ATA_SECURE_ERASE on locked disk?

[mike.belov]

Hello,

Is there a way to secure-erase and reset the locking password on a disk? I don't need the data stored, I just need the disk.

I have a list of passwords - none of them works to unlock the disk. Another possibility is the disk came from IBM laptop, may be they salt the passwords somehow?

Any help would be appreciated.

Here is what I see on my terminal:
minty mike # hdparm -I /dev/sdb

/dev/sdb:

ATA device, with non-removable media
Model Number: HITACHI HTS725032A9A364
Serial Number: [..snip...]
Firmware Revision: PC3ZC70F
[...]
Security:
Master password revision code = 16385
supported
enabled
locked
not frozen
not expired: security count
supported: enhanced erase
Security level maximum
88min for SECURITY ERASE UNIT. 88min for ENHANCED SECURITY ERASE UNIT.
Logical Unit WWN Device Identifier: [...snip...]
NAA : 5
IEEE OUI : 000cca
Unique ID : 5b7dd36aa
Checksum: correct

 

[Yousuf Khan]

Hello,

Is there a way to secure-erase and reset the locking password on a
disk? I don't need the data stored, I just need the disk.

Is this an SSD? I've only seen secure erase implemented on SSD's so far.

I have a list of passwords - none of them works to unlock the disk.
Another possibility is the disk came from IBM laptop, may be they
salt the passwords somehow?

Any help would be appreciated.

Here is what I see on my terminal: minty mike # hdparm -I /dev/sdb

/dev/sdb:

You can't just "dd if=/dev/nul of=/dev/sdb"?

Yousuf Khan

 

[Rod Speed]

Is there a way to secure-erase and reset the locking password
on a disk? I don't need the data stored, I just need the disk.

Yes, with a true rotating disk like a 2.5" SATA drive.

Its part of the standard, normally implemented
on all 2.5" drives and many 3.5" drives.

I have a list of passwords - none of them works to unlock
the disk. Another possibility is the disk came from IBM
laptop, may be they salt the passwords somehow?

Any help would be appreciated.

Here is what I see on my terminal:
minty mike # hdparm -I /dev/sdb

/dev/sdb:

ATA device, with non-removable media
Model Number: HITACHI HTS725032A9A364
Serial Number: [..snip...]
Firmware Revision: PC3ZC70F
[...]
Security:
Master password revision code = 16385
supported
enabled
locked
not frozen
not expired: security count
supported: enhanced erase
Security level maximum
88min for SECURITY ERASE UNIT. 88min for ENHANCED SECURITY ERASE UNIT.
Logical Unit WWN Device Identifier: [...snip...]
NAA : 5
IEEE OUI : 000cca
Unique ID : 5b7dd36aa
Checksum: correct

 

[Franc Zabkar]

Is there a way to secure-erase and reset the locking password on a disk? I don't need the data stored, I just need the disk.

Here is what I see on my terminal:
minty mike # hdparm -I /dev/sdb

/dev/sdb:

ATA device, with non-removable media
Model Number: HITACHI HTS725032A9A364
Serial Number: [..snip...]
Firmware Revision: PC3ZC70F
[...]
Security:
Master password revision code = 16385

I don't believe a secure erase will work, unless you can determine the
master password. The SECURITY ERASE UNIT requires either the master or
user password before it can proceed.

According to the ATA standard ...

"If the Security feature set and the Master Password Identifier
feature are supported, then word 92 [of the Identify Device response]
contains the value of the Master Password Identifier set when the
Master Password was last changed."

If the "Master password revision code" (16385 = 0x4001) is in fact the
"Master Password Identifier", then the original value would have been
0xFFFE, in which case it appears that the master password is no longer
the factory default.

====================================================================

"Prior to first use, the Master Password Identifier shall be set to
FFFEh by the manufacturer."

====================================================================

"The intended purpose of this feature is to assist an administrator
that uses several sets of Master passwords (e.g., for use in different
deployments of devices). The administrator may maintain a mapping of
actual Master passwords and a corresponding Identifier. When an
administrator sets a Master password, the corresponding Master
Password Identifier may also be set.

When the time comes to redeploy a device for which a User password had
been set and lost, the administrator needs to know which Master
password is valid for this individual device. Since the device never
reveals the Master password but does reveal the Identifier, the
administrator may obtain a hint as to which Master password was
previously set."

====================================================================

SECURITY ERASE UNIT

a) If the Identifier bit is set to Master, then the password supplied
shall be compared with the stored Master password; or

b) If the Identifier bit is set to User, then the password supplied
shall be compared with the stored User password.

====================================================================

- Franc Zabkar