovery and disk repair questions and discussions related to old-fashioned SATA, SAS, SCSI, IDE, MFM hard drives - any type of storage device that has moving parts
Post a reply
unassailable
  • unassailable
  • Posts: 2
  • Joined: December 17th, 2014, 0:13
  • Location: United States

MHDD Scripting with Seagate PATA HDD

December 17th, 2014, 0:56

I was playing around with HDD security features today using ATAPWD.EXE and stupidly created a random user password (maximum level) which has locked the drive. I was able to set a master password successfully after the fact, which I think will allow me to erase the drive and reset the user password.

I'm using this similar discussion as a basis for my process. Here is what I have so far.

The drive is a Seagate DB35.3 (ST3250820ACE) series device. I pulled these ATA-7 commands from the drive's product manual.
Code:
Command name [ Command code (in hex) ]
Security Disable Password [ F6h ]
Security Erase Prepare [ F3h ]
Security Erase Unit [ F4h ]
Security Freeze [ F5h ]
Security Set Password [ F1h ]
Security Unlock [ F2h ]


From here I referenced the ATA-7 Specifications to see what it could tell me about these features.

Section 4.7.4 shows the security mode states and transitions that the drive is capable of. The drive right now is in state SEC4: Security enabled/Locked. From what I understand I can use the master password to 'reset' the drive.

If the Security Level was set to Maximum during the last SECURITY SET PASSWORD command, the device shall not unlock if the Master password is received. The SECURITY ERASE UNIT command shall erase all user data and unlock the device if the Master password matches the last Master password previously set with the SECURITY SET PASSWORD command.


Now I'm getting somewhere.

Transition SEC4:SEC1:
When a SECURITY ERASE PREPARE command is received and is followed by a SECURITY ERASE UNIT command, the device shall make a transition to the SEC1: Security disabled/not Frozen state.


So from my research I need to write a script for MHDD that will use the master password to send SECURITY ERASE PREPARE [ F3h ] followed by SECURITY ERASE UNIT [ F4h ] to the drive.

Looking at the post mentioned earlier, Spildit provided a script for a WD HD.
Spildit wrote:Then open your notepad and past the following script :

Code:
; rm modul id 42
reset
waitnbsy
regs = $57 $44 $43 $00 $00 $a0 $8a
waitnbsy
regs = $00 $02 $00 $00 $0F $E0 $21
waitnbsy
checkdrq
sectorsto = 42.bin
; End.



And this is where I am currently stuck. I have all the pieces (I think) and just need to figure out how to combine them into a script for MHDD.

I will keep looking around trying to figure this one out, but if anyone has any pointers or knows what I need to do to send these commands, I would greatly appreciate the help. Thanks.
fzabkar
  • fzabkar
  • Posts: 16955
  • Joined: September 8th, 2009, 18:21
  • Location: Australia
  • Website

Re: MHDD Scripting with Seagate PATA HDD

December 17th, 2014, 6:38

Try HDD Erase:

http://cmrr.ucsd.edu/people/Hughes/secure-erase.html
http://cmrr.ucsd.edu/people/Hughes/docu ... ReadMe.txt

L: Unlock a locked drive (if drive is locked)

This option automatically tries to unlock the drive with all known HDDErase passwords. If this fails, the user is prompted for the correct user or master
password on the drive. HDDErase will try to unlock the drive with the given
password as both a user password and a master password. If your drive is not
locked then you will not be given this option.


The MHDD script you are trying to use is based on WD's Vendor Specific Commands (VSC). It will not work with Seagate drives.
unassailable
  • unassailable
  • Posts: 2
  • Joined: December 17th, 2014, 0:13
  • Location: United States

Re: MHDD Scripting with Seagate PATA HDD

December 17th, 2014, 18:07

Thanks for your reply. I'm more concerned with learning about this process rather than unlocking the device, which is a good thing because the SW you linked failed to do anything (unlock, erase).

I understand that the script is specific to WD, I was just using it to figure out the process of communicating with the device through MHDD. It looks like I will have to look into LBA and how to use this to issue the prepare and erase commands.

From ATA-8
Code:
7.41 SECURITY ERASE PREPARE - F3h, Non-data
7.41.1 Feature Set
This command is mandatory for devices that implement the Security feature set.

7.41.2 Description
The SECURITY ERASE PREPARE command shall be issued immediately before the SECURITY ERASE UNIT command.

7.41.3 Inputs
Word          Name           Description
00h          Feature          N/A
01h          Count             N/A
02h-04h      LBA               N/A
05h          Device
                                    Bit     Description
                                    15     Obsolete
                                    14     N/A
                                    13     Obsolete
                                    12     Transport Dependent - See 6.1.9
                                    11:8  Reserved
05h          Command 7:0 F3h

7.41.4 Normal Outputs
See table 79.

7.41.5 Error Outputs
Abort shall be set to one if the device is in Frozen mode. See table 100.


Now I just need to figure out how to convert this into something I can use with the LBA in MHDD.

For now I'm going to continue researching.
Post a reply
Switch to full style

Powered by phpBB © phpBB Group.

Board index