Locked WD HDD

I asked this question under hardware, and am hoping I'll get better exposure here.

http://www.experts-exchange.com/Hardware/Q_20517922.html

Please check it out.
Adam MasonAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

CosmoNutCommented:
Hi maj,  a little more info would help in solving this.  Is your drive picked up in bios?  when you ran the datalife tools, did it tell you it couldnt find the drive or couldnt configure it?  Any errors you have recieved given word for word will help.  WD is one of the few HDD that has a seperate jumper setting for single only.  I would start by making sure your bios is set to auto for all of your ide devices and make sure that it is picking the drive up.  If it is not, check the jumper setting on the drive, single/master/slave.  
0
pbarretteCommented:
Hi all,

Chances are, you're screwed. Return the drive if you can. If you can't, scream bloody murder to the owners of the site and the Attorney General of the state in which the store does business.

Harddrive passwords are notoriously difficult as they do not allow the system to boot without the correct password. You would require a hardware solution to bypass the HD password.

Look here for more information regarding this issue:
http://www.experts-exchange.com/Hardware/Q_20423260.html
http://www.xbox-news.co.uk/extracting_pass.htm

Or, if you happen to have a spare logic analyzer sitting around:
http://www.xboxhacker.net/index.php?do=article&id=7&page=1

pb
0
patrickabCommented:
CosmoNut - the question was:-

Have a WD80EB HDD that I purchased on-line.  I believe it is locked, and do not have either the user or master password to unlock it.  How would I get this thing unlocked so I can re-format it?  I've tried Data Lifeguard Tools from WD, and that won't even let me do a low-level format.

==========================================================

This subject has been discussed at length previously and I don't believe it was resolved - perhaps someone can correct me.

Why not send it to WD and ask them to unlock it for you -having first asked the price for the job.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

patrickabCommented:
pbarrette - thank for you for the link to the XBox hard disk unlocking work - I can't help wondering what such people do for a living - they certainly have some impressive skills.
0
pbarretteCommented:
Hi patrickab,

It's really amazing what can be done when people have a lot of time on their hands. It's really too bad that majestikm00se doesn't have the Xbox that the drive came with, or it would be relatively simple to unlock it.

pb
0
Adam MasonAuthor Commented:
OK... The drive is recognized in BIOS, WD DataLifeGuard version 10 errors out immediately (220, "Drive is Locked" I think).   ATAPWD says its in MAX security mode.
0
pbarretteCommented:
Hi,

As I said before, get a refund. You probably will not be able to unlock this drive. If you still want to try, then you can see this article:
http://www.sandersonforensics.co.uk/manual.htm
about this software:
http://www.sandersonforensics.co.uk/BXDR.htm

It suggests that there is an ATA specification which allows the disk to be erased while in the locked state. Doing this from BXDR requires a valid password, though I can't tell if this is a security measure of BXDR or the software itself.

If the request for password on erase is only a software feature, then this can definitely be bypassed using standard cracking techniques, or writing your own utility to issue the "Secure Erase" function directly to the HD.

But this still doesn't address the issue of whether or not the drive will be unlocked once it is erased.

Keep in mind that sometimes the correct answer isn't always the answer that you want to hear.

pb
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
pbarretteCommented:
Hi All,

Update:
I just locked myself out of my laptop's HD for the past few days. I set the Master and User passwords for the HD, then locked it. An interesting note is that my laptop's BIOS doesn't support the ATA password locking, so I wasn't asked for a password when I rebooted.

Instead, the BIOS POST reported a HD error, and refused to boot. Of course, I was using my older 486SX/25 to practice on, and it has an external PCMCIA floppy (Compaq Aero 4/25) which I had misplaced, so I really had to try to hack into the HD.

The results? No go. Once the drive is locked, the ATA controller only allows a few commands to be executed:
Drive identification and geometry
Unlock with password
Erase with password

Luckily, I found my floppy so I didn't have to pull the HD and drop it into another computer. I unlocked it with the password I had set, then disabled the security.

Conclusion:
Without some serious knowledge of the ATA specifications and some rather expensive logic testing equipment, the drive will remain locked.

Alternative solution:
1) Replace the HD's controller card. This will give access to the drive, but you are left with a useless controller card.
2) Buy a new drive. They're cheap.

pb
0
rickismeCommented:
Hi majestikmOOse.... Free software... download the free trial of Drive Scrubber from www.iolo.com and it will clean you drive so you can reinstall... heck... if you want you can even use it again for security stuff. <g> Good luck and God Bless, Rick.  >>Oh by the way.. it boots from floppy with its own sys so you don't have to worry about the controller (not that that makes any sense to me anyway).  If the sys is password protected clearing the BIOS will unlock it.  
0
pbarretteCommented:
Hi Rick,

Please reread the question and the solutions posted. You have obviously missed the point of this one.

There is a controller card built into every single IDE harddrive sold. The controller card is why it is called IDE (Integrated Drive Electronics). This controller card conforms to the ATA-3 (Advanced Technology Attachments version 3) specifications. These specifications state that password based security will be integrated in a non-volatile memory area on the controller.

This means that the security is built into the electronics of the HD itself. You cannot clear the password without damaging the electronics of the HD unless you have extremely sophisticated equipment and expert knowledge of the ATA specifications at the hardware level.

Since the controller is what handles all data access to the HD, you cannot bypass it through software.

The only reasonable option is to detach the controller from the HD body and replace it with an identical, unlocked, controller. This is also a tricky operation unless the person performing the operation has a reasonable knowledge of the handling and installation of electronic components.

pb
0
sandy771Commented:
pbarrette

The requirement for a password is part of the specification, the erase is a 'secure erase'. Password protecting the drive is a way to prevent the erasure being interupted (by pulling the plug) a drive MUST be password protected first, on completion of a successful erase the password will be cleared

The password is stored on a system area of the disk NOT in the drives electronics. Changing the circuit board will not help.

Paul Sanderson

0
pbarretteCommented:
Hi Paul,

Thanks for the information. It didn't seem right that a change of controller would allow access to the drive, but that was the best information that I could glean from the documentation.

So would it then be possible to replace the controller with one that doesn't support the ATA password specifications?

pb
0
rickismeCommented:
pbarrette.... I told him how to fix the problem PERIOD!  I did not miss the point.  

If he uses the free software, cleans the drive and clears the BIOS and reboots he will have a "CLEAN" SYSTEM about as it comes from the factory but without the drivers for his hardware.  He may have to find a couple if not loading XP or he may have to go to the origional mfgrs. site and download them but IT WILL FIX HIS PROBLEM.  

I try not to give "attitude" unless I get given it (as in your case).

God Bless, Rick.  (I don't claim to be perfect. I leave that to the Son and The Father. :o\ )


0
pbarretteCommented:
Hi rickisme,

I apologize if my post offended you, or seemed to be projecting an offensive attitude. That was certainly not my intention. I was only suggesting that you had missed some of the details of this problem, as it is an uncommon problem.

The HD in question came out of an XBox and has been protected with a drive password per the ATA device interface specifications. This is not a software password, but rather an interplay of built-in hardware functions and, as Paul Sanderson kindly pointed out, special system-reserved sectors of the HD.

The operation goes something like this:
1) The computer requests a read (or write) operation to be performed on the HD.
2) The HD controller checks to see if the drive is locked.
3) It is, so the HD controller requests (through the system BIOS) that the HD password be entered.
4) If no password (or an incorrect password) is received by the HD controller, it denies the read (or write) operation.

So, even "Drive Scrubber" will not be able to erase the drive because the HD controller (built-into the HD) will not allow the write operations to proceed until a valid password is supplied.

Since you can't bypass the HD controller (which is hardware based) through software, there is no software which will allow you to bypass this password.

Does that about sum it up Paul? Or am I missing something?
pb
0
sandy771Commented:
pbarrette you are almost right:) you just dont go far enough.

The drive will ONLY respind to a handful of commands "identify", "unlock", and "secure erase". everything (including a read or write) will usually result in an error condition.

NO disk scrubbing software will circumvent this problem for that matter specially designed forensic software will fail.

0
pbarretteCommented:
Hi Paul,

I did mention that earlier (in my post from 02/25/2003) so I didn't think I had to do it again. But I do seem to be repeating myself a lot on this topic...

So. Is it possible, then, to bypass this by replacing the controller with a new controller that doesn't support the ATA lock? It seems like there must be a way for forensics guys, like you (and govt. types, like me) to get around this problem without the need for a clean room and hundreds of thousands of dollars in equipment.

pb
0
sandy771Commented:
Sorry pb, I did see your comment earlier then forgot when replying :(

The idea is interesting but in practice wont work, drive electronics are very closely tied to the hard disk assembly (HDA) i.e. the platters and heads. If you change the cct board it must be one of the same make and model, sometimes it must even be the same revision for the drive to work. So your idea wont work.

I know of three companies that can remove passwords (and of course I am working on it also, but I am a consulatnt and thus dont have the lab infrastucture to devote enough time).

Nortek in canada - I believe they bneed to take the drive apart and give a limited warranty o/c
UltaTec and Vogon in the UK, they crack the password using other methods (I can't go into how here sorry).

All of the above will charge for the privelege.

www.nortek.on.ca
www.easydatarecovery.co.uk/
www.vogon.co.uk

Paul
0
sandy771Commented:
Sorry pb, I did see your comment earlier then forgot when replying :(

The idea is interesting but in practice wont work, drive electronics are very closely tied to the hard disk assembly (HDA) i.e. the platters and heads. If you change the cct board it must be one of the same make and model, sometimes it must even be the same revision for the drive to work. So your idea wont work.

I know of three companies that can remove passwords (and of course I am working on it also, but I am a consulatnt and thus dont have the lab infrastucture to devote enough time).

Nortek in canada - I believe they bneed to take the drive apart and give a limited warranty o/c
UltaTec and Vogon in the UK, they crack the password using other methods (I can't go into how here sorry).

All of the above will charge for the privelege.

www.nortek.on.ca
www.easydatarecovery.co.uk/
www.vogon.co.uk

Paul
0
rickismeCommented:
pbarrette, Please accept my appology if I miss-interpreted.

I have never heard of a password that resides within the controller, xbox or other.  That would indicate that the storage in an Xbox is way more advanced than that of a ATA drive... I find this hard to believe.  There may be a "call" to the "protected sector" but it resides on the drive not within the electronics, at least this is my understanding and so since this was so unique I spoke with a friend in the DOD that is one of a handful of Techs that repairs "Classified" electronic spy stuff for the DOD.  DriveScrubber is approved and used by GSA and the the DOD due to the fact that it removes everything, including partitions of any type and this would include the "protected sector".  I'd like to see him try it and know the results just for my own curiosity.  I would still bet on the fact that it would work, for this reason; if in fact the controller makes a call for a password, it must read the drive info to acknowledge that one has been set.  If there is no return on the imput I believe it would default.  Default would be a blank return like one had never been set.  Gosh,,,, why must every ant hill turn into a mountain. <g>  Yes, I might be wrong but that would be nothing new. <bwg>  All I can say is Good Luck to him and the results. I am by no means a electonics repair expert.  Thats what my friend is for ;-) ....
 God Bless, Rick.  
0
sandy771Commented:
Rick

I can say categorically that you are wrong, sorry :( Protected and hidden sectors are often confused with hidden partitions and sectors that are 'hidden' from the operating system. The sectors I am taklking about are hidden frm the computer and if they can be read can be done so only with manufacturers proprietary commands.

DriveScrub and the like just do a DoD specification erase of all user accessible sectors, and will absolutely not work on a password protected drive.

The xbox has no fancy electronics, all that happens is that the xbox knows the passoerd and uses it to unlock the drive at each startup.

I would suggest that you have a flick through the manual for my BXDER utility - see link above - this may give you an idea of what a drive can do. note that BXDR is not playing any software tricks it is simply issuing commnds to a drive, anyone who can program and read the ata spec. could write the same.

Paul
0
astrohelpCommented:
3) UNLOCKING THE XBOX HDD:

Since the XBOX HDD has the ATA Security feature enabled, you'll need to unlock it before you attempt to image it. This is the cable swap method. Setup your XBOX and your PC right next to each other, such that the PCs available IDE drive cable, and power connector can reach the XBOX HDD.

* Connect an available power connector from the PCs power supply to the XBOX HDD.
* Connect the IDE cable from XBOX to the the XBOX HDD.
* Power up the PC and hit the "Pause" key before it autotypes the drives.
* Power up the Xbox to the idle Dashboard.
* During the Xbox startup, the Xbox transmits the password via the ATA Unlock Command, and the drive is unlocked.
* Now, carefully disconnect the Xbox IDE cable from the Xbox hd.
* Plug the PC IDE cable into the Xbox hd.
* Hit any key on the PC keyboard to let it continue to boot.
* Now the drive is unlocked and reconnected to the PC, ready for read(/write?) operations.

0
Adam MasonAuthor Commented:
I know the swap trick, but I don't have the XBox, just the hard drive.
0
JWCCCommented:
Well it's too bad it's not stored in EEPROM/Flash ROM, cause you could just bypass it.  Even something as simple as a razor blade would work to do that, but I wouldn't do it to something I just paid for.  To do it, you'de need a lot of inside knowledge.
(or someone else who verified if it's possible, and which line/s)

As far as physical sectors on the HDD, they can be erased, but without a clean room, it's impossible to do safely. (;
I DO NOT recommend a degausser/bulk eraser.  It'll pretty much destroy it.  You'll zap the security sector, but it'll make the drive magnetised. Ouch!
In theory you could detect when the drive attempts to access the security sector, and just refuse to let it (think of the 13th floor on a elevator/lift).  When the drive gets to a security sector, just use a transistor to switch the read head pins off or even change to the next track(aka cylinder). Hehe

Best way, if you're good at programming in ASM, is to hope you can update the BIOS with a boot disk, like most BIOSes can be.  This should work for DVD-ROMs, motherboards, hard drives, video cards, etc, that have a Flash BIOS.
After bypassing the check, the HDD will work password or not.
The only problem, is that you may be breaking a law in less civalized countries.
Heck, even connecting a proprietary drive to your non-'Honorable/Trusted' PC would be, anyway.

If all else fails, find someone with a modded XBOX, who's brave enough to let you try the swap technique.
There's a program for the XBOX, that can give you the password for the drive.  I don't know if the password changes, but it may be for a specific system.   )-;
I have a laptop drive, and it supports passwords, so I have to assume you can use ATAPWD.zip also.
Try checking the #xbins on IRC(EFNET).  It's a group that works on the XBOX.

Hacking the BIOS or intercepting the drive's pins on the headers leading to the mechanics, are reallly pretty sophisticated, and require more then a little effort.  The BIOS hack may have little risk, but only if you can take the ROM out, and put it in ROM programmer (doubt you have one though).  Software hacking is majorly less risky anyway.  I know for a fact that literaly millions of DVD drives are running patched (illegal/anti-region) BIOSes.  They didn't use an external programmer, but rather the one built into the drive itself.  Indeed, that's a good trick to backup your system BIOS to another ROM, if you can find a old motherboard with the same ROM type.
0
lagstonCommented:
JWCC says

 "If all else fails, find someone with a modded XBOX, who's brave enough to let you try the swap technique.
There's a program for the XBOX, that can give you the password for the drive.  I don't know if the password changes, but it may be for a specific system."

I can tell you that you cannot simply put the drive into another xbox not even a modded one and get it to work. The password program is in the Evox dashboard but it wont work unless the original drive/motherboard combination are intact to begin with. As for the flashing of the bios I don't believe this can be done without first sidabling the password protection. hddisabl.exe can do this but oyu need the password even then to use it. If you think you can guess it then use atapwd.exe. These files need to be run in dos mode with the xbox drive on the master primary and using a boot disk without drivers to start up the computer.
0
LucFEMEA Server EngineerCommented:
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:

Delete/No Refund

Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

LucF
EE Cleanup Volunteer
0
pbarretteCommented:
Hi LucF,

I'd have to say that I answered this one pretty thoroughly.

pb
0
Adam MasonAuthor Commented:
Yeah, like you said, the answer you get isn't what you want to hear.  Thanks for the help everyone.  And it's still locked.
0
pbarretteCommented:
Hi Majestik,

Glad I could help. Even if I was only able to save you from wasting too much time with this problem.

I'm surprised you never tried to return those things. Any vendor who sold a drive like that should be shot.

You should probably close out the other question regarding this issue too:
http://oldlook.experts-exchange.com/Hardware/Q_20517922.html

I gave you the OldLook link to preserve your sanity. Man that new look is distracting.

pb

0
WormFoodCommented:
well I hope people still read this.. I am in pretty much the same position as the gentleman who started this post but with one diffence. I have the xbox with the locked hdd. Mine is a seagate HDD and my xbox's dash is corrupted and will not load. I need to access the drive to fix it but I do nothav the password and I can't seem to get the hotswap trick to work. Is there anyway that anyone knows of to read a file on a lockd drive?  I just need to get the eeprom info to get the password so I can unlock my drive.
0
Adam MasonAuthor Commented:
D'oh!
WormFood: click the link pbarrette provided and then read my comment, I posted to the wrong one.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Storage

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.