Toorcon hard drive data recovery

posted Oct 1st 2006 7:11am by Will O'Brien
filed under: pcs hacks

Eliot and I caught Scott Moulton’s talk on Hacking Hard Drives for Data Recovery. You can catch his slides here – but most of the content was in the talk. It was a great walk through of hard drive technology. Some interesting points: 85% of the time, software recovery is successful. 10% of the time, replacing the controller board succeeds. So, 95% of the time you can probably recover your data fairly easily.

Scott showed off a peltier enhanced drive sled for keeping a drive cooled for optimal operation/recovery conditions. He even got into replacing drive heads. If you’ve ever gutted a drive, you’ll know how fragile those heads are. You can actually fold a postit note to keep the heads apart and tranfer an arm with heads from a donor drive to get your drive working again. The difficulty of the operations seem to increase exponentially as the number of platters increases.

Read

Comments [18]

Reader Comments

nice stuff, the presentation is pretty good

Posted at 7:52 pm on Oct 1st, 2006 by william

One word: RAID
http://www.google.com/search?q=RAID

Posted at 8:08 pm on Oct 1st, 2006 by Sam I am.

Sam, RAID would prove unhelpful if you are trying to access data someone else destroyed….

Posted at 8:38 pm on Oct 1st, 2006 by CaseyBlackburn

“85% of the time, software recovery is successful. 10% of the time, replacing the controller board succeeds. So, 95% of the time you can probably recover your data fairly easily.”

I think that actually translates to a total of 86.5% probability of recovery. If replacing the controller board works 10% of the time, it’ll only help in 10% of the 15% of the time that software recovery fails.

Posted at 8:39 pm on Oct 1st, 2006 by shawn

I have used the controller swap method before when 2 drives in my raid-5 array died within 3 days of each other.

The good thing about a raid is if you get all the drives at the same time then you don’t have to go around everywhere trying to get an identical drive.

Posted at 10:59 pm on Oct 1st, 2006 by Richard

I should have got up earlier. :-P

Posted at 1:01 am on Oct 2nd, 2006 by erik

shawn, i think you are missing something vital: if software recovery works, i’m pretty sure most people wouldn’t go ahead and replace the controller board.

so, while 95% may be a little too high, 86.5% is way too low.

Posted at 4:08 am on Oct 2nd, 2006 by terry

Terry, He understands that, so you do 10% of 15% which will give you the percentage of where replaced controller boards work. Which equals 1.5%, and then you add it to the other 85 and get 86.5%.

Posted at 6:42 am on Oct 2nd, 2006 by CaseyBlackburn

Uh…a post-it note? Those have glue on them. “Small piece of paper without ragged edges” would be a better choice.

Posted at 8:59 am on Oct 2nd, 2006 by Fred Thompson

Overall it was a good talk but he was less an expert than i expected (like most of the speakers). The way he spoke he sounded more like some random guy who has just opened up a huge number of hard drives (which i guess he was).

“[The platters] are lubricated with something they call nanotubes” with a random picture of two rows of tubes in the upper right hand corner. Not very informative there. Yay tubes!

Posted at 12:16 pm on Oct 2nd, 2006 by toorcon attendee

Shawn and CaseyBlackburn have their math right, although it’s probably a little more complex than that. For example, if you have to replace the controller and then still have to use software recovery, you only have an 8.5% chance.

Fred Thompson,
I assume that when you fold the post-it, you fold it so the glue is inside. I also assume they suggest a post-it because they’re made of pretty smooth, lint-free paper. I’ll bet origami paper or parchment paper would be good as well.

Posted at 2:51 pm on Oct 2nd, 2006 by Silver

#11 Yeah, understood, but the nanotubes lubrication pipe system isn’t even being used outside of the R&D labs at Seagate. I’m a bit surprised that he even referenced it.

Posted at 5:32 pm on Oct 2nd, 2006 by A Random Geek

the ‘presentation’ was shiteous… useless.. if whatever >80% recover w software then present some mothafugin software and compare efficacy or results not spank the monkey in 30000 shitty slides with hdd anatomy…

Posted at 5:59 pm on Oct 2nd, 2006 by my name is uhh

If this is the same guy who spoke at DEFCON then yeah, this is a guy who has opened up a bunch of drives – nothing more. That guy had NO clue that *many* drives now store firmware on the platters and no idea how to recover it. He told me to swap the log board – duh that will NOT fix the firmware issue. This problem plauges Maxtor drives alot and you’ll see the drive show up as it’s family name in BIOS. Fixable with the right software but it’s NOT cheap If you can read Russian there are warez versions out there (lol)

Posted at 7:38 pm on Oct 2nd, 2006 by BLKMGK

Not to beat a dead horse with this statistical recovery business but 86.5% is the correct figure. Here is one way of doing it (by analyzing the complete failure case):

(failure rate of software) * (failure rate of controller replacement) = failure rate

.15 * .90 = 0.135

(possibility of failure OR success) – (total failure rate) = success rate

1 – 0.135 = 0.865

The way someone already covered is also correct:

Showing that board replacemant solves 10% of the 15% software failures method:
0.10 * (1 – 0.85) + 0.85 = 0.865

Showing that software recovery solves 85% of the 90% of software failures:
0.85 * (1 – 0.10) + 0.10 = 0.865

Due to the unusual amount of constructive negative criticism I have to balance things out:

wat r we lookin @ her folks lol i meen is it just me r wat weres the hack lol o #13 ur wit me ne1 else???

Posted at 11:01 pm on Oct 3rd, 2006 by DaCapn

the way it’s written, and the way the slides had the figured listed, the 95% figure seems correct. What you guys are listing are the conditional probabilities and you don’t have to do that in this case. it is pretty straight forward, out of every 100 hd’s crashed, 85 were software fixable, while 15 were hardware problems. the 10% number is that 10% of the 100 would be the controller board.

If it were worded “10% of the remaining hd’s were the controller board” then you would be correct.

a pie chart would have made it clearer than the vertical bar graph in the slides

mmm pie. now i’m hungry

Posted at 1:24 pm on Oct 4th, 2006 by dennis

When I gave the presentation, I guess you missed the part about how I was trying to help people understand that they can do some forms of data recovery themselves and cheap and under $200 in most cases. It is not meant to be an end all to data recovery.

If we all were able to read the firmware off the platters, then we would need to be able to burn it back to the chip on a good board when we get one. If you thought I would try to whip out a rom burner or write something to bypass every manufactures firmware to plant it on the drive I think you missed the point of the talk.

By the way, I am pretty sure without help from the manufacture with SPECIAL equipment you can not read that info from the drive since the equipment that writes the Servo Info is not easily available. That would defeat the purpose of the less than $200 target of doing recoveries for youself. I have hand several hundred people email me that said my info helped them recover data they had no idea about before.

And BLKMGK – I don’t know what a LOG board is, I think you meant LOGIC BOARD……

Posted at 5:35 pm on Oct 5th, 2006 by Scott Moulton

I have been seeking a internet place similafor some time. Numerous years ago I bought a whitewings book and made some astonishing stuff. Can you please share more on this theme. Perhaps you will find some other data out there. I’ll let you know if i find anything else likewise.

Posted at 9:39 am on Mar 15th, 2009 by Airplane-OnFire123

Toorcon hard drive data recovery

Recent Posts

Reader Comments

Leave a Reply

Hacks

Resources

RSS newsfeeds

Most commented on (30 days)

Recent comments