?
Solved

Locked WD HDD

Posted on 2003-02-22
30
Medium Priority
?
15,690 Views
Last Modified: 2007-12-19
I asked this question under hardware, and am hoping I'll get better exposure here.

http://www.experts-exchange.com/Hardware/Q_20517922.html

Please check it out.
0
Comment
Question by:Adam Mason
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 5
  • 4
  • +8
30 Comments
 
LVL 1

Expert Comment

by:CosmoNut
ID: 8001364
Hi maj,  a little more info would help in solving this.  Is your drive picked up in bios?  when you ran the datalife tools, did it tell you it couldnt find the drive or couldnt configure it?  Any errors you have recieved given word for word will help.  WD is one of the few HDD that has a seperate jumper setting for single only.  I would start by making sure your bios is set to auto for all of your ide devices and make sure that it is picking the drive up.  If it is not, check the jumper setting on the drive, single/master/slave.  
0
 
LVL 10

Expert Comment

by:pbarrette
ID: 8002210
Hi all,

Chances are, you're screwed. Return the drive if you can. If you can't, scream bloody murder to the owners of the site and the Attorney General of the state in which the store does business.

Harddrive passwords are notoriously difficult as they do not allow the system to boot without the correct password. You would require a hardware solution to bypass the HD password.

Look here for more information regarding this issue:
http://www.experts-exchange.com/Hardware/Q_20423260.html
http://www.xbox-news.co.uk/extracting_pass.htm

Or, if you happen to have a spare logic analyzer sitting around:
http://www.xboxhacker.net/index.php?do=article&id=7&page=1

pb
0
 
LVL 45

Expert Comment

by:patrickab
ID: 8003911
CosmoNut - the question was:-

Have a WD80EB HDD that I purchased on-line.  I believe it is locked, and do not have either the user or master password to unlock it.  How would I get this thing unlocked so I can re-format it?  I've tried Data Lifeguard Tools from WD, and that won't even let me do a low-level format.

==========================================================

This subject has been discussed at length previously and I don't believe it was resolved - perhaps someone can correct me.

Why not send it to WD and ask them to unlock it for you -having first asked the price for the job.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 45

Expert Comment

by:patrickab
ID: 8003957
pbarrette - thank for you for the link to the XBox hard disk unlocking work - I can't help wondering what such people do for a living - they certainly have some impressive skills.
0
 
LVL 10

Expert Comment

by:pbarrette
ID: 8005199
Hi patrickab,

It's really amazing what can be done when people have a lot of time on their hands. It's really too bad that majestikm00se doesn't have the Xbox that the drive came with, or it would be relatively simple to unlock it.

pb
0
 

Author Comment

by:Adam Mason
ID: 8009710
OK... The drive is recognized in BIOS, WD DataLifeGuard version 10 errors out immediately (220, "Drive is Locked" I think).   ATAPWD says its in MAX security mode.
0
 
LVL 10

Accepted Solution

by:
pbarrette earned 600 total points
ID: 8010573
Hi,

As I said before, get a refund. You probably will not be able to unlock this drive. If you still want to try, then you can see this article:
http://www.sandersonforensics.co.uk/manual.htm
about this software:
http://www.sandersonforensics.co.uk/BXDR.htm

It suggests that there is an ATA specification which allows the disk to be erased while in the locked state. Doing this from BXDR requires a valid password, though I can't tell if this is a security measure of BXDR or the software itself.

If the request for password on erase is only a software feature, then this can definitely be bypassed using standard cracking techniques, or writing your own utility to issue the "Secure Erase" function directly to the HD.

But this still doesn't address the issue of whether or not the drive will be unlocked once it is erased.

Keep in mind that sometimes the correct answer isn't always the answer that you want to hear.

pb
0
 
LVL 10

Expert Comment

by:pbarrette
ID: 8023072
Hi All,

Update:
I just locked myself out of my laptop's HD for the past few days. I set the Master and User passwords for the HD, then locked it. An interesting note is that my laptop's BIOS doesn't support the ATA password locking, so I wasn't asked for a password when I rebooted.

Instead, the BIOS POST reported a HD error, and refused to boot. Of course, I was using my older 486SX/25 to practice on, and it has an external PCMCIA floppy (Compaq Aero 4/25) which I had misplaced, so I really had to try to hack into the HD.

The results? No go. Once the drive is locked, the ATA controller only allows a few commands to be executed:
Drive identification and geometry
Unlock with password
Erase with password

Luckily, I found my floppy so I didn't have to pull the HD and drop it into another computer. I unlocked it with the password I had set, then disabled the security.

Conclusion:
Without some serious knowledge of the ATA specifications and some rather expensive logic testing equipment, the drive will remain locked.

Alternative solution:
1) Replace the HD's controller card. This will give access to the drive, but you are left with a useless controller card.
2) Buy a new drive. They're cheap.

pb
0
 
LVL 1

Expert Comment

by:rickisme
ID: 8039538
Hi majestikmOOse.... Free software... download the free trial of Drive Scrubber from www.iolo.com and it will clean you drive so you can reinstall... heck... if you want you can even use it again for security stuff. <g> Good luck and God Bless, Rick.  >>Oh by the way.. it boots from floppy with its own sys so you don't have to worry about the controller (not that that makes any sense to me anyway).  If the sys is password protected clearing the BIOS will unlock it.  
0
 
LVL 10

Expert Comment

by:pbarrette
ID: 8039628
Hi Rick,

Please reread the question and the solutions posted. You have obviously missed the point of this one.

There is a controller card built into every single IDE harddrive sold. The controller card is why it is called IDE (Integrated Drive Electronics). This controller card conforms to the ATA-3 (Advanced Technology Attachments version 3) specifications. These specifications state that password based security will be integrated in a non-volatile memory area on the controller.

This means that the security is built into the electronics of the HD itself. You cannot clear the password without damaging the electronics of the HD unless you have extremely sophisticated equipment and expert knowledge of the ATA specifications at the hardware level.

Since the controller is what handles all data access to the HD, you cannot bypass it through software.

The only reasonable option is to detach the controller from the HD body and replace it with an identical, unlocked, controller. This is also a tricky operation unless the person performing the operation has a reasonable knowledge of the handling and installation of electronic components.

pb
0
 
LVL 2

Expert Comment

by:sandy771
ID: 8057561
pbarrette

The requirement for a password is part of the specification, the erase is a 'secure erase'. Password protecting the drive is a way to prevent the erasure being interupted (by pulling the plug) a drive MUST be password protected first, on completion of a successful erase the password will be cleared

The password is stored on a system area of the disk NOT in the drives electronics. Changing the circuit board will not help.

Paul Sanderson

0
 
LVL 10

Expert Comment

by:pbarrette
ID: 8058236
Hi Paul,

Thanks for the information. It didn't seem right that a change of controller would allow access to the drive, but that was the best information that I could glean from the documentation.

So would it then be possible to replace the controller with one that doesn't support the ATA password specifications?

pb
0
 
LVL 1

Expert Comment

by:rickisme
ID: 8059601
pbarrette.... I told him how to fix the problem PERIOD!  I did not miss the point.  

If he uses the free software, cleans the drive and clears the BIOS and reboots he will have a "CLEAN" SYSTEM about as it comes from the factory but without the drivers for his hardware.  He may have to find a couple if not loading XP or he may have to go to the origional mfgrs. site and download them but IT WILL FIX HIS PROBLEM.  

I try not to give "attitude" unless I get given it (as in your case).

God Bless, Rick.  (I don't claim to be perfect. I leave that to the Son and The Father. :o\ )


0
 
LVL 10

Expert Comment

by:pbarrette
ID: 8059851
Hi rickisme,

I apologize if my post offended you, or seemed to be projecting an offensive attitude. That was certainly not my intention. I was only suggesting that you had missed some of the details of this problem, as it is an uncommon problem.

The HD in question came out of an XBox and has been protected with a drive password per the ATA device interface specifications. This is not a software password, but rather an interplay of built-in hardware functions and, as Paul Sanderson kindly pointed out, special system-reserved sectors of the HD.

The operation goes something like this:
1) The computer requests a read (or write) operation to be performed on the HD.
2) The HD controller checks to see if the drive is locked.
3) It is, so the HD controller requests (through the system BIOS) that the HD password be entered.
4) If no password (or an incorrect password) is received by the HD controller, it denies the read (or write) operation.

So, even "Drive Scrubber" will not be able to erase the drive because the HD controller (built-into the HD) will not allow the write operations to proceed until a valid password is supplied.

Since you can't bypass the HD controller (which is hardware based) through software, there is no software which will allow you to bypass this password.

Does that about sum it up Paul? Or am I missing something?
pb
0
 
LVL 2

Expert Comment

by:sandy771
ID: 8060080
pbarrette you are almost right:) you just dont go far enough.

The drive will ONLY respind to a handful of commands "identify", "unlock", and "secure erase". everything (including a read or write) will usually result in an error condition.

NO disk scrubbing software will circumvent this problem for that matter specially designed forensic software will fail.

0
 
LVL 10

Expert Comment

by:pbarrette
ID: 8060151
Hi Paul,

I did mention that earlier (in my post from 02/25/2003) so I didn't think I had to do it again. But I do seem to be repeating myself a lot on this topic...

So. Is it possible, then, to bypass this by replacing the controller with a new controller that doesn't support the ATA lock? It seems like there must be a way for forensics guys, like you (and govt. types, like me) to get around this problem without the need for a clean room and hundreds of thousands of dollars in equipment.

pb
0
 
LVL 2

Expert Comment

by:sandy771
ID: 8060229
Sorry pb, I did see your comment earlier then forgot when replying :(

The idea is interesting but in practice wont work, drive electronics are very closely tied to the hard disk assembly (HDA) i.e. the platters and heads. If you change the cct board it must be one of the same make and model, sometimes it must even be the same revision for the drive to work. So your idea wont work.

I know of three companies that can remove passwords (and of course I am working on it also, but I am a consulatnt and thus dont have the lab infrastucture to devote enough time).

Nortek in canada - I believe they bneed to take the drive apart and give a limited warranty o/c
UltaTec and Vogon in the UK, they crack the password using other methods (I can't go into how here sorry).

All of the above will charge for the privelege.

www.nortek.on.ca
www.easydatarecovery.co.uk/
www.vogon.co.uk

Paul
0
 
LVL 2

Expert Comment

by:sandy771
ID: 8060572
Sorry pb, I did see your comment earlier then forgot when replying :(

The idea is interesting but in practice wont work, drive electronics are very closely tied to the hard disk assembly (HDA) i.e. the platters and heads. If you change the cct board it must be one of the same make and model, sometimes it must even be the same revision for the drive to work. So your idea wont work.

I know of three companies that can remove passwords (and of course I am working on it also, but I am a consulatnt and thus dont have the lab infrastucture to devote enough time).

Nortek in canada - I believe they bneed to take the drive apart and give a limited warranty o/c
UltaTec and Vogon in the UK, they crack the password using other methods (I can't go into how here sorry).

All of the above will charge for the privelege.

www.nortek.on.ca
www.easydatarecovery.co.uk/
www.vogon.co.uk

Paul
0
 
LVL 1

Expert Comment

by:rickisme
ID: 8060969
pbarrette, Please accept my appology if I miss-interpreted.

I have never heard of a password that resides within the controller, xbox or other.  That would indicate that the storage in an Xbox is way more advanced than that of a ATA drive... I find this hard to believe.  There may be a "call" to the "protected sector" but it resides on the drive not within the electronics, at least this is my understanding and so since this was so unique I spoke with a friend in the DOD that is one of a handful of Techs that repairs "Classified" electronic spy stuff for the DOD.  DriveScrubber is approved and used by GSA and the the DOD due to the fact that it removes everything, including partitions of any type and this would include the "protected sector".  I'd like to see him try it and know the results just for my own curiosity.  I would still bet on the fact that it would work, for this reason; if in fact the controller makes a call for a password, it must read the drive info to acknowledge that one has been set.  If there is no return on the imput I believe it would default.  Default would be a blank return like one had never been set.  Gosh,,,, why must every ant hill turn into a mountain. <g>  Yes, I might be wrong but that would be nothing new. <bwg>  All I can say is Good Luck to him and the results. I am by no means a electonics repair expert.  Thats what my friend is for ;-) ....
 God Bless, Rick.  
0
 
LVL 2

Expert Comment

by:sandy771
ID: 8061027
Rick

I can say categorically that you are wrong, sorry :( Protected and hidden sectors are often confused with hidden partitions and sectors that are 'hidden' from the operating system. The sectors I am taklking about are hidden frm the computer and if they can be read can be done so only with manufacturers proprietary commands.

DriveScrub and the like just do a DoD specification erase of all user accessible sectors, and will absolutely not work on a password protected drive.

The xbox has no fancy electronics, all that happens is that the xbox knows the passoerd and uses it to unlock the drive at each startup.

I would suggest that you have a flick through the manual for my BXDER utility - see link above - this may give you an idea of what a drive can do. note that BXDR is not playing any software tricks it is simply issuing commnds to a drive, anyone who can program and read the ata spec. could write the same.

Paul
0
 
LVL 2

Expert Comment

by:astrohelp
ID: 8496413
3) UNLOCKING THE XBOX HDD:

Since the XBOX HDD has the ATA Security feature enabled, you'll need to unlock it before you attempt to image it. This is the cable swap method. Setup your XBOX and your PC right next to each other, such that the PCs available IDE drive cable, and power connector can reach the XBOX HDD.

* Connect an available power connector from the PCs power supply to the XBOX HDD.
* Connect the IDE cable from XBOX to the the XBOX HDD.
* Power up the PC and hit the "Pause" key before it autotypes the drives.
* Power up the Xbox to the idle Dashboard.
* During the Xbox startup, the Xbox transmits the password via the ATA Unlock Command, and the drive is unlocked.
* Now, carefully disconnect the Xbox IDE cable from the Xbox hd.
* Plug the PC IDE cable into the Xbox hd.
* Hit any key on the PC keyboard to let it continue to boot.
* Now the drive is unlocked and reconnected to the PC, ready for read(/write?) operations.

0
 

Author Comment

by:Adam Mason
ID: 8500722
I know the swap trick, but I don't have the XBox, just the hard drive.
0
 

Expert Comment

by:JWCC
ID: 9063279
Well it's too bad it's not stored in EEPROM/Flash ROM, cause you could just bypass it.  Even something as simple as a razor blade would work to do that, but I wouldn't do it to something I just paid for.  To do it, you'de need a lot of inside knowledge.
(or someone else who verified if it's possible, and which line/s)

As far as physical sectors on the HDD, they can be erased, but without a clean room, it's impossible to do safely. (;
I DO NOT recommend a degausser/bulk eraser.  It'll pretty much destroy it.  You'll zap the security sector, but it'll make the drive magnetised. Ouch!
In theory you could detect when the drive attempts to access the security sector, and just refuse to let it (think of the 13th floor on a elevator/lift).  When the drive gets to a security sector, just use a transistor to switch the read head pins off or even change to the next track(aka cylinder). Hehe

Best way, if you're good at programming in ASM, is to hope you can update the BIOS with a boot disk, like most BIOSes can be.  This should work for DVD-ROMs, motherboards, hard drives, video cards, etc, that have a Flash BIOS.
After bypassing the check, the HDD will work password or not.
The only problem, is that you may be breaking a law in less civalized countries.
Heck, even connecting a proprietary drive to your non-'Honorable/Trusted' PC would be, anyway.

If all else fails, find someone with a modded XBOX, who's brave enough to let you try the swap technique.
There's a program for the XBOX, that can give you the password for the drive.  I don't know if the password changes, but it may be for a specific system.   )-;
I have a laptop drive, and it supports passwords, so I have to assume you can use ATAPWD.zip also.
Try checking the #xbins on IRC(EFNET).  It's a group that works on the XBOX.

Hacking the BIOS or intercepting the drive's pins on the headers leading to the mechanics, are reallly pretty sophisticated, and require more then a little effort.  The BIOS hack may have little risk, but only if you can take the ROM out, and put it in ROM programmer (doubt you have one though).  Software hacking is majorly less risky anyway.  I know for a fact that literaly millions of DVD drives are running patched (illegal/anti-region) BIOSes.  They didn't use an external programmer, but rather the one built into the drive itself.  Indeed, that's a good trick to backup your system BIOS to another ROM, if you can find a old motherboard with the same ROM type.
0
 

Expert Comment

by:lagston
ID: 9983229
JWCC says

 "If all else fails, find someone with a modded XBOX, who's brave enough to let you try the swap technique.
There's a program for the XBOX, that can give you the password for the drive.  I don't know if the password changes, but it may be for a specific system."

I can tell you that you cannot simply put the drive into another xbox not even a modded one and get it to work. The password program is in the Evox dashboard but it wont work unless the original drive/motherboard combination are intact to begin with. As for the flashing of the bios I don't believe this can be done without first sidabling the password protection. hddisabl.exe can do this but oyu need the password even then to use it. If you think you can guess it then use atapwd.exe. These files need to be run in dos mode with the xbox drive on the master primary and using a boot disk without drivers to start up the computer.
0
 
LVL 32

Expert Comment

by:LucF
ID: 10097221
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:

Delete/No Refund

Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

LucF
EE Cleanup Volunteer
0
 
LVL 10

Expert Comment

by:pbarrette
ID: 10127054
Hi LucF,

I'd have to say that I answered this one pretty thoroughly.

pb
0
 

Author Comment

by:Adam Mason
ID: 10127212
Yeah, like you said, the answer you get isn't what you want to hear.  Thanks for the help everyone.  And it's still locked.
0
 
LVL 10

Expert Comment

by:pbarrette
ID: 10127241
Hi Majestik,

Glad I could help. Even if I was only able to save you from wasting too much time with this problem.

I'm surprised you never tried to return those things. Any vendor who sold a drive like that should be shot.

You should probably close out the other question regarding this issue too:
http://oldlook.experts-exchange.com/Hardware/Q_20517922.html

I gave you the OldLook link to preserve your sanity. Man that new look is distracting.

pb

0
 

Expert Comment

by:WormFood
ID: 10518717
well I hope people still read this.. I am in pretty much the same position as the gentleman who started this post but with one diffence. I have the xbox with the locked hdd. Mine is a seagate HDD and my xbox's dash is corrupted and will not load. I need to access the drive to fix it but I do nothav the password and I can't seem to get the hotswap trick to work. Is there anyway that anyone knows of to read a file on a lockd drive?  I just need to get the eeprom info to get the password so I can unlock my drive.
0
 

Author Comment

by:Adam Mason
ID: 10518863
D'oh!
WormFood: click the link pbarrette provided and then read my comment, I posted to the wrong one.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

AWS Glacier is Amazons cheapest storage option and is their answer to a ‘Cold’ storage service.  Customers primarily use this service for archival purposes and storage of infrastructure backups.  Its unlimited storage potential and low storage cost …
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
This Micro Tutorial will teach you how to reformat your flash drive. Sometimes your flash drive may have issues carrying files so this will completely restore it to manufacturing settings. Make sure to backup all files before reformatting. This w…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question