• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 46914
  • Last Modified:

Password protected Hard drive

Recentely I bought a dell laptop from ebay, the laptop has a hard drive that is asking for a password right in the beginning after it boots up (not when the os boots up). I think the password is being stored on the software part of the hard drive and not on one of the sectors witch seems to make it harder to figure out how to get rid of the protection. The hard drive is an IBM Travelstar Model DJSA-220. I cant get a hold of the seller and I am stuck with a computer that I cant do anything on. Let me know if you guys have any good ideas. Thanks in advance.

Tom
0
T0masz
Asked:
T0masz
1 Solution
 
tosh9iiiCommented:
Are you sure that it's the hard drive and not the motherboard that's asking for the passoword?
0
 
T0maszAuthor Commented:
Yes I am positive If I take the hd out it dosnt ask for the password anymore. I am also able to boot from another devicies sutch as a floppy
0
 
rindiCommented:
If the disk is password protected there probably isn't anything you can do to remove it. It might be possible to get dell or IBM to remove it for you, but you need to prove its your system and it could get expensive. A new Disk doesn't cost too much these days, or you can wait until you get hold of the guy who sold you the notebook.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
tosh9iiiCommented:
Well, I haven't had much luck finding a solution, but I haven't give up yet.  So far, I mainly read that it's extremely difficult or impossible, especially with IBM hard drives and that it'd cost about $295 to get it unlocked by professionals.

I thought you might like to see the following webpages:

http://forums.devshed.com/archive/t-197569
http://www.driverforum.com/harddrive3/1642.html
http://labmice.techtarget.com/articles/BIOS_hack.htm
0
 
AlfaLANCommented:
This is called a ATA-password. Also known as a HDD Password, HDP, Security lock, HDD Security feature.
It is a standard included in the ATA Specification. (read the ata-spec)
If a drive is locked it (to be precise the controller on the harddrive pcb) will reject all read/write operations and some other operations (NOT ALL!!!).
Thus it is impossible to use any software-tools only to read/whipe the password.

Swapping the harddrive pcb with another identical one from a unlocked drive will NOT clear or bypass the lock since the password(s) are stored in the "system maintenance cylinder" (at cylinder address 16,384). On this cilinder are other important data stored like: track-layout information, calibration information, identification, serial and so forth.

The lock exists of 2 securitylevels: high and max. There are two passwords possible: User and Master. If the securitylevel is set to MAX only a userpassword can unlock the drive. If the securitylevel is set to high a user AND a master password can unlock the drive. The password can consist of 32 bits max by the way.

It IS possible to unlock the drive using extra hardware. This hardware can READ OUT the password in cleartext (as i understand). Visit http://www.vogon-forensic-hardware.co.uk/password-cracker-pod.php for proof. They are in fact NOT the only ones who have this kind of hardware. Untill now I still have'nt figuerd out how to do this (AND I'm willing to PAY for this info, contact me!!!).

There are however other way's:
1 Brute force the lock (if anyone has experience in direct access & int13h commands programming, please contact me)
2 hack firmware (the only security leak in my opinion)
3 in case of laptop: read out the password from the chip of the laptopmotherboard.
But you can only do this if the laptop is also still passwordprotected. Some *not to bright* people steal laptops and clear the passwordchip so the laptop boots, then to find out the harddrive is still passwordprotected (since poweron protecting your laptop often automatically locks your harddrive to, but as a user you do not notice this).
4 find someone in your region who can (there are people who can!!! Usually via option 2 so don't forget to mention your hdd-type)
5 buy the required hardware yourself: very expensive. Vogon charges 30.000 pound... And the new russian 3000 system is not yet translated and thus for sale (expected price around 10.000 USD).

So in your case this is a dead end; it is REALLY much more cheaper to simply buy another harddrive: you can use your new laptop fast and it saves you the headache ;-)

A professional company charges way over the price of a new one; finding someone reliable who can actually unlock your type of harddisk nearly impossible (and what will they charge?; the one I know charges from 25 euro upwards).
I know how to perform option 1 & 2 but lack the expertise=time to program it.

Last note: some people hope that the security erase function will unlock the drive. This is a irrational hope becouse this is a function to securily (and fast!!!) whipe the drive in 3 passes; that means whipe the userdata becouse if the maintenance cylinder is whiped then the trackinfo is whiped and thus the drive unusable...  This aside from the fact that the drive must be unlocked before it will accept the command.

Can anyone please prove me wrong and help with another solution?

Good luck with your new & ultra high tech paperweight !!!
0
 
AlfaLANCommented:
By the way; it is the same type of lock as in your http://www.experts-exchange.com/Hardware/Q_21090452.html
0
 
Cyber-DudeCommented:
OK
Heres a link that explains what happen:
http://www.pwcrack.com/bios.shtml

And see also;
http://www.experts-exchange.com/Storage/Q_21078802.html

And finally (and I hope this one will help you - not all is lost)
http://labmice.techtarget.com/articles/BIOS_hack.htm

Hope that 'helped' in a way...

Cyber
0
 
akrafty1Commented:
I had a client with the same problem. The only inexpensive solution as allready stated is to just purchase and install a new HD.
0
 
andyalderSaggar makers bottom knockerCommented:
Agreed, no way past an ATA password without redesigning your own logic board for the drive.
0
 
nochkinCommented:
You can not remove this password easy way. Many drives store this password on the controller, many store it on the media and many of them store it both ways.
The best way to try is to get another circuit board and try to swap it. If it won't work (it worked on some old drives) then I would suggest to buy another drive unless information on your original drive is important.

If you don't have the same circuit board and you don't care about data on the drive then getting another drive is the best and cheapest solution.
0
 
RuelnovCommented:
AlfaLAN wrote:

>>Swapping the harddrive pcb with another identical one from a unlocked drive will NOT clear or bypass the lock since the password(s) are stored in the "system maintenance cylinder" (at cylinder address 16,384). On this cilinder are other important data stored like: track-layout information, calibration information, identification, serial and so forth.<<

Has anyone tried using Hard Disk Editor to see if the "system maintenance cylinder 16,384" can be dumped to screen in HEX?

If so, then at least the ATA password can be seen.


0
 
nochkinCommented:
> Has anyone tried using Hard Disk Editor to see if the "system maintenance cylinder 16,384" can be dumped to screen in HEX?

The drive will not respond to any ATA commands at all. The only command it will respond is the one with password unlock, but you have to know the password.
So that's impossible to use Hard Disk Editor to see the password.
0
 
RuelnovCommented:
I would try connecting it as a slave, then dump to screen the cylinder containing the ATA password using a software that can issue vendor-specific IDE commands to the IDE controller.

If still no joy, I would do a true LLF at register level. Again, using a software that can talk directly to the IDE controller and knows the vendor-specific IDE commands. That should re-initialize the whole thing and make the drive usable again without any password.
0
 
nochkinCommented:
Ruelnov, it will not work. You are missing the whole point with ATA password :-)
0
 
T0maszAuthor Commented:
Actualy he might be right I had a drive once... a while ago in my compaq that asked for a password in that laptop but not while in a norml computer... Ill check that out.

Tom
0
 
RuelnovCommented:
That's true. And that's the reality with such branded systems.

And I like doing what other people say it cannot be done. I specialize in things that other people can't do. And I have such unique solutions in my own PC Shop.
0
 
nochkinCommented:
T0masz, if you were able to get data on another machine, that means that this drive was not protected by ATA password. It was just simple BIOS password.
0
 
T0maszAuthor Commented:
not this drive, and NO it wasnt a BIOS password. It starts getting annoying, I know what a BIOS password is and that wasnt it... some kind of HD password maybe not ATA but it was a hd password. We`ll see how it goes, Thanks for your help.

Tom
0
 
rindiCommented:
I just don't think its worth all the time and hassle. It is a 2nd hand PCwith a locked down disk. The data on the disk cannot be of any interrest to TOmasz. A new notebook disk costs maybe <$ 150.-- and you get about the double size. You might be able to get a phased out, smaller disk for considerably less. You can even try to send in the disk for warranty (check on the ibm->hitachi Homepage, you will probably need the serial number of the disk). This might be worthwhile trying, since you don't need the data, you might just be able to claim warranty...
0
 
AlfaLANCommented:
Made some little errors:
* The russian 3000 system is NOT yet for sale since it is not finished translating.

* int13h commands will NOT work since you need the bios to recognise the drive. So ONLY direct access (bypassing bios) commands will work.

* A Masterpassword WILL erase the security settings (password) when the drive is locked in max security mode using the 'security erase prepare' directly followed by the 'security erase unit' command. However the masterpassword must be known since you cannot set the masterpassword when the drive is locked. It will however also DELETE all userdata.

* There are several manufacturars who set a master password at the factory. So if you can find/get it you can unlock your drive (wich might erase all userdata if securitymode was set to max). By looking at your master password revision code (shoud be 65534) you can determen if the drive still has the factory-set masterpassword (wich by the way is often 1 or more spaces believe it or not).

* Allthough the ATA-specs specify for the possibillity of a 32 bytes long password, most laptop-bioses will only accept 7 or 8 characters....  Most ata-lock software tools I know of also only accept 7-8 chars..... (brute forcing still might be a option)

- No old ATARI or Macintosh will 'simply' give access to the drive: I tested it. (Ruelnov what are you using???)
- NONE of my hdd's could be 'hacked' by swapping pcb's of identical one's: I tried.
- Using a magnet to fully erase the disk renders the disk useless, since it also whipes all other IMPORTANT data in the system maintenence cilinder. It DID however whipe the password. But to use the drive again you need vendor-specific tools & commands.

In this Ruelnov has a point: Some drives are possible to unlock by reinitialising (through vendorspecific commands) or by upgrading the microcode.

Some drives however seem to have their passwordroutine embedded in a chip on their hdd pcb; no microcode will help here (at least not by bypassing the pw-check in the microcode before flasing the hdd.)

But in the end, almost all types and brands of hdd's can have their password READ OUT by specialized hardware.
0
 
For-SoftCommented:
There is a way to read the password from IBM-DJSA-220 drive as long as the firmware version is older than AC6A. No special hardware needed.

Old IBM DxxA series drives have a security bug in the firmware, so it is possible to read the password from almost any IBM-DxxA drive.
0
 
key134Commented:
For-Soft:  I have an IBM DBCA-206480 with the same problem.  I would love to use this drive, would you be so kind as to explain how this bug is exploited?
0
 
For-SoftCommented:
Sorry. I will not do that.
0
 
psgroveCommented:
Contatct Ebay and complain. The seller sold you a bogus product. If they indicated that it was a functioning product. Without the password to the hard drive, this is not a functioning product.

You might also send the hard drive in to IBM for a warranty repair. Generally they just send you a refurbished drive as a replacement.
0
 
nochkinCommented:
IBM will not fix your hard drive if you don't know the password. It's not defective, it's password protected.
However, filling the claim with eBay/PayPal/seller is a good idea.
0
 
psgroveCommented:
If you accidently dropped in the toilet they might. ;)
0
 
nochkinCommented:
If YOU "accidently" did something to it then it's your fault and will void warranty for sure.
0
 
AlfaLANCommented:
Or whipe the harddisk with a good magnet. You will loze the password, but it wil also render the drive useless.
To IBM it wil just be 'another drive with damaged system maintenance cylinder'...
0
 
nochkinCommented:
AlfaLAN, I don't think that you will find such a strong magnet.
0
 
AlfaLANCommented:
Nochkin, do you think? I mean, you only need to reach the first or last platter and the cilinders are history.

I never tried the magnet; however I DID use my bulk eraser (a studio quality AC degausser) and I can guarantee you that this will work!!!! However the disk will not function anymore (of course) but the hdp was gone...
This was on a 20 GB Hitachi-disk, but I forgot the typenumber over time (did'nt seem relevant at that point).
0
 
AlfaLANCommented:
Nochkin, can you explane why a magnet (or a not to powerfull one) will not work? Hdd casing is usally aluminium I assumed...

ps: my degausser has an output of 4000 gauss. So tapedeck-head degaussers will not be powerfull enoug I guess. But then again, how much gauss power (or magnetism power) would one need to reach the first or last platter of a hdd?

Frendly greetings, (and enjoying the after-chat ;-))

AlfaLAN
0
 
nochkinCommented:
Any normal modern hard drives require a very strong magnetic field in order to change some information on the platter.
The head of hard drive is very close to the surface and makes a very strong field at very very small surface in order to change information here only and not neightboor's sectors or sectors on another side of plate.
Additionally, the heads are very very very close to the surface and if you will put your magnet at least one inch away then your magnetic field will be very weak by then.
Btw, each hard drive has few magnets inside next to the disks, but it does not damage data.

Honestly, I don't really know what is the minimum power is needed for damaging modern hdd, but not many people has studio degausser at home for sure and I still don't think that it will be enough :-)

P.S.: If you are really interested then you can dig up some additional info on google.
http://www.dansdata.com/magnets.htm
http://littleshop.physics.colostate.edu/MagDisk.html
and more.
0
 
AlfaLANCommented:
nochkin, Fast responce man! Cool!

Nice links, were very informative, Thanks!

Did some googeling on degaussers, found that mine (4000 gauss) is just strong enough.

Various links support my test: erasing hdd with degaussers. (was impressed by the prices though, Didn't know that when I bought it secondhand for 10 euro ;-) )

http://www.videotapeeraser.com/bulk-eraser.html
http://www.care4data.ch/artikel/index.php?gruppe=47 (festplatte means harddisk ;-)) (I'm from holland by the way)

Greetz,

AlfaLAN
0
 
PCBONEZCommented:
The password is a little used feature of the ATA standard.

The password is stored a non-data portion of the disk where all the drive parameter information is stored.

The BIOS in whatever laptop it was in when passworded put it there.

NOW, if that's enabled, when the drive first starts up it asks the system for the password.

The system asks the user to enter it.

If the drive doesn't get it then it won't accept any following commands.

..........

The function has basically always been there but aside from random users it's only ever been used by Microsoft in the Xbox.

Here's a good description of how it works in the Xbox....
Just replace all references to "the Xbox's EEPROM" ~to~ "the PC's BIOS" as you read it and THEN maybe you'll understand the origional question..
http://www.xbox-linux.org/docs/hdpassword.html

Here's a page with some utilities that amy or may not be usefull.
http://www.xbox-scene.com/tools/tools.php?page=harddrive
The Xbox used 8Gb WD or 10Gb Seagates

Other Xbox sites might have some other utilities..
0
 
AlfurXCommented:
I'm having this problem with a 40gb hitachi originally bundled in an IBM thinkpad. It seems to me that the HD pwd is stored in the laptop's BIOS so, theres no need to type de pwd unless yo try to put de HD on another laptop....

I'll try putting it on my nomad jukebox (lol).... if i'm lucky, the firmware will just access the disk and will be able to format it ( I mean, IF the pwd is stored in some physical place)

In the worst case scenario, I'll have a 6 gb nomad jukebox out of a 40 gb thanks to the fact the pwd sector is at the end and not recognizable sector.....

AlfurX
0
 
For-SoftCommented:
Pwd is stored in unaccessible disk area. It is not possible to wipe the password by format.
Format can clear only accessible disk surface.

It is possible to disable the pasword from your laptop BIOS. Read the laptop manual, how to do it.
0
 
T0maszAuthor Commented:
sorry about not closing this thread before AlfaLAN gets the points as he had an amazing info about the subject.
Thanks
Tom
0
 
T0maszAuthor Commented:
agr nevermind i forgot that I had already closed this thread.
0
 
killadeuceCommented:
Not sure if this will help anyone. In our shop we had a customer with an HDD Password.  Laptop was non-functional and customer needed Data.  We used the Services from:

http://www.hdd-tools.com/products/rrs/

I was skeptical, but it did in fact work-  For 50 bucks to recover priceless Data seemed worth it to the Customer-  and we made good on labor- so it worked out quite well for everyone-
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now