Thinkpads Forum

A good friend bought a new laptop and gave me her old one, an IBM Thinkpad 2611-412. The machine is like new, with a carry case, the original manuals, Software Selections and Recovery CDs, and lots of plug-in goodies. All in all, it's a beautiful piece of technology. The hard drive, a Travelstar 4.8 Gig was full of corporate proprietary software, none of it of interest to me, so I decided to remove most of it and reclaim the space. The OS is Windows 98 and the uninstall process was via the standard Add/Remove Programs avatar. Halfway through the long list of programs being uninstalled, the machine issued some ominous beeps, and froze. When attempts to reboot failed, and the BIOS screen showed no hard drive installed, I knew instinctively what had happened; a piece of security software had ripped the guts out of my hard drive. I used no passwords, but the machine now shows a disk lock and expects a password to allow me back into the BIOS.
I know the popular wisdom is to replace the hard drive, but this has happened to me before on a desktop machine with Maxtor disks. Maxtor sent me a low-level format utility that reclaimed the disk - which is why I now use only Maxtor disks. Would IBM, the world's most distinguished engineering company, place self-destruct mechanisms in all their consumer products ? NO WAY!
I would love to hear from anyone who has reclaimed their Travelstar drive after a boot lock-out using a low-level format utility.
-- Thanks for listening to me ramble - Love and Peace to all you nice folks -- bigjet.

The problem you will have is the passwords if your friend can't supply them. If it's just the HDD password you can replace the drive, but you say it wants a password to get into BIOS. That sounds like the supervisor password might be set, and if that's the case you've got trouble.

Download the Hardware Maintenance Manual from the IBM web site and it will have instructions to clear the startup password. If you can get your hands on another drive that is unlocked put it in temporarily and see if it will boot. If that doesn't remove the password prompt then you have a supervisor password set, and it's going to take some serious hardware hacking to get it running. Whether or not it is worth it depends on how technical you are and how much free time you've got to fool with it.

If you can get it into DOS with the drive unlocked I have used the IBM PC Doctor utility more than once to reclaim a drive that refused to be recognized, and with great success. It should be a last resort though - try booting with a Win98 startup disk and running chkdsk first, or try to recover the machine with the recovery CDs. You can download PC Doctor from the IBM support site.

Good luck,

Ed Gibbs

Thanks for the reply Ed;
My plan to recover the drive was simple; re enter the BIOS and try the CONTROL-L undocumented BIOS command for low level format found on Jim Hope's website. Here's the link,
http://witz.ca/thinkpad/?content=showpa ... ameIt=true
This appears to be an undocumented BIOS feature put there to reclaim the Hard Drive. Once the data has been erased, no reason exists for the lock-out. As far as the BIOS lock, that seems excessive - what is there to protect beyond the data on the drive?
Actually, my plan has changed completely. I just bought another DBCA204860 hard drive for $60, and will restore the machine to the condition it was in when I received it, and then give it back. All this security stuff turns me off completely.

--bigjet

BIGJET wrote:This appears to be an undocumented BIOS feature put there to reclaim the Hard Drive. Once the data has been erased, no reason exists for the lock-out.

That's a quite common misconception. On notebook hard drives, the password information is not stored on the platters, but on a chip inside of the drive. So trying to low-level format such a drive will not remove the password and won't make it accessible.

In fact, you can't even "low-level format" a modern drive, that's another myth. Low-level formatting is a relic from the days of MFM/RLL/ESDI drives, IDE drives will definitely not allow LLF and only do a zero-fill (Maxtor drives included). More information on this topic here and here.

BIGJET wrote:As far as the BIOS lock, that seems excessive - what is there to protect beyond the data on the drive?

The idea behind that is to render the machine useless in case of theft. Don't forget that there are a lot of thieves who aren't interested at all in your data, but in your nice portable computer.

No kidden Monty,
So IBM engineers included a low-level format program in the Thinkpad BIOS to format MFM hard drives. How stupid do you think I am? On the desk in front of me is a floppy titled MAX POWER BLAST, dated 9/23/03 not all that long ago. When at that time the uninstall procedure of some corporate propriety software tore the partition tables out of my drive, I spent several frantic days trying to reboot the machine - without success. I tried everything, including several well known tool kits and data reclamation software solutions (even an analytical plug-in PCI card) - all without success. Although they all claimed to bypass the BIOS, go out on the IDE bus, identify the drives attached and issue remedial commands - none actually did it. Along came Power Blast (free from Max support) instantly identified the signature from the Max drive, issued some stern warnings about complete data loss, and when I clicked OK it went right to work. I do not know if it put all zeros, or all ones or wrote Einstein's Theories, all I know is that it worked. Today, that drive is spinning less then three feet away, and contains the program which enables me to write this reply. The moral of this story is not that every software house writes lousy programs and only Maxtor can write a good program, but rather, the manufacturer knows his own equipment best, and if he's worth his salt, able to command it at will. This is the point I am trying to make about IBM and their Thinkpad. Nothing is in that machine they do not command at will - including the security locks. The problem is, they will not share their resourses.

Thanks Monty for the reply. I enjoyed our little talk -- bigjet.

BIGJET wrote:So IBM engineers included a low-level format program in the Thinkpad BIOS to format MFM hard drives.

No, I didn't say that. The point is that what's commonly called "low-level"-formatting is in fact none, but some sort of "high-level"-formatting. It just wipes the drive, but does not set it up to a "factory-new" state. The manufacturers stick to this nomenclature only because it has become so common, even though it is wrong.

BIGJET wrote:How stupid do you think I am?

OK, I'll leave it at that, if you want to understand my posting this way. However, I insinuated nothing of that kind. And, please, stop [censored]' around.

BIGJET wrote:On the desk in front of me is a floppy titled MAX POWER BLAST, dated 9/23/03 not all that long ago.

I am well familiar with the Maxtor drives and software, including the pseudo-low-level-formatting-utility MAXLLF. But again, removing passwords (those which were set accidentally, included) from notebook hard drives is a delicate matter and cannot be achieved by a simple piece of software, and certainly not by trying to issue a (pseudo-)LLF with some generic software (like that in the IBM BIOS).

BIGJET wrote:The moral of this story is not that every software house writes lousy programs and only Maxtor can write a good program, but rather, the manufacturer knows his own equipment best, and if he's worth his salt, able to command it at will.

And that's why I would recommend using the IBM/HitachiGST Drive Fitness Test, although I do not suppose it will really help with that matter.

http://www.hitachigst.com/hdd/support/download.htm#DFT

You are right. The IBM/HitachiGST Drive Fitness Test did not help. It could not (or would not) locate any hard drive on the bus.
However, I was thinking about your assertion that the password protect resides on a chip on the drive. If that is the case, then only IBM sanctioned hard drives will work on the Thinkpad, or all hard drives must have this chip, or all password protection in inoperable if a hard drive without this theoretical chip is installed and boots. So the question is, does anybody out there have a non-IBM/Hitachi hard drive working on a Thinkpad? And if they do - does the password protect function operate normally?

--bigjet

BIGJET wrote:You are right. The IBM/HitachiGST Drive Fitness Test did not help. It could not (or would not) locate any hard drive on the bus.

Yes, and that's exactly the behavior that's expected from such a password protected drive.

BIGJET wrote:However, I was thinking about your assertion that the password protect resides on a chip on the drive. If that is the case, then only IBM sanctioned hard drives will work on the Thinkpad,

No, it's a common standard.

And, well, the ATA specifications don't really prescribe where the password information has to be stored. The lock is set by the controller board, which looks for the password (on the platters, for instance), and then, if it finds one, asks for it and shuts down the drive when, after five unsuccessful attempts, no correct password has been delivered. The drive has to be power-cycled in order to accept passwords again.

So, actually the passwords can (and are often) stored on the platters, but in a secure place that contains also other vital data for the drive, for instance calibration information, and is not accessible by simple user interventions. The sledge-hammer method of demagnetizing the drive would eradicate all of that vital information and render the drive completely useless. Special software and hardware are required.

For instance, you can't even simply replace the logic board with that of an equal drive, as many have imagined. The password will still be there. The only way to read a locked drive (that means, just to read it, not to unlock it) is - no kidding! - to have an identical, unlocked drive (controller board must have the same rev. and firmware level) spin up and then (while the drive is powered up and running!) remove the mechanics from the electronics and connect the powered board to the mechanics of the locked drive. I guess it's superfluous to mention that this is quite risky.

BIGJET wrote:or all hard drives must have this chip, or all password protection in inoperable if a hard drive without this theoretical chip is installed and boots.

Yes, the hard disk password needs a drive that supports this function, it isn't hardware-independent.

BIGJET wrote:So the question is, does anybody out there have a non-IBM/Hitachi hard drive working on a Thinkpad?

Yes, sure. This security feature was first incorporated into the ATA-3 (i.e., ANSI X3.298-1997, also called ATA-3 X3T10/2008D) standard, albeit it is optional and the manufacturer can decide freely whether to implement it or not. Practically all notebook hard drives that have been released after this revision support the standard.

Take a look into the papers, for example the "Working Draft T13 1321D Revision 3, 29 February 2000, Information Technology - AT Attachment with Packet Interface - 5 (ATA/ATAPI-5)":

http://www.seagate.com/support/disc/man ... 153r17.pdf

On page 37, you can see that actually such HDD passwords can be erased from a disk (this is not only the case with this later revision of ATA-5, but has been possible from ATA-3 onwards, the first revision offering password security). Basically, two passwords can be set: a user password (that's what you enter in your ThinkPad BIOS setup under HDD password) and a master password. The master password is set by the manufacturer of the drive in the factory, but can later be changed with special software.

Furthermore there are two security levels: "high" and "maximum". If the security level is set to "high" and the user password is lost, the drive can still be unlocked with the master password and all data remains intact.

But please note that on notebooks, and especially on IBM ThinkPads, the security level is almost never set to "high", but "maximum"! "Maximum" in this case means that even if the master password is known, the drive can only be unlocked with it after all data has been erased, so that everything on the disk is lost.

For a nice overview of the procedure, see for instance the specifications for the IBM TravelStar 40GN series...

http://www.hitachigst.com/tech/techlib. ... n_sp30.pdf

...in particular the chart on p.88. You can see that if a drive is locked and you don't have the user password, you have to issue (by way of special software) first an "Erase Prepare", then an "Erase Unit" command and provide the master password. After the drive has been erased completely, the lock will be disabled and the drive will function normally, without requiring you to enter your lost user password anytime again.

In order not to play into the hand of thieves, I will not disclose here in public what the default IBM master password may be like, which software can be used to issue the commands and where to get it. However, as your last reply to me sounds a bit more friendly than your first and there is a very small chance that I might be able to help you in resolving the issue, I'll try to assist you. You can find more information in your personal message folder of that forum.

That program is a complete dud. Like the other so called disk tools, it cannot find the drive signature on the IDE bus. The PM line remains blank and the enter key does not function on that line. The only way to bring up the Security set is to click on the PS line, a perfectly good Maxtor desktop drive which, suprise suprise - the program reads perfectly and wants to erase. I should have known better, the real solution will be elegant and not require drive removal. World class engineers, and IBM's engineering staff are certainly that, would not have such a hackneyed, dissymmetrical process. Clearly, from an engineering point of view, once the data is erased - struck from the equation - nothing remains to protect, system stasis should return. Wanton disfigurement of an artful creation runs against the grain of good engineering . . . ah, but not against the scruples of corporate officers seeking profits. And yet, above all, IBM is still an engineering company at heart. There is no reason that an "erase and unlock" function should not prominently appear in the owners manual, instead of propagating a myriad of ridiculous Mystic Knights of the Sea secret handshake solutions - and it would, except that the omission is so very very profitable. Oh yeah, there are all those thieves that are supposedly being deterred. But the ratio of forgotten passwords and other legitimate lock out factors measured against stolen units is about a thousand to one - human beings having extremely short attention spans - hell they got me for a new drive in just my first week as a Thinkpad owner. Against those odds, thievery is insignificant and legitimate lock out the overwhelming problem - and problems are what engineers solve; and they most certainly have the remedy for this childishly simple miscue - but the corporate boys keep the unlock procedure in their pockets. A quick perusal of the market for notebook drives shows it is not an open market - prominent drive manufacturers are not in the mix. Patent tights for this his security gimmick (or chip or whatever) is probably the dividing line between the Ins and the Outs, and these rights seem to belong to an Amer-Nipon cartel of which IBM is the ring leader and Seagate the junior partner. The exploitation of human frailty has always been a tried and true way to make a quick buck, indeed mountains of money are turned on these quirks, every one of which has raised up a legitimate - but morally questionable - industry. This Amer-Nippon cartel, like harlots in jackboots, discovered the harder they beat the customers the richer they get.

--bigjet

I'm not sure if this will help, but I have had two different hard drives in my I1400 2611-451. The 4 gig drive in my thinkpad came out of my Tigerbook/Mitac, and my brother put a Western Digital drive in his 2621 I1400. This leads me to believe that any notebook HD will work. I have always had good luck with http://staff.washington.edu/jdlarios/autoclave/ . Autoclave has done a good job for me, and i'm happy with it. It may do the trick.

OK, I won't add much to that ridiculous claptrap of yours...

BIGJET wrote:That program is a complete dud.

No, you're mistaken, BIGJET, you, that pathetic piece of wetware behind the screen, are the dud. If the drive isn't toast, the computer's BIOS allows issueing the SE command (which some don't, AMI is known for that) and does not set the drive into frozen mode as a preventive measure, and, finally, you have the right master password, it will work.

BIGJET wrote:Like the other so called disk tools, it cannot find the drive signature on the IDE bus.

Then the drive isn't OK. That's nothing special, hard drives age and will eventually fail, and the one you're talking about is already quite old, in fact.

Even locked drives allow non-media access commands. They won't show up in Windows or the like, but special software, like the one I mentioned to you in personal communication, can and will detect them.

In the table on page 35 of the last ATA-3 draft...

http://www.t13.org/project/d2008r7b-ATA-3.pdf

...it is clearly stated that the "identify device" command will always be executed.

BIGJET wrote:The only way to bring up the Security set is to click on the PS line, a perfectly good Maxtor desktop drive which, suprise suprise - the program reads perfectly and wants to erase.

Although I do not suppose this is the source of the problem, the notebook hard drive should always be connected as the only device to the controller when performing the steps.

BIGJET wrote:the real solution will be elegant and not require drive removal.

So, if you know that so well, why did you ask us here and didn't do it on your own, you little genius?

BIGJET wrote:Wanton disfigurement of an artful creation runs against the grain of good engineering . . .

The process I described is no "wanton disfigurement", but an American National Standards Institute (ANSI)-approved procedure.

BIGJET wrote:There is no reason that an "erase and unlock" function should not prominently appear in the owners manual,

Oh yes, there is a reason at least to conceal the default master password. And there is no such thing as an "owner's manual". A description of the process does appear in the technical manuals, however, and some of them are even available for free download on the net. I've just quoted from one above, and anyone but a complete moron should have noticed it.

BIGJET wrote:Against those odds, thievery is insignificant and legitimate lock out the overwhelming problem

No, it's not.

http://www.in-business.com.au/issue_13/ ... atheft.php

BIGJET wrote:but the corporate boys keep the unlock procedure in their pockets.

No, they don't. Above I've presented the procedure to you, and everything is taken just out of material that is made freely available by exactly those corporations. Other ways to circumvent the HDD passwords without opening and disassembling the unit only include the exploitation of firmware bugs or downloading a custom-hacked firmware to the drive.

BIGJET wrote:A quick perusal of the market for notebook drives shows it is not an open market - prominent drive manufacturers are not in the mix.

Given the dramatic changes in the business since about a year, this simply isn't true. After Seagate and Samsung, also Western Digital has just come back to the market.

BIGJET wrote:Patent tights for this his security gimmick (or chip or whatever) is probably the dividing line between the Ins and the Outs,

No. Obviously the patents are held by IBM and Maxtor, but the ideas...

http://www.t10.org/ftp/t10/document.94/94-087r0.pdf

http://www.t10.org/ftp/t10/document.94/94-087r1.pdf

http://www.t10.org/ftp/t10/document.94/94-087r2.pdf

http://www.t10.org/ftp/t10/document.95/95-329r0.pdf

...only have been integrated into the ANSI standard because it is guaranteed that the rights to use the technology are granted "on a nondiscriminatory basis and on reasonable terms and conditions":

http://public.ansi.org/ansionline/Docum ... /PL166.pdf

http://public.ansi.org/ansionline/Docum ... /PL270.pdf

I think Bigjet is absolutely right - and as a matter of principle he should stop using notebook computers, as they all implement the same ugly mechanism.

In fact, he should probably stop using computers period, since they are all built by greedy corporations who are only looking to increase their profits.

Oh, and I must have missed it - why was his friend was giving away a machine that was "full of corporate proprietary software" again?

Ed Gibbs

Thanks for the reply Kurgan, and for the heads up with that Washington.edu site. It seems to directly address the problem of clearing unwanted software off a hard drive. I think it is too late for me to try this time around. But anyone who is planning a large scale uninstall should stop to consider this type of alternative. Although, Autoclave's designer clearly states, "It seems to have problems on some laptops." It may be a better choice then perhaps tripping the Thinkpad's lock-out mechanism using the Windows standard uninstall procedure - which is exactly what happened to me. This seems to be a dammed if you do or dammed if you don't situation. If the programs you are uninstalling are password protected - and every program would have to be started to check this out - then using an overwrite program like Autoclave should be tried, since a plain old uninstall will trip the lock. Keep in mind, the lock out mechanism springs without warning like a mousetrap (or maybe money trap is a better word), just a few ominous beeps ring out as it actually springs. It's over when you hear the beeps, your hardware has turned into junk at that point. Well not exactly junk, held for ransom is closer to the truth.
I'll add your link suggestion again in case anyone missed it:
http://staff.washington.edu/jdlarios/autoclave/

--bigjet

BIGJET wrote:But anyone who is planning a large scale uninstall should stop to consider this type of alternative.

Again, that's total nonsense. It simply isn't necessary to take such precautions.

BIGJET wrote:It may be a better choice then perhaps tripping the Thinkpad's lock-out mechanism using the Windows standard uninstall procedure - which is exactly what happened to me.

Just to make it clear to anyone who might read this: Uninstalling in Windows is completely safe and does not trigger at all a "lock-out mechanism" on ThinkPads. If there aren't any malfunctions, this is technically impossible, I will explain below.

BIGJET wrote:If the programs you are uninstalling are password protected

Nonsense. And there are security layers that prevent software (like viruses) to set the password functions on the underlying hardware.

BIGJET wrote:- and every program would have to be started to check this out - then using an overwrite program like Autoclave should be tried, since a plain old uninstall will trip the lock.

Please, stop posting such BS. You don't have any idea how the things work that you're talking about.

BIGJET wrote:Keep in mind, the lock out mechanism springs without warning like a mousetrap (or maybe money trap is a better word), just a few ominous beeps ring out as it actually springs. It's over when you hear the beeps, your hardware has turned into junk at that point.

No, it's vice versa. Such passwords will only pop up as a result of serious hardware damage that has occured before.

In order to prevent any malware (viruses, worms, trojans etc.) and failing software from (accidentally or deliberately) setting such hard drive passwords, all notebook BIOS revisions implementing ATA-3 and above that are well written (and since most newer 3.5"-inch drives support the security feature, also the later desktop BIOS versions) issue the freeze lock command on the hard drives after the POST is completed, i.e. before any kind of software is loaded from the drive. See, for instance, the BIOS releases from Intel's OEM Platform Solutions Division for the i815 chipset for desktop computers:

http://sunsite.rediris.es/sites/downloa ... P09-40.pdf

And as you can see in this technical manual for a very old (late 1995) Western Digital notebook hard drive, this behavior is exactly what's been expected from a properly working BIOS for a long time:

http://www.embeddedlogic.com/TH99/h/txt/4780.txt

"When the drive is unlocked, the BIOS should issue a Freeze Lock command to reject any other password commands until drive power is cycled."

Of course IBM ThinkPads have already included this type of security for a long time.

But what happens in case of a standby (S3) event? In that case, the drive is powered off, which will disable the frozen lock upon restart. But if the drive has been password-protected, it will also ask for the HDD password again, so the BIOS (which hasn't been "sleeping", it remembers what you entered at the last power-on) automatically provides it to the drive and thereby unlocks it if necessary, and (in most cases, see below), whether the drive is password-protected or not does not matter here, freezes the lock functionality again, so that no changes can be made afterwards, until the next power cycle occurs. Only after that, control over the computer is given back to the Operating System and the software running on it. This way, it is assured that no software other than the computer system's BIOS can ever control the security features of the hard drive(s).

"In most cases" means that some older BIOS releases unfortunately don't do it, some manufacturers have added this functionality a bit later, a while after setting the freeze lock before booting up has become a quasi-standard, see again Intel's work on the BIOS for the i815 series chipsets:

http://developer.intel.ru/download/desi ... note17.pdf

But even on older IBM ThinkPads, the BIOS does, in fact, already freeze the lock when resuming from S3. What would you expect from a manufacturer who has invented the technology?

http://www.t10.org/ftp/t10/document.95/95-329r0.pdf

I might add that actually there were some known issues with an A31/p BIOS release which didn't correctly freeze the lock after resuming from standy-by under certain conditions, but this was only a bug and has been resolved:

http://www-900.ibm.com/cn/support/downl ... su1g34.txt

So, to cut the long story short: Whenever any piece of software other than the system's BIOS is executed on IBM ThinkPads, the hard disk drive will already be in frozen mode, so that, provided that it isn't defective, no change whatsoever can occur to its passwords.