Harddrive password removal?

Message

Christian · #1 Post by **Christian** » Wed Feb 23, 2005 8:29 am

Okay, short story: Took out a 40gb harddrive of a T41 a while back and installed a 60gb drive instead. Now i want to use this disk in an USB casing but ofcourse the guy who owns the laptop set a password on the disk which he can't remember. I'm not interested in the data on the disk - I just want to reformat it. Is there a way?

Currently the disk is installed as secondary drive in a desktop pc with a 3,5"->2,5" adapter and a couple of lowlevel harddrive tools can see the disk but can't change anything :-/

/Christian

Christian · #2 Post by **Christian** » Wed Feb 23, 2005 8:43 am

Update: Tried to download Hitachi's Drive Fitness tool where it is possible to low-level format the drive but it comes out with an errorcode 0x22 which means the drive is password protected

/Christian

JHEM · #3 Post by **JHEM** » Wed Feb 23, 2005 9:54 am

It's a paperweight!

You can replace it for less than the cost having the PW removed.

Regards,

James

egibbs · #4 Post by **egibbs** » Wed Feb 23, 2005 10:19 am

As James said, it is technically possible to remove the password but it takes a lot of special equipment and skills (i.e. start with a clean room to open the drive up in, then you need all the interface electronics and adapters, software, etc.).

A while back there was a thread on drive passwords where someone posted a link to the IEEE spec that describes the drive password implementation - you could search for it and read it if you like. Basically the password is stored on an area of the disk that is only accessible to the electronics in the disk controller. The controller will refuse to allow access to the drive until you enter a password that matches the one on the drive. You could replace the controller electronics but the new controller will implement the same protocol and not let you in until you give it the password. So you need to disassemble the drive in a clean room and replace the controller with a special controller (only available to data recovery companies) that does not implement the protocol and that will allow the inaccessible password storage are to be cleared. After that you can reinstall the original controller and access the drive.

This is of course quite expensive, and only warranted if there is irreplacable data on the drive.

But they make cool paperweights.

Ed Gibbs

Leon · #5 Post by **Leon** » Wed Feb 23, 2005 10:39 am

what, then, if you put the drive near a powerful electromagnet... powerful enough to effectively "erase" all the data on the drive... including this inaccessible area?

MobileGuru · #6 Post by **MobileGuru** » Wed Feb 23, 2005 10:45 am

Nope .. the passwords are stored in a chip which won't be affected by any magnetic force.

Leon · #7 Post by **Leon** » Wed Feb 23, 2005 11:21 am

one says "chip", one says "stored on an area of the disk that is only accessible to the electronics in the disk controller"... which is it?

#8 Post by **daeojkim** » Wed Feb 23, 2005 11:21 am

Leon wrote:what, then, if you put the drive near a powerful electromagnet... powerful enough to effectively "erase" all the data on the drive... including this inaccessible area?

You would need a magnet as powerful as those used in particle accelerator.

egibbs · #9 Post by **egibbs** » Wed Feb 23, 2005 12:36 pm

Leon wrote:one says "chip", one says "stored on an area of the disk that is only accessible to the electronics in the disk controller"... which is it?

Actually it could be either, but is often on the drive. While I con't really recommend this thread http://forum.thinkpads.com/viewtopic.ph ... word+drive due to one of the posters being really obnoxious, the other poster is quite well informed and provides a lot of insight. In particular:

monty cantsin wrote:And, well, the ATA specifications don't really prescribe where the password information has to be stored. The lock is set by the controller board, which looks for the password (on the platters, for instance), and then, if it finds one, asks for it and shuts down the drive when, after five unsuccessful attempts, no correct password has been delivered. The drive has to be power-cycled in order to accept passwords again.

So, actually the passwords can (and are often) stored on the platters, but in a secure place that contains also other vital data for the drive, for instance calibration information, and is not accessible by simple user interventions. The sledge-hammer method of demagnetizing the drive would eradicate all of that vital information and render the drive completely useless. Special software and hardware are required.

For instance, you can't even simply replace the logic board with that of an equal drive, as many have imagined. The password will still be there. The only way to read a locked drive (that means, just to read it, not to unlock it) is - no kidding! - to have an identical, unlocked drive (controller board must have the same rev. and firmware level) spin up and then (while the drive is powered up and running!) remove the mechanics from the electronics and connect the powered board to the mechanics of the locked drive. I guess it's superfluous to mention that this is quite risky.

The thread also contains links to the ATA specs and white papers, so if you really want to know the hex contents of each command an ATA drive will accept, as well as all of the security states and allowed transitions, you can read through them.

Ed Gibbs

Leon · #10 Post by **Leon** » Wed Feb 23, 2005 12:42 pm

GREAT Link Ed... Thanks!

JHEM · #11 Post by **JHEM** » Wed Feb 23, 2005 1:50 pm

Leon wrote:one says "chip", one says "stored on an area of the disk that is only accessible to the electronics in the disk controller"... which is it?

Depends on the way the manufacturer has decided to implement the standard. Most are in a chip in the drive's controller.

IBM/Hitachi HDs it's stored in a chip.

Regards,

James

Christian · #12 Post by **Christian** » Thu Feb 24, 2005 2:51 am

That sux... Never thought it would be this difficult so I never thought about unlocking the drive when i replaced his disk and he still could remember the pwd.

Well, guess i'll use it as a paperweight then

btw: Found this link which also states that it is impossible to do anything but they recommend a tool that can set/reset the password (if you have the master password) and do stuff to the harddrive - exept removing both user and master pwd.

http://www.rockbox.org/lock.html

JHEM · #13 Post by **JHEM** » Thu Feb 24, 2005 11:12 am

Christian,

Christian wrote:btw: Found this link which also states that it is impossible to do anything but they recommend a tool that can set/reset the password (if you have the master password) and do stuff to the harddrive - exept removing both user and master pwd.

If you already know the Master (Supervisor) password, removing the HD password is a snap!

(BTW, you anywhere near the Scandic Hotel in Hvidovre? I stayed there last time I was visiting family in Copenhagen.)

Regards,

James

Christian · #14 Post by **Christian** » Fri Feb 25, 2005 1:31 pm

JHEM wrote:Christian,
Christian wrote:btw: Found this link which also states that it is impossible to do anything but they recommend a tool that can set/reset the password (if you have the master password) and do stuff to the harddrive - exept removing both user and master pwd.
If you already know the Master (Supervisor) password, removing the HD password is a snap!

(BTW, you anywhere near the Scandic Hotel in Hvidovre? I stayed there last time I was visiting family in Copenhagen.)

Regards,
James

Hi James,

I don't have the Master password. If only i had... I am thinking of setting the masterpassword on all the laptops at work to the same thing so it wont happend again.

Yes yes! I live very close to it. I drive past it every day when I go to work.

/Christian

JHEM · #15 Post by **JHEM** » Fri Feb 25, 2005 2:22 pm

Christian wrote:I don't have the Master password. If only i had... I am thinking of setting the masterpassword on all the laptops at work to the same thing so it wont happend again.

That would be a very wise thing to do. Share it with a supervisor, write it down and store it somewhere secure.

BTW, should your associate ever remember the HD's PW, it can be removed at any time by putting it in a 2nd HDD adapter and entering the PW followed by a space when prompted for the PW.

Christian wrote:Yes yes! I live very close to it. I drive past it every day when I go to work.

We usually try to stay by Tivoli and have stayed at the Scandic Copenhagen and the Sofitel, but the last time we were over we got "bumped" out to the suburbs. We have some other landsmen on the list, including one right up the road from you in Frederiksberg.

Regards,

James

#16 Post by **aamsel** » Fri Feb 25, 2005 7:24 pm

There are demagnetizers strong enough, but most of them render a hard drive unusable after they are "zapped". They are used for wiping a drive clean for security purposes, but you can't use the drive afterwards.

Andrew
Austin, TX

Leon wrote:what, then, if you put the drive near a powerful electromagnet... powerful enough to effectively "erase" all the data on the drive... including this inaccessible area?

JHEM · #17 Post by **JHEM** » Fri Feb 25, 2005 7:28 pm

aamsel wrote:There are demagnetizers strong enough, but most of them render a hard drive unusable after they are "zapped". They are used for wiping a drive clean for security purposes, but you can't use the drive afterwards.

No longet the case really, drives are now routinely shredded if they are surplus and may have ever contained sensitive data.

Regards,

James

Harddrive password removal?

Harddrive password removal?

Who is online