Help With Locked Hard Drive

I have been trying to discover a workaround for accessing a Hard Drive
locked via the ATA Standard. I have copied various posts regarding my quest
below. I would really like to hear from anyone that has knowledge of the ATA
Standard Hard Drive Locking Technology, and/or has successfully unlocked a
password protected drive without knowledge of the User, or Master Password.

Thank you.

Louis--
********************************
Remove the two fish in address to respond

A friend? of mine locked the Hard Drive in my Laptop (it was his way of
"sticking it to me", and so far it's worked very well). As the boot process
begins it stops, and asks for the password. The boot sequence is set for
floppy first, but even trying to boot with a floppy wont allow progress past
the password prompt.

So far I've tried to boot to a floppy - no success - with the thought of a
Low Level Format. I've placed the drive, with an adapter, into a desktop,
and I discovered that BIOSs without a password scheme like a Laptop, reports
the drive as a "failed disk". If I place it into another Laptop it asks for
the password. I locked a different drive, placed it into the desktop, and it
reported as a "failed disk". I put it back into the Laptop, unlocked it, and
back into the desktop where it worked normally.

Further research led me to the Hard Disk ATA Standard, which allows for a
Hard Drive to be locked, and unlocked. It appears that the passwords (user,
and master) are not on the platter, but stored in a register on the
controller board. The logic sequence on boot up is to check if the drive is
locked, and if it is it wont unlock the drive until the proper command, then
the password is sent to the drive.

The ATA Standard also indicates that if you know the Master Password, it
will unlock the drive, and reset the user password to null.

I understand the need for security, but I can't help but suspect that some
clever chap has discovered a workaround short of sending the drive to a data
recovery facility, and spending thousands of $$$.

There has to be a way of probing the register in question, and reading the
data necessary to unlock the drive.

I can buy a new drive for my Laptop, but I guess the challenge of overcoming
situation is too much to pass up.

Any suggestions, Web Sites, other news groups, or assistance would be
appreciated!!


The Laptop is functional with a different Hard Drive (I am currently using
the unit). The value of the locked Hard Drive isn't worth the effort. It's
the frustration of not having access to the Hard Drive, and the opportunity
to learn something that is driving me at this point.


The machine in question is an older IBM Thinkpad Laptop. I am currently
using it with a new Hard Drive. The old drive is locked (he locked the drive
only), and that's what I'm trying to get into. The drive itself isn't worth
any time or expense, but I am determined to learn how to gain access to it.
IBM at their Web Site, and the local service center, indicated there is
nothing they could do for me.

I am convinced that accessing my drive is possible if I get the proper
information. I have received a few suggestions that make me believe I'm well
on the way to success!

I have discovered the user, and master password, are resident in the
firmware of the drive controller. When the drive is accessed as part of the
boot process (regardless if it is a master, or slave) if the drive is
locked, and the password hasn't been entered, the drive returns a signal
that most systems without a Hard Drive password routine interpret as a
failed drive.

It would be interesting to see if the drive password register could be
probed to revel the contained data.

I know some method is possible as evidenced by the specialty firms that will
unlock a Hard Drive. Just take a wheel barrow full of money with you! :-]


I have confirmed that per the ATA Standard the password data is resident on
the controller card. It has nothing to do with the platter. There are third
party software solutions to lock a drive, and in that case the password is
located on the drive media. I have recovered data from a locked Hard Drive
by replacing the controller board with an identical unit, and then accessing
the drive normally.

With the IBM Thinkpad I have you can have a BIOS or Boot Password, Hard
Drive Password, or an Admin. Password. Someone set the Hard Drive Lock, and
the unit required a password at turn on. Not knowing the password, I removed
the drive, and tried it on a Desktop. It reported as a failed drive. Using a
utility, I discovered the drive was locked with a user password. Replacing
the controller card allowed me to recover the data, and use the drive in the
Thinkpad again. The Thinkpad also would work with a different drive (the
other passwords (BIOS & Admin) hadn't been set).

As I reviewed the ATA Standard, the indication was that the User, and Master
passwords, were stored in the firmware (with no placement on the drive
media).

I locked a different drive (with a desktop) using the utility I have, and
the Laptop requested a password before access, and the Desktop reported a
failed drive.

It would appear to me that in this case the drive media wasn't used as a
storage medium for the password data.

I would dearly like to hear from someone that has unraveled this enigma!
--
*********************************************
Remove the two fish in address to respond

There is no workaround other than obtaining the password.

"Louis Bybee" wrote in message news:tV%tb.23229$Dw6.124876@attbi_s02
I have been trying to discover a workaround for accessing a Hard Drive
locked via the ATA Standard. I have copied various posts regarding my quest
below. I would really like to hear from anyone that has knowledge of the ATA
Standard Hard Drive Locking Technology, and/or has successfully unlocked a
password protected drive without knowledge of the User, or Master Password.

Thank you.

Louis--
********************************
Remove the two fish in address to respond

[snip]

Louis Bybee wrote
in message news:tV%tb.23229$Dw6.124876@attbi_s02...

I have been trying to discover a workaround for
accessing a Hard Drive locked via the ATA Standard.

There is none. Its quite secure, for a reason.

I have copied various posts regarding my quest below.
I would really like to hear from anyone that has knowledge
of the ATA Standard Hard Drive Locking Technology, and/or
has successfully unlocked a password protected drive
without knowledge of the User, or Master Password.

********************************

A friend? of mine locked the Hard Drive in my Laptop (it was
his way of "sticking it to me", and so far it's worked very well).
As the boot process begins it stops, and asks for the password.
The boot sequence is set for floppy first, but even trying to boot
with a floppy wont allow progress past the password prompt.

Thats the way its supposed to work, for a damned good reason.

So far I've tried to boot to a floppy - no success
- with the thought of a Low Level Format.

If it does have the default master password still
set, it is possible to reset the password with the
drive auto erased. It isnt possible to keep the data.

I've placed the drive, with an adapter, into a desktop,
and I discovered that BIOSs without a password
scheme like a Laptop, reports the drive as a "failed disk".

Thats the way its supposed to work. Designed in behaviour.

If I place it into another Laptop it asks for the password.

Ditto. The password is on the drive, so it moves with the drive.

I locked a different drive, placed it into the desktop, and
it reported as a "failed disk". I put it back into the Laptop,
unlocked it, and back into the desktop where it worked normally.

Thats how its supposed to work too.

Further research led me to the Hard Disk ATA Standard,
which allows for a Hard Drive to be locked, and unlocked.
It appears that the passwords (user, and master) are not
on the platter, but stored in a register on the controller board.

It aint that black and white. You cant for example
just use the logic card from another identical drive
to get the data off the locked drive.

The logic sequence on boot up is to check if the drive
is locked, and if it is it wont unlock the drive until the
proper command, then the password is sent to the drive.

Correct.

The ATA Standard also indicates that if you
know the Master Password, it will unlock the
drive, and reset the user password to null.

And ERASE THE DRIVE.

I understand the need for security, but I can't help but suspect
that some clever chap has discovered a workaround short of sending
the drive to a data recovery facility, and spending thousands of $$$.

There are some operations that will unlock
an ATA locked drive for a lot less than that.

There has to be a way of probing the register in question,
and reading the data necessary to unlock the drive.

Not necessarily.

I can buy a new drive for my Laptop, but I guess the
challenge of overcoming situation is too much to pass up.

It aint any simple sequence of operations, for a
damned good reason. If it was, the would would
get out on no time and the security would be useless.

Any suggestions, Web Sites, other news
groups, or assistance would be appreciated!!

It would be stupid to assist thieves to make locked laptops usable again.

The Laptop is functional with a different Hard Drive (I am currently
using the unit). The value of the locked Hard Drive isn't worth the
effort. It's the frustration of not having access to the Hard Drive, and
the opportunity to learn something that is driving me at this point.

Trouble is that we have no way of knowing if you are lying or not.


The machine in question is an older IBM Thinkpad Laptop.
I am currently using it with a new Hard Drive. The old drive
is locked (he locked the drive only), and that's what I'm trying
to get into. The drive itself isn't worth any time or expense,
but I am determined to learn how to gain access to it.
IBM at their Web Site, and the local service center,
indicated there is nothing they could do for me.

For what should be perfectly obvious reasons.

I am convinced that accessing my drive
is possible if I get the proper information.

You are wrong. If it was just a specific sequence
of operations, the security would be useless.

I have received a few suggestions that make
me believe I'm well on the way to success!

What you believe is completely irrelevant.

I have discovered the user, and master password,
are resident in the firmware of the drive controller.

It aint that black and white. You cant for example
just use the logic card from another identical drive
to get the data off the locked drive.

When the drive is accessed as part of the boot process
(regardless if it is a master, or slave) if the drive is locked,
and the password hasn't been entered, the drive returns
a signal that most systems without a Hard Drive password
routine interpret as a failed drive.

Because thats what the ATA standard specifys.

It would be interesting to see if the drive password
register could be probed to revel the contained data.

It would have been terminally stupid to have implemented it like that.

I know some method is possible as evidenced by the specialty firms that will
unlock a Hard Drive. Just take a wheel barrow full of money with you! :-]

Its nothing like that expensive.


I have confirmed that per the ATA Standard the password data is
resident on the controller card. It has nothing to do with the platter.

It aint that black and white. You cant for example
just use the logic card from another identical drive
to get the data off the locked drive.

There are third party software solutions to lock a drive,
and in that case the password is located on the drive media.

That was before that security was part of the ATA standard.

I have recovered data from a locked Hard Drive
by replacing the controller board with an identical
unit, and then accessing the drive normally.

Not with an ATA lock you havent.

With the IBM Thinkpad I have you can have a BIOS or Boot Password,
Hard Drive Password, or an Admin. Password. Someone set the Hard
Drive Lock, and the unit required a password at turn on. Not knowing
the password, I removed the drive, and tried it on a Desktop. It reported
as a failed drive. Using a utility, I discovered the drive was locked with
a user password. Replacing the controller card allowed me to recover
the data, and use the drive in the Thinkpad again. The Thinkpad also
would work with a different drive (the other passwords (BIOS & Admin)
hadn't been set).

Mangled very comprehensively indeed.

As I reviewed the ATA Standard, the indication was
that the User, and Master passwords, were stored in
the firmware (with no placement on the drive media).

It doesnt actually specify where they are stored.

I locked a different drive (with a desktop) using the utility
I have, and the Laptop requested a password before
access, and the Desktop reported a failed drive.

It would appear to me that in this case the drive media
wasn't used as a storage medium for the password data.

That proves nothing on that.

I would dearly like to hear from someone that has unraveled this enigma!

It clearly aint a simple sequence of operations,
otherwise the security would be useless.

Folkert Rienstra wrote in message
...

There is no workaround other than obtaining the password.

So the operations that do it commercially use telepathy eh ?

Completely clueless. As always.


Louis Bybee wrote

I have been trying to discover a workaround for accessing a Hard Drive
locked via the ATA Standard. I have copied various posts regarding my quest
below. I would really like to hear from anyone that has knowledge of the ATA
Standard Hard Drive Locking Technology, and/or has successfully unlocked a
password protected drive without knowledge of the User, or Master Password.

So how would I reconcile this answer with the knowledge of commercial
outfits that do exactly that, for a wheelbarrow of cash of course. :-]

Thank you.

Louis--
*********************************************
Remove the two fish in address to respond

"Rod Speed" wrote in message
...

Louis Bybee wrote
in message news:tV%tb.23229$Dw6.124876@attbi_s02...

I have been trying to discover a workaround for
accessing a Hard Drive locked via the ATA Standard.

There is none. Its quite secure, for a reason.

I have copied various posts regarding my quest below.
I would really like to hear from anyone that has knowledge
of the ATA Standard Hard Drive Locking Technology, and/or
has successfully unlocked a password protected drive
without knowledge of the User, or Master Password.

********************************

A friend? of mine locked the Hard Drive in my Laptop (it was
his way of "sticking it to me", and so far it's worked very well).
As the boot process begins it stops, and asks for the password.
The boot sequence is set for floppy first, but even trying to boot
with a floppy wont allow progress past the password prompt.

Thats the way its supposed to work, for a damned good reason.

So far I've tried to boot to a floppy - no success
- with the thought of a Low Level Format.

If it does have the default master password still
set, it is possible to reset the password with the
drive auto erased. It isnt possible to keep the data.

I've placed the drive, with an adapter, into a desktop,
and I discovered that BIOSs without a password
scheme like a Laptop, reports the drive as a "failed disk".

Thats the way its supposed to work. Designed in behaviour.

If I place it into another Laptop it asks for the password.

Ditto. The password is on the drive, so it moves with the drive.

I locked a different drive, placed it into the desktop, and
it reported as a "failed disk". I put it back into the Laptop,
unlocked it, and back into the desktop where it worked normally.

Thats how its supposed to work too.

Further research led me to the Hard Disk ATA Standard,
which allows for a Hard Drive to be locked, and unlocked.
It appears that the passwords (user, and master) are not
on the platter, but stored in a register on the controller board.

It aint that black and white. You cant for example
just use the logic card from another identical drive
to get the data off the locked drive.

The logic sequence on boot up is to check if the drive
is locked, and if it is it wont unlock the drive until the
proper command, then the password is sent to the drive.

Correct.

The ATA Standard also indicates that if you
know the Master Password, it will unlock the
drive, and reset the user password to null.

And ERASE THE DRIVE.

I understand the need for security, but I can't help but suspect
that some clever chap has discovered a workaround short of sending
the drive to a data recovery facility, and spending thousands of $$$.

There are some operations that will unlock
an ATA locked drive for a lot less than that.

There has to be a way of probing the register in question,
and reading the data necessary to unlock the drive.

Not necessarily.

I can buy a new drive for my Laptop, but I guess the
challenge of overcoming situation is too much to pass up.

It aint any simple sequence of operations, for a
damned good reason. If it was, the would would
get out on no time and the security would be useless.

Any suggestions, Web Sites, other news
groups, or assistance would be appreciated!!

It would be stupid to assist thieves to make locked laptops usable again.

The Laptop is functional with a different Hard Drive (I am currently
using the unit). The value of the locked Hard Drive isn't worth the
effort. It's the frustration of not having access to the Hard Drive, and
the opportunity to learn something that is driving me at this point.

Trouble is that we have no way of knowing if you are lying or not.


The machine in question is an older IBM Thinkpad Laptop.
I am currently using it with a new Hard Drive. The old drive
is locked (he locked the drive only), and that's what I'm trying
to get into. The drive itself isn't worth any time or expense,
but I am determined to learn how to gain access to it.
IBM at their Web Site, and the local service center,
indicated there is nothing they could do for me.

For what should be perfectly obvious reasons.

I am convinced that accessing my drive
is possible if I get the proper information.

You are wrong. If it was just a specific sequence
of operations, the security would be useless.

I have received a few suggestions that make
me believe I'm well on the way to success!

What you believe is completely irrelevant.

I have discovered the user, and master password,
are resident in the firmware of the drive controller.

It aint that black and white. You cant for example
just use the logic card from another identical drive
to get the data off the locked drive.

When the drive is accessed as part of the boot process
(regardless if it is a master, or slave) if the drive is locked,
and the password hasn't been entered, the drive returns
a signal that most systems without a Hard Drive password
routine interpret as a failed drive.

Because thats what the ATA standard specifys.

It would be interesting to see if the drive password
register could be probed to revel the contained data.

It would have been terminally stupid to have implemented it like that.

I know some method is possible as evidenced by the specialty firms that
will
unlock a Hard Drive. Just take a wheel barrow full of money with you!
:-]

Its nothing like that expensive.


I have confirmed that per the ATA Standard the password data is
resident on the controller card. It has nothing to do with the platter.

It aint that black and white. You cant for example
just use the logic card from another identical drive
to get the data off the locked drive.

There are third party software solutions to lock a drive,
and in that case the password is located on the drive media.

That was before that security was part of the ATA standard.

I have recovered data from a locked Hard Drive
by replacing the controller board with an identical
unit, and then accessing the drive normally.

Not with an ATA lock you havent.

With the IBM Thinkpad I have you can have a BIOS or Boot Password,
Hard Drive Password, or an Admin. Password. Someone set the Hard
Drive Lock, and the unit required a password at turn on. Not knowing
the password, I removed the drive, and tried it on a Desktop. It
reported
as a failed drive. Using a utility, I discovered the drive was locked
with
a user password. Replacing the controller card allowed me to recover
the data, and use the drive in the Thinkpad again. The Thinkpad also
would work with a different drive (the other passwords (BIOS & Admin)
hadn't been set).

Mangled very comprehensively indeed.

As I reviewed the ATA Standard, the indication was
that the User, and Master passwords, were stored in
the firmware (with no placement on the drive media).

It doesnt actually specify where they are stored.

I locked a different drive (with a desktop) using the utility
I have, and the Laptop requested a password before
access, and the Desktop reported a failed drive.

It would appear to me that in this case the drive media
wasn't used as a storage medium for the password data.

That proves nothing on that.

I would dearly like to hear from someone that has unraveled this enigma!

It clearly aint a simple sequence of operations,
otherwise the security would be useless.

So how would I reconcile this answer with the knowledge of commercial
outfits that do exactly that, for a wheelbarrow of cash of course. :-]

Thank you.

Louis--
*********************************************
Remove the two fish in address to respond


"Folkert Rienstra" wrote in message
...
There is no workaround other than obtaining the password.

"Louis Bybee" wrote in message
news:tV%tb.23229$Dw6.124876@attbi_s02
I have been trying to discover a workaround for accessing a Hard Drive
locked via the ATA Standard. I have copied various posts regarding my
quest
below. I would really like to hear from anyone that has knowledge of the
ATA
Standard Hard Drive Locking Technology, and/or has successfully unlocked
a
password protected drive without knowledge of the User, or Master
Password.

Thank you.

Louis--
********************************
Remove the two fish in address to respond

[snip]

"Louis Bybee" wrote in message
news:RJeub.31030$Dw6.151468@attbi_s02...
So how would I reconcile this answer with the knowledge of commercial
outfits that do exactly that, for a wheelbarrow of cash of course. :-]

Can anyone confirm that in fact they really do it or are they selling
bridges over the East River or the dick patch.

If you can unlock Win NT's admin account, you can also hack a drive password.

Five years ago the NT unlocker was an expensive product from winternals.com,
today there is a free version. It was a matter of reverse engineering NT's
security hive.

A hard drive is more difficult, as you have to hack the ROM firmware which
checks the password. Once you do this, you can unlock any drive with the same
controller.

People who know how to do these things tend to be secretive because it is so
profitable.

"Louis Bybee" wrote in message
news:RJeub.31030$Dw6.151468@attbi_s02...
| So how would I reconcile this answer with the knowledge of commercial
| outfits that do exactly that, for a wheelbarrow of cash of course. :-]
|

So how, pray tell, do I become acquainted with individuals talented, and
knowledgeable enough to be skilled in these matters?

Thank you.

Louis--
*********************************************
Remove the two fish in address to respond


"Eric Gisin" wrote in message
...
If you can unlock Win NT's admin account, you can also hack a drive
password.

Five years ago the NT unlocker was an expensive product from
winternals.com,
today there is a free version. It was a matter of reverse engineering NT's
security hive.

A hard drive is more difficult, as you have to hack the ROM firmware which
checks the password. Once you do this, you can unlock any drive with the
same
controller.

People who know how to do these things tend to be secretive because it is
so
profitable.

"Louis Bybee" wrote in message
news:RJeub.31030$Dw6.151468@attbi_s02...
| So how would I reconcile this answer with the knowledge of commercial
| outfits that do exactly that, for a wheelbarrow of cash of course. :-]
|

Here is a pair of message from people on the T13 committee. It confirms there
are people that hack firmware, but not who they are.

"From T13 reflector, August 2003"

I have commented on this before at T13 meetings but it seems to
becoming more and more common all the time. If I were in the disk
drive business I think I would be concerned.

I get inquiries all the time from people that are "in the data
recovery or repair business", usually they are outside the USA,
asking about reading/writing the hidden data on a disk drive - the
drive's zone and defect tables and the drive's firmware.

It seems there are web sites that document how to "unlock" access to
this data on most disk drives. I hear there are full descriptions of
the zone and defect table layouts for most disk drives at these web
sites. And I hear that even disassembly listings of some drive's
firmware can be found.

If I were making disk drives I'm not sure I would want these people,
who may have good intentions, to be reading and writing this
information. But mostly I would not want some virus that destroyed
this data to pop up one day.

As I have said many times before, I don't understand why the commands
that would allow access to this drive data is even in a shipping
drive's firmware.

Anyway, if you are a device manufacturer you may want to be concerned
about this issue before it becomes a big problem.

and

Well I get requests from UK, Germany, and all over all the time.
They want all data and information in logs and various places.
They also ask how to decode and use several patented issues around ATA
host side. They will supply the patent documents, and ask how to use the
technology. The funny part is there are lots of open secrets in the
patent office about ATA, which are not in the spec.

I forgot where they are and who owns them, but have fun searching.


"Louis Bybee" wrote in message
news:Ynhub.231460$Fm2.233340@attbi_s04...
| So how, pray tell, do I become acquainted with individuals talented, and
| knowledgeable enough to be skilled in these matters?
|
|
| "Eric Gisin" wrote in message
| ...
| If you can unlock Win NT's admin account, you can also hack a drive
| password.
|
| Five years ago the NT unlocker was an expensive product from
| winternals.com,
| today there is a free version. It was a matter of reverse engineering NT's
| security hive.
|
| A hard drive is more difficult, as you have to hack the ROM firmware which
| checks the password. Once you do this, you can unlock any drive with the
| same
| controller.
|
| People who know how to do these things tend to be secretive because it is
| so
| profitable.