Link to home
Start Free TrialLog in
Avatar of Wakeup
WakeupFlag for United States of America

asked on

Hard Drive Lock/Password

I have a few Laptop Hard drives that have the password lock enabled.  I have researched it and these drives are 3 gig or less, so not worth paying for service to have the password removed.  If anyone knows of a way to do this for free, or extremely cheap.  Like really cheap.  3 gig drives are practically useless, but if they are good drives it'd be nice to restore them back to functionality.  Please let me know.  Thanks!

Avatar of jmp3712
jmp3712

I have never seen a HD that use locked
How??
Trying booting fron a DOS floppy and fdisk the drive
Avatar of dbrunton
The BIOS does the locking.  Various methods exist, generally by changing a jumper or shorting pins or removing battery.

It depends on the model of laptop and who made them.  IBM for example made a great number of laptops and there are numerous ways of bypassing the protection.
Than it is the BIOS password that is the problem not the hard drive.
Avatar of Wakeup

ASKER

Nonono...........not true....Look...I pull the laptop HDD, out of one laptop (after getting "Hard drive password=") and i put it in another and it says the same damn thing...however if I put a brand new drive or an unlocked drive in the same laptop boots up fine or detects the drive fine.  So no...It is not a bios issue.  Do a search on Google: "Hard Drive Password"
it tells ya about all that stuff.  I am not making this up!  Trust me.  I know what I am doing.  I just dont know how to remove the hard drive password.  I also went to Fujitsu's Website and it tells you how to set it and use it, but not how to remove it.  Do you need me to give you more information?! hehe
I have tried 4 different laptops all with the same: Hard Drive Password:
and then you type in a pw, like 3 times and then the laptop shuts off, and you have to turn it back on again.  Doesnt matter which laptop.  (same drive)
Avatar of Wakeup

ASKER

Here are some sites that explain sorta what I am looking at:
http://www.ja.olm.net/unlock/
http://searchwin2000.techtarget.com/tip/1,289483,sid1_gci856604,00.html
here is an exerpt from the website I just pasted:
most BIOS makers also have a "hard drive password" actually stored on the hard drive. If a thief puts this hard drive in another PC, he will still get a password prompt before he can access the data.

Anyway there are more things i can cut and paste but that doesnt matter right now...

Note: Do not forget your hard disk password! Keep it in a safe place. If you forget your hard disk password, there is no way to reset your password or recover data in the hard disk drive. Neither an IBM authorized reseller nor IBM marketing
representative can make the hard disk drive usable.


*Removing a Hard Disk Password:
The procedure to remove a hard disk password depends on whether or not it is set to the same password as the power-on password.

When the hard disk password is set the same as the power-on password:
Remove the password by following the procedure below. This operation removes both the hard disk password and the power on password.

You must remove your password at the password prompt that appears when you turn on the computer. To remove the password, at the prompt: Enter your current password, press the Spacebar and then press Enter.

When the hard disk password and the power-on password are different, or a power-on password has not been
set:
1. Turn off the computer and wait at least 5 seconds: then turn it on.
2. If you have set the power-on password, type it; then press Enter.
3. When the hard disk password prompt appears, type your current password, press the Spacebar, and then press Enter.

Avatar of Wakeup

ASKER

ya been there done that.  Same ole stuff....I just need someone who knows how to do it.  If they dont they dont.  I have been to all the sites...take battery out...short cmos....short this....cut this....etc etc...but that is not what it is going to take...it is going to take something from the hard drive to do this.  So If you guys know...then cool. If not nothing else is going to solve my problem...and I'll just ebay the drives and close the question.  All i want to know is how to reset the pw on the hdd, without having to pay more than a 3 gig hdd is worth...which is like pennies......I can get a 6 gig laptop drive for less than 10 bux.  Easy.  I just dont wanna have to throw away a good 3 gig drive if I dont have to.  That is my dilema.  I looked at most if not all of the sites, it will cost $25-100 dollars or even more just to get the pw off.  I dont need the data, I dont care about it. I just want to unlock em.  That is it!

Thanks..

Avatar of Wakeup

ASKER

Again, seen that site already.  I dont genenrally ask a lot of questions on EE.  I know my stuff...but this one is one thing I can not find out how to do.  I know how to use google and every other search engine out there.  I just need someone that knows physically how to open the drive (if necessary) and short whatever i need to short...and remove pw.  Is all...  Thanks again for searching/helping etc.

If you only need the drives and not anything on them, I guess a "zap" or low-level format will take care of all password stuff. Or can't the BIOS even find the drive? The zap utility (download from IBM) will wipe boot and partition tables from a drive, even if you cannot access it (you need to boot from a floppy). BIOS must find it, though.

Regards
/RID
Avatar of Wakeup

ASKER

OK...I havent tried that rid.  However i can not boot to a floppy when the HDD is in the laptops.  The bios does detect it.  Again if I put the HDD in any machine doesnt matter which.  It will say "HARD DRIVE PASSWORD="  and then you have three shots and then the laptop shuts down.  I can't even get into the bios.  However if I put in a regular non locked/pwed drive it comes up fine.  and can access bios fine etc etc etc.  So it is not the bios..and it is not the machine.  IT is the hard drive.  Unless someone can prove me wrong there.  

<Guesswork>
The BIOS looks at the hard drive for a password required flag of some kind, before going into boot media seek. This would prevent floppy boot if HD is password protected. If the BIOS could be reset to *not* look for this flag, you might get it to boot from floppy.
< end Guesswork>

I think that I would try hooking these HD's up as slaves to another HD (in a desktop machine) and see if they can be "zapped" when hooked up like that. Not many desktop BIOS:es do look for a password protection of a HD, do they?

Regards
/RID
Avatar of Wakeup

ASKER

Already did/tried.  hehe.  Read above.  Anyway yes slaved....Mastered... Secondary slave/master....(i do have an adaptor that goes from 2.5" laptop drive to 3.5" convertor/cable/adaptor thingy.  Anyway drive powers up...recognized by bios, but same thing...HDD PW problem still exists.  And even then i can not format it, or do anything...no fdisk no lowlevel...no format....
http://zurich.ai.mit.edu/hypermail/thinkpad/2002-02/1093.html

There is a thread about this. There seems to be a possibility to store some info on the electronics board of the drive, shutting out communication before pw is entered.

Regards
/RID
I've just had a look and so far I've only found the following:

: : How do I bypass a HDD password request??

: You can't.  The password is written into the EEPROM on the drive by the BIOS, and the computer simply won't boot until the password is removed.

All I did was enter 'HDD password' in Google and look at the first entry!

On another thread in EE I read with fascination that someone had written a routine in Pascal to up-date the BIOS for a machine in which for some reason the BIOS could not be normally accessed - I not too sure. However I would guess that someoone who has that detail of knowledge might know how to deal with your problem. Perhaps you can do a search in EE to track down that bod.

Mind you is it really worth keeping any drive with only 3Gb total storage. Seems a tad on the small size to me and I thought that size mattered!

Mind you it would be good to crack your problem.
Locate CMOS the battery and remove it.  After a couple of hours the CMOS will clear and you can reset it. That is the advice given elswhere for another similar problem. Been there done that?


Avatar of Wakeup

ASKER

Rid, Been there.  Not necessarily true.  Do some more research and you will see people advertising Unlocker type utilities or programs or tools to fix this.  I just dont want to spend a hundred bux to do it on a 3 gig drive.  Like I said earlier, I can buy a 20gig Laptop drive for probably 100.00
Patrickab, ya been there again and done that.  Yes the dirve is small...but for an older laptop that can't handle much anyway, is no big deal.  It's a waste of a laptop drive is my reasoning.  Again I can go on ebay and find 4 and 6 gig drives....but I dont want to spend the money on a half dead or almost dead horse anyway.  If I can get this 3 gig drive to work, then I will be fine!  
And again on the CMOS thing, if you follow the thread and what I have been saying, Have already tried, plus it is not a CMOS issue. I can take the drive to ANY other machine (Laptop or Desktop) and it will give me the same problem.
Wakeup buddy, I think you're out of luck...the drive manufacturers intentionally make it just about impossible to remove the password from the drive.  Hmm, here's a thought...are the drives (and others you may have) the same models?  You could swap out the PCB from a non-locked drive to the locked drive...but I guess that wouldn't really accomplish much either since they you'd have another drive with a password.

I have a feeling its fairly hopeless.

However:
http://www.driverforum.com/harddrive3/1642.html

Sounds pretty crazy, but who knows...

-dog*
http://www.labmice.net/articles/BIOS_hack.htm

From http://www.computing.net/windows95/wwwboard/forum/3542.html:
YOU MUST SUPPLY POWER TO THE HDD THEN SHORT OUT J11 J15 SHUT DOWN AND FDISK THEN FORMAT AND YOUR READFY TO GO

-dog*
Hmm, could you not just make that HDD a slave and grab a good HDD with a bootable OS and format the slave (locked) HDD?
it sounds to me like we're willing to play a little so here goes my theory.....

<disclaimer>
DO NOT ATTEMPT THIS AT HOME UNLESS YOU'RE NOT INTERESTED THAT MUCH IN THE HARDWARE YOU'RE MESSING WITH
</disclaimer>


If you have a few of these 3 gig drives, and have one that is unlocked with the same parameters, what I would do is boot with the unlocked drive, then without powering down the computer carefully unplug the HD and plug in one of the locked ones.  That might give you access to it, and you could try to format or whatever.

I have no idea if this will work, so don't take my word for it, but this kind of reminds me of the times we've screwed up a BIOS or had a mobo with a bad BIOS.  If we had another board with the same BIOS, we'd boot that mobo, take out the BIOS (working) without powering down, and plug in the bad BIOS.  Now that we're back in the system you could use a utility to flash the bad BIOS to a working one.

We used to do this crap before we got an EEPROM burner....that's a much nicer way

anyhow.....give 'er a shot if you feel up to it.

Avatar of Wakeup

ASKER

See i know there is something that is available to do it.  I just have to figure out what.  I mean hey if there is no way to do it, by myself then hey there is no way.  But I do know that people are out there charging money to unlock drives.  So it must be possible otherwise no such company would exist.  Anyay Dog, that www.computing.net msg is not there anymore.  YOu wouldnt happen to still have that up somewhere or can cut and paste it? or send me another link etc?  Let me know what you can do.  Thanks!
Mmm. Desparate times = desparate measures.

I know someone says that the info is in an EEPROM but surely a BIOS cannot burn an EEPROM - can it? Apart from which it's and irreversible process - surely?

The password surely cannot be stored in the chips on the hard drive. The information would be volatile without an external power source and harddrives don't have batteries. The charges retained by the condensors must surely be short lived and would soon drain off. So the only conclusion I can come to is that the password is stored in one of the boot sectors on the harddisk. Now logically unless there is some sub-routine on the hdd to ensure that this is dealt with irrespective of the BIOS how does it know it has to be satisfied before it will proceed. Again I guess because there is a flag that is either in the BIOS or is passed to the bios during boot up. Is that possible?

So is it possible to up-date the bios from some external source such as a floppy after the hdd has powered-up. Or perhaps even booting up the machine after having set the bios to tell it that there is no hdd attached. Instead boot from floppy and up-date the bios from the floppy. So back to the guy who can write Pascal routines to up-date a bios.

It was never going to be easy - otherwise you wouldn't have posted the question in the first place!

Not much help I'm afraid
more guesswork:
The HD must have some sub-routines that is run at power-on of the HD. Just power one up and listen to the head seek procedure. Probably one of these routines can include a serch for a pw flag in any reserved sector - the pw info need not be in the electronics

Regards
/RID
Wakeup:

I think there is a : on the end of that link, try it again.

-dog*
Avatar of Wakeup

ASKER

Sorry.  Computer went down for a bit...have to reinstall and recover my data.  Will be back in a few days or so.  Bear with me!  thanks!
There is a device made by a company called omniclone.  It will be able to do the things you need.
This device somehow can remove a HD password stored in EEPROM on the drive?  Somehow I doubt it...

-dog*
Avatar of Wakeup

ASKER

Where do i find such a device dogg1782?   And how does it work?  All the sites that i see that have the omniclone device is just a fast hard drive duplicator?  I dont want to copy my data.  I can care less about it.  Plus I want a cheap solution.  The drive is not worth much.  So a cheap fix is all i need.
What I was told sounds to far fetched,this guy I know say's what you do is when you power up press a key down to get a keyboard error into the bios setup,then you set a bios password,restart computer & when it comes back up you type the password you just created,I'm sure it's bogus but what the heck.
Avatar of Wakeup

ASKER

Thanks but no cigar darryl.
I didn't think so (too easy).
I never liked cigars!
Merry Xmas.
Avatar of Wakeup

ASKER

Anyone else have any bright ideas?
I would still love to know the solution - not because I need it but because it is an enigma which like the wartime one was ultimately cracked and it would be interesting to how it can be done. Mind you if it's cracked I reckon it might be an idea to find a more secure forum than this to publicise it!

A further thought - is it possible that the electronics of the drive actually do retain the pw information in the same way that smart credit cards retain information (or do even these have samll batteries - I don't know, even though I have a wallet full of them). It's amazing the stuff we take for granted these days!

Anyhow you might be able to:

1. Zap the electronics with a low voltage - can someone provide the hdd operating voltages? - or use a multimeter to find the out (bit if last ditch effort I reckon) or
 
2. More simply get a ribbon cable connector and just short out all the ribbon cable wires so that everything connects with everything. If the electronics do retain the pw info' this shorting-out might just wipe it all clean. You might need to leave it shorted out for a while - say an hour - I dunno.

You haven't much to lose I guess and for the sake of a few minutes experimentation it would be interesting to know if it has any effect at all.

No more dim ideas I'm afraid - for this moment.
I think there are plenty experts above deserving point splits, but here's my 2 cents.

1) Time is money. You've already spent more time in this thread than the drives are worth.

2) If it was so easy to do for free, why would anyone expect to gain from 100 dollar offer? (Has anyone validated that any of them work?)

3) More than curious here, I guess we all are. I don't quite understand why bios requires psw for drive#2, and am just learning here on HD PW, but if bios can access it, I can code it. Simple stuff, <heh>. Not for public consumption.

4) You did not mention platform, OS. Here's a thought on what may be your easy way out, but it is not an overall solution.

4a) Make system with XP on nice good drive. Add your funky drive to the system.

(no, you ain't been there done that yet...)

4b) go into bios and DISABLE the funky drive.

4c) magic. boot the 2 HD system, to XP and see the drive contents(?)

5) It works? Theory begins with your need to access drive, not to mess with PW. So end could be the drive forever remains slave. But it not so big to be regular drive anyway, just having it for temp store should be satisfactory.

5a) Why it should work: I had need to rebuild OS on two drive system. I wanted HD2 to be new c: with new build, so I used bios to disable HD1 to save from opening case. Upon install, the OS did go to HD2, but as d: for my XP decided it could use HD1 anyway, despite bios setting. I dunno if same goes for other OS.

5b) Why it should work: if bios is set to do PW check but is told to ignore drive, it should ignore the PW check. MS OS is at different level and won't be checking.

5c) Why it should not work: A good implementation would have HD begin with a default latch condition of no transfer of data from sector reads until a condition is reached, where a PW meets the condition and resets the latch.

5d) Why it should work: The system is operating at a point past the PW check, as_if it was passed (if I understand the description above properly)

5e) What may make it work anyway: Boot XP CD and move to its recovery console. This should be possible with bios disable of the funky HD. There are an enormous amount of utilities there that appear written by the good folk who gave us tools of Resource kits, and these are better. Maybe one of them can help out on HD2, if you login as Administrator (Not an admin).
I'm not sure if this is a dead thread now, but if Wakeup is still reading this, here's my input:

The HDD *IS* related to the BIOS.  I was in the same seat not too long ago, but for a WD drive with a password.  The 2nd "funky" drive that SunBow refers to will not boot AT ALL with an older BIOS.  How do I know?  I tried booting a "hand me down" HDD to my older Compaq K7 500MHz (hence an older BIOS), and the computer wouldn't post - it was just dead in the water until i removed the "funky" drive.

Next thing I did was try out the "funky" drive on the newer XP 2000+ system, and voila - I got the same message Wakeup did.  "HDD LOCKED, ENTER PASSWORD: (5 tries left)", or something like that.

To SunBow: Nice logic, but the guys who developed the HDD password were way ahead of you.  One of the things I tried doing a while back was like you said - disabling the 2nd password-protected drive via bios, but I couldn't access BIOS in any way whatsoever because of the lock.  I made it primary master, primary slave to a good XP drive, secondary master, secondary slave, every config didn't work, and still I got that red message - "HDD LOCKED, ENTER PASSWORD: (5 tries left).

I got curious again, that's why I'm here. So Wakeup, you're not crazy, and it's there.  But sorry that I can't offer any information on how to access/wipe/use the locked HDDs.
Avatar of Wakeup

ASKER

hehe  ya I am still here.  I am still trying to find myself a solution.  And haven't yet.  If worse comes to worse...I will close the question out and disperse the points or something...
I'm still reading, watching and waiting for some bright spark to supply the answer. I suppose at some moment this thread will need to be closed but I still hope a solution will be found and posted here.
How about a hot plug n play?  Boot up the system with the power connected to the bad drive, then plug it in to the IDE connector :)  Probably would want to do this on a machine you're not too worried about frying (though I guess you can do worse things...some guy here recently was hot plugging/unplugging  a PCI USB 2.0 card into his PCI slot while the system was running!!!!)  Then try refreshing device manager.

-dog*
Avatar of Wakeup

ASKER

Hmmm....Hotplugging?  But when do i plug it in?  Doesnt the bios need to detect the drive first?  Otherwise the drive is still inaccessible.
I dunno if it'll work or not...but worth a shot I guess...a good experiment in any case :)

-dog*
The hdd manufacturers must read this thread with a high degree of satisfaction that they have managed to develop a system which is so secure that even the best of EE cannot crack it. There are clearly some bods who do know the answer but I guess they have signed confidentiality clauses.

By the way Wakeup - did you try any of the shorting out ideas I gave earlier in this thread? I'd be interested to hear.
Oh , Maybe your harddisk is locked by some software.

Because I have write a one , but I am sure that It's not

locked by my software.

Can you try to use floppy boot the system ,and Low-format

it ?

My software named magic locker ,it can protect HDD with a
password ,and it can prevent floppy to boot.
Download link: http://www.magic2003.net

So, I think maybe your hdd is locked by some similar

software..


There is a free dos based program called ATAPWD that will give you a more detailed status of the type of ATA-Spec password security that is enabled on your drives.  

http://rockbox.haxx.se/lock.html

It will give you a status of the lock, tell you if it is set to 'high' or 'maximum', and give you the chance at entering the user or master password. It has options to erase the drive, though i'm not sure if you need the password to do this or not.

If you are lucky, only the user password is set, but the master isn't, or whatever.  If maximum security is set, even if you have the master password, the only 'documented' option forces you to wipe the drive, which is something you don't mind doing. You may have to move the drive to another machine, possibly using a 2.5" ide adaptor to try it on a desktop...

Good luck




There is a free dos based program called ATAPWD that will give you a more detailed status of the type of ATA-Spec password security that is enabled on your drives.  

http://rockbox.haxx.se/lock.html

It will give you a status of the lock, tell you if it is set to 'high' or 'maximum', and give you the chance at entering the user or master password. It has options to erase the drive, though i'm not sure if you need the password to do this or not.

If you are lucky, only the user password is set, but the master isn't, or whatever.  If maximum security is set, even if you have the master password, the only 'documented' option forces you to wipe the drive, which is something you don't mind doing. You may have to move the drive to another machine, possibly using a 2.5" ide adaptor to try it on a desktop...

Good luck




Some other links for reference:

http://www.pwcrack.com/bios.html -- Info at Bottom of Page
http://www.nortek.on.ca/hdd_pw.html#HDD


Wakeup, can you boot to floppy with the locked drive installed?

If you could, is there a zero write utility out there that doesn't care if the drive is locked? Anyone care to answer this?

I have a locked 30GB WD drive, and can't unlock it. I can boot to floppy, and read the status of the drive with the ATAPWD program that Scrawner referred to.  The drive is set to maximum security, but won't let me wipe the drive clean. It won't let me do anything to the drive, without a password.
Wakeup, can you boot to floppy with the locked drive installed?

If you could, is there a zero write utility out there that doesn't care if the drive is locked? Anyone care to answer this?

I have a locked 30GB WD drive, and can't unlock it. I can boot to floppy, and read the status of the drive with the ATAPWD program that Scrawner referred to.  The drive is set to maximum security, but won't let me wipe the drive clean. It won't let me do anything to the drive, without a password.
Avatar of Wakeup

ASKER

Ya, can't boot to floppy.  Still leary about shorting/hotswapping the drive.  I dont want to damage a laptop or damage a computer.
Always asks for HD PW first.
Avatar of Wakeup

ASKER

increased points to 300.
Wakeup - I reckon this is worth even more points to find the solution. I'm not encouraging you to add any more points but if there is a way that others can contribute to a pool to crack this one you wouln't need much from a number of people to raise the stakes significantly. As a small contribution I would throw in 50 points! I wonder if Community Support could find a way...
Avatar of Wakeup

ASKER

Here...I will throw in 50 points more in honor of patrickab! :)
I'm new, so I only have the points that I started with, but I'll throw in 50 points as well!

I'm glad I found this thread through a good ole Google search, maybe something will come out of it...
Avatar of Wakeup

ASKER

Since the interest is sparked, I think i will keep this open a bit longer and see if we can not find anything out!  So continue to post...and continue to ask around from your techie friends that may work for a hard drive company or laptop company!  Thanks!

Wakeup - I am honoured :) ^ n
Wow that was a quick response.. 3am in the morning, 10 minutes later... heheh
Wow that was a quick response.. 3am in the morning, 10 minutes later... heheh
UK - GMT 11:35am now.
Hello wakeup,
I have been checking this out for the past 2 weeks to get as much feedback info for you as possible.  Here are a few ideas, although you may have already tried them.  The true feedback I am getting from 90% of my sources is that your really out of luck without a cost involved.
The only other attempt that I see you have not checked for is this.  I know it sounds trivial.
The CMOS clear jumper (on laptops) is usually behind the removable battery or removable CD-ROM.
Good Luck !!
I've nothing more to say for now other than: "Good Luck"

Answer1: Get new HDs

IMO if you shop to compare dollars per megabyte, I think you'd find your time 'spent' on this to be of more value than HDs. Besides, modern applications may choke on 'em, what user would be happy with you for receiving one? (Oh, btw, the unit I am using at moment has 2 GB as largest drive, scsi).

Answer2: Keep on truckin'.

I find myself itching to have hands on drive to try this and that with them myself.  Good food for the grey matter.

Answer3: Go radical. Do something really different!

My first step would remove HD and place it as 2nd HD. Apparently that is not supposed to work. Well, here's another tack: when new specs come out, everybody implements some of it, but rarely do many fully comply. So, why not try a very old system, with early bios? I doubt it would check the password. pessimistically, the drive should be latched in locked condition until proper conditions satified, so it ought not to work, but one doesn't know until it is tried.

btw, can we assume all drives equal? I thought the mfr and model were given for information searches, but I don't see it above, maybe I miss it. Can you provide that now? - mfr + model of HD?
Ok, the best thread i've found on this topic is at:
http://www.geek.com/news/geeknews/q22000/gee2000918002375.htm

It has about 2 years worth of discussion, including some comments from a guy who actually knows how to fix it:

As you will probably understand it is not possible for me to give the 'official' method of cracking the HDD password and this in any case requires a small amount of hardware.

However I can tell you that the drive controller checks for the password protection only once at startup. Also that the data on a 'locked' drive is not encrypted.

Therefore after successful calibration on an unlocked drive, the drive controller is in a condition where it can read data from the disk platters and no subsequent check for password is made until the drive is powered down or is put into sleep mode (using the appropriate ATA command).

So you will probably have guessed what you could try should you have a second unlocked 'donor' drive of the same model & firmware revision.

This method if done properly will allow one to bypass the password lock to gain access to data but will not reveal what the original password was. To do that you must use the 'official' method, which on a drive from a DELL or IBM Thinkpad machine reveals what the original password was, in plain text (or in encrypted form if from another type of laptop).

Please note that the two controllers must have an IDENTICAL firmware level otherwise corruption of the data (due to sector mapping errors) may occur. The firmware level is available as an ASCII field in the IDENTIFY information returned by issuing the IDENTIFY DEVICE ATA command (0xEC). This will work on a locked or unlocked drive. Also please note that the above 'bypass' procedure could damage one or both controllers if not performed properly - you have been warned!
-------------

Another suggestion was from a guy who indicated hooking it up to his Macintosh G4 using firewire enabled him to format the drive, though I'm skeptical about it..depends on what part of the drive controller is enforcing the block...


Here's a crazy idea for you. Put the drive in a different machine, enter incorrect CHS settings in the BIOS for this drive so it's seen but not translated properly (eg. reports wrong size etc.) and then try booting from a floppy, run fdisk or whatever. Who knows, it may require the drive to be seen properly for the password function to work.
I have an idea that could work IF the password is stored on the platters and not in silicon:

I don't know if this would work (I may have to try it myself on an old HD just for fun), but could you "format" this hard drive in a way similar to erasing tapes by using a powerful magnet? Maybe leaving a medium/large speaker on top overnight(for a few days?)? Sounds crazy, but could it hurt? This is all based on the (likely, IMO)theory that the password is stored on the platters and not the EEPROM.

Hard drive gurus: Would this ruin the HD?
I'm with scrawner. Drop the PC bios talk... the password is kept on the HDD's controller card. There are only a few ways to get around it.

1.) Modify the circuit on the control board so that the "Read OK" pin is returning a high signal, you will also need to bypass three other pins so that command data from the PC goes straight to the drive controller and through the passworded HDD BIOS. (I don't recommend this unless you really know what you are doing, as you can totally kill the drive if done wrong, and it will disable the password feature completely)

2). Replace the HDD controller board with an IDENTICAL one from an unlocked drive with no password set.

3). Find out the chip specs for the controller board, chances are you can wipe the password and BIOS by applying voltage to the right pins. Or there may be a reset jumper, chances are it won't have any pins, just solder contacts.

4). Get the official method of unlocking the drive and rest the pasword. (you will obviosly have to speak to the HDD manufacturer about this, and may have to prove ownership of the drive, or they may want you to send the drive in and they will do it for you.)

HTH
Sorry but the passowrd IS stored in the sillicon not on the platters, the data on the HDD is not even encrypted.

If you can post the HDD model number and any other info you can glean from the outside of the drive itself and I'll get you the specs and hopefully a workaround.
If someone wants to send me one of these drives I would be happy to reverse engineer one from a data recovery point of view.
>  may want you to send the drive in and they will do it for you.)

just had strange thought - how liable can mfr be? On one hand, they get off free because you did not buy from them. On other foot, they incorporated a feature that made their product, in essense, defective in that it is unavailable to you. And it is not new defect but had been there all along.     If it was a friendly Joe, possibility that you could return for replacement, which would be bigger, provided you'd accept refurbished one. If so, I'd go for taking that deal. (except for keeping one to play with later - er, for posterity.)
Do You realy want the space or the data. If You are looking tor the space. Try low level formatingm then fdisk and format. This should work if there is a softlock. but if there is a hardware trick, like special cabling or ondrive nonvolatile memory lock or maybe rom lock which is unrecoverable (have to change a component), no help for You. If You are interested in the data on the hdds, try to fing the owner of the data.

Lekan
Avatar of Wakeup

ASKER

Dont care about the data.  WOuld love to wipe clean and start over.  I will try contacting the manufacturer.  I will get the specs of the drive later on.  Thanks for the ideas.
So because im lazy i didn't really read the whole thread, forgive me if im repeating....take the laptop hard drives out and connect them to a desktop machine with an adaptop like this one:

http://www.startech.com/ststore/itemdetail.cfm?product_id=IDE4044&topbar=topbara.htm

Then use some type of low level formatting tool to remove everything off the drive....thats unless the password is stored in some firmware on the drive
ticktacksir,

You're right, you didn't take any time to read the thread, which if you did read at least the last 5 short posts, you'd notice that the password is stored on firmware.

Thanks for your help
I like SunBow's ">  may want you to send the drive in and they will do it for you.)" It has all the elements needed for a commercial solution. A built in feature of forced absolescence. Imagine a car built with an electronic lock that could never be by-passed. It just would not exist. The manufacturers would be taken to the cleaners - so they have ways of dealing with similar problems. Let's hope the drive mfrs see sense.

Good luck
Avatar of Wakeup

ASKER

hehe...ya I hear ya guys.  Oh and as for ticktacksir, I have one of those...and got one for $3.65 instead of the $15+ for your link....
Got mine here:  
http://www.compgeeks.com/details.asp?invtid=HD-108

Actually have several.  And of course, you havent read the whole thread.  In which mentioned in much earlier postings is that we have discussed installing the drive as a slave etc using such an adaptor etc.  Anyway yes old news...give me something more to work with.
Fujitsu drives ? What model are they ?

Hi Wakeup,

I'd suggest checking out these Q's on the same topic:
https://www.experts-exchange.com/Storage/Q_20525321.html
https://www.experts-exchange.com/Hardware/Q_20517922.html

Basically, if you don't have a lot of expensive equipment, it can't be done.

There are a few companies which will remove the password, but I think I know how they are doing it. Brute force. You make a special IDE controller and some custom software, then you just have your software try 3 passwords, then reset the drive, then try 3 more passwords, then reset the drive, etc.

As was explained by Paul Sanderson of Sanderson Forensics in the first link, the HD password is stored on a system sector of the HD and not on the controller card. Replacing the controller card with one from an identical, unlocked drive will not work.

About the only feasible idea I've seen so far is from Win2K4Life when he suggests using a powerful magnet to corrupt the password data held on the platters.

The only problem with that is you risk corrupting the drive table itself, and are left with an unlocked, but completely unusable drive.

pb
pbarrette,
By drive table, do you mean the partition table, or something else? If the partition table is corrupted or destroyed, wouldn't a low level format fix that?

Sorry this has turned into more of a discussion forum Wakeup, but it seems you have a stumper on your hands here...
Hi Win2K,

Not just the partition table, but also the non-user accessible system areas of the disk and the physical geometry tables. A low-level might fix it, but is it possible? IDE drives come from the factory with their physical geometry already written to the disk platters.

Low level formatting used to be possible with MFM and RLL HD's, but I don't think you can do that anymore with IDE. There are "Low Level Format" utilities out there, sure, but they don't recreate the geometry, they just "zero fill" the drive in the pre-created sectors.

Check out:
http://www.pcguide.com/ref/hdd/geom/formatLow-c.html

Also, with a powerful magnet and no specific targeting involved, you could end up screwing up the alignment of the heads, or permanently embedding a magnetic preference to sections of the drive, making them unable to hold a new magnetic orientation, thus turning them into bad sectors.

pb
hehe, oops. Guess I've been lucky a few times...
Seems that im not the only one not reading here, a low level format isn't going to get rid of the password that is on the firmware.  So for my mistake of not reading i went and did some research and the only thing that anybody has to say is that your screwed unless you send the drive into a repair shop that handles this kind of stuff.  

http://www.nortek.on.ca/hdd_pw.html#HDD
Hi ticktacksir,

Exactly.

Not only that, but you can't even do a low-level format since the drive won't allow a write operation (or a read operation for that matter) until a valid password is supplied.

I've been batting this around with some friends and we came up with an interesting idea:

At some point, the controller must read the password off of the drive and pass it to a memory register to be compared with the password entered.

Using a logic analyzer (like this one?):
http://www.linkinstruments.com/lapar.htm

You could read off the data being passed to the controller from the HD, and extract the password from that.

Interesting, but not quite feasible for the home user.

pb
I have gotten close to full access and format via starting with a good drive, selecting alternate boot option, and pulling out my good drive putting in the PW protected drive during the diskette boot process.  Have also tried several versions of boot/run from CD with no better results.  Have booted up with two versions of PC DOS from Norton Ghost and Partition Magic.  Tried several Boot routines to automate ZAP and another "KILL" process but with no luck.  Process used automates creation of a "RAMDRIVE" on the PW protected drive and I can access the drive as C: but it is only the "RamDrive" and any/all attempts to run anything from the "RamDrive" will not format any of C: - keep getting different messages about not being able to perform the process.  I have several more processes I want to try before giving up - getting so close with access from/to A: to C: or the reverse but cannot get any formatting programs to run - just started download shareware/freeware programs to continue testing.  I think this process can work with the right program running within the "RamDrive", though it is a bit risky changing the HD with power on!
Hi Jib,

The RAMDRIVE is just that: A section of RAM that has been reserved to act as a hard-disk. Just becuase it is assigned a drive letter doesn't mean that has anything whatsoever to do with the physical HD in the system. The locked HD will not be accessible until the correct password is supplied.

As far as removing and reinserting a drive while the system is powered goes, that's definitely a risky procedure. There are drive caddies (also called "Mobile Racks") available which isolate the IDE interface to prevent possible damage to the IDE controller and your HD.

Personally, I've been using some software which, in theory, shuts down the secondary IDE controller thereby allowing you to remove and reattach devices to it. I haven't had any problems yet, but it certainly isn't 100% safe.

pb
okay, here is one page explaining how a HD Passwork work's   http://rockbox.haxx.se/lock.html
and if you habe many HD drives mybe this ist an alternative
http://www.pwcrack.com/bios.shtml
Hmm, let's say that there is a workaround to boot your system and access the harddisk.
Can we reset the password then?
I've read all the items u guy's wrote down but i'm still not certain where the password is stored.
So this is my question: if u have access to disk can we reset the password?
Hi CAZ,

For the umpteenth billionth time... It doesn't matter if you can boot the system with the HD attached or not.

Certainly, you can boot the system if the BIOS is so old that it doesn't support HD-locking. Also, (more dangerous) you can boot the system with the HD's power cable plugged in and the BIOS settings for the HD pre-configured, then attach the data cable to the HD after the system has booted.

The problem is that the HD controller (the one built into the HD) will not allow you to access the data on the HD until a valid password is given.

While the HD is locked, the HD will only allow a few, very specific commands to be executed on the HD. These commands are (in no particular order):
Identify Drive
Unlock With Password
Zero-Fill Drive With Password.

So, no password, no access to the drive.

The password itself is stored on a special, system area of the HD. When the HD powers up, the on-board controller does its POST, then checks to see if there is a password in the special area. If there is a password, the controller locks itself down to reject any commands except for those listed above.

Somewhere, in one of these threads, I have proposed a possible solution, but it's out of reach for most users.

The idea is that the HD controller must read the password off of the protected disk area to check if the supplied password is valid. When that happens, the HD password is being passed into the memory registers of the HD controller.

With a logic probe and sufficient knowledge of the ATA specifications and ATA chipsets, you could read the password off of the memory registers of the HD controller, or possibly read it while it's being passed to the HD controller.

That's about the only solution short of taking the drive apart and reading the platters with specialized hardware.

pb
Avatar of Wakeup

ASKER

Thanks PB for clarifying that for Caz.  I still have not abandonned the question.  I have been searching for other means.  If anyone has any other ideas fire it off... If not I will see/review some of the other ideas, and maybe just split the points up as I see fit, on some of the comments that may seem close/helpful to my problem.  Anyone up for review that I should look at?  or anyone think they deserve the points or anyone you think deserve them?  Feel free to post.  I'll close this in a week or so if I haven't figured it out by then.
Thanks for your kind reply ;))
I already said i've read all the post in this group!!
So this is my question again: LETS SAY i have access to the drive, is it possible to erase or overwrite the area where the password is stored.
BTW mister wakeup, i might have a way to access the HD
Avatar of Wakeup

ASKER

and how would you suppose you could get access to the drive?
The password is stored in flash ram.
You need to unlock the hardware with the password before the controller card will function.
Bypassing the security means modifying the controller card physically or sending the correct data to the card to access a back door in the firmware.

As the manufacturer will NOT give out the specs on the drive you have 3 options.

1.) Send it to the manufacturer for a hardware reset (this will wipe all info on the drive)

2.) Send the drive to someone who can reverse engineer it and bypass the security

3.) Buy a new one.

The reason that you can not place the platters in another drive of the same model or replace the controller card with one from another drive of the same model is such:
The drive security works in a way that is spread across both the platters and the controller card.
The password is not actually stored anywhere. A check sum is stored on the controller card. If the password supplied at start up cive the same check sum then the contoller card comes to life (the checksum is 16 bits long... that's 65536 different possibilities).
The controller card then uses the password supplied to unencrypt key areas of the harddrive. If the password is not exactly correct (more than 1 password will produce the same check sum) the data is still unreadable and the drive will appear unformatted with no data recorded.
not having the two processes linked means that even with the correct password, a mismatched set of drive and controller card will still not be readable.

The only 4 "non-legit" ways to get around the security are:
1.) Using specialist hardware read the data off the platters and manually de-crypt it. (forceably breaking the encryption would take about 50 years or so)
2.) replace the firmware on the controller card with a patched version and manually break the drive's encryption (another 50 years...)
3.) Physically modify the controller card, making pins 12 and 14 high and pins 15 and 17 the logical NOT of pins 2 and 4 respectively on the bios chip. Dump the bios to get the checksum. Using the checksum generate possible passwords (7, 8, 15 or 16 character max depending on the firmware) and forcibly decrypt the drive.
4.)The same as option 3, except reflash the bios instead of modifying the hardware.

As you can see option 4 is the easiest followed by option 3.

Your only options by the sound of things are:
- send it to the manufacturer (as per above)
- send it to a "hardware hacker"
- learn how to do it yourself

Sorry... there is no easy way out on this one.
Avatar of Wakeup

ASKER

I know it is not easy...hence the points being up on the high end.
I should add that my comments on this issue prior to my previous one should be ignored as the are partially or completely incorrect. The security is on the silicon and the platters... the drive must be "cracked" as a whole unit.

See my previous post.

P.S. It can be done (I got my hands on an unpassworded drive and "experimented")
Oke, this is how it works:

You need a compaq N600C or N610C laptop(Tested)
Make sure the bios is not password protected, so only the drivelock is active.
Start the laptop and when it prompts for a password just hit enter 3 times.
The laptop will now start from CD.
Boot to dos and unplug the powercable, wait until the system goes to standby (15 minutes?)
After the system went to standby start the machine again and when u did it right the machine returns imediatly to the screen where it was before it went to standby.
At this point hit CTRL ALT DELETE and the machine is going to reboot to dos or from harddisk without asking for a password!!!!
You now have full accees to the drive!
Thats why i asked the damn question :))

PS. If u own a compaq don't do a bios update, because this might remove this Feature :))
Compaq has been notified this morning.

Greetz CAZ
Uhm, forgot one message:

After u hit enter 3 times u get a 1790 error, after this de machine will boot from cd
Uhm, forgot one message:

After u hit enter 3 times u get a 1790 error, after this de machine will boot from cd
Hi CAZ,

I don't know where to begin on this one..

Not possible.

Your system may well recognize the drive when you do this, but go ahead and try to format the HD, or read, or write information of any sort to the HD.

As I said before, my old Compaq 486 laptop's BIOS doesn't recognize HD locking, so it boots with a locked HD with no problems whatsoever.

Unfortunately, the drive still isn't unlocked, so you can't do anything with it.

---------
Hi nicholas,

Actually, the password data is held on a Host Protected Area of the drive platters, and not the controller card itself. The controller card just requests the password, then reads the password off the drive, then compares them.

You can actually replace the controller card with an identical drive and the password will be unaffected.

Also, the data on the drive is not encrypted. To encrypt the data would take too much performance overhead. Besides, there is little point in encrypting the data when the controller won't let you access it anyway.

Frankly, I don't know about your BIOS chip mod, but it seems to be in the same vein as reading the PW off the controller as it comes in.

It may well be that the controller recieves a checksum of the password, as opposed to the actual password. In that case, our proposed answers are much more similar than they appear at first glance.

pb
How about thinking in solutions, everyone keeps telling me that it's impossible to workaround a disklock.
When there is a workaround (on some system) someone tells for the first time in this thread "hey i'm working on a old laptop and it doesn't ask for a password and the disk is accessable"
Then this person tell's me that it's impossible to access the area where the password is stored.

The difference between your laptop and mine is that my laptop has put the password on the disk and yours can't!!
So maybe there is someone with enough knowlegde to write a tool that say's to bios "hey remove the damn lock from disk 0" :))
I have this little theory that say's when a bios can put a password on a disk and we have the disk up and running with no limitations on a modern system, then there must be a way to remove or change the password!!
How about thinking in solutions, everyone keeps telling me that it's impossible to workaround a disklock.
When there is a workaround (on some system) someone tells for the first time in this thread "hey i'm working on a old laptop and it doesn't ask for a password and the disk is accessable"
Then this person tell's me that it's impossible to access the area where the password is stored.

The difference between your laptop and mine is that my laptop has put the password on the disk and yours can't!!
So maybe there is someone with enough knowlegde to write a tool that say's to bios "hey remove the damn lock from disk 0" :))
I have this little theory that say's when a bios can put a password on a disk and we have the disk up and running with no limitations on a modern system, then there must be a way to remove or change the password!!
Way to be proactive! CAZ, I'm sure Wakeup wouldn't mind you shipping him your laptop!
Hehe, i'm not going to risk my own drive :))
But hey there are enough locked drives out there.
Avatar of Wakeup

ASKER

I could always go the other route and send my drive/s hehe...
Hi CAZ,

Yes. You can see the disk, but that doesn't mean that you can access it.

The drive is locked according to ATA specifications, which have absolutely nothing to do with the system BIOS of any specific computer.

When your laptop is asking for the ATA password, it is merely passing that information on to the on-disk HD controller. It is the on-disk ATA controller (the Integrated Drive Electronics, or IDE) which is then determining what commands the drive will allow or disallow.

So, basically, the computer has no say in whether it can access the HD or not. The access is granted or denied entirely by the HD itself.

When the computer requests a READ or WRITE operation from the HD, the HD first determines whether it is locked or not. If the drive is locked, the drive returns a NOT AVAILABLE to the computer.

So I simply don't see how your Compaq laptop has the ability to force the HD to accept ATA commands which have been disabled.

There's only one ATA command-set available to use and it has been heavily standardized. Even if Compaq had decided to create their own, proprietary ATA interface structure and command-set (which they have never done), it would only work with drives developed specifically for that proprietary interface (which don't exist).

But hey.. Don't take my word for it. Visit the links I've provided and see for yourself.

In this thread, Paul Sanderson of Sanderson Forensics states that even he, a professional data forensics specialist, must send out drives that have been ATA locked:
https://www.experts-exchange.com/Storage/Q_20525321.html

I'm not saying there's no solution. I'm saying that the solution isn't easy. It requires a lot of knowledge and some costly hardware.

pb
Hi PB,

Listen, take my word for it that the drive is accessable.
I can read from the drive and i can write to the drive.
I don't know why it works, but it works the way i discribed earlier.
Somehow the drive gets fooled by a bug in the bios or something, i can't reproduce it on a HP.
For the 2 compaq machines i have tested it worked for sure.
I also let someone else try it; i gave him the laptop with a locked harddisk and the description about what to do.
I let him cold boot the machine and figure it out by the description.
He didn,t know the password for the hdd, a few minutes later he was booting xp!!!!
I don't mind if you don't believe me, but if tou can get your hands on the type of laptop i described earlier you can test it yourself.

Maybe it's a problem with the drive or a bug in the ata protocol, i don't know.

Caz
Caz,

Lets just say that you can access the drive with your laptop.  Have you tried accessing the drive with another newer machine?

I just remember waaaaay back in the day, when the original question pertained to "password removal".
JerMe

Duhuh, even in my own machine it doesn't remove the password, so after every cold boot you should do the trick.
But this is a step ahead i think, before we were not able to access the disk and then it is even harder to find a way to overwrite or anything.
Okay guy's nice talking to you all and have fun with your forum, i thought this was a expert exchange.
But only a few experts stayed i think.(and they have trouble reading)  
CAZ

Can you low level format the drive now?
and does the Format remove the password if you were to put it in a different machine??

Offcourse i can lowlevel format the drive, only my data is on it, so i won't try that on my drive :)).
I might get my hands on another locked drive in the next couple of weeks and i will try it then.
Hi CAZ, all,

I just thought of something that may describe the results you are seeing.

Quite a few IBM laptops have a BIOS integrated HD lock mechanism. What happens is, when you set a BIOS password, that password is replicated to the HD password. So the BIOS and the HD share the same password.

It may be that your Compaq has a similar structure. If you are able to bypass or disable the BIOS password, but the BIOS password is still stored in the BIOS, and it is linked to the HD password...

Then what may be happening is that the BIOS is automatically supplying the HD with the password that has been stored in the BIOS.

I'm going to guess that you haven't been able to access a disk that has been locked on another computer, or locked using a utility like ATAPWD with a password that is different than your BIOS password.

pb
PB probably has it on the nose..
as in Wakeup's case, he has several drives that were PWDed on a different machine.

The same is true for XBox HD's the BIOS creates the password for the HD and if you were to swap drives between
Xboxes it would not work because the HD PWD doesnt match the BIOs PWD.

Unless the Compaq does not check the PW flag and the drive
interprets that as an UNLOCK condition. If that is the case
then it would be a solution to Wakeup's problem, Run them in a older machine without ATAPWD function, inadvertently Unlocking the drives and then they can be reformatted and used in his curent system.

It would be interesting to know if that would work.

Rogerbird1
Hi Rogerbird1,

Unfortunately, that won't work. If the system doesn't recognize the ATA password specifications, it simply won't prompt you for a password.

That doesn't actually unlock the drive, but it does allow you to boot the system from another device while having the locked HD attached to your system.

The drive itself remains locked since it is the HD's built-in controller that determines whether the drive is locked or unlocked.

When the drive determines that it is locked, it only accepts a few, specific commands:
Identify - Allows the computer to determine the drive type/model and BIOS CHS/LBA settings.
Unlock - Allows the computer to supply the unlock password to the drive.
Secure Erase - Allows the computer to zero-fill the device AFTER having supplied the correct password to the drive.

Since the drive itself will not accept any other commands while it is locked, it is impossible to read/write the data on the drive without:
1) Knowing the password.
2) Hacking the password.
3) Tearing the drive apart and using specialized equipment to read the data off of the platters.

pb
Okay, i've tried to get around a drive locked on a different machine, this also works.
I think it has something to do with a hot reboot, when the machine enters hibernation mode, you can see harddisk activity, so i guess that the machine writes things down on the hardisk when it enters hibernation mode.
When it wakes up from hibernation the probably aleady isn't locked anymore.
You have to reboot to access the drive.
BTW: compaq has made a beta bios that should resolve the problem and it does.
The workaround only works again when you flash the old bios back.
Also tried a lowlevel format to remove the password, it doesn't work.
Maybe someone else knows a tool that really removes ALL data from the disk (Including the drivelock password)
CAZ,

Welcome to EE.  Please take the time to read the threads.  Everything you have said has been mentioned before.  
Mr Kannabis (the c was taken?)

Thanks for your welcome, i think you've read the thread?
(Especially 04/24/2003 02:30AM PST)
Give me a quote in the same context i wrote my comment.
Hi Everybody,

All I can say, without having physical verification, is this:

Everyone please keep this quiet for CAZ.

He has become the 4th (possibly 5th) commercial entity in the world with the ability to recover data from an ATA-Password locked drive, beating out some of the top data-forensics specialists in the world.

So please don't spoil his commercial potential by spreading his secret around.

pb
Bite me!
Avatar of Wakeup

ASKER

Look....Pbarrette, Caz and whoever else is on that bandwagon trying to smack each other down....STFU!  Pardon my french.  This is my question.  I will determine who has the best comment/answer, and I will decide for myself which is true/false or a crock.  You dont need to pound each other.  I will do that for you.  

Pbarrette, just leave Caz alone.  He is trying to help.  And how do you know if his ideas are right or wrong?  Have you tried them?  And where do you base your information stating that he is the 4th or 5th person in the world?  There are companies out there that will do similar if not better things that he has/hasn't done...And for a big fee.  Of which I dont want to pay.  I have actually seen some partial schematics on tools that you can make to create a device that will disable the lock on the HDD.  And these guys are NOT: top data-forensics specialists in the world.

Caz, chill with the fighting back....You dont need to defend yourself.  Your work/comments will speak for itself.

Hi Wakeup,

This is the last comment I will make on this thread.

I know CAZ is wrong because I know the ATA specifications. As I have stated several times, there is absolutely no way to access the drive without:
1) Supplying the correct password.
2) Using specialized hardware to:
 a: Read the password directly off the platters after cracking open the drive.
 b: Read the data registers of the HD as the password/password hash is read into the on-hd controller to be checked against the supplied password.
 c: Physically modify the on-hd controller.

These are the only companies I know that can actually recover data from ATA locked HDs:
www.datarecoverybc.com
www.nortek.on.ca
www.vogon.co.uk
www.easydatarecovery.co.uk

Vogon's website doesn't specify that they can remove the password, but they do say they can get the data off a locked drive.

The top three in the list all use a clean-room and take the drive apart, whereas the last one uses specialized hardware and software to get the password without opening the drive.

I am willing to put it to the test.

I have a 540MB 2.5" HD that I am willing to lock and ship to whomever says they can access a PW locked drive.

Conditions:
1) The drive will be locked with a password of my choice using ATAPWD.
2) The drive will contain 1 ASCII text file.
3) I will pay for outbound shipping, provided the reciever agrees to pay return shipping. Approximate cost of shipping should be about $3-5 US, so it's not really a burden.
4) The drive must not be permenantly modified, damaged or opened.

All you have to do is post the contents of the text file.

To prevent any fraud on my end, the contents of the text file can be handed over to a 3rd party for verification, and the file on the drive witnessed by my lawyer prior to shipping.

That's all I've got.

pb
me would flash the bios and if fails try guess password

(i am smart and trying WAKEUP)
Avatar of Wakeup

ASKER

Darrel, If you read any of the comments above.  you would have already seen that flashing the bios will not work.  And second, I do not wish to GUESS the password.  
sorry Wakeup I'm tired today reading but not "on my game" really today. I try only help you cus we are friends. Another option but warning BE CAREFIL:

I have search for password before and take cover off drive but careful no dust no static no mosture and extract password from drive.

please very very careful! DONOT lose data its worse than format ok? if you not sure do not do it better for a new drive and count some losses.

hope you help me as well with problems thankyou! :)
Avatar of Wakeup

ASKER

Darrel, whoever said we were friends?  I dont know you...you dont know me.  
<edited by PashaMod>
Darrel,

May i may make a suggestion. i have been looking at some of you other posts in other questions and you abviously have a great deal of expireince in the IT world (by the looks of it, programming, hardware... not to mention security). Why dont you use this knowledge and create your very own advice web site, i dont know... maybe call it 'Darrels Corner'. I actually think people would pay money for your advice... Dont worry if the people here in EE mock you, you are clearly on a far higher plain than the other experts here, they just can not understand your abstract ideas..

>>I have search for password before and take cover off drive but careful no dust no static no mosture and extract password from drive.

for example, here i am sure you mean to actually perform 'open drive' surgery on the drive and extract the password with a scalpel...... fantastic idea... although you may be able to inflict less damage to the drive if you use 'key hole' surgery instead. my dad had this to fix torn cartlidge in his knee....

P
HAHAHAH makerp!  I think someone here has trouble finding the `any' key... :)
Avatar of Wakeup

ASKER

Well due to some problems,  Darrel will not be visiting us forever.

:)
First off - I have no idea of the inner workings of a typical HDD and that said - do not know how hard this would be or if the platters allow writing to both sides; but if they did (they look the same on both sides - could you not do some surgery and flip the platter over? This assumes the password is on the platter and you could torque the platter screws to the correct torque    (i.e. rebalance them). And you don't have big fingers like I do that would mark up the platter.

Just a thought
1) Opening the HD casing will in most cases render the question here null and void, since the HD will probably be ruined...

2) Even if you could operate on the drive without contaminating it, moving/flipping the platters will probably cause severe confusion, as the drive will
have problems finding the sectors again.
/RID
1) Opening the case of a HD will not ruin it - they aren't that fragile (its been done before it will be done again)
2) I don't understand what you mean by moving? They are pretty much set in place - however, you are right about flipping the platters, they must not have sectors on the other side - the record mechanism just searches back and forth (I have an old drive and got bored this afternoon) - I flipped it back and the drive booted fine - however I figure if I damaged it it will show up later than sooner - most likely the recording arm if anything - it seems to be the weakest part.

The pitfalls of a curious mind
Avatar of Wakeup

ASKER

flood92,

Not necessarily true on the new drives....and some older ones....

some drives are very sensitive to dust.....
and some drives are vacuum sealed....you can put the drive back together perfectly...but doesn't mean that ALL drives are that easy....nor will all drives work as good as it did before you open them.  Specially the ones that are vacuum sealed.  it might still run, but the speed is not as desireable.  And could still cause damage to the drive etc.  I think what Rid means, is that if you knock the heads outta place...or if they get uncalibrated or misaligned, which they can do....I have many drives here that I have taken apart for fun...some still work.....
some wont work after playing with them.  Anyway moot point.  It's dangerous to the drive regardless.


You got my drift 100%... I was also thinking that if the PW is stored on the platters, in a sector that is normally not user-accessible, the drive still needs to find it,
somehow. Flipping a platter would perhaps place this sector in an unexpected position rendering it inaccessible to the drive itself? I'm not sure that would help.

If this thread goes on for a while yet, it may be considered a reference work on hard drive protection... there are lots of interesting ideas and links here.

Cheers
/RID
I have been having the same problems, booted into pc check, ran the memory and harddrive editors.
All to no avail. tried low level format and of course... unable to write to the harddrive.
<edited by PashaMod>
<edited by PashaMod>
<edited by PashaMod>
Hi, I'm back :)

Quote:> Hi Wakeup,

This is the last comment I will make on this thread.

I know CAZ is wrong because I know the ATA specifications. As I have stated several times, there is absolutely no way to access the drive without:
1) Supplying the correct password.
2) Using specialized hardware to:
a: Read the password directly off the platters after cracking open the drive.
b: Read the data registers of the HD as the password/password hash is read into the on-hd controller to be checked against the supplied password.
c: Physically modify the on-hd controller <:

He's right, i made a misstake with swapping the different drives with the compaq n600 laptop.
I probably put the same drive back in the laptop instead of the one i took from the other laptop.
The compaq n600 cached the password in the bios after the password entered correctly one time, after the laptop stored it it doesn't matter if you take off the power or baterries.
Compaq supplied a fix for it so after the latest bios update the bug/feature i discribed doesnt work anymore.
However if you would put another drive in the compaq the cached password doesnt match, so you wont have access.
Avatar of Wakeup

ASKER

I actually met a friend at work who has answered some of my questions.  1.  There are ways of unlocking hard drives.  2.  He has the tools to unlock them.  3.  He runs a Data recovery company near where I live.
4.  He says he can unlock the drives for me if I need.  

He says he can't give me the device nor can he give me blue prints on the device etc.  So sorry I can not post pertinent information here.  I as of yet have not asked him to unlock the drives for me.  Since I really dont need them(3gb 2.5" drives.)  So I dunno who do you guys think deserve points on this one?  or shall I ask for a refund?  or should I delete the question...?  or what?
I think the thread needs to be preserved - it makes interesting reading - so perhaps PAQ and refund is the way.
/RID
I agree with rid...there is alot of info here, though none of it (past Wakeup's last comment) truly answered the question...

-dog*
Avatar of Wakeup

ASKER

Ok...Unless anyone feels other wise, then PAQ and refund is fine with me...
Hi All,

I agree. There is a lot of very good information in this thread that should be preserved.

I think the question should be PAQ'ed and Wakeup's points refunded.

pb
too much good info to just get rid of it.


============================
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:
PAQ/Refund Points
Please leave any comments here within the next seven days.
 
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
 
akboss
EE Cleanup Volunteer
============================
ASKER CERTIFIED SOLUTION
Avatar of Computer101
Computer101
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Wakeup

ASKER

Thanks guys and thanks C101.
Wakeup,
Have you tried taking the laptop hard drive into a desktop system as a slave and if necessary reload its firmware?
Even if you have problems with the bios, you can use operating systems like XP or Windows 2000 Pro to hot swap it in (As im sure you already knew). Do you know what area of the drive or what component the password is stored in? Surely after a firmware reload, a low-level and new partitions the drive must no longer have a password?

~User X
I take the liberty of quoting pbarrette here:

"The drive itself remains locked since it is the HD's built-in controller that determines whether the drive is locked or unlocked.

When the drive determines that it is locked, it only accepts a few, specific commands:
Identify - Allows the computer to determine the drive type/model and BIOS CHS/LBA settings.
Unlock - Allows the computer to supply the unlock password to the drive.
Secure Erase - Allows the computer to zero-fill the device AFTER having supplied the correct password to the drive.

Since the drive itself will not accept any other commands while it is locked, it is impossible to read/write the data on the drive without:
1) Knowing the password.
2) Hacking the password.
3) Tearing the drive apart and using specialized equipment to read the data off of the platters."

Firmware reload, low-level format (zero-fill) and partitioning cannot be performed on a locked drive, if I understand the above correctly.
/RID
I haven't looked through this entire topic because it's so long. Laptop hard drives can be locked and will only be unlocked by the machine they were locked in.

PLEASE UNDERSTAND THAT YOU CANNONT UNLOCK A LOCKED LAPTOP HARDDRIVE WITHOUT THE ORIGINAL LAPTOP.

This is purely for security due to the portable nature of these units. You will not be able to carry out any type of formatting, partitioning or anything on a locked drive, no matter what you use. Also, you cannot put the drive into a desktop system as a slave a read the data, all you will get will be an error message.

The locking is a partnership between the original laptop BIOS and the individual drive and is very, very secure. As for someone having a friend who has a device, the friend is lying. YOU CANNOT ACCESS A LOCKED HD WITHOUT THE ORIGINAL BIOS
Avatar of Wakeup

ASKER

oblietrix....

Not true....one of my customers who comes in to my store, has a device that can do it.  So not true at all.  Also there are many websites as well as the manufacturer (both the laptop manufacturer as well as the hard drive manufacture) who say that they can do it, but would need to send the drive in (obviously)  and want to charge me more than what the drive is worth new/blank.  So not worth paying any money on a laptop drive that is only worth a few measly dollars unless of course I needed the data on it.

Well, alot of people say alot of things, so unless you've actually seen it done I would be very sceptical about a 'device'. Sure the manufacturers can do it, the make the hardware so its not a problem. All I meant to get across is that for 99.9% of the population, unlocking a locked drive is impossible.

Clarified?
Avatar of Wakeup

ASKER

Well....as stated my friend that comes into my store DOES DATA recovery.  He says he bought the tool to do it.  And I believe him...For the average home user, yes it is probably impossible without the necessary tools...as I have seen/stated above...

However if I have a need for the data, it is VERY POSSIBLE...and CAN BE DONE.  I have researched the information thru and thru...you said you didn't read all the stuff in here....why dont you read it?  Then I dont have to go over all this stuff again.  Thanks....Still not clarified because you haven't proven that it can't.....as much as I haven't proved to you it can.....again...read.....

Just because you haven't found the tools to do it.....doesn't mean it's not possible.  

Just like back in the 90's when 1 gig drives were available....people said hey it's IMPOSSIBLE to use/need more than that.....I remeber when 20 mb hdd's were large...and that was all ANYONE needed.....well now were in the quarter of a terrabyte drives.....guess we'll never neeed anything more eh?  Again just cuz you dont or may not need that space, doesn't mean someone else doesn't....


Avatar of Wakeup

ASKER

oh and oblietrix,

here are a few sites that will do this for you...apparently you haven't looked at all or know about them....

http://www.nortek.on.ca/hdd_pw.html#HDD
http://www.pwcrack.com/bios.shtml

These are only a couple...there are more listed up above...and as I stated, I just want to figure out a way to do it for free.  And I have found it really can't be done.  These drives I have are 3 gig 4 gig drives...worth nothing cuz the space is so small...hence the reason why I want a free solution.  Cuz they aren't useless....just small.  But not worth paying someone 80 bux to get the password removed...Only other reason to do it is to save the data...but I dont care about the data.  And my friend says he has the tools.  I just need to find time to work with him.  And it just hasnt been worth my time to do so.  3 gig drives...I dont have a laptop to put them in.....why waste his and my time to do it?  unless I absolutely need them...?

that is my reasonings for not having done it.

So thanks...but do some more reasearch before you blow some smoke up my rear....and say it can't be done....it can...I just dont want to pay....

If you were gonna do that...next time read what we have ALL discovered over this discussion....cuz most if not all of us have come to the conclusion that it can be done...just how much time and how much money will it cost.....is the thing.

Why are you getting so irate about something so trivial? If its possible then go get it done. YOU WANTED IT DONE FOR FREE AND IT CANT BE DONE. If this friend of yours has the equipment, then surely he will do at least one drive to prove the point.

I really can't understand why so much has been written here on this subject pirely to satisfy someone who is too tight fisted to go out and buy a new drive. 3-6gb drives, no matter what are scrap and pointless keeping.


Avatar of Wakeup

ASKER

As stated...read the comments....
I told you why I haven't....
It can be done....I am not getting irate...I am telling you what I know....
It can be done...you can believe it or not..as stated it can't be done for free.
I know this....
and as stated, I dont really need the drives....so I dont really CARE....
hence the reason why....I have't done it.
I have purchased (4)  20 gig hdd's and I have two of them sitting here doing nothing.  I dont need the 3 and 4 gig drives....i was EXPLORING the situation to see if it can be done for free.  It can't...I already explained that...who's being irate?  not me...I am just telling you YES IT CAN BE DONE (unlock the drive....it is not impossible) but just NOT FOR FREE.  That is all.  
If you say it can't be done...then you are ignorant.  It can be done...i did the research....you apparently havent....AGAIN I STATE it CAN BE DONE...JUST NOT FOR FREE....

And I agree with that....and I understand that....so hence the reason why I DO NOT WANT TO WASTE MY TIME AND MONEY TO GET MY DRIVES DONE....IT IS NOTTTTTTT WORTH IT............
Ha, Wakeup,

Just took a look at your profile and you claim to be a computer tech with 15years exp. Why does someone with so much experience need to ask a pointless question about something to which the answer is well known.

Seems this site is geared more towards fantacists than people living in the real world. Next you'll be asking if its possible to put DDR ram into a SDRAM slot!!!!!!!!!

Get a life
Avatar of Wakeup

ASKER

Hey look...you posted a comment....in a question that has been closed for a while...which you fail to read.  

Where do you base your information on it being IMPOSSIBLE to unlock a locked hard drive?  
I gave you sites to where it can be done.  

I asked a question to see if it can be done for free.  That is not a bad question.  I am not an idiot...so do not belittle me...you have proved nothing to me.  You make claims saying it is impossible...I just showed you 2 sites...of which I contacted and they say that they can unlock the drive for a price...I dont want to pay that price...what is wrong with that?  Nothing...There are no wrong questions here....maybe stupid...and maybe idiotic...but it is information that is good to know...whats wrong with finding out how to unlock a drive?  for a price or even for free?  Nothing...that is why it has been asked probably at least a handful of times.....

Even from the best of the best....even those who have tried to help me here are the best of the best....if it was impossible or not worth their time posting, would they have?  of course not....now just give it up....I answered all youhad to say and now you have to belittle me and may claims to say that my question is pointless well then why are you posting in a pointless quesiton?  and you tell me to get a life?  again...who is the stupid one?  I make my point clear.  Take it as you will.  Someone else needs to get a life....
Avatar of Wakeup

ASKER

may claims= Make claims
Avatar of Wakeup

ASKER

BTW...I never belittled you...I just said it can be done....you said it can't....I ask for proof?  I haven't found a REAL site that claims that it CAN NEVER be DONE.....of which you claim....

Avatar of Wakeup

ASKER

Also for someone with such extensive backround as you:
IT Consultant/System Engineer MCSE

has to argue about what you have on paper rather than whats in your brain.  Also resorting to name calling and proving stupidity levels to prove your point....Interesting....sounds like my little 3 year old nephew.  But at least he's 3 years old....I am guessing you are at least in your 20's....
Avatar of Wakeup

ASKER

Dropped...
Cool debate you guys have been having.

Checkout

http://www.xbox-scene.com/articles/lock-hdd.php

and then

http://www.xbox-scene.com/tools.php

It describes a utility to remove passwords from locked HDD's. Micro$oft uses the same tecniques to lock and unlock XBOX hdd's, which is in the BIOS of the DRIVE.

I have just unlocked 5 ten GB hard drives myself.

Enjoy.
Avatar of Wakeup

ASKER

Cool...If i ever modify my xbox, I may have to try that one.  Oh and I did talk to my friend that has the tools to do it.  He says he can do it.  And will do it if I want to give him the hard drives to work on.  so now it's just a matter of getting the drives to him.  He says the tools he has works on IBM drives and may work on others.  So the tools he has are drive specific.  If you guys need Data recovery or help in similar matters as what i have asked, let me know and I can get you some contact information.

You seemed to have missed the point.
Using the utils on the pages above, you can remove the passwords from the BIOS of your laptop drives, or any drive locked with the ATA_SECURITY commands.
You don't need an XBOX to do it either.
Avatar of Wakeup

ASKER

Oh? Ok...I am confused... I will have to re-read again....
Avatar of Wakeup

ASKER

did you use the hdd unlock program ?  or which one?
And how do you have the sw access the bios or whatever?  explain how you did it....I am not sure how it will work.

Lord..

Not again..

[QUOTE] FROM - http://www.xbox-scene.com/articles/lock-hdd.php
------------------------------------------------------
The Lock codes

The OEM bios generates the unlock key “on the fly”. That is it generates a unique key or password which is dependant upon several things.

This password is generated by looking at your Xbox’s unique serial number, configuration, revision level and the information obtained from the currently installed hard drive itself.

******************************************
This in turn means that you cannot simply use a password from another drive or Xbox when locking a new drive. Instead you must figure out what the Xbox is going to use as an unlock password for your new replacement drive.Fortunately the Evolution-X hackers gave us a wonderful tool to do this very thing.
******************************************

This “tool” is built into the Evolution-X dashboards “backup” command. The “backup” command figures out what password the Xbox will use to unlock the currently installed drive. It places the password/key into the C:\Backup directory in a file called hddinfo.txt.

This is why Evolution-X must be installed and running on the Xbox and drive that you intend to lock first.

What do I need?

Before proceeding be aware that you will need the following.

*******************************************
* A working modified Xbox with a replacement hard drive ALREADY installed.
*******************************************
[END-QUOTE]

The link you have provided does not describe a method to unlock an XBox HD that was locked by an XBox that you do not have access to. This link ONLY describes how to LOCK a new HD given -AN ALREADY UNLOCKED AND MODIFIED- XBox and will only be useful for that SPECIFIC XBox.

Read! Then post.

pb
OK, I've just GOT to jump in on this one.  This is a bit off topic, but it was brought up, and people seem to be reading this and learning from it... so....
Someone suggested using a strong magnet on the drive to erase the password on the disks.
Well, if part of it is on there,that WILL WORK, it will disapear.  But..... the drive no longer will work... ever again.
The reason is that hard drives do not use stepping motors like floppy drives do and so the information recorded on the disks (called Servo Tracks) that define the TRACKS  (and of course the data too) will be erased and the drive arm will either sweep back and forth accross the disk looking for a track to settle on.... or it will slam itself silly doing the same thing if no type of control over access speed is employed, which is more likely without any tracks to tell it where it is on the disk.
I worked 3 years at Seagate in the Engineering lab before I moved on to another job.
I know quite a bit about hard drives (but I have forgotten some stuff too of course, it's been 7 years or so.).
I am not familiar with exactly how the password thing is setup as we did not deal with that when I was there.  But, it most likely is either in a flashram chip on the board or in an otherwise unused track on the drive.  There are tracks before and after the data tracks that are being used by the drive's built-in controller to store the data.  These are used to store additional information...like FAT tables, or error maps (bad sections of the disk that are skipped at the factory testing).  The error maps may not be used much anymore, it could be that bad locations are not tolerated anymore.  When I was testing them, if a few bad spots came up on the machinery that wrote the servo tracks and pre-formatted the drives, they would just put the locations in the error map and skip it.  In fact, the extra data tracks were used to make up for the bad spots.  A bad spot was just traded for a good one on the "spare" tracks (which you can not see or access) so no storage capacity was lost.
The original factory test equipment can certainly reset the password to blank, or what ever you want.  But you are unlikely to get to use it unless you are really close to someone who works in the test lab.  It could be duplicated though, to some extent at least.  Rewriting the servo tracks though would take a considerable investment in equipment.  But this stuff is all tested before shipping to ensure quality, so it could be duplicated if you really wanted to.

Flipping the disks over does not work, because the servo track is not on all surfaces.  That or, flipping it over fools the servo reading circuit into thinking the drive is spinning backwards (if it were smart enough to even understand this...which it is not...it's not expected!!!!) since the sector ending signal (in bits) will come before the sector starting signal (a different pattern of bits)  And in the wrong order...back to front!!!  So it would not know where the sectors were, or where the tracks were and would scan back and forth looking for the servo signal to start.
In the old days one surface was servo, all the rest were data tracks.  More recent technology allows for both to exist together, but perhaps only one head looks for servo data mixed with the data, while the rest just look for data.  The servo data is not destroyed by the data writting on it because it is written wider on or deeper into the surface so the data is either between the peaks of the servo signal or is a weaker component over it (data write heads would not generate as strong a magnetic field as the servo writting heads did in the factory) and so both signals are mixed together and sorted out by the drives circuitry.
This is probably more than you wanted to hear about this, but I just had to share this before some poor sap tried to demagnatize his drive with a bulk eraser to speed up a format or something equally stupid.
As to the hard drive password unlocking... I prefer the SHOTGUN approach.  Preferably,  "double aught" buckshot at 10 feet.  But slugs work well too.  (grin)  Wear eye protection of course...safety comes first.  But you can leave the static strap at home for this.

Thanks!
jba
Very interesting, and to the point, I think.
/RID
Ok, so I've just read this entire thread, as frustrating as it was.

This will NOT help you unless you know the password for the drive you are working on.  This is useful for things like Xbox hard drives where you can actually get the password.

You will need to download a file called hddunlock.zip.  Do a search on google and you will find it, or you can get it from www.xbox-scene.com.

Now, I had no idea how to do this so I was looking for information on how to do it when I came across this thread. You can actually disable the password using this utility.

So, some background first.  With the xbox, you can run a utility on the xbox which will save the password to the hard drive which you can then read via FTP.  I'm not sure exactly how this is done, it's part of the software you can use.  I thought this password was the password to use when you boot the PC and it comes up with "HDD Locked, Enter Password" but the password is too long to be entered here.

To unlock the hard drive you'll need a boot disk and a disk with the contents of the hddunlock.zip file on it.

What I needed to do was this -
- Remove the locked hard drive from your PC
- Boot the PC and enter BIOS
- Set the IDE channel that the drive is on to "No hard drive installed", be it primary slave or whatever.
- Turn off the PC and install the hard drive on that IDE channel.
- Boot up from a windows boot disk, you just need to be able to get to a command prompt.
- Insert the hddunlock disk and run the hdunlock.exe file, you will be prompted for the drive, 1 through to 4 for primary master to secondary slave.  It will then prompt you for the password, no matter what password you put in, it will say "Done!" so make sure you don't typo or you'll be doing it all again.  This will unlock the drive until you next reboot.  Not terribly handy really as the system doesn't recognise that it's there unless you reboot.
- Run the hddisabl.exe file.  You will be put through the same motions however, this will disable the lock on the hard drive too.
- Remove any disks and reboot the system.
- Go into bios and set the IDE channel back to auto detect or auto detect it yourself.  Save and exit and your PC will boot up fine and you will have full access to the drive.

I followed this exact procedure and I now have access to my original 10GB xbox hard drive.  It's formatted with FAT32 on it so all you CAZ bashers, steady on eh? ;)

I can't stress enough though .. this is USELESS without knowing what the hard drive password is.
This company claims they can remotely unlock your hard drives:

http://www.binarybiz.com/hddrepair/supported-drives.php

If their claim is true, then I think the average user has a chance at unlocking the hard drive.
Nothing is impossible.

Long time ago (about 1,5 year) I was reading this thread, looking for solution to unlock my own 2,5" HDD.

Today I went through the whole history again. But this time I know how to unlock certain models of Hdd drives.
Like everything created by a programmer, firmware of disk drives has its own bugs (Microsoft knows something about it). I found some of them.
It is possible to unlock older models of IBM drives in minutes, not using any specialized hardware, without data loss.
The key to success is getting the password out of the drive, and then disabling the lock with valid password.

I lost a lot of time trying to break my first IBM hdd (more than a year). Right now I can read the passwords from certain IBM, Fujitsu and Hitachi Hdd models.

I can't give you the solution, because I've put a lot of work in it.
It all begun in november 2003. Right now it's starts to pay off.

I have'nt write so much in English since I was studying 10 years ago. So please forgive all my misteaks, I certainly did.
I live in Poland, and Polish is my native language.
I have been looking into this for about six months,I have gotting password out of three laptops by read the eprom and decoding it.(2 dells,1 IBM) Passwords are stored as keyboard scancodes in the serial eprom,but this involes
a lot of work. For-soft, I would like to here more,if you could give some hints or pionters.
I have though about glitching the power supply to get by it, like what they do to get into a smartcard (dss & dish cards)but then you still need to read the sector that has it stored.I havn't came accros any thing to can do that.I also have thought of trying to look at the data coming out of the hda. Since it reads it at power up this seems most promising but havn't had time to peruse this with my logic analizer. again any hints would be great, thanks beer-man
I've found, that password are stored not only as keyboard scan codes. Factory passwords are stored in ASCII format. Some notebooks are using ASCII too. In some cases password stored in HDD is encrypted, i was unable to decode it.
I could not find letters used to create password, but hdd was unlocked easily using its encrypted form.

I suspect that manufacturers are trying to prevent password extraction from their laptops. Probably password is stored in diffrent form than supplied to the HDD. So reading password from laptop will not let unlock HDD without some decoding first.
For-soft, Thanks for your comment. I have a couple more questios.Are you getting the password from the drive itself or the laptop? I know the dell has a program to change asset tags (serial #) that are stored in the same eprom and I was go to try to change the address where it looks. Also can you tell me if the password on the drive is stored in the hpa and can it be read /viewed by any softwereutility.
Thanks again.
I'm getting password from the drive itself.
Password is stored on disk surface.
Normally it can not be readed by any software utility, wchich uses standard ATA commands.
Can the sectors be seen by unlocking the HPA?

Am I on the right track...This might be more that to let on, if so you can email me at beer-man@iwon.com Thanks
The drive password is stored in the drive's "boot engineering extension sector".  This is the sector after the drives last extensible user data sector.  this sector is hidden from the bios and operating system by commands in the PARTIES specification.  If the drive is locked, you can get rid of the password by secure erasing it.  Secure erase is one of the commands in the security set of the ATA-4, 5, and 6 specification, and writes zeros to every user data sector.  One of the biproducts of the secure erase command is it disables security on the drive.  In order to secure erase, you need to issue a "secure erase prepare" command to the drive after it is locked.  When the secure erase procedure is complete you can then leave the drive unlocked and forget about using the password, or lock the drive again with a new password using the security set password command.  I'm sorry I can't write out every last detail of how exactly this is all done, but I will tell you for free if you email me at <<email address removed by dogztar, PE>>
AwesomeMachine is right. It is possible to unlock the drive by using "security erase" command.
But, "Security Erase" command needs the correct password to be sent to the drive. Without the correct password it will do nothing.

So, this will help only, when we know master password, and the drive is locked in maximum security mode. In other cases, it is useless.

"Security Erase" command my fail to unlock the drive, if it's surface is defective or damaged.
Hard drives have 2 passwords:  Master Password and User Password.  The User Password is actually the security lock password, however, the Master Password or the User Password will work for  erase.  There is a utility available to set the master password on a locked drive and then use it to set the proper commands to have the drive erase itself.  Secure erase is entirely in the drive, you can start it and disconnect the interface cable and it will continue to completion.  You do need to leave the power cable attached, however.  Detatching the power cable will cause a hardware reset to the drive which interrupts the erase procedure and will leave the drive locked.
According to ATA specification, the "Security Set Password" command is disabled when the drive is in locked mode. So setting a master password on a locked drive can not be done with "Security Set Password" command. Unless drive has some firmware bug, wchich makes drive not quite ATA compatible.

In my opinion it is possible, but only in some disk drive models with a firmware bug. But this makes it effective only in some cases.

According to ATA standard it should not work at all.
Security set password is for setting the security password which is the user password.  You can still set the master password because it uses a different command that the drive will accept in the locked state.  During erase the user password is lost, but the master password(the lesser of the two) remains.  This feature exists so a locked drive with no password isn't trash, just the data on it has to go, for security.  I'll tell you what I'll do:  I have to erase a drive tomorrow and I will lock it and see if I can set the master password.  I believe I have done it before, but I'll just make sure.
I tried it yesterday. It does not work.

Master password is set by the same "Security Set Password" command. The first word of password data contains information about password level (user or master). The only difference is, drive does not go to locked mode after Master Password is set. It is necesary to set User Password for drive to go into the locked state.
The drive will go in locked state in next power cycle after User Password is set, so it is possible to change the password before drive is powered down.
It is possible to change the Master Password as many times as you like, as long as the drive is unlocked, and it will not lock itself. In locked state the drive will abort the Set Password command.
Hi all
I have read this entire thread because I too  had a 5Gig Toshiba notebook HDD which was locked. (Notice past tense- hang on to your hats)
It became locked while it was under FAT32 and being used in a NEO mp3 player.
It seems to have been caused by a power glitch, as it worked one day and was locked the next.

I tried all the things on this post, all without luck. Everything I was experiencing was verified by others here.
Then I found a little DOS program called ATAPWD...from the XBOX hacker site.(www.rockbox.org)

It recognised the drive right away, and displayed a little 5 letter map providing me with the STATUS of the drive. I monkeyed with the options...set MASTER, set USER. I entered a password (4 letters)same in both places, and did not give up when it said "request blocked by drive". Soon I saw the LOCK indicator disappear.
At this point I did an FDISK and then tried to format it - - it failed again.
I went back in to ATAPWD and the lock was on again. I fiddled with the options setting the passwords again and got the lock off. Then I saw that if a USER password is SET, the drive will always RE-LOCK on a reset.
I used the MASTER password option from the MENU to delete the USER password and VOILA.
Drive Fdisk'd and formatted after it was reset and allowed me to copy files to it once more.

Hope this helps

zululeppard
Just a little addendum to my last post,in anticipation of questions:

1)Clearly, I had NO IDEA of what the passwords could be......I think they were set by a power glitch.
2)I set MASTER and USER passwords over and over again, and waited for ATAPWD to say OK. I kept them both identical.
3)Then immediately used the MENU option to UNLOCK drive using the password I'd entered.
4) I had immediate feedback from the STATUS display, which, tho rather cryptic, is fully explained by pressing F1 for help.
5)I learned to use the MASTER password to DELETE the USER PASSWORD before exiting ATAPWD, else the drive RELOCKED on RESET.
6)The MENU options in ATAPWD are also explained by pressing F1.

Thanks
Zululeppard
African Bwana
Master password set by Toshiba is blank (in terms of ATAPWD). If the master password has not been changed, it is possible to unlock the drive with pressing the Enter key instead of entering the password.

In case of power glitch i'ts a useful way to disable the password. But if the master password has been changed, this is of no use.
Sorry if this has been posted but I wasn't arsed reading thru the whole thread. I know with Dell HDD's you can call support and they will give you a generic password to unlock the drives. I dunno if you've gone down this road but there's my 2 cents!
OH MY GOD........

The password is a little used feature of the ATA standard.

The password is stored a non-data portion of the disk where all the drive parameter information is stored.

The BIOS in whatever laptop it was in when passworded put it there.

NOW, if that's enabled, when the drive first starts up it asks the system for the password.

The system asks the user to enter it.

If the drive doesn't get it then it won't accept any following commands.

..........

The function has basically always been there but aside from random users it's only ever been used by Microsoft in the Xbox.

Here's a good description of how it works in the Xbox....
Just replace all references to "the Xbox's EEPROM" ~to~ "the PC's BIOS" as you read it and THEN maybe you'll understand the origional question..
http://www.xbox-linux.org/docs/hdpassword.html

Here's a page with some utilities that amy or may not be usefull.
http://www.xbox-scene.com/tools/tools.php?page=harddrive
The Xbox used 8Gb WD or 10Gb Seagates

Other Xbox sites might have some other utilities..
Good Lord, this thread is still alive and kicking, after 2 years?

Anyways, glad to see that people are still discussing this topic.
Yes, and the reason it's still alive? People (me!) are being sold hard drives which are perfectly ok, except for being locked!

From what I've read here and elsewhere, below are the core points (in brief!)

Hard drives have two modes - Locked or Unlocked.
When Unlocked, the drive operates as normal, no password is needed.
When Locked, the drive operates as normal ONLY AFTER being sent a password, the drive will then keep working normally (until restarted, at which point the password is required again).
Drives have two passwords - User and Master (both hidden inside the drive).
Both passwords are 32 bytes long.
There are two levels of security - High and Maximum.
When security is set to High, you can access a Locked drive normally ONLY IF you first send it the User OR Master password.
When security is set to Maximum, you can access a Locked drive normally ONLY IF you first send it the User password (the Master password will not work).
The Master password is set at the factory, but can be changed.
Setting or changing the Master password does not Lock or Unlock the drive.
When the User password is set, the drive enters Locked mode, and when it is restarted will require a password to operate every time.
Knowing either password will allow you to erase all data on the drive and clear the User password (drive becomes Unlocked, but blank).

So...
If the Master password has not been changed from its factory default, and if you can discover what that password is, then you can use it to at least format the drive (losing all data, but unlocking the drive), and possibly gain full access to the drive and data (if the security level is just set High, and not to Maximum).
AwesomeMachine has mentioned there is a utility to change the Master password even when the drive is Locked, maybe he will provide a link to it...

I'm off to look for it now...  ;)

Cheers
Cosol
There are more modes the driva can have:
Security status: Enabled, Disabled
Lock mode: Locked, Unlocked, Freeze Lock

The drive operates as normal if security is Disabled. When Security is Enabled drive enters Locked mode after power on or reset (no read or write possible). The mode can be changed to unlocked by entering correct password. In unlocked mode drive operates as normal. If security is disabled drive enters ulocked mode after power on.
Freeze Lock mode disables all security commands to protect the drive from accidental locking. It can be enterd only if drive is in unlocked mode.

Master password can be changed in unlocked mode only. AwesomeMachine was wrong.
The Security Erase feature is often used to quick erase the drive by service personel.
It is possible to lock the drive by Security Lock command. The drive security status is set to enabled, but drive is still in unlocked mode, so it is possible to change the Master Password, disable the security, or Security Erase before drive is restarted.
Thanks for the clarification For-Soft, anyone interested in more details should consult the ATA specs on the t13.org website, which gives all the grizzly technical stuff.

I've been paying around in the last few days with the atapwd.exe DOS utility, and
Wakeup's original question (over 2 years ago now!) might have at least a partial solution.

It seems that a fair number of hard drives of 6.4Gb and less are set with a trivial Master password (presumably by the manufacturer), the Master password is usually left at the manufacturer's default value, as only the User password is needed to Lock and Unlock the drive.

You can use the atapwd.exe utility to Unlock drives if you know their Master password. Once Unlocked they can be reformatted and reused. Cost? negligible!

Cosol
i have a lock toshiba 1.8 hard drive if any one wants it to try and unlock. data is worthless its a 40ggi mk4004gah email me batdork2@hotmail.com
email?
what a thread. 25 masters flew into action at the very end. Where are the old timers on this thread?
Avatar of Wakeup

ASKER

Wow....Revived again!? :) heheh

Just a heads up for those that are still watching....hehe
i did about 2 years ago or maybe 3 gave my locked hdd's to my friend.  He unlocked them....and i just let him keep them....3 and 4 gig drives are pretty much useless to me...however for him they were invaluable....great for using for his data recovery service.  
So again, thanks everyone.
Wakeup I agree, 5 years and it keeps on tickin.
Nothing like getting an EE email saying a comment has been added...to a PAQ'd question.
I just had to browse the thread a little; brings back some memories... ahhh, the Fong brothers :)
/RID
Avatar of Wakeup

ASKER

Heheh....yes sir...two wongs dont make a fong?  oh wait....


two wongs dont make it right....hahah....
something like that! :)  I'm chinese so i can say that! :P
haha the only reason  i made the comment cuz i work as a service tech for a comp manufacturer. We ran into this with one of our customers and we finally figured it out. took just the right wording in google to get the answer we needed haha. sorry for the revive. Just passing on the info.
No need to be sorry; this one has it all: Interesting question, nice discussion, conclusive answers (probably), experts falling out and, as a bonus, the Fong intervention. It's entertainment!
/RID
Avatar of Wakeup

ASKER

hehe very entertaining indeed! :)  Thanks for the revival...Was great!  And thanks for your response.
So was there ever a solid answer here? I have the same problem. Drive is locked, NOT BY BIOS! Yes, most BIOSES have a HD password, sys. password, admin password, etc. but this is different- the lock is built into the HD! Putting that drive into ANY computer will still have it locked!

Back when I hacked my original XBOX, the HD in it was locked and it had to be unlocked also. I had to keep the internal XBOX drive powered, disconnect the IDE cable, and LIVE connect an IDE from my PC! Then run an unlock util in DOS. The reason for keeping it powered was because the XBOX does the HD UNLOCK upon boot, from there the PC does the KEEP UNLOCK or REMOVE LOCK setting. I had to know the model number on the HD because the DOS unlock app was different by drive I think.
If you have read the thread, you should have noticed that the PW is stored on the HD and not in BIOS; consequently it follows the HD.
/RID
Avatar of Wakeup

ASKER

^^^What he said.  

Welcome back to the thread that revives itself over time! :)
Wow! I can't believe I'm still getting notifications on this!

This thread is ancient, yet I remember it....
Rid and Wakeup- I know, thats also what I was confirming!

My question was- was there an answer on how to unlock the HD?! More specifically, what method worked- since it was a laptop HD, I can't just unplug the data cable and leave it powered because its all on one cable instead of 2 like on PC HD's.
What of the hundreds of suggestions actually ended up working? (because I'm in the same boat with a laptop HD)
Avatar of Wakeup

ASKER

I dont recall ever talking about Laptop hard drives....and to be honest, I dont want to re-read the thread! hahah...it's been years....hehe
You started the question about Laptop harddrives.. it just evolved into HDD in general.
I found this thread while looking for ways to defeat the Xbox thing.. and got caught up in it all.

"Question: I have a few Laptop Hard drives that have the password lock enabled.  I have researched it and these drives are 3 gig or less, so not worth paying for service to have the password removed.  If anyone knows of a way to do this for free, or extremely cheap.  Like really cheap.  3 gig drives are practically useless, but if they are good drives it'd be nice to restore them back to functionality.  Please let me know.  Thanks!

Author:
Wakeup, Qualified Expert"
the question is: how do you set the hard drive password in the first place? if it's set in the bios security option, then that's where you have to look for it. i have a 40gb ibm x40 hdd that is locked with no way of unlocking it. any ideas?
This thread is quite long, but the general idea of the ATA password utility seems to be that once you tell the drive to call for a password, it sticks with the drive; it is set in the drive's own startup process and is independent of where the drive is connected afterwards. Unless, of course, you unlock it and tell it otherwise. The PW is supposed to protect the DRIVE and its data, not the computer as such.
/RID
Avatar of Wakeup

ASKER

Sorry, it's been a while..i remembered....I was just saying I didnt cuz it has been such a friggin long time...I should have put a j/k or a smiley face or something.  hehe....
Avatar of Wakeup

ASKER

Some interesting info to pass on...I have't tried it myself, but looks like this might work if you DONT NEED THE DATA off the drive:
http://www.hddunlock.com/
It is too hard to unlock a hard drive, it is better to save time and buy a new one, they are cheap ....
so the original post was 12/11/02 and it is now 6/10/09.

6 and a half years later and this thread wont die.....

But if it want for this thread I wouldnt be back here as much as I am.

hmmmm....wonder where I rank this year??
You can do this by fiddling with ATAPWD, or for a small fee have a user friendly software package do it for you:  http://www.hddunlock.com/

As of this writing, the cost is $5 for drives up to 40GB, $10 up to 80G, $25 for 320GB, and $40 for 1TB. Note that it does not work for all hard drive manufactures. See http://www.hddunlock.com/drives/ for supported drives.
Another tool, if you need to preserve the data is AFF Repair Station. (hddunlock erases the drive)

About $50 to unlock the drive and give you access to the data: http://hdd-tools.com/products/rrs/ 
Avatar of Wakeup

ASKER

And it looks like someone else wants to revive the old thread of 10 years ago! :P  
nonsenseX Did you have a question?
whats SIC mean anyway?
How about this?

 http://dogber1.blogspot.com/2009/05/table-of-reverse-engineered-bios.html

BIOS Password Backdoors in Laptops  - You have to get the Failure Code, and run it in the original brand laptop.
Avatar of Wakeup

ASKER

Hey Roger,

That's interesting however that is for BIOS passwords and not locked drive passwords.
And of course I have no way to really verify anymore.  Drives are all gone.
And of course prior to that, the laptops were all gone.