Hard drive password recovery

Here’s a guide for recovering protection passwords from ATA hard drives (translated). These passwords are stored in a special area of the hard disk that also contains the firmware for the device. Normally you can’t get at them but [Supersonic] walks us through a method used to grab the data off of a Western Digital Scorpio drive. Booting into a program called MHDD you are able to bypass the BIOS (which won’t allow you to read protected data) and directly drive the SATA or PATA controller on your motherboard. Once you’ve dumped the data it can be viewed with a HEX editor, and if you know where to look you can grab the passwords that are locking the disk.

This reminds us of some of the original Xbox hacks which used a variety of methods to unlock the stock hard disk.

Comments

  1. Andrew Parting says:

    Oh that is painfully poorly designed(the password protection).
    Great tut though.

  2. NatureTM says:

    Yeah, that reminds me of Xbox too. …reminds me of when I unlocked the disk, and then didn’t write down the password that it needed to be relocked with. I was told I either needed to sniff the PW from the IDE bus directly (in plaintext) or buy a mod chip. I didn’t have a logic analyzer at that point so I had to buy a mod chip.

    This also reminds me of a discussion I had with flyback, a freenode regular, on IRC recently. He was doing some data recovery for a client on a faulty HDD. Flyback was using a serial debug interface that he said was common amongst HDD’s. It sounded like you just needed to know what test points to solder to and the protocol was straightforward after that. You could do some really low level stuff with the hardware. You also got r/w access to all kinds of eeprom data. I’ll bet the password was in there. He gave me a PDF with an extensive list of serial commands, but I lost it when I had to reinstall my OS a couple weeks ago. He called it PMOS. I’m not sure what that refers to, and googling “PMOS” doesn’t bring up anything relevant. It was really interesting, and worth some digging if anyone’s into HDD tech or is technically inclined and desparate to salvage some data from a bad HDD.

  3. Bill says:

    “This reminds us of some of the original Xbox hacks which used a variety of methods to unlock the stock hard disk. ”

    Totally. Man was I big into that back in the day, I still have several modded xboxes lying around collecting dust including this work of art:

    http://www.billporter.info/xbox-mod/

    I should come up with something useful to do with them.

  4. Bill says:

    and yes, it is a useless way to protect data.

  5. xuwkrm says:

    @naturetm

    you didnt NEED the modchip as you could have dumped the eeprom that stores the unique info about the xbox, like its hdd unlock code.

    i wonder if this tool will actually unlock already locked xbox hdds whom have been seperated from their married motherboards.

    if i pull some from the depths of the closet ill give it a shot and report back :)

  6. Anthony says:

    Here is the HDD Serial interface website, it has some of the commands on Seagate HDD’s..

    http://sites.google.com/site/seagatefix/

  7. The Juggernaught says:

    So if I’ve been doing this for five years, am I alone. It’s the same menu to wipe the drive using the firmware.

  8. Gdogg says:

    @Bill: Install XBMC!

    Sure, it can’t play HD video, but it’s still pretty awesome.. you can buy composite cables for, like, $8 on ebay. Makes everything look a lot better, too.

  9. andres says:

    @Gdogg

    composite cables are the crappy ones. i beleive you mean component cables (rgb)

  10. David says:

    @NatureTM I was in a similar scenario. I killed the HDD hot swapping it and couldn’t add another without first locking it with the same (unknown) key from the original.

    I found this hack (elsewhere): http://forums.afterdawn.com/thread_view.cfm/357863

    Was chuffed to bits when it worked!

  11. Bill Porter says:

    @Gdogg

    O, they all have XBMC on them, and I loved that software. But now I have a dedicated HTPC, so no need for the limited xbox.

  12. hddguy says:
    • Joe2 says:

      That site blocks us from seeing some of the WD info, sadly. Luckily, I’m working on a Fujitsu! (Hehe)

      I came across this in a search for a tool that actually works on resetting the password on/erasing a drive that got it accidentally set. I just love how laptops with one set will just go ahead and make unlocked drives protected without asking – don’t you, too? LOL, probably someone at the store ‘tested’ a laptop with it and then I bought it. It’s more fun getting it working than walking back to the store, though. I’ve learned that the Fujitsu laptop drives have pins suspiciously similar in placement to the ones on the Seagate 7200.11 drives that everyone was griping about a couple years back. Luckily, mine was unaffected by the BSY bug. :/

      BTW You should have linked to this part of your forum: http://forum.hddguru.com/hard-disk-drives-data-recovery-and-repair-f1.html

    • Joe2 says:

      oops didn’t see second link… hehe you did provide it.

  13. jason says:

    does this work on a toshiba drive?

  14. Mr TuanAnh says:

    My laptop sony vaio VPCX131KX when turn on, the screen text is “Enter Hard Disk User Password”. Although I did not set a password for drive. Help me!

  15. rick says:

    does anyone knows the master password for Hitachi sata 2.5 hard drive? need hepl… ive tried the 32 spaces but didnt work…

  16. Monique says:

    I all the time emailed this webpage post page to all my associates, as if like to read it after that my
    friends will too.

  17. Amanda says:

    So what about on Laptops??!! I have an administrative HDD password and can’t remember it. This doesn’t help me at all. I’m 15 and can’t get a visa until I’m 18 , not mailing cash for it to just come up stolen. And I want to keep my fast HDD do buying a new one is out of the question. Help?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s