Here’s a guide for recovering protection passwords from ATA hard drives (translated). These passwords are stored in a special area of the hard disk that also contains the firmware for the device. Normally you can’t get at them but [Supersonic] walks us through a method used to grab the data off of a Western Digital Scorpio drive. Booting into a program called MHDD you are able to bypass the BIOS (which won’t allow you to read protected data) and directly drive the SATA or PATA controller on your motherboard. Once you’ve dumped the data it can be viewed with a HEX editor, and if you know where to look you can grab the passwords that are locking the disk.
This reminds us of some of the original Xbox hacks which used a variety of methods to unlock the stock hard disk.
Oh that is painfully poorly designed(the password protection).
Great tut though.
Yeah, that reminds me of Xbox too. …reminds me of when I unlocked the disk, and then didn’t write down the password that it needed to be relocked with. I was told I either needed to sniff the PW from the IDE bus directly (in plaintext) or buy a mod chip. I didn’t have a logic analyzer at that point so I had to buy a mod chip.
This also reminds me of a discussion I had with flyback, a freenode regular, on IRC recently. He was doing some data recovery for a client on a faulty HDD. Flyback was using a serial debug interface that he said was common amongst HDD’s. It sounded like you just needed to know what test points to solder to and the protocol was straightforward after that. You could do some really low level stuff with the hardware. You also got r/w access to all kinds of eeprom data. I’ll bet the password was in there. He gave me a PDF with an extensive list of serial commands, but I lost it when I had to reinstall my OS a couple weeks ago. He called it PMOS. I’m not sure what that refers to, and googling “PMOS” doesn’t bring up anything relevant. It was really interesting, and worth some digging if anyone’s into HDD tech or is technically inclined and desparate to salvage some data from a bad HDD.
TMOS, actually. Don’t say I never deliver! Look here:
http://forum.hddguru.com/seagate-tmos-command-set-t188.html
“This reminds us of some of the original Xbox hacks which used a variety of methods to unlock the stock hard disk. ”
Totally. Man was I big into that back in the day, I still have several modded xboxes lying around collecting dust including this work of art:
http://www.billporter.info/xbox-mod/
I should come up with something useful to do with them.
and yes, it is a useless way to protect data.
@naturetm
you didnt NEED the modchip as you could have dumped the eeprom that stores the unique info about the xbox, like its hdd unlock code.
i wonder if this tool will actually unlock already locked xbox hdds whom have been seperated from their married motherboards.
if i pull some from the depths of the closet ill give it a shot and report back :)
Here is the HDD Serial interface website, it has some of the commands on Seagate HDD’s..
http://sites.google.com/site/seagatefix/
So if I’ve been doing this for five years, am I alone. It’s the same menu to wipe the drive using the firmware.
@Bill: Install XBMC!
Sure, it can’t play HD video, but it’s still pretty awesome.. you can buy composite cables for, like, $8 on ebay. Makes everything look a lot better, too.
@Gdogg
composite cables are the crappy ones. i beleive you mean component cables (rgb)
@NatureTM I was in a similar scenario. I killed the HDD hot swapping it and couldn’t add another without first locking it with the same (unknown) key from the original.
I found this hack (elsewhere): http://forums.afterdawn.com/thread_view.cfm/357863
Was chuffed to bits when it worked!
@Gdogg
O, they all have XBMC on them, and I loved that software. But now I have a dedicated HTPC, so no need for the limited xbox.
This guy should give credit where credit is due!
http://yura.projektas.lt/files/wd/royl_mhdd.html
http://forum.hddguru.com/unlocking-ata-password-for-western-digital-t8374-20.html#p69316
That site blocks us from seeing some of the WD info, sadly. Luckily, I’m working on a Fujitsu! (Hehe)
I came across this in a search for a tool that actually works on resetting the password on/erasing a drive that got it accidentally set. I just love how laptops with one set will just go ahead and make unlocked drives protected without asking – don’t you, too? LOL, probably someone at the store ‘tested’ a laptop with it and then I bought it. It’s more fun getting it working than walking back to the store, though. I’ve learned that the Fujitsu laptop drives have pins suspiciously similar in placement to the ones on the Seagate 7200.11 drives that everyone was griping about a couple years back. Luckily, mine was unaffected by the BSY bug. :/
BTW You should have linked to this part of your forum: http://forum.hddguru.com/hard-disk-drives-data-recovery-and-repair-f1.html
oops didn’t see second link… hehe you did provide it.
does this work on a toshiba drive?
My laptop sony vaio VPCX131KX when turn on, the screen text is “Enter Hard Disk User Password”. Although I did not set a password for drive. Help me!
My hard disk is sandisk pssd 64GB. Please help me! Thanks so much
does anyone knows the master password for Hitachi sata 2.5 hard drive? need hepl… ive tried the 32 spaces but didnt work…
I all the time emailed this webpage post page to all my associates, as if like to read it after that my
friends will too.
So what about on Laptops??!! I have an administrative HDD password and can’t remember it. This doesn’t help me at all. I’m 15 and can’t get a visa until I’m 18 , not mailing cash for it to just come up stolen. And I want to keep my fast HDD do buying a new one is out of the question. Help?
That depends on what you are trying to do. Is the PW on a HDD? Is the PW on a user account?
i have a very old Toshiba laptop from 2005 (its era). i need to enter the build-in User HDD passsword. but i entered it a long time ago and I have not used it since then. what can i do to get it back?