Password protected Hard drive

Are you sure that it's the hard drive and not the motherboard that's asking for the passoword?

Yes I am positive If I take the hd out it dosnt ask for the password anymore. I am also able to boot from another devicies sutch as a floppy

If the disk is password protected there probably isn't anything you can do to remove it. It might be possible to get dell or IBM to remove it for you, but you need to prove its your system and it could get expensive. A new Disk doesn't cost too much these days, or you can wait until you get hold of the guy who sold you the notebook.

Well, I haven't had much luck finding a solution, but I haven't give up yet.  So far, I mainly read that it's extremely difficult or impossible, especially with IBM hard drives and that it'd cost about $295 to get it unlocked by professionals.

I thought you might like to see the following webpages:

http://forums.devshed.com/archive/t-197569
http://www.driverforum.com/harddrive3/1642.html
http://labmice.techtarget.com/articles/BIOS_hack.htm

By the way; it is the same type of lock as in your https://www.experts-exchange.com/questions/21090452/xbox-harddrive-compatability.html

OK
Heres a link that explains what happen:
http://www.pwcrack.com/bios.shtml

And see also;
https://www.experts-exchange.com/questions/21078802/WD-1200-HDD-Locked.html

And finally (and I hope this one will help you - not all is lost)
http://labmice.techtarget.com/articles/BIOS_hack.htm

Hope that 'helped' in a way...

Cyber

I had a client with the same problem. The only inexpensive solution as allready stated is to just purchase and install a new HD.

Agreed, no way past an ATA password without redesigning your own logic board for the drive.

You can not remove this password easy way. Many drives store this password on the controller, many store it on the media and many of them store it both ways.
The best way to try is to get another circuit board and try to swap it. If it won't work (it worked on some old drives) then I would suggest to buy another drive unless information on your original drive is important.

If you don't have the same circuit board and you don't care about data on the drive then getting another drive is the best and cheapest solution.

AlfaLAN wrote:

>>Swapping the harddrive pcb with another identical one from a unlocked drive will NOT clear or bypass the lock since the password(s) are stored in the "system maintenance cylinder" (at cylinder address 16,384). On this cilinder are other important data stored like: track-layout information, calibration information, identification, serial and so forth.<<

Has anyone tried using Hard Disk Editor to see if the "system maintenance cylinder 16,384" can be dumped to screen in HEX?

If so, then at least the ATA password can be seen.

> Has anyone tried using Hard Disk Editor to see if the "system maintenance cylinder 16,384" can be dumped to screen in HEX?

The drive will not respond to any ATA commands at all. The only command it will respond is the one with password unlock, but you have to know the password.
So that's impossible to use Hard Disk Editor to see the password.

I would try connecting it as a slave, then dump to screen the cylinder containing the ATA password using a software that can issue vendor-specific IDE commands to the IDE controller.

If still no joy, I would do a true LLF at register level. Again, using a software that can talk directly to the IDE controller and knows the vendor-specific IDE commands. That should re-initialize the whole thing and make the drive usable again without any password.

Ruelnov, it will not work. You are missing the whole point with ATA password :-)

Actualy he might be right I had a drive once... a while ago in my compaq that asked for a password in that laptop but not while in a norml computer... Ill check that out.

Tom

That's true. And that's the reality with such branded systems.

And I like doing what other people say it cannot be done. I specialize in things that other people can't do. And I have such unique solutions in my own PC Shop.

T0masz, if you were able to get data on another machine, that means that this drive was not protected by ATA password. It was just simple BIOS password.

not this drive, and NO it wasnt a BIOS password. It starts getting annoying, I know what a BIOS password is and that wasnt it... some kind of HD password maybe not ATA but it was a hd password. We`ll see how it goes, Thanks for your help.

Tom

I just don't think its worth all the time and hassle. It is a 2nd hand PCwith a locked down disk. The data on the disk cannot be of any interrest to TOmasz. A new notebook disk costs maybe <$ 150.-- and you get about the double size. You might be able to get a phased out, smaller disk for considerably less. You can even try to send in the disk for warranty (check on the ibm->hitachi Homepage, you will probably need the serial number of the disk). This might be worthwhile trying, since you don't need the data, you might just be able to claim warranty...

Made some little errors:
* The russian 3000 system is NOT yet for sale since it is not finished translating.

* int13h commands will NOT work since you need the bios to recognise the drive. So ONLY direct access (bypassing bios) commands will work.

* A Masterpassword WILL erase the security settings (password) when the drive is locked in max security mode using the 'security erase prepare' directly followed by the 'security erase unit' command. However the masterpassword must be known since you cannot set the masterpassword when the drive is locked. It will however also DELETE all userdata.

* There are several manufacturars who set a master password at the factory. So if you can find/get it you can unlock your drive (wich might erase all userdata if securitymode was set to max). By looking at your master password revision code (shoud be 65534) you can determen if the drive still has the factory-set masterpassword (wich by the way is often 1 or more spaces believe it or not).

* Allthough the ATA-specs specify for the possibillity of a 32 bytes long password, most laptop-bioses will only accept 7 or 8 characters....  Most ata-lock software tools I know of also only accept 7-8 chars..... (brute forcing still might be a option)

- No old ATARI or Macintosh will 'simply' give access to the drive: I tested it. (Ruelnov what are you using???)
- NONE of my hdd's could be 'hacked' by swapping pcb's of identical one's: I tried.
- Using a magnet to fully erase the disk renders the disk useless, since it also whipes all other IMPORTANT data in the system maintenence cilinder. It DID however whipe the password. But to use the drive again you need vendor-specific tools & commands.

In this Ruelnov has a point: Some drives are possible to unlock by reinitialising (through vendorspecific commands) or by upgrading the microcode.

Some drives however seem to have their passwordroutine embedded in a chip on their hdd pcb; no microcode will help here (at least not by bypassing the pw-check in the microcode before flasing the hdd.)

But in the end, almost all types and brands of hdd's can have their password READ OUT by specialized hardware.

There is a way to read the password from IBM-DJSA-220 drive as long as the firmware version is older than AC6A. No special hardware needed.

Old IBM DxxA series drives have a security bug in the firmware, so it is possible to read the password from almost any IBM-DxxA drive.

For-Soft:  I have an IBM DBCA-206480 with the same problem.  I would love to use this drive, would you be so kind as to explain how this bug is exploited?

Sorry. I will not do that.

Contatct Ebay and complain. The seller sold you a bogus product. If they indicated that it was a functioning product. Without the password to the hard drive, this is not a functioning product.

You might also send the hard drive in to IBM for a warranty repair. Generally they just send you a refurbished drive as a replacement.

IBM will not fix your hard drive if you don't know the password. It's not defective, it's password protected.
However, filling the claim with eBay/PayPal/seller is a good idea.

If you accidently dropped in the toilet they might. ;)

If YOU "accidently" did something to it then it's your fault and will void warranty for sure.

Or whipe the harddisk with a good magnet. You will loze the password, but it wil also render the drive useless.
To IBM it wil just be 'another drive with damaged system maintenance cylinder'...

AlfaLAN, I don't think that you will find such a strong magnet.

Nochkin, do you think? I mean, you only need to reach the first or last platter and the cilinders are history.

I never tried the magnet; however I DID use my bulk eraser (a studio quality AC degausser) and I can guarantee you that this will work!!!! However the disk will not function anymore (of course) but the hdp was gone...
This was on a 20 GB Hitachi-disk, but I forgot the typenumber over time (did'nt seem relevant at that point).

Nochkin, can you explane why a magnet (or a not to powerfull one) will not work? Hdd casing is usally aluminium I assumed...

ps: my degausser has an output of 4000 gauss. So tapedeck-head degaussers will not be powerfull enoug I guess. But then again, how much gauss power (or magnetism power) would one need to reach the first or last platter of a hdd?

Frendly greetings, (and enjoying the after-chat ;-))

AlfaLAN

Any normal modern hard drives require a very strong magnetic field in order to change some information on the platter.
The head of hard drive is very close to the surface and makes a very strong field at very very small surface in order to change information here only and not neightboor's sectors or sectors on another side of plate.
Additionally, the heads are very very very close to the surface and if you will put your magnet at least one inch away then your magnetic field will be very weak by then.
Btw, each hard drive has few magnets inside next to the disks, but it does not damage data.

Honestly, I don't really know what is the minimum power is needed for damaging modern hdd, but not many people has studio degausser at home for sure and I still don't think that it will be enough :-)

P.S.: If you are really interested then you can dig up some additional info on google.
http://www.dansdata.com/magnets.htm
http://littleshop.physics.colostate.edu/MagDisk.html
and more.

nochkin, Fast responce man! Cool!

Nice links, were very informative, Thanks!

Did some googeling on degaussers, found that mine (4000 gauss) is just strong enough.

Various links support my test: erasing hdd with degaussers. (was impressed by the prices though, Didn't know that when I bought it secondhand for 10 euro ;-) )

http://www.videotapeeraser.com/bulk-eraser.html
http://www.care4data.ch/artikel/index.php?gruppe=47 (festplatte means harddisk ;-)) (I'm from holland by the way)

Greetz,

AlfaLAN

The password is a little used feature of the ATA standard.

The password is stored a non-data portion of the disk where all the drive parameter information is stored.

The BIOS in whatever laptop it was in when passworded put it there.

NOW, if that's enabled, when the drive first starts up it asks the system for the password.

The system asks the user to enter it.

If the drive doesn't get it then it won't accept any following commands.

..........

The function has basically always been there but aside from random users it's only ever been used by Microsoft in the Xbox.

Here's a good description of how it works in the Xbox....
Just replace all references to "the Xbox's EEPROM" ~to~ "the PC's BIOS" as you read it and THEN maybe you'll understand the origional question..
http://www.xbox-linux.org/docs/hdpassword.html

Here's a page with some utilities that amy or may not be usefull.
http://www.xbox-scene.com/tools/tools.php?page=harddrive
The Xbox used 8Gb WD or 10Gb Seagates

Other Xbox sites might have some other utilities..

I'm having this problem with a 40gb hitachi originally bundled in an IBM thinkpad. It seems to me that the HD pwd is stored in the laptop's BIOS so, theres no need to type de pwd unless yo try to put de HD on another laptop....

I'll try putting it on my nomad jukebox (lol).... if i'm lucky, the firmware will just access the disk and will be able to format it ( I mean, IF the pwd is stored in some physical place)

In the worst case scenario, I'll have a 6 gb nomad jukebox out of a 40 gb thanks to the fact the pwd sector is at the end and not recognizable sector.....

AlfurX

Pwd is stored in unaccessible disk area. It is not possible to wipe the password by format.
Format can clear only accessible disk surface.

It is possible to disable the pasword from your laptop BIOS. Read the laptop manual, how to do it.

sorry about not closing this thread before AlfaLAN gets the points as he had an amazing info about the subject.
Thanks
Tom

agr nevermind i forgot that I had already closed this thread.

Not sure if this will help anyone. In our shop we had a customer with an HDD Password.  Laptop was non-functional and customer needed Data.  We used the Services from:

http://www.hdd-tools.com/products/rrs/

I was skeptical, but it did in fact work-  For 50 bucks to recover priceless Data seemed worth it to the Customer-  and we made good on labor- so it worked out quite well for everyone-