All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 74 posts ]  Go to page 1, 2, 3, 4  Next
Author Message
 Post subject: ATA password bypassing
PostPosted: May 16th, 2009, 9:43 
Offline

Joined: May 16th, 2009, 9:32
Posts: 325
Location: UNited Kingdom
Hello everyone

What is the latest status with 'bypassing' ATA passwords ?

I was following progress in this area approx 3 years ago
especially as XBOX(v1) 5GB harddrives were locked via the ATA password
and there were many debates about any way to unlock if you didnt have the xbox main board eeprom with the password etc

At the time no one had found a way to bypass it, even trying live swapping of hdd electronic boards

The ATA password is probably on the reserved (manufactuerer system) area of the disk
rather than on eeprom on the electronics
so if you could fool the electronics into thinking it had unlocked it (from a known platter) mighht be able to switch to a target (locked) platter and read off the user sectors
etc

Or some way to zap or shortciruit the logic on the controller board to force unlocking

So, any developments in this area

Thanks


Top
 Profile  
 
 Post subject: Re: ATA password bypassing
PostPosted: May 16th, 2009, 9:54 
Offline

Joined: July 18th, 2006, 3:05
Posts: 7474
Location: ITALY
So, you came into the HDDGURU forum for what reason ? :mrgreen:


Top
 Profile  
 
 Post subject: Re: ATA password bypassing
PostPosted: May 16th, 2009, 10:11 
Offline

Joined: August 12th, 2008, 13:11
Posts: 3235
Location: USA
It is completely doable and no, it doesn't involve the PCB in any way.

_________________
You don't have to backup all of your files, just the ones you want to keep.


Top
 Profile  
 
 Post subject: Re: ATA password bypassing
PostPosted: May 16th, 2009, 10:32 
Offline

Joined: July 18th, 2006, 3:05
Posts: 7474
Location: ITALY
It's like HEART bypass... some people are good at doing it, some other not :mrgreen:


Top
 Profile  
 
 Post subject: Re: ATA password bypassing
PostPosted: May 16th, 2009, 11:27 
Offline

Joined: July 18th, 2006, 3:05
Posts: 7474
Location: ITALY
Me too. And on Fujitsu, Samsung, Excelstor, Hitachi and so on... :mrgreen:


Top
 Profile  
 
 Post subject: Re: ATA password bypassing
PostPosted: May 16th, 2009, 11:54 
Offline

Joined: August 12th, 2008, 13:11
Posts: 3235
Location: USA
Getting back to the topic, there have been multiple posts about it here. I'm sure if OP was really interested he could turn something up.

_________________
You don't have to backup all of your files, just the ones you want to keep.


Top
 Profile  
 
 Post subject: Re: ATA password bypassing
PostPosted: May 16th, 2009, 13:48 
Offline

Joined: May 16th, 2009, 9:32
Posts: 325
Location: UNited Kingdom
Thanks for the tips

No particular reason, other than I've been watching some of the myharddrivedied videos on youtube
(and I used to do that sort of thing a few years back)
and he mentioned the mhdd program
and it reminded me of this topic
and I wondered if there had been any progress on it.
Sounds like there has, but your all being a bit secretive about it :-)
although of course the techniques must be very specific to specific drives and firmware revisions


Top
 Profile  
 
 Post subject: Re: ATA password bypassing
PostPosted: May 16th, 2009, 14:01 
Offline

Joined: May 16th, 2009, 9:32
Posts: 325
Location: UNited Kingdom
The PC3000 sofware (and interface card) looks very interesting...
Does it need the dedicated IF board or will it run or partially run with a standard ide/ata controller ?


Top
 Profile  
 
 Post subject: Re: ATA password bypassing
PostPosted: May 16th, 2009, 14:27 
Offline

Joined: May 12th, 2009, 4:42
Posts: 12
Location: Malaysia
@Spildit,

I need to ask your opinion about something that bothers me.
At the company I am working, we have a lot of mini drives (My Passport Essential).

When our people securely disconect the drive, the led remains on and can not figure out if the drive still works or not, because by its nature it does not make any noise.
How can i confirm that the heads are parked securely?
Are there any windows utilities (hdparm -Y) that can help?

Any comments, propositions?
Eleana


Top
 Profile  
 
 Post subject: Re: ATA password bypassing
PostPosted: May 16th, 2009, 14:47 
Offline

Joined: July 18th, 2006, 3:05
Posts: 7474
Location: ITALY
No, pc3000 is card +sw.


Top
 Profile  
 
 Post subject: Re: ATA password bypassing
PostPosted: May 18th, 2009, 7:32 
Offline

Joined: May 16th, 2009, 9:32
Posts: 325
Location: UNited Kingdom
Hello, me again

Will these techiniques also work in the Maximum security mode where it needs the User password and ignores the Master password.
Or in the lower 'high security' mode if the Master password had been changed

Or can we do a SECURITY ERASE PREPARE immediately followed by SECURITY ERASE UNIT but physically cut the write signal to the heads
-- but then it cant upda the SA, but might leave the firmware thinking its unlocked ?

Supplemental Q
Will mhdd or something similiar let me see the raw hex of the IDENTIFY response
or fully decide the words and bits
(else I'll have to breakin and see the raw data)

Thanks again
PS Of course I mean getting to the data rather than just reusing the drive


Top
 Profile  
 
 Post subject: Re: ATA password bypassing
PostPosted: May 19th, 2009, 14:54 
Offline

Joined: May 16th, 2009, 9:32
Posts: 325
Location: UNited Kingdom
Well I finally dug out my old, locked, xbox WD 8GB drive (WD80EB)
and fired it up with MHDD
MHDD says PWD (ie locked)
Security: MAX, ON
Max = need unique and currently unknown user password only
as opposed to the other possibility of HIGH where either the Master or User password can be used, and the Master may or may not be the factory default

So I guess there is no way to unlock it, to get to any data
(I dont have the user password)
without something like a PC3000

Note - I dont need the data or the drive really, this is just for testing of if it was possible

I'll probably force erase the drive (which should be poosible)
so that I can use it to play with setting Master and User passwords

Any maybe some kind person will give any tip of any other possible method
(shorting of other jumper pins etc)
although that will be specific to this drive
and wont help me in the future if I ever get a real, important, locked drive to look at
(my friends are always asking me to recover corrupt partition tables etc)


Top
 Profile  
 
 Post subject: Re: ATA password bypassing
PostPosted: May 19th, 2009, 15:04 
Offline

Joined: May 16th, 2009, 9:32
Posts: 325
Location: UNited Kingdom
And looks like a cant do an erase in MAX security mode (from MHDD)

ie cant send a SECURITY ERASE PREPARE command, immediately followed by SECURITY ERASE UNIT

or maybe I've overlooked how to do it from MHDD


Top
 Profile  
 
 Post subject: Re: ATA password bypassing
PostPosted: May 19th, 2009, 15:27 
Offline

Joined: May 16th, 2009, 9:32
Posts: 325
Location: UNited Kingdom
Wow, thanks
I'll give that a try

Now that is the sort of friendly interaction and helpful advise I was expecting on here


I've also dug out another old drive
Maxtor 6L040L2
that supports ATA passwords

Shows Security: high, Off

I am able to set and remove user passwords
Can't seem to unlock with a Master password, but then I don't have the Master password (and cant seem to find it on the web etc)

And looks like I was wrong in that it in not possible (or not easily possible) to change the default Master password

Not that the Master password helps you when in Max mode


Top
 Profile  
 
 Post subject: Re: ATA password bypassing
PostPosted: May 19th, 2009, 15:39 
Offline

Joined: May 16th, 2009, 9:32
Posts: 325
Location: UNited Kingdom
Sorry one more question
(I want this thread to be the definitive ATA Password thread)

In MHDD with my Maxtor drive Security: high, OFF
is there a way to put it in MAX security mode ?


Top
 Profile  
 
 Post subject: Re: ATA password bypassing
PostPosted: May 19th, 2009, 17:00 
Offline

Joined: May 16th, 2009, 9:32
Posts: 325
Location: UNited Kingdom
THis is what the end of the 42.bin of my WD drive gives

00000390 00 00 00 00 00 00 00 00-57 44 43 57 44 43 57 44 *........WDCWDCWD*
000003A0 43 57 44 43 57 44 43 57-44 43 57 44 43 57 44 43 *CWDCWDCWDCWDCWDC*
000003B0 57 44 43 57 44 43 57 44-A9 4A D6 A8 31 9D 6B 3A *WDCWDCWD.J..1.k:*
000003C0 93 D1 13 9D 15 0F 55 B8-CF 89 D4 96 00 00 00 00 *......U.........*
000003D0 00 00 00 00 00 00 00 00-57 44 43 20 57 44 38 30 *........WDC WD80*
000003E0 45 42 2D 32 38 43 47 48-31 20 20 20 20 20 20 20 *EB-28CGH1 *
000003F0 20 20 20 20 20 20 20 20-20 20 20 20 20 20 20 20 * *

(the *'s are from my hex editor)
Shows the default master password
Then 32bytes of hex (could be the user password, but not in a user enterable form)
Then the details of the WDC WD80EB drive

or have I missed something ?

Since it was locked by an xbox 'bios', I guess the random password it used doesnt have to be ascii ?

Thanks


Top
 Profile  
 
 Post subject: Re: ATA password bypassing
PostPosted: May 19th, 2009, 17:41 
Offline

Joined: August 12th, 2008, 13:11
Posts: 3235
Location: USA
xsoliman wrote:
THis is what the end of the 42.bin of my WD drive gives

or have I missed something ?


Try writing your own password to it and seeing what changes.

_________________
You don't have to backup all of your files, just the ones you want to keep.


Top
 Profile  
 
 Post subject: Re: ATA password bypassing
PostPosted: May 19th, 2009, 18:48 
Offline

Joined: May 16th, 2009, 9:32
Posts: 325
Location: UNited Kingdom
Thanks for all the really useful info

I assume the '42' is a refernce to some particular SA block
although theres no $2a in the command sequence

If I modified the 42.bin file, is there a command sequence to write it back to the same place on the disk !
I'm sure there is, but not sure if you would be willing to share it ?

Hopefully this block isnt checksummed

Similarly I'd really like to know what the cmd codes do
eg which is the rd cmd and which specifies the SA block or -ve track etc
(and the info isn't too valuable as these 5GB drives are ancient, unless it works on all WD drives ...)
In fact youve already said that
$00 $02 $00 $00 $0F $E0 $21
is the bit that specifies the block to read

ANd good luck with your Seagate work.


Top
 Profile  
 
 Post subject: Re: ATA password bypassing
PostPosted: May 20th, 2009, 15:13 
Offline

Joined: May 16th, 2009, 9:32
Posts: 325
Location: UNited Kingdom
Thanks yet again

After the wdc_super_on ($57 $44 $43 $00 $00 $a0 $8a)
I can then successfully read some sectors, but not all

Doing an F4 scan I get the following
(where M is a grey block of varying intensity ie a 255 sector block read ok)

MAMxMxMAMx
----> further on
same
further on
similar
further on - all reads ok (from about 24% into the 5GB drive)

is this expected ?
I haven't actually looked at the raw data in the readable blocks yet


Also my WD80EB has started staying BUSY for long periods after a 'spark' when plugging in to a live system
(thought I'd totally fried it at first)

In fact its stopped responding now and F4 gives me clicking .... as does power cycling it.
Looks like I'll have to get another disk for experiments


This is the most hacking fun I've had for many a month :-)


Top
 Profile  
 
 Post subject: Re: ATA password bypassing
PostPosted: June 11th, 2009, 23:09 
Offline

Joined: June 9th, 2009, 15:38
Posts: 5
Location: new york
Spildit,
hey i been searching to unlock a maxtor
the ata password tool shows this
maxtor 6y230p0

rev yar41bw0

ata password tool v1.1
shows plus signs under
S, E, L, F, X, V
+ + + - - h

i wanted to know if its possible for me to unlock the drive? thanks and sorry to bother you but you wrote in a few topics to pm you to unlock a specific drive if you could help me out let me know.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 74 posts ]  Go to page 1, 2, 3, 4  Next

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: Bing [Bot], F Alom, Google [Bot] and 75 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group