Help With Locked Hard Drive

[Louis Bybee]

I have been trying to discover a workaround for accessing a Hard Drive
locked via the ATA Standard. I have copied various posts regarding my quest
below. I would really like to hear from anyone that has knowledge of the ATA
Standard Hard Drive Locking Technology, and/or has successfully unlocked a
password protected drive without knowledge of the User, or Master Password.

Thank you.

Louis--
********************************
Remove the two fish in address to respond

A friend? of mine locked the Hard Drive in my Laptop (it was his way of
"sticking it to me", and so far it's worked very well). As the boot process
begins it stops, and asks for the password. The boot sequence is set for
floppy first, but even trying to boot with a floppy wont allow progress past
the password prompt.

So far I've tried to boot to a floppy - no success - with the thought of a
Low Level Format. I've placed the drive, with an adapter, into a desktop,
and I discovered that BIOSs without a password scheme like a Laptop, reports
the drive as a "failed disk". If I place it into another Laptop it asks for
the password. I locked a different drive, placed it into the desktop, and it
reported as a "failed disk". I put it back into the Laptop, unlocked it, and
back into the desktop where it worked normally.

Further research led me to the Hard Disk ATA Standard, which allows for a
Hard Drive to be locked, and unlocked. It appears that the passwords (user,
and master) are not on the platter, but stored in a register on the
controller board. The logic sequence on boot up is to check if the drive is
locked, and if it is it wont unlock the drive until the proper command, then
the password is sent to the drive.

The ATA Standard also indicates that if you know the Master Password, it
will unlock the drive, and reset the user password to null.

I understand the need for security, but I can't help but suspect that some
clever chap has discovered a workaround short of sending the drive to a data
recovery facility, and spending thousands of $$$.

There has to be a way of probing the register in question, and reading the
data necessary to unlock the drive.

I can buy a new drive for my Laptop, but I guess the challenge of overcoming
situation is too much to pass up.

Any suggestions, Web Sites, other news groups, or assistance would be
appreciated!!


The Laptop is functional with a different Hard Drive (I am currently using
the unit). The value of the locked Hard Drive isn't worth the effort. It's
the frustration of not having access to the Hard Drive, and the opportunity
to learn something that is driving me at this point.


The machine in question is an older IBM Thinkpad Laptop. I am currently
using it with a new Hard Drive. The old drive is locked (he locked the drive
only), and that's what I'm trying to get into. The drive itself isn't worth
any time or expense, but I am determined to learn how to gain access to it.
IBM at their Web Site, and the local service center, indicated there is
nothing they could do for me.

I am convinced that accessing my drive is possible if I get the proper
information. I have received a few suggestions that make me believe I'm well
on the way to success!

I have discovered the user, and master password, are resident in the
firmware of the drive controller. When the drive is accessed as part of the
boot process (regardless if it is a master, or slave) if the drive is
locked, and the password hasn't been entered, the drive returns a signal
that most systems without a Hard Drive password routine interpret as a
failed drive.

It would be interesting to see if the drive password register could be
probed to revel the contained data.

I know some method is possible as evidenced by the specialty firms that will
unlock a Hard Drive. Just take a wheel barrow full of money with you! :-]


I have confirmed that per the ATA Standard the password data is resident on
the controller card. It has nothing to do with the platter. There are third
party software solutions to lock a drive, and in that case the password is
located on the drive media. I have recovered data from a locked Hard Drive
by replacing the controller board with an identical unit, and then accessing
the drive normally.

With the IBM Thinkpad I have you can have a BIOS or Boot Password, Hard
Drive Password, or an Admin. Password. Someone set the Hard Drive Lock, and
the unit required a password at turn on. Not knowing the password, I removed
the drive, and tried it on a Desktop. It reported as a failed drive. Using a
utility, I discovered the drive was locked with a user password. Replacing
the controller card allowed me to recover the data, and use the drive in the
Thinkpad again. The Thinkpad also would work with a different drive (the
other passwords (BIOS & Admin) hadn't been set).

As I reviewed the ATA Standard, the indication was that the User, and Master
passwords, were stored in the firmware (with no placement on the drive
media).

I locked a different drive (with a desktop) using the utility I have, and
the Laptop requested a password before access, and the Desktop reported a
failed drive.

It would appear to me that in this case the drive media wasn't used as a
storage medium for the password data.

I would dearly like to hear from someone that has unraveled this enigma!

 

[Folkert Rienstra]

There is no workaround other than obtaining the password.

I have been trying to discover a workaround for accessing a Hard Drive
locked via the ATA Standard. I have copied various posts regarding my quest
below. I would really like to hear from anyone that has knowledge of the ATA
Standard Hard Drive Locking Technology, and/or has successfully unlocked a
password protected drive without knowledge of the User, or Master Password.

Thank you.

Louis--
********************************
Remove the two fish in address to respond

[snip]

 

[Rod Speed]

I have been trying to discover a workaround for
accessing a Hard Drive locked via the ATA Standard.

There is none. Its quite secure, for a reason.

I have copied various posts regarding my quest below.
I would really like to hear from anyone that has knowledge
of the ATA Standard Hard Drive Locking Technology, and/or
has successfully unlocked a password protected drive
without knowledge of the User, or Master Password.

A friend? of mine locked the Hard Drive in my Laptop (it was
his way of "sticking it to me", and so far it's worked very well).
As the boot process begins it stops, and asks for the password.
The boot sequence is set for floppy first, but even trying to boot
with a floppy wont allow progress past the password prompt.

Thats the way its supposed to work, for a damned good reason.

So far I've tried to boot to a floppy - no success
- with the thought of a Low Level Format.

If it does have the default master password still
set, it is possible to reset the password with the
drive auto erased. It isnt possible to keep the data.

I've placed the drive, with an adapter, into a desktop,
and I discovered that BIOSs without a password
scheme like a Laptop, reports the drive as a "failed disk".

Thats the way its supposed to work. Designed in behaviour.

If I place it into another Laptop it asks for the password.

Ditto. The password is on the drive, so it moves with the drive.

I locked a different drive, placed it into the desktop, and
it reported as a "failed disk". I put it back into the Laptop,
unlocked it, and back into the desktop where it worked normally.

Thats how its supposed to work too.

Further research led me to the Hard Disk ATA Standard,
which allows for a Hard Drive to be locked, and unlocked.
It appears that the passwords (user, and master) are not
on the platter, but stored in a register on the controller board.

It aint that black and white. You cant for example
just use the logic card from another identical drive
to get the data off the locked drive.

The logic sequence on boot up is to check if the drive
is locked, and if it is it wont unlock the drive until the
proper command, then the password is sent to the drive.
Correct.

The ATA Standard also indicates that if you
know the Master Password, it will unlock the
drive, and reset the user password to null.

And ERASE THE DRIVE.

I understand the need for security, but I can't help but suspect
that some clever chap has discovered a workaround short of sending
the drive to a data recovery facility, and spending thousands of $$$.

There are some operations that will unlock
an ATA locked drive for a lot less than that.

There has to be a way of probing the register in question,
and reading the data necessary to unlock the drive.

Not necessarily.

I can buy a new drive for my Laptop, but I guess the
challenge of overcoming situation is too much to pass up.

It aint any simple sequence of operations, for a
damned good reason. If it was, the would would
get out on no time and the security would be useless.

Any suggestions, Web Sites, other news
groups, or assistance would be appreciated!!

It would be stupid to assist thieves to make locked laptops usable again.

The Laptop is functional with a different Hard Drive (I am currently
using the unit). The value of the locked Hard Drive isn't worth the
effort. It's the frustration of not having access to the Hard Drive, and
the opportunity to learn something that is driving me at this point.

Trouble is that we have no way of knowing if you are lying or not.

The machine in question is an older IBM Thinkpad Laptop.
I am currently using it with a new Hard Drive. The old drive
is locked (he locked the drive only), and that's what I'm trying
to get into. The drive itself isn't worth any time or expense,
but I am determined to learn how to gain access to it.
IBM at their Web Site, and the local service center,
indicated there is nothing they could do for me.

For what should be perfectly obvious reasons.

I am convinced that accessing my drive
is possible if I get the proper information.

You are wrong. If it was just a specific sequence
of operations, the security would be useless.

I have received a few suggestions that make
me believe I'm well on the way to success!

What you believe is completely irrelevant.

I have discovered the user, and master password,
are resident in the firmware of the drive controller.

It aint that black and white. You cant for example
just use the logic card from another identical drive
to get the data off the locked drive.

When the drive is accessed as part of the boot process
(regardless if it is a master, or slave) if the drive is locked,
and the password hasn't been entered, the drive returns
a signal that most systems without a Hard Drive password
routine interpret as a failed drive.

Because thats what the ATA standard specifys.

It would be interesting to see if the drive password
register could be probed to revel the contained data.

It would have been terminally stupid to have implemented it like that.

I know some method is possible as evidenced by the specialty firms that will
unlock a Hard Drive. Just take a wheel barrow full of money with you! :-]

Its nothing like that expensive.

I have confirmed that per the ATA Standard the password data is
resident on the controller card. It has nothing to do with the platter.

It aint that black and white. You cant for example
just use the logic card from another identical drive
to get the data off the locked drive.

There are third party software solutions to lock a drive,
and in that case the password is located on the drive media.

That was before that security was part of the ATA standard.

I have recovered data from a locked Hard Drive
by replacing the controller board with an identical
unit, and then accessing the drive normally.

Not with an ATA lock you havent.

With the IBM Thinkpad I have you can have a BIOS or Boot Password,
Hard Drive Password, or an Admin. Password. Someone set the Hard
Drive Lock, and the unit required a password at turn on. Not knowing
the password, I removed the drive, and tried it on a Desktop. It reported
as a failed drive. Using a utility, I discovered the drive was locked with
a user password. Replacing the controller card allowed me to recover
the data, and use the drive in the Thinkpad again. The Thinkpad also
would work with a different drive (the other passwords (BIOS & Admin)
hadn't been set).

Mangled very comprehensively indeed.

As I reviewed the ATA Standard, the indication was
that the User, and Master passwords, were stored in
the firmware (with no placement on the drive media).

It doesnt actually specify where they are stored.

I locked a different drive (with a desktop) using the utility
I have, and the Laptop requested a password before
access, and the Desktop reported a failed drive.

It would appear to me that in this case the drive media
wasn't used as a storage medium for the password data.

That proves nothing on that.

I would dearly like to hear from someone that has unraveled this enigma!

It clearly aint a simple sequence of operations,
otherwise the security would be useless.

 

[Sam Williams]

There is no workaround other than obtaining the password.

So the operations that do it commercially use telepathy eh ?

Completely clueless. As always.

 

[Louis Bybee]

So how would I reconcile this answer with the knowledge of commercial
outfits that do exactly that, for a wheelbarrow of cash of course. :-]

Thank you.

Louis--
*********************************************
Remove the two fish in address to respond

I have been trying to discover a workaround for
accessing a Hard Drive locked via the ATA Standard.

There is none. Its quite secure, for a reason.

I have copied various posts regarding my quest below.
I would really like to hear from anyone that has knowledge
of the ATA Standard Hard Drive Locking Technology, and/or
has successfully unlocked a password protected drive
without knowledge of the User, or Master Password.

A friend? of mine locked the Hard Drive in my Laptop (it was
his way of "sticking it to me", and so far it's worked very well).
As the boot process begins it stops, and asks for the password.
The boot sequence is set for floppy first, but even trying to boot
with a floppy wont allow progress past the password prompt.

Thats the way its supposed to work, for a damned good reason.

So far I've tried to boot to a floppy - no success
- with the thought of a Low Level Format.

If it does have the default master password still
set, it is possible to reset the password with the
drive auto erased. It isnt possible to keep the data.

I've placed the drive, with an adapter, into a desktop,
and I discovered that BIOSs without a password
scheme like a Laptop, reports the drive as a "failed disk".

Thats the way its supposed to work. Designed in behaviour.

If I place it into another Laptop it asks for the password.

Ditto. The password is on the drive, so it moves with the drive.

I locked a different drive, placed it into the desktop, and
it reported as a "failed disk". I put it back into the Laptop,
unlocked it, and back into the desktop where it worked normally.

Thats how its supposed to work too.

Further research led me to the Hard Disk ATA Standard,
which allows for a Hard Drive to be locked, and unlocked.
It appears that the passwords (user, and master) are not
on the platter, but stored in a register on the controller board.

It aint that black and white. You cant for example
just use the logic card from another identical drive
to get the data off the locked drive.

The logic sequence on boot up is to check if the drive
is locked, and if it is it wont unlock the drive until the
proper command, then the password is sent to the drive.
Correct.

The ATA Standard also indicates that if you
know the Master Password, it will unlock the
drive, and reset the user password to null.

And ERASE THE DRIVE.

I understand the need for security, but I can't help but suspect
that some clever chap has discovered a workaround short of sending
the drive to a data recovery facility, and spending thousands of $$$.

There are some operations that will unlock
an ATA locked drive for a lot less than that.

There has to be a way of probing the register in question,
and reading the data necessary to unlock the drive.

Not necessarily.

I can buy a new drive for my Laptop, but I guess the
challenge of overcoming situation is too much to pass up.

It aint any simple sequence of operations, for a
damned good reason. If it was, the would would
get out on no time and the security would be useless.

Any suggestions, Web Sites, other news
groups, or assistance would be appreciated!!

It would be stupid to assist thieves to make locked laptops usable again.

The Laptop is functional with a different Hard Drive (I am currently
using the unit). The value of the locked Hard Drive isn't worth the
effort. It's the frustration of not having access to the Hard Drive, and
the opportunity to learn something that is driving me at this point.

Trouble is that we have no way of knowing if you are lying or not.

The machine in question is an older IBM Thinkpad Laptop.
I am currently using it with a new Hard Drive. The old drive
is locked (he locked the drive only), and that's what I'm trying
to get into. The drive itself isn't worth any time or expense,
but I am determined to learn how to gain access to it.
IBM at their Web Site, and the local service center,
indicated there is nothing they could do for me.

For what should be perfectly obvious reasons.

I am convinced that accessing my drive
is possible if I get the proper information.

You are wrong. If it was just a specific sequence
of operations, the security would be useless.

I have received a few suggestions that make
me believe I'm well on the way to success!

What you believe is completely irrelevant.

I have discovered the user, and master password,
are resident in the firmware of the drive controller.

It aint that black and white. You cant for example
just use the logic card from another identical drive
to get the data off the locked drive.

When the drive is accessed as part of the boot process
(regardless if it is a master, or slave) if the drive is locked,
and the password hasn't been entered, the drive returns
a signal that most systems without a Hard Drive password
routine interpret as a failed drive.

Because thats what the ATA standard specifys.

It would be interesting to see if the drive password
register could be probed to revel the contained data.

It would have been terminally stupid to have implemented it like that.

I know some method is possible as evidenced by the specialty firms that will
unlock a Hard Drive. Just take a wheel barrow full of money with you!

:-]

Its nothing like that expensive.

I have confirmed that per the ATA Standard the password data is
resident on the controller card. It has nothing to do with the platter.

It aint that black and white. You cant for example
just use the logic card from another identical drive
to get the data off the locked drive.

There are third party software solutions to lock a drive,
and in that case the password is located on the drive media.

That was before that security was part of the ATA standard.

I have recovered data from a locked Hard Drive
by replacing the controller board with an identical
unit, and then accessing the drive normally.

Not with an ATA lock you havent.

With the IBM Thinkpad I have you can have a BIOS or Boot Password,
Hard Drive Password, or an Admin. Password. Someone set the Hard
Drive Lock, and the unit required a password at turn on. Not knowing
the password, I removed the drive, and tried it on a Desktop. It reported
as a failed drive. Using a utility, I discovered the drive was locked with
a user password. Replacing the controller card allowed me to recover
the data, and use the drive in the Thinkpad again. The Thinkpad also
would work with a different drive (the other passwords (BIOS & Admin)
hadn't been set).

Mangled very comprehensively indeed.

As I reviewed the ATA Standard, the indication was
that the User, and Master passwords, were stored in
the firmware (with no placement on the drive media).

It doesnt actually specify where they are stored.

I locked a different drive (with a desktop) using the utility
I have, and the Laptop requested a password before
access, and the Desktop reported a failed drive.

It would appear to me that in this case the drive media
wasn't used as a storage medium for the password data.

That proves nothing on that.

I would dearly like to hear from someone that has unraveled this enigma!

It clearly aint a simple sequence of operations,
otherwise the security would be useless.

 

[Louis Bybee]

So how would I reconcile this answer with the knowledge of commercial
outfits that do exactly that, for a wheelbarrow of cash of course. :-]

Thank you.

Louis--
*********************************************
Remove the two fish in address to respond

There is no workaround other than obtaining the password.

I have been trying to discover a workaround for accessing a Hard Drive
locked via the ATA Standard. I have copied various posts regarding my quest
below. I would really like to hear from anyone that has knowledge of the ATA
Standard Hard Drive Locking Technology, and/or has successfully unlocked a
password protected drive without knowledge of the User, or Master Password.

Thank you.

Louis--
********************************
Remove the two fish in address to respond

[snip]

 

[Ron Reaugh]

So how would I reconcile this answer with the knowledge of commercial
outfits that do exactly that, for a wheelbarrow of cash of course. :-]

Can anyone confirm that in fact they really do it or are they selling
bridges over the East River or the dick patch.

 

[Eric Gisin]

If you can unlock Win NT's admin account, you can also hack a drive password.

Five years ago the NT unlocker was an expensive product from winternals.com,
today there is a free version. It was a matter of reverse engineering NT's
security hive.

A hard drive is more difficult, as you have to hack the ROM firmware which
checks the password. Once you do this, you can unlock any drive with the same
controller.

People who know how to do these things tend to be secretive because it is so
profitable.

| So how would I reconcile this answer with the knowledge of commercial
| outfits that do exactly that, for a wheelbarrow of cash of course. :-]
|

 

[Louis Bybee]

So how, pray tell, do I become acquainted with individuals talented, and
knowledgeable enough to be skilled in these matters?

Thank you.

Louis--
*********************************************
Remove the two fish in address to respond

 

[Eric Gisin]

Here is a pair of message from people on the T13 committee. It confirms there
are people that hack firmware, but not who they are.

"From T13 reflector, August 2003" <<

I have commented on this before at T13 meetings but it seems to
becoming more and more common all the time. If I were in the disk
drive business I think I would be concerned.

I get inquiries all the time from people that are "in the data
recovery or repair business", usually they are outside the USA,
asking about reading/writing the hidden data on a disk drive - the
drive's zone and defect tables and the drive's firmware.

It seems there are web sites that document how to "unlock" access to
this data on most disk drives. I hear there are full descriptions of
the zone and defect table layouts for most disk drives at these web
sites. And I hear that even disassembly listings of some drive's
firmware can be found.

If I were making disk drives I'm not sure I would want these people,
who may have good intentions, to be reading and writing this
information. But mostly I would not want some virus that destroyed
this data to pop up one day.

As I have said many times before, I don't understand why the commands
that would allow access to this drive data is even in a shipping
drive's firmware.

Anyway, if you are a device manufacturer you may want to be concerned
about this issue before it becomes a big problem.

Well I get requests from UK, Germany, and all over all the time.
They want all data and information in logs and various places.
They also ask how to decode and use several patented issues around ATA
host side. They will supply the patent documents, and ask how to use the
technology. The funny part is there are lots of open secrets in the
patent office about ATA, which are not in the spec.

I forgot where they are and who owns them, but have fun searching.
| So how, pray tell, do I become acquainted with individuals talented, and
| knowledgeable enough to be skilled in these matters?
|
|
| | > If you can unlock Win NT's admin account, you can also hack a drive
| password.
| >
| > Five years ago the NT unlocker was an expensive product from
| winternals.com,
| > today there is a free version. It was a matter of reverse engineering NT's
| > security hive.
| >
| > A hard drive is more difficult, as you have to hack the ROM firmware which
| > checks the password. Once you do this, you can unlock any drive with the
| same
| > controller.
| >
| > People who know how to do these things tend to be secretive because it is
| so
| > profitable.

 

[Eric Gisin]

There is a T13 forum archive at http://www.mail-archive.com/[email protected]/ .

| Here is a pair of message from people on the T13 committee. It confirms
there
| are people that hack firmware, but not who they are.
|

 

[Rod Speed]

So how would I reconcile this answer with the knowledge of commercial
outfits that do exactly that, for a wheelbarrow of cash of course. :-]

I said they do, stupid.

And you must 'live' in one of those banana republics
if you need a wheelbarrow of cash to pay for that.

I have been trying to discover a workaround for
accessing a Hard Drive locked via the ATA Standard.

There is none. Its quite secure, for a reason.

I have copied various posts regarding my quest below.
I would really like to hear from anyone that has knowledge
of the ATA Standard Hard Drive Locking Technology, and/or
has successfully unlocked a password protected drive
without knowledge of the User, or Master Password.

A friend? of mine locked the Hard Drive in my Laptop (it was
his way of "sticking it to me", and so far it's worked very well).
As the boot process begins it stops, and asks for the password.
The boot sequence is set for floppy first, but even trying to boot
with a floppy wont allow progress past the password prompt.

Thats the way its supposed to work, for a damned good reason.

So far I've tried to boot to a floppy - no success
- with the thought of a Low Level Format.

If it does have the default master password still
set, it is possible to reset the password with the
drive auto erased. It isnt possible to keep the data.

I've placed the drive, with an adapter, into a desktop,
and I discovered that BIOSs without a password
scheme like a Laptop, reports the drive as a "failed disk".

Thats the way its supposed to work. Designed in behaviour.

If I place it into another Laptop it asks for the password.

Ditto. The password is on the drive, so it moves with the drive.

I locked a different drive, placed it into the desktop, and
it reported as a "failed disk". I put it back into the Laptop,
unlocked it, and back into the desktop where it worked normally.

Thats how its supposed to work too.

Further research led me to the Hard Disk ATA Standard,
which allows for a Hard Drive to be locked, and unlocked.
It appears that the passwords (user, and master) are not
on the platter, but stored in a register on the controller board.

It aint that black and white. You cant for example
just use the logic card from another identical drive
to get the data off the locked drive.

The logic sequence on boot up is to check if the drive
is locked, and if it is it wont unlock the drive until the
proper command, then the password is sent to the drive.
Correct.

The ATA Standard also indicates that if you
know the Master Password, it will unlock the
drive, and reset the user password to null.

And ERASE THE DRIVE.

I understand the need for security, but I can't help but suspect
that some clever chap has discovered a workaround short of sending
the drive to a data recovery facility, and spending thousands of $$$.

There are some operations that will unlock
an ATA locked drive for a lot less than that.

There has to be a way of probing the register in question,
and reading the data necessary to unlock the drive.

Not necessarily.

I can buy a new drive for my Laptop, but I guess the
challenge of overcoming situation is too much to pass up.

It aint any simple sequence of operations, for a
damned good reason. If it was, the would would
get out on no time and the security would be useless.

Any suggestions, Web Sites, other news
groups, or assistance would be appreciated!!

It would be stupid to assist thieves to make locked laptops usable again.

The Laptop is functional with a different Hard Drive (I am currently
using the unit). The value of the locked Hard Drive isn't worth the
effort. It's the frustration of not having access to the Hard Drive, and
the opportunity to learn something that is driving me at this point.

Trouble is that we have no way of knowing if you are lying or not.

The machine in question is an older IBM Thinkpad Laptop.
I am currently using it with a new Hard Drive. The old drive
is locked (he locked the drive only), and that's what I'm trying
to get into. The drive itself isn't worth any time or expense,
but I am determined to learn how to gain access to it.
IBM at their Web Site, and the local service center,
indicated there is nothing they could do for me.

For what should be perfectly obvious reasons.

I am convinced that accessing my drive
is possible if I get the proper information.

You are wrong. If it was just a specific sequence
of operations, the security would be useless.

I have received a few suggestions that make
me believe I'm well on the way to success!

What you believe is completely irrelevant.

I have discovered the user, and master password,
are resident in the firmware of the drive controller.

It aint that black and white. You cant for example
just use the logic card from another identical drive
to get the data off the locked drive.

When the drive is accessed as part of the boot process
(regardless if it is a master, or slave) if the drive is locked,
and the password hasn't been entered, the drive returns
a signal that most systems without a Hard Drive password
routine interpret as a failed drive.

Because thats what the ATA standard specifys.

It would be interesting to see if the drive password
register could be probed to revel the contained data.

It would have been terminally stupid to have implemented it like that.

I know some method is possible as evidenced by the specialty firms that will
unlock a Hard Drive. Just take a wheel barrow full of money with you!

:-]

Its nothing like that expensive.

I have confirmed that per the ATA Standard the password data is
resident on the controller card. It has nothing to do with the platter.

It aint that black and white. You cant for example
just use the logic card from another identical drive
to get the data off the locked drive.

There are third party software solutions to lock a drive,
and in that case the password is located on the drive media.

That was before that security was part of the ATA standard.

I have recovered data from a locked Hard Drive
by replacing the controller board with an identical
unit, and then accessing the drive normally.

Not with an ATA lock you havent.

With the IBM Thinkpad I have you can have a BIOS or Boot Password,
Hard Drive Password, or an Admin. Password. Someone set the Hard
Drive Lock, and the unit required a password at turn on. Not knowing
the password, I removed the drive, and tried it on a Desktop. It reported
as a failed drive. Using a utility, I discovered the drive was locked with
a user password. Replacing the controller card allowed me to recover
the data, and use the drive in the Thinkpad again. The Thinkpad also
would work with a different drive (the other passwords (BIOS & Admin)
hadn't been set).

Mangled very comprehensively indeed.

As I reviewed the ATA Standard, the indication was
that the User, and Master passwords, were stored in
the firmware (with no placement on the drive media).

It doesnt actually specify where they are stored.

I locked a different drive (with a desktop) using the utility
I have, and the Laptop requested a password before
access, and the Desktop reported a failed drive.

It would appear to me that in this case the drive media
wasn't used as a storage medium for the password data.

That proves nothing on that.

I would dearly like to hear from someone that has unraveled this enigma!

It clearly aint a simple sequence of operations,
otherwise the security would be useless.

 

[Rod Speed]

So how would I reconcile this answer with the knowledge of commercial
outfits that do exactly that, for a wheelbarrow of cash of course. :-]

Can anyone confirm that in fact they really do it

Yep. It aint even anything like that expensive.

At least one of them has a different price depending
on whether you care about the data or not.

or are they selling bridges over the East River or the dick patch.

Cant recall even a single example of
anyone howling about having been dudded.

 

[Louis Bybee]

So how would I reconcile this answer with the knowledge of commercial
outfits that do exactly that, for a wheelbarrow of cash of course. :-]

I said they do, stupid.

And you must 'live' in one of those banana republics
if you need a wheelbarrow of cash to pay for that.

Sorry, my reply above was intended for another post.

I do thank you for your kind words, and supportive stance though.

Louis

in message
I have been trying to discover a workaround for
accessing a Hard Drive locked via the ATA Standard.

There is none. Its quite secure, for a reason.

I have copied various posts regarding my quest below.
I would really like to hear from anyone that has knowledge
of the ATA Standard Hard Drive Locking Technology, and/or
has successfully unlocked a password protected drive
without knowledge of the User, or Master Password.

********************************

A friend? of mine locked the Hard Drive in my Laptop (it was
his way of "sticking it to me", and so far it's worked very well).
As the boot process begins it stops, and asks for the password.
The boot sequence is set for floppy first, but even trying to boot
with a floppy wont allow progress past the password prompt.

Thats the way its supposed to work, for a damned good reason.

So far I've tried to boot to a floppy - no success
- with the thought of a Low Level Format.

If it does have the default master password still
set, it is possible to reset the password with the
drive auto erased. It isnt possible to keep the data.

I've placed the drive, with an adapter, into a desktop,
and I discovered that BIOSs without a password
scheme like a Laptop, reports the drive as a "failed disk".

Thats the way its supposed to work. Designed in behaviour.

If I place it into another Laptop it asks for the password.

Ditto. The password is on the drive, so it moves with the drive.

I locked a different drive, placed it into the desktop, and
it reported as a "failed disk". I put it back into the Laptop,
unlocked it, and back into the desktop where it worked normally.

Thats how its supposed to work too.

Further research led me to the Hard Disk ATA Standard,
which allows for a Hard Drive to be locked, and unlocked.
It appears that the passwords (user, and master) are not
on the platter, but stored in a register on the controller board.

It aint that black and white. You cant for example
just use the logic card from another identical drive
to get the data off the locked drive.

The logic sequence on boot up is to check if the drive
is locked, and if it is it wont unlock the drive until the
proper command, then the password is sent to the drive.

Correct.

The ATA Standard also indicates that if you
know the Master Password, it will unlock the
drive, and reset the user password to null.

And ERASE THE DRIVE.

I understand the need for security, but I can't help but suspect
that some clever chap has discovered a workaround short of sending
the drive to a data recovery facility, and spending thousands of $$$.

There are some operations that will unlock
an ATA locked drive for a lot less than that.

There has to be a way of probing the register in question,
and reading the data necessary to unlock the drive.

Not necessarily.

I can buy a new drive for my Laptop, but I guess the
challenge of overcoming situation is too much to pass up.

It aint any simple sequence of operations, for a
damned good reason. If it was, the would would
get out on no time and the security would be useless.

Any suggestions, Web Sites, other news
groups, or assistance would be appreciated!!

It would be stupid to assist thieves to make locked laptops usable again.

The Laptop is functional with a different Hard Drive (I am currently
using the unit). The value of the locked Hard Drive isn't worth the
effort. It's the frustration of not having access to the Hard Drive, and
the opportunity to learn something that is driving me at this point.

Trouble is that we have no way of knowing if you are lying or not.


The machine in question is an older IBM Thinkpad Laptop.
I am currently using it with a new Hard Drive. The old drive
is locked (he locked the drive only), and that's what I'm trying
to get into. The drive itself isn't worth any time or expense,
but I am determined to learn how to gain access to it.
IBM at their Web Site, and the local service center,
indicated there is nothing they could do for me.

For what should be perfectly obvious reasons.

I am convinced that accessing my drive
is possible if I get the proper information.

You are wrong. If it was just a specific sequence
of operations, the security would be useless.

I have received a few suggestions that make
me believe I'm well on the way to success!

What you believe is completely irrelevant.

I have discovered the user, and master password,
are resident in the firmware of the drive controller.

It aint that black and white. You cant for example
just use the logic card from another identical drive
to get the data off the locked drive.

When the drive is accessed as part of the boot process
(regardless if it is a master, or slave) if the drive is locked,
and the password hasn't been entered, the drive returns
a signal that most systems without a Hard Drive password
routine interpret as a failed drive.

Because thats what the ATA standard specifys.

It would be interesting to see if the drive password
register could be probed to revel the contained data.

It would have been terminally stupid to have implemented it like that.

I know some method is possible as evidenced by the specialty firms

that
will

unlock a Hard Drive. Just take a wheel barrow full of money with

you!
:-]

Its nothing like that expensive.


I have confirmed that per the ATA Standard the password data is
resident on the controller card. It has nothing to do with the platter.

It aint that black and white. You cant for example
just use the logic card from another identical drive
to get the data off the locked drive.

There are third party software solutions to lock a drive,
and in that case the password is located on the drive media.

That was before that security was part of the ATA standard.

I have recovered data from a locked Hard Drive
by replacing the controller board with an identical
unit, and then accessing the drive normally.

Not with an ATA lock you havent.

With the IBM Thinkpad I have you can have a BIOS or Boot Password,
Hard Drive Password, or an Admin. Password. Someone set the Hard
Drive Lock, and the unit required a password at turn on. Not knowing
the password, I removed the drive, and tried it on a Desktop. It reported
as a failed drive. Using a utility, I discovered the drive was

locked
with

a user password. Replacing the controller card allowed me to recover
the data, and use the drive in the Thinkpad again. The Thinkpad also
would work with a different drive (the other passwords (BIOS & Admin)
hadn't been set).

Mangled very comprehensively indeed.

As I reviewed the ATA Standard, the indication was
that the User, and Master passwords, were stored in
the firmware (with no placement on the drive media).

It doesnt actually specify where they are stored.

I locked a different drive (with a desktop) using the utility
I have, and the Laptop requested a password before
access, and the Desktop reported a failed drive.

It would appear to me that in this case the drive media
wasn't used as a storage medium for the password data.

That proves nothing on that.

I would dearly like to hear from someone that has unraveled this enigma!

It clearly aint a simple sequence of operations,
otherwise the security would be useless.

 

[Walt]

You peeked my curiosity, just how do these commercial
operations do it, keeping within the limitation of
"without knowledge of the User"?

I believe that would require being able to do it,
without any physical access to the drive itself.

 

[Walt]

Remember, the OP placed the restrictions of "without knowledge of the User",
locked using the ATA standard (ie, not locked using BIOS or some third
party utility), and that the Master Password is unknown.

I believe that would eliminate any method that requires physical access
to the drive, and any method that would delete any stored data.

What's left?

 

[Folkert Rienstra]

So how would I reconcile this answer with the knowledge of commercial
outfits that do exactly that,

Do exactly what?

for a wheelbarrow of cash of course. :-]

Thank you.

Louis--
*********************************************
Remove the two fish in address to respond

There is no workaround other than obtaining the password.

I have been trying to discover a workaround for accessing a Hard Drive
locked via the ATA Standard. I have copied various posts regarding my quest
below. I would really like to hear from anyone that has knowledge of the ATA
Standard Hard Drive Locking Technology, and/or has successfully unlocked a
password protected drive without knowledge of the User, or Master Password.

Thank you.

Louis--
********************************
Remove the two fish in address to respond

[snip]

 

[chrisv]

So how would I reconcile this answer with the knowledge of commercial
outfits that do exactly that, for a wheelbarrow of cash of course. :-]

216 lines for that, huh? Idiot.

 

[Sam Williams]

You peeked my curiosity, just how
do these commercial operations do it,

They dont say. You pay your money,
you get what you paid for basically.

keeping within the limitation of
"without knowledge of the User"?

I believe that would require being able to do it,
without any physical access to the drive itself.

They do require the drive.

 

[Rod Speed]

Remember, the OP placed the restrictions
of "without knowledge of the User",

I assumed what was meant there was without
knowledge from the user, like the password.

locked using the ATA standard (ie, not locked using BIOS or some
third party utility), and that the Master Password is unknown.

I believe that would eliminate any method
that requires physical access to the drive,

If that was what was meant, it isnt possible.
If only because the ATA security is designed
to ensure that the drive isnt even visible if its
been secured and the password isnt supplied.

and any method that would delete any stored data.

What's left?

Physical access to the drive.

Louis Bybee wrote:

So how would I reconcile this answer with the knowledge of commercial
outfits that do exactly that, for a wheelbarrow of cash of course. :-]