Tools for hard drive diagnostics, repair, and data recovery
Post a reply

MHDD script dump all HPA/SA

April 9th, 2015, 11:28

Good evening-

I don't even know for certain if I'm asking this the correct way, but I'd like to know either the right search terms to use (because googling for the above title doesn't help) or a poke in the right direction for accomplishing the task.

I'd like to get a dump of all the HPA sectors that I can off of a Western Digital drive. I don't need to recover a password, (but i'm going to use that script too to see what I see). The drive in question is one of the Smartware ones that is currently locked with a known password, if that is relevant.

Thanks in advance for any direction anyone can provide. I'm still reading through many of the forums and will be doing so while on travel next week.

~J

Re: MHDD script dump all HPA/SA

April 9th, 2015, 12:14

purduephotog wrote:Good evening-

I don't even know for certain if I'm asking this the correct way, but I'd like to know either the right search terms to use (because googling for the above title doesn't help) or a poke in the right direction for accomplishing the task.

I'd like to get a dump of all the HPA sectors that I can off of a Western Digital drive. I don't need to recover a password, (but i'm going to use that script too to see what I see). The drive in question is one of the Smartware ones that is currently locked with a known password, if that is relevant.

Thanks in advance for any direction anyone can provide. I'm still reading through many of the forums and will be doing so while on travel next week.

~J


i don't think you can access SA on a smartware locked drive.
am also interested to know if it is possible, even with tools like pc3k.
may be some respected member will through light on this.

Re: MHDD script dump all HPA/SA

April 9th, 2015, 14:29

Try it for yourself.
Get a SATA drive locked with smartware and use the SeDiv DEMO to READ all the modules of SA.
If it reads then it's ok, if not .... to bad !

http://www.hddoracle.com/viewtopic.php?f=84&t=31

SeDiv DEMO is able to read SA on WD drives.
To write back to the drive you need to buy it.

Re: MHDD script dump all HPA/SA

April 9th, 2015, 16:40

I must not be searching for the correct scripts- MHDD and scripts hasn't worked too well to help me dump the contents of the HPA areas on the disk.

Re: MHDD script dump all HPA/SA

April 9th, 2015, 16:47

Are you talking about a native USB drive rather than a SATA drive?

Re: MHDD script dump all HPA/SA

April 9th, 2015, 17:05

purduephotog wrote:I must not be searching for the correct scripts- MHDD and scripts hasn't worked too well to help me dump the contents of the HPA areas on the disk.


What do you mean by "dump the content of HPA areas" ?

HPA is just a host protected area, or a "limitation" of LBA that can be accessed-

Example :

Drive with total LBA from 0 to 1000 you place HPA from 0 to 900 and then you can't access from 901 to 1000 as the drive will ID as a 0-900 LBA drive and you can't issue reads or read long or whatever unless you remove HPA or temporarly set HPA to total size, etc ... This doesn't have anything to do with ATA passwords or Modules of firmware.

HPA testing, cliping with jumper, etc :

http://www.hddoracle.com/viewtopic.php?f=24&t=1218

If you want to retrieve MODULES from WD drives use SeDiv, WDR, WDMarvell, etc .....

If you want to use the password script for WD that was posted on the forum on the famous WD very long thread and you want to read MORE sectors from the module (MHDD scrip just reads one sector) just add :

Code:
regs = $d5 $01 $bf $4f $c2 $a0 $b0
waitnbsy
checkdrq
sectorsto = 23.bin


for example to the script ... where 23.bin would be the output of the next sector of the module :

example to read 3 SECTORS of module 02 on WD Marvell drive :

Code:
;script name: read md
;reads md 02 on WD marwell drives
;
reset
waitnbsy

regs = $45 $0b $00 $44 $57 $a0 $80
waitnbsy

regs = $d6 $01 $be $4f $c2 $a0 $b0
waitnbsy
checkdrq
sectorsfrom = cs.bin

regs = $d5 $01 $bf $4f $c2 $a0 $b0
waitnbsy
checkdrq
sectorsto = 21.bin

regs = $d5 $01 $bf $4f $c2 $a0 $b0
waitnbsy
checkdrq
sectorsto = 22.bin

regs = $d5 $01 $bf $4f $c2 $a0 $b0
waitnbsy
checkdrq
sectorsto = 23.bin

; end


to read 4 sectors add extra line :

Code:
regs = $d5 $01 $bf $4f $c2 $a0 $b0
waitnbsy
checkdrq
sectorsto = 24.bin


and so on .....

Re: MHDD script dump all HPA/SA

April 9th, 2015, 17:07

This is a MUST READ about security ATA passwords and security erase at ATA I/O direct drive access level :

http://www.hddoracle.com/viewtopic.php?f=59&t=1214

This is about ATA passwords only, NOT SMARTWARE.

I also don't know if the SMARTWARE will block SA access on ALL WD DRIVES, but i don't think so.

Also i'm assuming that the drive is connected by SATA (NOT USB !!!!)

Posted MHDD scripts might NOT WORK with USB connected drive. You will need SATA/IDE connection

Re: MHDD script dump all HPA/SA

April 9th, 2015, 17:25

ISTM that purduephotog may be confusing the Host Protected Area with that area of the drive that is hidden from the user by the bridge firmware, ie the area which is occupied by the SmartWare VCD and key sector, etc.

I don't know what kind of access is possible when a SmartWare password is active, but I would start by trying to retrieve the drive's Identify Device information and SMART report with a tool such as HD Sentinel. HD Sentinel attempts to communicate with the drive behind the bridge.

AFAIK, it's not possible to access the HDD via USB with MHDD, but there is a new hddscripttool by maximus which can do this, at least in the case where there is no password. It makes use of ATA pass-through commands and can retrieve the SA contents. You might like to ask the author whether the tool can see the VCD area.

viewtopic.php?f=7&t=30601
http://www.hddoracle.com/viewtopic.php?f=22&t=1162

Re: MHDD script dump all HPA/SA

April 9th, 2015, 22:03

Thank you all.

I can watch a locked drive unlock with a simple iokernel32 write which sends apparently 32 bytes... Might be a key. Messing with said bytes prevents the drive from unlocking. Overwriting those bytes in memory with the right ones opens the drive.

Those bytes remain the same thru various iterations but I have not tried reformat to see if they shift.

I'll give it some reading tomorrow. This has been the most intellectual stimulation I've had on a long time.

I'm still pissed at myself for not knowing these WD dives can self lock for no reason with a bad USB cable. I just need to redeem myself and recover 20 years of data. (3 backups, all bad. 1 to virus 1 to self lock and 1 to sudden bad sectors... Sigh.)

Re: MHDD script dump all HPA/SA

April 10th, 2015, 7:21

Small format phones make reading fun.

Yes, I did confuse the HPA and Modules. Trying to cram as much learning in as possible from the Infosec briefing and confused the two.

Off to google to find a pre-written script (or show me how to loop) LMGTFY: mhdd script module western digital

Re: MHDD script dump all HPA/SA

April 10th, 2015, 11:11

Good luck...
Post a reply