Need help with hard drive password on bootup.

[Sirnice]

I know this is not really thinkpad related but since most of you are very knowledgable, maybe someone know the solution to my problem.

I have a hard drive that is password locked in the master boot sector (mbs) so everytime I try booting up the notebook (samsung p30, not sold in the US), I have to enter the password to bypass it before it load Windows.
The problem is I don't remember the password. I try removing the hard drive and connect it to another machine to format and rest the boot secctor but it's not picking it up (probably because it's password locked). anyone know how to reset the hard drive or the master boot sector to bypass this. The hard drive is a Hitachi/IBM Travelstar 80gb 4200rpm.

Thanks

[egibbs]

Well, unless you know the password it's your new paperweight.

See the section beginning on page 86 of this http://www.hitachigst.com/tech/techlib. ... n_sp30.pdf for a description of how the security features are implemented.

If you have something REALLY important on it there are data recovery companies that will get the data for you. They need to disassemble the drive in a clean room and use special equipment to do it though. They charge anywhere from a few hundred to a few thousand dollars depending on how difficult the job is.

Ed Gibbs

[Batuta]

...

[egibbs]

I don't recall saying anything about encryption, and the document that I linked to describes exactly the scheme that you described.

The only thing I'm confused about is the location of the control hardware. From my reading of the spec it sounds like the control is implemented in the electronics built into the drive - since all the lock, unlock, etc. commands are sent to the drive itself. That means you would need to disconnect the drive electronics from the unlocked drive with it powered up and spinning and connect the locked drive. I would call that extremely risky, and it will NOT unlock the drive - only permit temporary access to the data. Even if he formatted it at that point the password will still be present and the next time he cycles power he will need to do the same thing. That might get the data off but the drive is still a paperweight.

You seem to be saying that the control is implemented in the ATA controller on the system board, not the drive electronics. Am I understanding you correctly? That would make the operation slightly less risky, but it will still not produce an unlocked drive - just provide temporary access to the data.

Ed Gibbs

[Batuta]

...

[egibbs]

From the linked document I mentioned (Travelstar 60GH & 40GN hard disk drive specifications) which essentially mirrors the ATA spec:

13.25 Security Unlock (F2h)
This command unlocks the password and causes the device to enter device unlock mode. If a power on reset or hard reset is done without executing the Security Disable Password command after this command is completed, the device will be in device lock mode. The password has not been changed yet.
The Security Unlock command requests to transfer a single sector of data from the host including information specified in Figure 114 on page 156.
If the Identifier bit is set to master and the drive is in high security mode then the password supplied will be compared with the stored master password. If the drive is in maximum security mode then the security unlock will be rejected."
If the Identifier bit is set to user, then the drive compares the supplied password with the stored user password.
If the password compare fails then the device returns an abort error to the host and decrements the unlock attempt counter. This counter is initially set to 5 and is decremented for each password mismatch.
When this counter reaches zero, all password protected commands are rejected until there is a hard reset or a power off.

Reserved 17-255
Password ( 32 bytes ) 01-16
Control Word
bit 0 : Identifier (1- Master, 0- User)
bit 1-15 : Reserved
00
Description Word
Figure 114. Security Unlock information

Identifier A zero indicates that the device regards Password as the User Password. A one indicates that the device regards Password as the Master Password.
The user can detect if the attempt to unlock the device has failed due to a mismatched password since this is the only reason that an abort error will be returned by the drive AFTER the password information has been sent to the device. If an abort error is returned by the device BEFORE the password data has been sent to the drive, then another problem exists.

That seems to say pretty clearly that it is the drive, not the ATA controller that determines if a password is valid or not and whether to unlock.

I could see where if you had two identical drives, one locked and one not locked, and you swapped the actual drive electronics (not just the ATA interface cable) from the unlocked drive to the locked drive while powered up it would allow you to access the data (assumng the drive survives), but only until the drive goes through a power cycle, after which it locks again.

It sounds like he is wanting to make this drive usable rather than recover data (since he tried to format it). So unless he plans to do this every time he wants to boot his machine, the drive is a paperweight.

I'm not sure why you were able to bypass a password by swapping the ATA controller rather than the drve electronics. Perhaps you had an earlier spec ATA drive, or perhaps the drive did not fully implement the spec. But he has an IBM/HGST drive, and IBM essentially wrote that portion of the ATA spec (IBM wrote a whitepaper describing the security architecture that was adopted with minor changes). I think the chances they failed to follow their own design are slim.

Ed Gibbs

[Sirnice]

I want to use the drive and not just recovering the data but if I can do both that would be great.

I do believe the "password flag" and "password" itself is stored on the drive and not on the controller because I tried another hard drive and it boot up fine. I only have to enter the password when I'm using the password locked drive. I try the drive on the USB case and plug it into my desktop computer. The computer found the new drive/hardware but it dosn't display a drive letter for it (not mounted?).

[egibbs]

I could be wrong, but I don't believe the USB interface supports the ATA security protocols. So the drive is probably sitting there waiting for an unlock command to be sent with a password, and the USB interface doesn't know how to do that.

Edit: Now that I think about it a USB HDD enclosure would have to implement the ATA spec, providing you installed the driver for it. Otherwise you wouldn't be able to access any drives.

Still - it's probably waiting for the password. Without the password I'm afraid you are pretty much out of luck.

Ed Gibbs

[Batuta]

...

[egibbs]

You're right - this ia a waste of bandwidth.

I would think that "If the Identifier bit is set to user, then the DRIVE compares the supplied password with the stored user password." was pretty clear, but I guess not.

I never said you can't CRACK the password, given time, money, and specialized equipment. In my first post I specifically said that data recovery was possible but expensive. The tool you linked to is a password CRACKER, not a password bypasser.

I also never said anything about encryption, though you keep going back to that. The drive lock is a hardware lock, and any hardware lock can be picked - it is definitely not encryption.

But unless he has something he needs on that drive badly enough to part with considerably more cash than the drive is worth it's a paperweight. In my business we have a term - Beyond Economic Repair. That drive is definitely BER.

I'm done - this is my last post on the subject, I promise.

Ed Gibbs

[JHEM]

The problem is I don't remember the password. I try removing the hard drive and connect it to another machine to format and rest the boot secctor but it's not picking it up (probably because it's password locked). anyone know how to reset the hard drive or the master boot sector to bypass this. The hard drive is a Hitachi/IBM Travelstar 80gb 4200rpm.

It cannot be economically unlocked! If you had data on it that HAD to be recovered, there are services available to do so.

But the cheapest among them costs more than simply replacing the HD with a new one.

The PW info is not stored on the platters, but in the drive's electronics, so performing a format were you somehow able to do so will not clear it.

Absent an urgent need to access data on the drive it's a paperweight, as Ed said.

Regards,

James

[Batuta]

...

[JHEM]

Cost of a NEW replacement 4K80 HD: $109 and free shipping.

http://www.zipzoomfly.com/jsp/ProductDe ... ode=100520

Cost at Nortek to just remove the PW: $85 plus S&H each way.

Cost for Nortek to unlock the HD and re-certify (wipe) it: $145 plus S&H each way.

Cost for Nortek to unlock the HD, save your data, re-certify the drive and reload your data: $295 plus S&H each way.

Your offer of $50 for the HD is very generous Rick, I guess you know how to unlock HDs on your own.

BTW, Nortek has been a member of both the old and new Forums for about 5 years.

Regards,

James

[Batuta]

...

[Sirnice]

I'll think about your offer.

Thank you

[Batuta]

...

[Nolonemo]

Description for $85 service says "no data is preserved." If data has value, you're looking at $295.

[Batuta]

...

[JHEM]

Unless my math has left me, $85 is still less than $109, even plus $10-15 for S&H.
And we are not even talking about the price of the data on that drive here.
I rest my case

You've missed the point that the data was worthless to the OP, so there's no real inherent value in it to anyone else either other than for its voyeuristic possibilities. I'll admit that data mining can be fun at times, I've been guilty of scratching that itch more than once amongst some of the machines we've had donated to us, oft times with eye opening results.

For $85 plus shipping of $10-15 each way there and back across an international border, I'd rather just buy a new HD for $109 if I didn't need the original data and wind up with a new, warranted HD. My decision would almost certainly change if the HD were of a larger size and had a higher replacement value, such as a Seagate 5K100.

Rick, your personal skills and training provide you with the luxury of being able to attack one of these HDs as a mental challenge and exercise. But those skills are way beyond those enjoyed by the "average" Thinkpad owner who should, bar hiring Nortek or others of his ilk, view the average PW locked HD as a paperweight.

BTW, the DOD/DOE standard for erasing certain HDs from certain agencies has changed. The only acceptable method now is destruction by mechanical shredding.

(This discussion is why they have horse races!)

Regards,

James

[Batuta]

...

[Batuta]

...

[Sirnice]

Thanks, but can't get it to work.
I can't get pass the password during boot. I can't even boot from other devices such as a floppy drive or CD. The only place I can go into is the BIOS.

Rcho

[Batuta]

...

[Sirnice]

Does that progrom only function in DOS? I try running it to see if it can pick up my desktop drive in Windows XP and it did'nt find any drives.

[Sirnice]

OK, swap the drive during bootup like you said and bootup using a USB floppy drive with Dos prompt. The program detected the drive that is password locked. BUT there is no tools that allow me to remove the password or disable the password without the original password or a MASTER PASSWORD.

Here are the selectable choices:
SET MASTER PW
SET USER PW
UNLOCK WITH Master PW
UNLOCK WITH User PW
DIsable WITH Master PW
Disable WITH User PW
FREEZE LOCK
ERASE Prepare
Erase UNIT

Not matter which command I use, I get this error:
ERROR: command rejected by drive

So looks like I still need the original password.
Thanks for your help.

[egibbs]

If you refer way back to the beginning, to the document that I linked to, you will see that those are EXACTLY the commands that the manual says the drive recognizes - which also happen to be EXACTLY the same command set defined in the ATA spec.

All that program does is allow you to send the ATA commands to the drive directly rather than your ATA controller doing it for you.

Ed Gibbs

[Batuta]

...