Hard Drive Password Recovery

Here’s a guide for recovering protection passwords from ATA hard drives (translated). These passwords are stored in a special area of the hard disk that also contains the firmware for the device. Normally you can’t get at them but [Supersonic] walks us through a method used to grab the data off of a Western Digital Scorpio drive. Booting into a program called MHDD you are able to bypass the BIOS (which won’t allow you to read protected data) and directly drive the SATA or PATA controller on your motherboard. Once you’ve dumped the data it can be viewed with a HEX editor, and if you know where to look you can grab the passwords that are locking the disk.

This reminds us of some of the original Xbox hacks which used a variety of methods to unlock the stock hard disk.

23 thoughts on “Hard Drive Password Recovery

  1. Yeah, that reminds me of Xbox too. …reminds me of when I unlocked the disk, and then didn’t write down the password that it needed to be relocked with. I was told I either needed to sniff the PW from the IDE bus directly (in plaintext) or buy a mod chip. I didn’t have a logic analyzer at that point so I had to buy a mod chip.

    This also reminds me of a discussion I had with flyback, a freenode regular, on IRC recently. He was doing some data recovery for a client on a faulty HDD. Flyback was using a serial debug interface that he said was common amongst HDD’s. It sounded like you just needed to know what test points to solder to and the protocol was straightforward after that. You could do some really low level stuff with the hardware. You also got r/w access to all kinds of eeprom data. I’ll bet the password was in there. He gave me a PDF with an extensive list of serial commands, but I lost it when I had to reinstall my OS a couple weeks ago. He called it PMOS. I’m not sure what that refers to, and googling “PMOS” doesn’t bring up anything relevant. It was really interesting, and worth some digging if anyone’s into HDD tech or is technically inclined and desparate to salvage some data from a bad HDD.

  2. @naturetm

    you didnt NEED the modchip as you could have dumped the eeprom that stores the unique info about the xbox, like its hdd unlock code.

    i wonder if this tool will actually unlock already locked xbox hdds whom have been seperated from their married motherboards.

    if i pull some from the depths of the closet ill give it a shot and report back :)

    1. That site blocks us from seeing some of the WD info, sadly. Luckily, I’m working on a Fujitsu! (Hehe)

      I came across this in a search for a tool that actually works on resetting the password on/erasing a drive that got it accidentally set. I just love how laptops with one set will just go ahead and make unlocked drives protected without asking – don’t you, too? LOL, probably someone at the store ‘tested’ a laptop with it and then I bought it. It’s more fun getting it working than walking back to the store, though. I’ve learned that the Fujitsu laptop drives have pins suspiciously similar in placement to the ones on the Seagate 7200.11 drives that everyone was griping about a couple years back. Luckily, mine was unaffected by the BSY bug. :/

      BTW You should have linked to this part of your forum: http://forum.hddguru.com/hard-disk-drives-data-recovery-and-repair-f1.html

  3. So what about on Laptops??!! I have an administrative HDD password and can’t remember it. This doesn’t help me at all. I’m 15 and can’t get a visa until I’m 18 , not mailing cash for it to just come up stolen. And I want to keep my fast HDD do buying a new one is out of the question. Help?

  4. i have a very old Toshiba laptop from 2005 (its era). i need to enter the build-in User HDD passsword. but i entered it a long time ago and I have not used it since then. what can i do to get it back?

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.