Hey all, I have a question about a project I'm working on. I have a computer where all the hard drives made for it are flashed with a custom firmware with custom ATA commands. Now problem is these hard drives are dying and it's getting harder and harder to find them, so instead of trying to reverse engineer the firmware and try flashing the custom commands to other IDE drives, I thought about using a raspberry pi pico to go in-between the computer and HDD to take in the custom ATA commands going from the computer to the HDD and translating them on the fly to standard ATA commands so the computer can detect and work with any IDE HDD. Now, I have a list of all the custom ATA commands. But, I have searched for a list of the standard ATA commands that all normal IDE HDD's use but haven't been able to come up with a definitive answer on what those are. Also if it means anything there is a chip on the motherboard that will encrypt and decrypt everything being written to and read from the HDD on the fly so the data it totally encrypted on the drive, plus it has a non standard drive formatting like not the standard NTFS/FAT/ExFAT, like totally custom, oh yeah and a totally custom OS too. Also the only drive brands used for these computers are Maxtor, Seagate and Hitachi. And yes this is 100% about preserving proprietary hardware that some would argue shouldn't be preserved but it matters to me.

So my main questions are:
1. Is this even possible? I don't see how it wouldn't be but you're the experts.
2. Does anyone have a list of standard ATA commands and what they correlate to/make the HDD do or can point me in the direction of a pdf?
3. What pins on the IDE cable send the commands to the HDD that I would make the pico listen to and translate?
4. Are there any commands sent from the HDD to the computer that I would have to worry about and translate?
5. Is there anything else I should know about since I will be going into this blind? The only things I truly know are circuit/board design and how to program a pico, when it comes to HDD commands I have no idea.

Could we see them?

There are some threads at hddoracle.com that could be useful to you.

Also, the standard ATA commands are publicly documented.

https://en.wikipedia.org/wiki/Parallel_ATA#Features_introduced_with_each_ATA_revision

_________________
A backup a day keeps DR away.

Yes, here are the custom commands:
ATA_C_SCE_SECURITY_CONTROL = 0x8e
ATA_SCE_IDENTIFY_DRIVE = 0xec
ATA_SCE_SECURITY_SET_PASSWORD = 0xf1
ATA_SCE_SECURITY_UNLOCK = 0xf2
ATA_SCE_SECURITY_ERASE_PREPARE = 0xf3
ATA_SCE_SECURITY_ERASE_UNIT = 0xf4
ATA_SCE_SECURITY_FREEZE_LOCK = 0xf5
ATA_SCE_SECURITY_READ_ID = 0x20
ATA_SCE_SECURITY_WRITE_ID = 0x30

I appreciate the link for the commands, I'll look through it and see if I can't find the standard commands that correlate to these custom ones.

I don't know what "ATA_SCE_SECURITY" means, but the IDs correspond to regular ATA commands. Perhaps your device implements a vendor specific version of these commands?

Command 8eh (ATA_C_SCE_SECURITY) is definitely vendor specific, though.

_________________
A backup a day keeps DR away.

I find some (all?) of those here too:

https://github.com/ps2dev/ps2sdk/blob/m ... de/atahw.h

_________________
Joep - http://www.disktuna.com - video & photo repair & recovery service

Yeah I noticed that they use the same commands as the PS2, which makes sense considering it is made by Sony. However I talked to some other people who like these computers and it turns out those commands are for reading and writing to the 512 byte security sector on the HDD. So vendor specific. When the drive is erased, it puts the Sony name in the security sector along with your device's serial number and device specific key to decrypt the HDD which the encryption chip asks for like every 2 seconds whenever it wants to read or write from the drive and basically that would have to be spoofed somehow and I'm pretty stumped on how I would accomplish that. So I'm not sure if I'll be able to continue with this endeavor, maybe I could find a way to work around the encryption chip or something. I just don't really see a way I could spoof the security sector while not interfering with the HDD, especially with my limited knowledge on the IDE bus itself anyway.

Until the point where you started talking about encryption i though yeah, it should be possible with a pi, although probably not running its native OS but an RTOS. However, to do this you should achieve pretty deep knowledge in digital electronics, understand ATA standard pretty well, have a well equipped lab (oscilloscope, LA, probes, etc), to respond to commands in a timely manner. PIO mode is pretty straightforward but things get complicated when DMA comes in...
pi pico has too few IOs for this task imo.
With the encryption in the picture this whole thing just collapses, at least if you don't have the cleartext data available... This probably can be shucked from a working device with some tricks, but far from something beside sunday afternoon tea.

pepe

_________________
Adatmentés - Data recovery