ST4000LM024-2AN17V MRT detected as Family:A1-M11 FW:M1A1800C6.SDMA.MD45L1.0001
PCB: 100794976 REV. C
HDD from Seagate OneTouch

HDD comes with Bsy State. After Shorting Read Channel got F3 T>

From Ctrl+x get Sysfile 132 is not able to Read.

After Power Reset hdd ready after some seconds.
But when try to access use Area getting encrypted sectors.

Tried by reading some random area and scanned by R-Studio There is no single file found.

Sector 0 is same in both unlocked and locked ROM



Tried Translator m0,6,3,,,,,22 getting the same sector 0

is there any solution for this?

I don't think sectors are encrypted, very likely is a translator issue (damaged translator).
As i know, is a bad idea to regen translator on Rosewood drives, probably the command has caused translator confusion because of bad media cache (which wasn't taken in account properly).

Maybe someone more expert than me can give you better infos and a solution.
I hope you did backup modules and sys before sending m0 command.
When writing sys files on this family drive, must be done in "indirect mode"... i don't know if mrt can do that (pc3k can do in indirect mode).

_________________
My firmware database:
https://mega.nz/folder/O01DkBRI#MxP2J6ZNqXDcrX40I8MoQQ

my 2 cents: drive changed state as you unlocked it, now it does not decrypt sectors. On the other hand, that m command should not have been run... :s

_________________
Adatmentés - Data recovery

A factory zzzz fw + LDR would help ?
Can Media cache be shifted due to wrong timing short?

_________________
My firmware database:
https://mega.nz/folder/O01DkBRI#MxP2J6ZNqXDcrX40I8MoQQ

Just curious ...

This model appears to be a TDMR drive, ie I see 2 read channels and 1 write channel, or am I mistaken?

https://ae01.alicdn.com/kf/S2a86f2d7879f444f847de8b707fa55ffP/HDD-PCB-Board-100794976-REV-C-for-Seagate-2-5-inch-Hard-Drive-4TB-ST4000LM024-Data.jpg
https://recuperodatos.com/sites/default/files/webform/donantes/04038-D.jpg

When you short the read channel(s), which one do you choose, or do you short both?

_________________
A backup a day keeps DR away.

I had done Big mistake.



I had Shorted Red Marked but got F3 T> Prompt from Bsy after getting some Servo Err (Actually have to short Green Marked)

What is that Two Points?

Try to go back to original state of locked HDD and read UA again

Edit: Sorry, now that I've seen "Sector 0 is same in both unlocked and locked ROM"

The GREEN is the Read channel

Just an Update.

Problem Solved.

Just make the drive Permanently unlocked.
I never Expect Permanent unlock for this family but tried for Permanent unlock and got success

then tried user Area Got DATA.

Thanks for everyone

This doesn't make sense. Why would the original locked ROM not work? Is there some SED enable/disable bit that gets flipped ???

_________________
A backup a day keeps DR away.

Where is the permanent unlock option in mrt?
I can't find it, i only see firmware unlock option.
The only option i see in mrt utility which i've found word "permanently" is in PASSWORD TOOLS menù... which is totally different think.

_________________
My firmware database:
https://mega.nz/folder/O01DkBRI#MxP2J6ZNqXDcrX40I8MoQQ

1. Tried with donor ROM by SAP+RAP+CAP transfer - got same sector in as in above picture
2. These are the original 1D1 and 1D2 files. With These files got Encrypted Sectors in both Locked and Unlocked ROM.
3. This is created 1D2 from 1D1 and modified for Permanent unlock. After Wrote this then write original locked ROM. Then u can Access SA without
Handshake
4. After writing this 1D2 i got Correct sectors.

Thats all. IF anything wrong Please correct me

ROM

Interesting, how did you figure how to modify 1D2?
I see inside the hex editor that on the modified 1D2 there are pieces of 1D1, my question is if there is a specific function in mrt that can allow to patch it?

_________________
My firmware database:
https://mega.nz/folder/O01DkBRI#MxP2J6ZNqXDcrX40I8MoQQ

No it is manual.

MRT can't unlock in Permanent mode.

You didn't mention a donor PCB in your previous posts. It appears that there is a unique key in the donor MCU which is the cause of the encrypted output.

I suspect that the combination of donor PCB + donor ROM + patient adaptives uses the key in the MCU to decrypt the data if SA file #1D2 is empty. After you transferred a key from file #1D1 to file #1D2 (aka "permanent unlock"), the firmware switched to the patient's file based key. Does that make sense?

_________________
A backup a day keeps DR away.

I never Tried Donor PCB only ROM and Transferred SAP+RAP+CAP.


Actual Problem is 1D2 somewhat damaged. after recreating from 1D1 Problem Solved.

Thats all.

Permanent Unlock means no need to send handshake each power reset. It is like 3F and Old 58-Grenada

Thanks for the feedback.

I can see how 1D2 is rebuilt from 1D1 in this resource dump:

https://files.hddguru.com/download/PC-3000-UDMA%20Support/SgF3/M11/ST4000LM024-2AN17V-0001-WCK3272N.rar

Just carve out the area from 0x22000 to 0x23FFF and then make some minor edits.

There is a 16-bit checksum at the end, before the block of 0xFFFF. This is computed by adding the preceding little-endian 16-bit words.

_________________
A backup a day keeps DR away.