All times are UTC - 5 hours [ DST ]


Forum rules


Please do not post questions about data recovery cases here (use this forum instead). This forum is for topics on finding new ways to recover data. Accessing firmware, writing programs, reading bits off the platter, recovering data from dust...



Post new topic Reply to topic  [ 21 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: Seagate Tech Unlock Handshake Key
PostPosted: September 29th, 2021, 6:11 
Offline

Joined: September 29th, 2021, 4:25
Posts: 4
Location: Italy
Hi to all HDD Gurus,
I am wondering how to handle ROM patched Seagate DM devices.
Both PC3K and MRT can patch original ROM with one click.

Sending Unlock Key does enable SA access.

We want to handle terminal commands "out of the tools"

Question is how does work handshake command/key ?

EG. Tech Unlock Handshake: 0x0552391E

We tried some CRC 16/32 or XOR combination with no luck.
We are pretty sure CRC tables are not useful as mask.

Thank You !


Top
 Profile  
 
 Post subject: Re: Seagate Tech Unlock Handshake Key
PostPosted: September 29th, 2021, 16:46 
Offline

Joined: October 3rd, 2005, 0:40
Posts: 4311
Location: Hungary
:P :P :P

_________________
Adatmentés - Data recovery


Top
 Profile  
 
 Post subject: Re: Seagate Tech Unlock Handshake Key
PostPosted: September 29th, 2021, 17:02 
Offline
User avatar

Joined: September 8th, 2009, 18:21
Posts: 15463
Location: Australia
Start by examining the patched and unpatched ROMs with F3RomExplorer. You'll find an extra block of code which can be decompressed. It appears to contain a key or signature of some sort.

_________________
A backup a day keeps DR away.


Top
 Profile  
 
 Post subject: Re: Seagate Tech Unlock Handshake Key
PostPosted: September 29th, 2021, 17:12 
Offline

Joined: October 3rd, 2005, 0:40
Posts: 4311
Location: Hungary
unlock with the tool, then connect it to your other terminal and work with it?
I am sure i could work it out but i won't, it does sound like breaching sw licences...
(and i also have my own way to unlock these, so one more reason not to hack it)

pepe

_________________
Adatmentés - Data recovery


Top
 Profile  
 
 Post subject: Re: Seagate Tech Unlock Handshake Key
PostPosted: September 30th, 2021, 5:35 
Offline

Joined: September 29th, 2021, 4:25
Posts: 4
Location: Italy
pepe, My First Try was opening roms with F3RomExplorer. I didnt't understand anything :D .I will try to decompress extra bytes following fzabkar suggestions. Of course patching rom or enabling sa access with custom tricks would be interesting. Can you share It ( or some starting point ) ? :P


Top
 Profile  
 
 Post subject: Re: Seagate Tech Unlock Handshake Key
PostPosted: October 1st, 2021, 7:16 
Offline

Joined: October 3rd, 2005, 0:40
Posts: 4311
Location: Hungary
Why is it not a solution to unlock it in the tool you have, then attach another terminal and work with the drive freely?

pepe

_________________
Adatmentés - Data recovery


Top
 Profile  
 
 Post subject: Re: Seagate Tech Unlock Handshake Key
PostPosted: October 1st, 2021, 9:31 
Offline

Joined: September 29th, 2021, 4:25
Posts: 4
Location: Italy
pepe, Usually our PC3K Ports are all Busy of Running Tasks. It would be useful to move to other imaging workstations.
In most cases we need to reload original rom after fixing flags to read device out of the tools.
Anyway it's good learning other methods for a deeper knowledge.
I Attached 2 sample roms original + patched ( in this case we used PC3K ).


Attachments:
rosewood_a5_pc3k.zip [1005.45 KiB]
Downloaded 591 times
Top
 Profile  
 
 Post subject: Re: Seagate Tech Unlock Handshake Key
PostPosted: October 1st, 2021, 15:58 
Offline
User avatar

Joined: September 8th, 2009, 18:21
Posts: 15463
Location: Australia
In F3RomExplorer, d-click DL_BFWCTNR 0. This will bring up the next directory level.

D-click DL_BOOTFW and then d-click the second CPRS segment. This will decompress the code.

Now select File -> Save to file -> 0001EC68_File_01_unCPRS.bin

This file now contains the decompressed code.

_________________
A backup a day keeps DR away.


Top
 Profile  
 
 Post subject: Re: Seagate Tech Unlock Handshake Key
PostPosted: October 2nd, 2021, 10:00 
Offline

Joined: September 29th, 2021, 4:25
Posts: 4
Location: Italy
fzabkar, This is and excellent starting point ! I will update you on my researches results. Thank You !


Top
 Profile  
 
 Post subject: Re: Seagate Tech Unlock Handshake Key
PostPosted: January 9th, 2023, 19:24 
Offline

Joined: November 22nd, 2022, 11:13
Posts: 16
Location: Germany / Romania
Hello,

as I had few of those Rosewood drives, I would like to be able to unlock the Terminal. I have seen the differences between Original ROM and Pathed one, but unfortunatelly just for one drive.
I believe that few more pares of Original-Pathed are needed in order to get an ideea about the logic behind pathing. Am I right?


Top
 Profile  
 
 Post subject: Re: Seagate Tech Unlock Handshake Key
PostPosted: March 20th, 2023, 14:58 
Offline

Joined: February 22nd, 2023, 13:49
Posts: 65
Location: Eastern Europe
It is better to have the correct RAM dumps of the patched disk.
Than a few copies of ACE Lab dirty laundry. :)


Top
 Profile  
 
 Post subject: Re: Seagate Tech Unlock Handshake Key
PostPosted: March 22nd, 2023, 17:05 
Offline

Joined: September 17th, 2016, 16:06
Posts: 430
Location: India
Just sniff what is being sent through the UART. Also what is being sent on the UART while you click unlock button has nothing to do with the unlock key values that the terminal displays after spin up etc.(example, dont connect terminal...spin up the drive, wait for a min or 30 sec to be on safe side, then put your terminal pins and click unlock. It will unlock, so i feel the whole unlock key that the terminal displays is no more used to generate unlock response.)

Also DFL unlocked roms can accept unlock command of PC3k and vice a versa.

If my pc3000 ports are busy or if there seems a drive that requires longer imaging time, i unlock, then i simply swap sata cables to ddi to do HM. If I forget to to that, i could always parse pc3000 map to ddi map :)

Again DDI is a work horse and i can keep it on for DAYS! Marvelous engineering.


Top
 Profile  
 
 Post subject: Re: Seagate Tech Unlock Handshake Key
PostPosted: March 23rd, 2023, 4:02 
Offline

Joined: February 22nd, 2023, 13:49
Posts: 65
Location: Eastern Europe
The Ace patch code is absolutely useless without terminal activation.
Studying the activation process and who stole the technique from whom is too long a way.
It's easier to study the already unlocked working code in memory.


Top
 Profile  
 
 Post subject: Re: Seagate Tech Unlock Handshake Key
PostPosted: March 23rd, 2023, 9:24 
Offline

Joined: October 3rd, 2005, 0:40
Posts: 4311
Location: Hungary
Quote:
It's easier to study the already unlocked working code in memory.

one thing is to find what's changed and another one is to reproduce the change. Unlocking is a complex process, regardless of the fact that the result comes down to a difference of 4 bytes.
Not hard, if you know what to do when and where :)

pepe

_________________
Adatmentés - Data recovery


Top
 Profile  
 
 Post subject: Re: Seagate Tech Unlock Handshake Key
PostPosted: March 23rd, 2023, 14:16 
Offline

Joined: February 22nd, 2023, 13:49
Posts: 65
Location: Eastern Europe
Well, reverse engineering with hints will be faster.
Than searching from scratch in disassembled code.
I looked at the Ace code a few years ago. As soon as the unlocked ROMs appeared in the public.
Perhaps I would have mastered the unlock myself. But why waste time on this if you were only doing repairs.
And repairing disks over 2 TB is not time-efficient. Especially SMR... :lol:


Top
 Profile  
 
 Post subject: Re: Seagate Tech Unlock Handshake Key
PostPosted: March 23rd, 2023, 14:44 
Offline
User avatar

Joined: February 9th, 2009, 16:13
Posts: 2520
Location: Ontario, Canada
Unless it changed, I saw the ACE unlock code on my screen once and confirmed that I can type it manually. But, it is not my information to share.

_________________
Luke
Recovery Force Data Recovery


Top
 Profile  
 
 Post subject: Re: Seagate Tech Unlock Handshake Key
PostPosted: March 23rd, 2023, 16:16 
Offline

Joined: February 22nd, 2023, 13:49
Posts: 65
Location: Eastern Europe
On the screen is a code that starts decoding part of the Ace code.
And this part of the code unlocks the terminal and erase itself after.
Something like this, for a long time looked this code. Plagiarism protection.

And Ace rewrites one exception vector onto itself. Apparently, to increase the rights to access memory. If I remember correctly.


Top
 Profile  
 
 Post subject: Re: Seagate Tech Unlock Handshake Key
PostPosted: March 24th, 2023, 4:28 
Offline

Joined: October 3rd, 2005, 0:40
Posts: 4311
Location: Hungary
I estimate the complexity of understanding what their code is doing and why to be comparable to understanding the fw components and how to interfere with them, so where's the gain...
you won't understand their code without having some insight in the fw.
I unlocked these before pc3k or any other tools, i only know Doomer who was able to do it prior to that.

pepe

_________________
Adatmentés - Data recovery


Top
 Profile  
 
 Post subject: Re: Seagate Tech Unlock Handshake Key
PostPosted: March 24th, 2023, 8:08 
Offline

Joined: February 22nd, 2023, 13:49
Posts: 65
Location: Eastern Europe
To understand the work of the FW, you need to understand the work of the ARM.
After some time of the reverse of the FW, I switched to the programming of STM32.

And I am in the know how the "cslip" and "eslip" differs.
Disassemble these protocols did not make up great difficulties.
But I strongly doubt that package SG commands could be understood from the reverse of FW ...


Top
 Profile  
 
 Post subject: Re: Seagate Tech Unlock Handshake Key
PostPosted: March 24th, 2023, 18:09 
Offline

Joined: October 3rd, 2005, 0:40
Posts: 4311
Location: Hungary
commands take you nowhere if you want to unlock them... well, with one exception, which is Lombard... and a few others as far as i remember

_________________
Adatmentés - Data recovery


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 21 posts ]  Go to page 1, 2  Next

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 17 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group