Main » Forums home » Flash storage, SSD

All times are UTC - 5 hours [ DST ]



Post new topic Reply to topic  Page 3 of 3
  [ 56 posts ]  Go to page Previous  1, 2, 3
  Print view Previous topic | Next topic 
Author Message
blunden
 Post subject: Re: Unlocking ATA Password of PM863a SSD possible?
PostPosted: August 19th, 2023, 13:46 
Offline

Joined: February 7th, 2020, 17:30
Posts: 21
Location: Sweden
Success! :D

Since I couldn't get the drive detected in Safe Mode no matter what I did, I decided to try if the other method of shorting the pin on the MP5505 worked without SATA hotplug fully working. Sure enough, by first hotplugging the drive in the normal (password locked) mode in order to figure out what port I needed to manually trigger a scan for, I immediately saw it disconnect once I shorted the pin. I then simply had to tell the OS to scan the port a few times for the drive to show up in ERRORMOD:

Code:
[  676.591949] ata4: SATA link down (SStatus 0 SControl 300)
[  685.182175] ata4: limiting SATA link speed to 1.5 Gbps
[  685.657500] ata4: SATA link up 1.5 Gbps (SStatus 113 SControl 310)
[  685.657827] ata4.00: HPA detected: current 1965352, native 1965353
[  685.657831] ata4.00: ATA-9: SAMSUNG MZ7LM3T8HMLP-00005, ERRORMOD, max UDMA/133
[  685.657959] ata4.00: Read log 0x00 page 0x00 failed, Emask 0x1
[  685.657964] ata4.00: NCQ Send/Recv Log not supported
[  685.657965] ata4.00: 1965352 sectors, multi 16: LBA48 NCQ (depth 32), AA
[  685.658541] ata4.00: Read log 0x00 page 0x00 failed, Emask 0x1
[  685.658545] ata4.00: NCQ Send/Recv Log not supported
[  685.658548] ata4.00: configured for UDMA/133
[  685.668699] scsi 3:0:0:0: Direct-Access     ATA      SAMSUNG MZ7LM3T8 RMOD PQ: 0 ANSI: 5
[  685.669078] sd 3:0:0:0: Attached scsi generic sg3 type 0
[  685.669128] sd 3:0:0:0: [sdd] 1965352 512-byte logical blocks: (1.01 GB/960 MiB)
[  685.669135] sd 3:0:0:0: [sdd] Write Protect is off
[  685.669136] sd 3:0:0:0: [sdd] Mode Sense: 00 3a 00 00
[  685.669143] sd 3:0:0:0: [sdd] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
[  685.669153] sd 3:0:0:0: [sdd] Preferred minimum I/O size 512 bytes
[  685.705793] sd 3:0:0:0: [sdd] Attached SCSI removable disk


The command to trigger a scan (where host3 was the correct bus/port in my case):

Code:
echo "0 0 0" | sudo tee /sys/class/scsi_host/host3/scan


This was the output from hdparm -I /dev/sdd when in ERRORMOD for anyone curious:

Code:
ATA device, with non-removable media
   Model Number:       SAMSUNG MZ7LM3T8HMLP-00005             
   Serial Number:      S2TYNX0HC02476     
   Firmware Revision:  ERRORMOD
   Transport:          Serial, ATA8-AST, SATA 1.0a, SATA II Extensions, SATA Rev 2.5, SATA Rev 2.6, SATA Rev 3.0
Standards:
   Used: unknown (minor revision code 0x0039)
   Supported: 9 8 7 6 5
   Likely used: 9
Configuration:
   Logical      max   current
   cylinders   1949   1949
   heads      16   16
   sectors/track   63   63
   --
   CHS current addressable sectors:     1964592
   LBA    user addressable sectors:     1965352
   LBA48  user addressable sectors:     1965352
SG_IO: bad/missing sense data, sb[]:  70 00 05 00 00 00 00 0a 04 51 e0 01 21 04 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
   Logical  Sector size:                   512 bytes
   Physical Sector size:                   512 bytes
   Logical Sector-0 offset:                  0 bytes
   device size with M = 1024*1024:         959 MBytes
   device size with M = 1000*1000:        1006 MBytes (1 GB)
   cache/buffer size  = unknown
   Form Factor: 2.5 inch
   Nominal Media Rotation Rate: Solid State Device
Capabilities:
   LBA, IORDY(can be disabled)
   Queue depth: 32
   Standby timer values: spec'd by Standard, no device specific minimum
   R/W multiple sector transfer: Max = 16   Current = 16
   Advanced power management level: disabled
   DMA: mdma0 mdma1 mdma2 udma0 udma1 udma2 udma3 udma4 udma5 *udma6
        Cycle time: min=120ns recommended=120ns
   PIO: pio0 pio1 pio2 pio3 pio4
        Cycle time: no flow control=120ns  IORDY flow control=120ns
Commands/features:
   Enabled   Supported:
      *   SMART feature set
          Security Mode feature set
      *   Power Management feature set
      *   Write cache
      *   Look-ahead
      *   Host Protected Area feature set
      *   WRITE_BUFFER command
      *   READ_BUFFER command
      *   NOP cmd
      *   DOWNLOAD_MICROCODE
          Advanced Power Management feature set
          Power-Up In Standby feature set
          SET_MAX security extension
      *   48-bit Address feature set
      *   Device Configuration Overlay feature set
      *   Mandatory FLUSH_CACHE
      *   FLUSH_CACHE_EXT
      *   SMART error logging
      *   SMART self-test
      *   General Purpose Logging feature set
      *   WRITE_{DMA|MULTIPLE}_FUA_EXT
      *   64-bit World wide name
          Write-Read-Verify feature set
      *   WRITE_UNCORRECTABLE_EXT command
      *   {READ,WRITE}_DMA_EXT_GPL commands
      *   Segmented DOWNLOAD_MICROCODE
          unknown 119[7]
      *   Gen1 signaling speed (1.5Gb/s)
      *   Gen2 signaling speed (3.0Gb/s)
      *   Gen3 signaling speed (6.0Gb/s)
      *   Native Command Queueing (NCQ)
      *   Phy event counters
      *   READ_LOG_DMA_EXT equivalent to READ_LOG_EXT
          DMA Setup Auto-Activate optimization
      *   Asynchronous notification (eg. media change)
      *   Software settings preservation
      *   SMART Command Transport (SCT) feature set
      *   SCT Write Same (AC2)
      *   SCT Error Recovery Control (AC3)
      *   SCT Features Control (AC4)
      *   SCT Data Tables (AC5)
      *   SANITIZE_ANTIFREEZE_LOCK_EXT command
      *   SANITIZE feature set
      *   CRYPTO_SCRAMBLE_EXT command
      *   BLOCK_ERASE_EXT command
      *   Device encrypts all user data
      *   DOWNLOAD MICROCODE DMA command
      *   SET MAX SETPASSWORD/UNLOCK DMA commands
      *   WRITE BUFFER DMA command
      *   READ BUFFER DMA command
      *   Data Set Management TRIM supported (limit 8 blocks)
      *   Deterministic read ZEROs after TRIM
Security:
   Master password revision code = 65534
      supported
   not   enabled
   not   locked
   not   frozen
   not   expired: security count
      supported: enhanced erase
   32min for SECURITY ERASE UNIT. 32min for ENHANCED SECURITY ERASE UNIT.
Logical Unit WWN Device Identifier: 5002538c404b440e
   NAA      : 5
   IEEE OUI   : 002538
   Unique ID   : c404b440e
Checksum: correct


I decided to go the secure erase route, instead of using the Samsung Magician DC tool. I also decided to update the firmware to from GXT5204Q to GXT5404Q as well via hdparm. After a second secure erase, as suggested on another forum after updating the firmware of the drive in this way, the drive now seems to work perfectly fine. :)

Curiously, it no longer shows up in the Samsung Magician DC 1.0 and 2.0 tools (even after adding the file /usr/local/Magician/AnyOemSupport.xml) despite the drive seemingly behaving normally and showing up like it should in hdparm etc. I know that it showed up in Samsung Magician DC 2.1 in the past.
Top
 Profile  
 
blunden
 Post subject: Re: Unlocking ATA Password of PM863a SSD possible?
PostPosted: August 26th, 2023, 12:29 
Offline

Joined: February 7th, 2020, 17:30
Posts: 21
Location: Sweden
I'm not sure if the drive simply needed another power cycle or something, but it now shows up fine in Samsung's Magician DC 2.0 again. :)

Now I'm pondering whether I should update the firmware on the other PM863a drive that I own as well. I just need to figure out whether that is likely to wipe the data on the drive or not. Presumably it doesn't, but it would be nice to know beforehand. While I do have an offsite backup of the important data on the drive, pulling multiple TB over the internet and restoring everything would still be pretty time consuming. :D

Btw. I want to thank all of you who participated in finding a solution in this thread. :)
Top
 Profile  
 
danielkovacs
 Post subject: Re: Unlocking ATA Password of PM863a SSD possible?
PostPosted: December 7th, 2023, 15:43 
Offline

Joined: December 7th, 2023, 15:39
Posts: 3
Location: Hungary
Is this method works for PM883 too? I tried to find temperature sensor or power loss protection IC in the PCB. I typed to google what I can read from the top of the ICs but no result found :(
I have a 3.84TB with non default master password :(
Top
 Profile  
 
fzabkar
 Post subject: Re: Unlocking ATA Password of PM863a SSD possible?
PostPosted: December 7th, 2023, 16:26 
Offline
User avatar

Joined: September 8th, 2009, 18:21
Posts: 15538
Location: Australia
danielkovacs wrote:
Is this method works for PM883 too? I tried to find temperature sensor or power loss protection IC in the PCB.

Upload detailed photos of each side.

_________________
A backup a day keeps DR away.
Top
 Profile  
 
fzabkar
 Post subject: Re: Unlocking ATA Password of PM863a SSD possible?
PostPosted: December 7th, 2023, 17:09 
Offline
User avatar

Joined: September 8th, 2009, 18:21
Posts: 15538
Location: Australia
@danielkovacs, does your PCB look like this?

https://www.techpowerup.com/ssd-specs/samsung-883-dct-960-gb.d1266

https://tpucdn.com/ssd-specs/images/d/1266-pcb-back.jpg
https://tpucdn.com/ssd-specs/images/d/1266-pcb-front.jpg

I think "BPK7YG" would be involved in power loss data protection. I suspect that it's a Silergy part with a marking code of BPKxyz. Unfortunately, I can't find its datasheet.

The "ABS" part would be the temperature sensor.

MCP9844T-BE/MNY, Microchip, +/-1 degC, 1.8V Digital Temperature Sensor, marking ABS, TDFN-8:
http://ww1.microchip.com/downloads/en/DeviceDoc/20005192B.pdf

_________________
A backup a day keeps DR away.
Top
 Profile  
 
danielkovacs
 Post subject: Re: Unlocking ATA Password of PM863a SSD possible?
PostPosted: December 7th, 2023, 17:41 
Offline

Joined: December 7th, 2023, 15:39
Posts: 3
Location: Hungary
fzabkar wrote:
@danielkovacs, does your PCB look like this?

https://www.techpowerup.com/ssd-specs/samsung-883-dct-960-gb.d1266

https://tpucdn.com/ssd-specs/images/d/1266-pcb-back.jpg
https://tpucdn.com/ssd-specs/images/d/1266-pcb-front.jpg

I think "BPK7YG" would be involved in power loss data protection. I suspect that it's a Silergy part with a marking code of BPKxyz. Unfortunately, I can't find its datasheet.

The "ABS" part would be the temperature sensor.

MCP9844T-BE/MNY, Microchip, +/-1 degC, 1.8V Digital Temperature Sensor, marking ABS, TDFN-8:
http://ww1.microchip.com/downloads/en/DeviceDoc/20005192B.pdf


My PCB is look like the same, only I have more NAND chip due to the higher capacity. I checked the temperature sensor pins to find which pin connected to the ground when the device was powered off. PIN1 and PIN4 are grounded.
Top
 Profile  
 
danielkovacs
 Post subject: Re: Unlocking ATA Password of PM863a SSD possible?
PostPosted: December 7th, 2023, 17:45 
Offline

Joined: December 7th, 2023, 15:39
Posts: 3
Location: Hungary
fzabkar wrote:
@danielkovacs, does your PCB look like this?

https://www.techpowerup.com/ssd-specs/samsung-883-dct-960-gb.d1266

https://tpucdn.com/ssd-specs/images/d/1266-pcb-back.jpg
https://tpucdn.com/ssd-specs/images/d/1266-pcb-front.jpg

I think "BPK7YG" would be involved in power loss data protection. I suspect that it's a Silergy part with a marking code of BPKxyz. Unfortunately, I can't find its datasheet.

The "ABS" part would be the temperature sensor.

MCP9844T-BE/MNY, Microchip, +/-1 degC, 1.8V Digital Temperature Sensor, marking ABS, TDFN-8:
http://ww1.microchip.com/downloads/en/DeviceDoc/20005192B.pdf


My PCB is the same what you linked, I have more NAND chips soldered, due to the higher capacity. Should I try to ground the temperature sensor PIN6 to get ERROMOD? I checked the pins of the temp sensor when device powered off, PIN1 and PIN4 are grounded...
Top
 Profile  
 
fzabkar
 Post subject: Re: Unlocking ATA Password of PM863a SSD possible?
PostPosted: December 8th, 2023, 16:33 
Offline
User avatar

Joined: September 8th, 2009, 18:21
Posts: 15538
Location: Australia
I don't feel comfortable with your SSD because I don't have datasheets. If you are prepared to accept any risks, you could try grounding that pin.

I would prefer to try "safe mode", but I don't know which pads are the relevant ones. There are two rows of pads at one edge of the PCB (7 + 5). These would be JTAG pads, plus some other functions. There is also an 8-way edge connector whose function I can't guess.

If someone is willing to share the safe mode test points, start with that.

_________________
A backup a day keeps DR away.
Top
 Profile  
 
fzabkar
 Post subject: Re: Unlocking ATA Password of PM863a SSD possible?
PostPosted: December 8th, 2023, 19:34 
Offline
User avatar

Joined: September 8th, 2009, 18:21
Posts: 15538
Location: Australia
I think Silergy's SYT664 IC may be a very similar chip.

Unfortunately the link to its dataheet is dead.

https://www.geckor.com/static/upload/file/20220809/1660026921692877.pdf

I did manage to download Google's text based cached versions, though.

https://webcache.googleusercontent.com/search?strip=0&q=cache:https%3A%2F%2Fwww.geckor.com%2Fstatic%2Fupload%2Ffile%2F20220809%2F1660026921692877.pdf

https://webcache.googleusercontent.com/search?strip=1&q=cache:https%3A%2F%2Fwww.geckor.com%2Fstatic%2Fupload%2Ffile%2F20220809%2F1660026921692877.pdf

_________________
A backup a day keeps DR away.
Top
 Profile  
 
fzabkar
 Post subject: Re: Unlocking ATA Password of PM863a SSD possible?
PostPosted: December 9th, 2023, 1:45 
Offline
User avatar

Joined: September 8th, 2009, 18:21
Posts: 15538
Location: Australia
Some kind fellow at eevblog.com found the datasheet:

SYT664, Silergy, High Current Over Voltage Protection Switch with High Current Bi-directional DC/DC Regulator And Capacitance Measurement, marking BJRxyz, QFN4×4-25:
https://www.visvie.com/static/upload/file/20220809/1660026921692877.pdf

This IC is compatible. The only difference appears to be in pin #8.

SGM41664, SG-Micro, Efficient I2C Power Backup Manager with High Current Bidirectional DC/DC Converterand Capacitor Measurement Capability, TQFN-4×4-25L:
https://www.visvie.com/static/upload/file/20220809/1660026640335476.pdf

https://www.visvie.com/hot/SGM41664-Replace-SYT664.html

Pin #23 is an ENAble input. We need to check whether this pin is directly connected to a supply or via a pullup resistor. To this end we need to test for continuity between ENA and each of Vbus, Vin, Vcc, Vstr and Vx. If there is no continuity, then it should be safe to ground the ENA pin. In this case, since pin #22 is PGND, it should be safe to short pins 22 and 23 together.


Attachments:
SYT664.pdf [629.82 KiB]
Downloaded 160 times
SYT664_pinout.gif
SYT664_pinout.gif [ 31.59 KiB | Viewed 22689 times ]
SYT664_block_diag.gif
SYT664_block_diag.gif [ 63.5 KiB | Viewed 22689 times ]
SYT664_enable.gif
SYT664_enable.gif [ 16.95 KiB | Viewed 22689 times ]
SYT664_schematic.gif
SYT664_schematic.gif [ 35.74 KiB | Viewed 22689 times ]
SGM41664.pdf [647.71 KiB]
Downloaded 156 times
SGM41664_app_cct.gif
SGM41664_app_cct.gif [ 19.61 KiB | Viewed 22689 times ]
SGM41664_pinout.gif
SGM41664_pinout.gif [ 20.49 KiB | Viewed 22689 times ]
Silergy_BPKxyz.jpg
Silergy_BPKxyz.jpg [ 282.09 KiB | Viewed 22689 times ]

_________________
A backup a day keeps DR away.
Top
 Profile  
 
fzabkar
 Post subject: Re: Unlocking ATA Password of PM863a SSD possible?
PostPosted: December 11th, 2023, 14:10 
Offline
User avatar

Joined: September 8th, 2009, 18:21
Posts: 15538
Location: Australia
Could anyone with an SSD that has the same 7 + 5 pads test for continuity between all the test points I have identified as possible I2C data and clock pins?


Attachments:
Temp_Sensor_I2C.jpg
Temp_Sensor_I2C.jpg [ 52.05 KiB | Viewed 21833 times ]
PMIC_I2C.jpg
PMIC_I2C.jpg [ 122.26 KiB | Viewed 21833 times ]
BPKxyz_I2C.jpg
BPKxyz_I2C.jpg [ 44.15 KiB | Viewed 21833 times ]

_________________
A backup a day keeps DR away.
Top
 Profile  
 
gold6565
 Post subject: Re: Unlocking ATA Password of PM863a SSD possible?
PostPosted: December 11th, 2023, 21:26 
Offline

Joined: February 18th, 2020, 9:35
Posts: 36
Location: Ukraina
Yes, these are SCL and SDA, when they are shorted, the disk will fall out in Error mode.
Top
 Profile  
 
arztt
 Post subject: Re: Unlocking ATA Password of PM863a SSD possible?
PostPosted: December 13th, 2023, 10:15 
Offline

Joined: October 9th, 2012, 18:37
Posts: 66
I can confirm. When I shorted these pins you marked green, my PM883 went into ERRORMOD.
Attachment:
PMIC_I2C.jpg
PMIC_I2C.jpg [ 41.59 KiB | Viewed 21641 times ]


Then just do the security erase with hdparm and the drive is back with it's capacity and unlocked.
Top
 Profile  
 
jga1982
 Post subject: Re: Unlocking ATA Password of PM863a SSD possible?
PostPosted: February 5th, 2024, 9:04 
Offline

Joined: February 5th, 2024, 5:53
Posts: 2
Location: Kyiv, Ukraine
Hi all!
I have ATA password problem with SSD Samsung PM851 MZ-7TE5120 MZ7TE512HMHP-00004.
It was be installed in to the laptop with touch ID scanner, and activated protection in BIOS. I think, BIOS set some ATA password in to the SSD. This laptop is no longer there, and I cant unlock my SSD.
This is OEM product, and Samsung didn't support it on website and in Magician application! Also i can't find firmware ext0300q.enc at the web for it.

I shorted 2 pins (red), and try run HDPARM , but this did not help solve the problem!

Standard connecting:
Code:
hdparm -I /dev/sdb
/dev/sdb:
ATA device, with non-removable media
   Model Number:       SAMSUNG MZ7TE512HMHP-00004
Serial Number:      S1RJNSAGA02581     
   Firmware Revision:  EXT0300Q
...
Security:
   Master password revision code = 2007
      supported
      enabled
      locked
   not   frozen
   not   expired: security count
      supported: enhanced erase
   Security level maximum
   2min for SECURITY ERASE UNIT. 8min for ENHANCED SECURITY ERASE UNIT.

Code:
hdparm --security-erase NULL /dev/sdb
/dev/sdb:
Issuing SECURITY_ERASE command, password="", user=user
SG_IO: bad/missing sense data, sb[]:  70 00 05 00 00 00 00 0a 04 51 40 00 21 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00


Connecting with shorted 2 pins:
Code:
hdparm -I /dev/sdb
/dev/sdb:
ATA device, with non-removable media
   Model Number:       SAMSUNG SATA SSD
Serial Number:      00000000000000     
   Firmware Revision:  ROMMEX17
...
Security:
   Master password revision code = 65534
      supported
   not   enabled
   not   locked
   not   frozen
   not   expired: security count
      supported: enhanced erase
   32min for SECURITY ERASE UNIT. 32min for ENHANCED SECURITY ERASE UNIT.

Code:
hdparm --security-erase NULL /dev/sdb
/dev/sdb:
Issuing SECURITY_ERASE command, password="", user=user
SG_IO: bad/missing sense data, sb[]:  70 00 05 00 00 00 00 0a 04 51 40 00 21 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Code:
hdparm --security-erase-enhanced NULL /dev/sdb
/dev/sdb:
Issuing SECURITY_ERASE command, password="", user=user
SG_IO: bad/missing sense data, sb[]:  70 00 05 00 00 00 00 0a 04 51 40 00 21 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00


So, you can see, result SECURITY ERASE no change with shorted 2 pins!
Maybe some of you tell me, what i do wrong?


Attachments:
IMG-20240205-WA0003.jpg
IMG-20240205-WA0003.jpg [ 312.11 KiB | Viewed 12272 times ]
IMG-20240205-WA0002.jpg
IMG-20240205-WA0002.jpg [ 269.24 KiB | Viewed 12272 times ]
IMG-20240205-WA0001.jpg
IMG-20240205-WA0001.jpg [ 191.65 KiB | Viewed 12272 times ]
Top
 Profile  
 
fzabkar
 Post subject: Re: Unlocking ATA Password of PM863a SSD possible?
PostPosted: February 5th, 2024, 13:47 
Offline
User avatar

Joined: September 8th, 2009, 18:21
Posts: 15538
Location: Australia
Try shorting the of the SCL and SDA pins of the "2B0 ACW" 8-pin IC. This is a temperature sensor. Maybe this will provoke ERRORMOD.

_________________
A backup a day keeps DR away.
Top
 Profile  
 
jga1982
 Post subject: Re: Unlocking ATA Password of PM863a SSD possible?
PostPosted: February 7th, 2024, 14:31 
Offline

Joined: February 5th, 2024, 5:53
Posts: 2
Location: Kyiv, Ukraine
shortings the of the SCL and SDA pins of the "2B0 ACW" 8-pin IC do no make any changes.
Image
Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 3 of 3
  [ 56 posts ]  Go to page Previous  1, 2, 3

Main » Forums home » Flash storage, SSD

All times are UTC - 5 hours [ DST ]

Who is online

Users browsing this forum: aumax, Tawfeek and 96 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Switch to mobile style
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group