Solved

How to clear hard drive with HDD lock?

Posted on 2010-11-18
25
2,572 Views
Last Modified: 2012-05-10
I have just purchased a used Toshiba satellite l305d and it has a hard drive lock on it. I have tried my best to figure out a way to reset it. I am at a loss. There are tools out there for this task but the problem is that I can seem to get the hard drive to be recognized. I would graciously accept any pearls of wisdom that could aid me in this matter.
0
Comment
Question by:akkelsey23
  • 6
  • 4
  • 3
  • +8
25 Comments
 
LVL 14

Expert Comment

by:leoahmad
ID: 34170153
0
 
LVL 34

Accepted Solution

by:
jamietoner earned 168 total points
ID: 34170747
Unless you want to pay a data recovery service to unlock the drive(btw it would be cheaper to buy a SSD to replace this drive), the drive is a paperweight.
0
 
LVL 91

Expert Comment

by:nobus
ID: 34171013
try hddunlock :  http://www.hddunlock.com/
i must say i never used it (never had a locked HD..) so post results
pay attention - they say it erases it??
0
 
LVL 91

Expert Comment

by:nobus
ID: 34171022
0
 
LVL 34

Expert Comment

by:Michael-Best
ID: 34171760
By "clear hard drive " you mean wipe all data and OS?
Try and wipe it in DOS:
http://www.killdisk.com/bootablecd.htm
0
 
LVL 34

Expert Comment

by:Michael-Best
ID: 34171819
0
 
LVL 11

Assisted Solution

by:ocanada_techguy
ocanada_techguy earned 166 total points
ID: 34171915
It's going to depend, if it's a used laptop you purchased and have no right or expectation to the content, then removing the lock condition that also formats the entire contents (yes, wipe, erase, reformats) should be doable.

If you expect to be able to retrieve the contents of the drive, that's a different matter entirely.  the ATA standard has had this locking feature for a very very long time in all ATA drives, it's just most manufacturers never bothered to implements it in their BIOS, that being the motherboard initial booting up that would pass along the correct password to the drive at a low level so it would function.

Since you're not passing the correct password, most all commands to the drive are being refused.  Thus, if you try to "see" it as a logical drive letter under My Computer or something like that, no, you are right, you are NOT going to "see" it.  The device should at least be seen in BIOS and under device manager.

FYI, here http://www.t10.org/t13/project/d2008r7b-ATA-3.pdf we have the ATA-3 standard established in 1997 which first introduced the Security features (see section 6.5, starting on pg 33, and particularly helpful the diagrams on page 34)   These carry forward to ATA/ATAPI-4,-5,-6,-7 and SATA as well.

The challenge is that unless you were using a laptop BIOS that is designed to handle this situation, that is: to prompt the user at power-on for the password to unlock the drive, how would you achieve that and provide the password to the drive when connecting via USB?  

Well, one way, under unix/unbutu/Linux variants would be to use the hdparm --security command which supports ATAPI fully,
or under Windows say, would be to use a drive utility, if not the drive diagnostics tool.  Here http://www.seagate.com/support/disc/manuals/external/pocket/Toolkit-security.htm  from the "Seagate USB 2.0 Pocket Hard Drive User's Manual" is the section about using the tool to password protect, and/or "HOW TO WRITE PROTECT THE DRIVE"

What brand is the hard disk inside?

Unfortunately for you, Toshiba is notorious for keeping their support very close to the vest, it is difficult to even find a low-level disk diagnostic utility for anything Toshiba.  <<<Admin Edit>>>  To get in touch with Toshiba for assistance with this, you are probably going to need the cooperation of the legitimate registered owner so you can get authorized assistance.

For sheer longevitiy, you might be better replacing the drive with a WD or Seagate or such.  You will need to know if it's laptop-sized IDE, or is it SATA, depending on the age.  Some BIOSes fail to support hard drives larger than a set size (so it this one is below 127GB, you might not be able to use larger than that, or you might be lucky) due to LBA limits.  Another big concern is the operating temperature of the disk.  What happens is some people replace a Toshiba hd that is 5400 rpm and operates at 27C say, but they put in a 7200rpm that normally operates at 37C, NOT a good idea as then you're probably pushing your luck and exceeding the laptop's ventilation ability to keep not only the drive but the entire laptop cool enough for optimal operation and longevity.

For a discussion of specialized hardware devices and data lab services designed to defeat hard drive password protection, see here http://www.wwpi.com/?option=com_content&task=view&id=2669&Itemid=129
0
 
LVL 46

Expert Comment

by:noxcho
ID: 34171939
Unlock tools erase the HDD completely so data is lost. So be aware of this fact.
If data is not important you can buy new drive and use it for your needs.
0
 
LVL 34

Expert Comment

by:Michael-Best
ID: 34173140
ocanada_techguy:
"Unfortunately for you, Toshiba is notorious for keeping their support very close to the vest,"
Not true, I get alll the info, I ask for.
But I talk to a technician and not to customer support.
0
 
LVL 47

Assisted Solution

by:dlethe
dlethe earned 166 total points
ID: 34193621
Ocanada gave you good info.  Let me expand as I write code that manipulates these settings.  The security features have 2 passwords, a master & user level.  They can be any byte combination and   Forget a brute force recovery unless you have reason to believe they only used a few characters.  Too many combinations.  (32 factorial, if I remember the algebra).

When the drive is locked, you can not read data from it w/o entering the password.   The way around it is to add the master password (if one is not there), and then secure erase it.

So if you need the data, forget it, the cost for the software or to take it to a lab to pay somebody to unlock it, is going to cost you more than what the disk is worth.

My advice?  Throw the HDD away and buy a replacement.
0
 

Author Comment

by:akkelsey23
ID: 34194237
FIrst I would like to say that I am impressed with the response I have gotten. This is my first time using this site.

The hard drive that is locked is a WD2500BEVS. The only program that sees the drive so far is the MHDD. I have tried to reset the password and set the master password both to no avail. The Toshiba satellite asks for a Bios password and then a HDD password so I have been pulling the drive out to boot up and then reinserting it after it boots as this is the only way I have found to get around the HDD password prompt.
Is there a way to run atapwd in MHDD and brute force the password? I am not sure where to go from here.
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 91

Expert Comment

by:nobus
ID: 34194581
what about the programs i suggested?  did you try any?
0
 
LVL 47

Expert Comment

by:dlethe
ID: 34196294
You can not just reset the password.   It does not work that way. You have to know the password ahead of time to get rid if it.     If the master password is set, then you have to know the master password in order to remove it.  That is how the command works per the ATA specification.  No software can get around it.  There is also no back door.  The only way to get around it is to plug the disk into some equipment that interfaces with the drive electronics.

Throw the disk away.  Sorry, but you are wasting your time.
0
 
LVL 11

Expert Comment

by:ocanada_techguy
ID: 34198239
@micahel-best Toshiba's low-level disk utility is NOT on their website and finding one is very difficult.  I've also encountered incorrect drivers posted, and end up faced with a C$50 to obtain drivers.

It appears in this case it is a Western Digital drive in a Toshiba laptop not a Toshiba drive.  Toshiba may have furnished it that way or the previous owner may have changed drives.

YES if you want to try ATAPWD, it runs from a DOS boot, exactly like the MHDD does.  So it depends whether you're booting from a bootable CD, bootable flash/usb stick, a different hard disk with the drive in question attached as secondary, or booting an actual floppy disk, will dictate how you get to try ATAPWD in place of MHDD.

Well one "back door" is that many times the master password is left as the manufacturer/dealer's default, and the act of drive locking usually only sets the "user" password, so trying the "master" password Toshiba sent them out with might work.  From what I read Toshiba often uses a master password of all spaces.
You said you tried a master, but I gather you're guessing you are not furnishing the correct one?
As a further measure, the drive will go from locked to frozen if 5 bad master passwords are tried, so additional attempts are ignored/useless, you usually have to cycle power to get 5 more attempts.
Depending if the security level chosen was 2) high or 3) maximum, you need the correct "master" password to be able to 2) unlock or 3) sucesfully issue an ATA "security erase unit" command with whatever tool.  By the way, if/when sucesfully "security erasing", the drive then needs plenty of time to erase the drive, as it actually erases, so the command returns estimated time required and you have to leave it on that long while it does so even though it might seem to be idle.

So consider, if it is set to maximum and you don't know the master password, you'll be unable to even issue a security erase so out of luck.

Another supposed back door is if you have a 2nd WD2500BEVS you might be able to, carefully mind you, swap the circuitboards, but that is really dicey and unlikely to work because nowadays recorded in the registries on the IC chips is not only the passwords but also the infinitecimal alignment information, and some is also stored on the platter accessible only by the logic board of the drive itself, such that swapping if the boards is unlikely to work unless the firmware and the alignment are the same.
0
 
LVL 47

Expert Comment

by:dlethe
ID: 34198305
Toshiba's low-level disk utility will NOT delete the master password.  If such a product existed outside of a lab, then deploying Toshiba's disks to any government, military, medical, or financial facility would impose a serious security risk.

The reason, is that it would be possible to back-door the security password as well as secure erase, which would make it unacceptable to use.  No way would IBM, DELL or any large OEM consider using that disk, as it would open them up to lawsuits.

So frankly, IMHO, and I emphasize, in my OPINION, such a product could not possibly exist that would disable the security. There is no financial upside and a massive billion-dollar exposure risk for such a product to erase the password.


0
 
LVL 47

Expert Comment

by:dlethe
ID: 34198349
I will also volunteer, that I have never heard of such a product existing for any other drive manufacturer, and I have development NDAs with them from times when I worked for one of the largest OEM Seagate / WDC customers they had.

If I even caught wind that there was a back door to the security, then I, and any of my peers, would have reported this to our management, and I guarantee they would have terminated any OEM agreement with any vendor that could do this.   This is really no different then an encryption hardware/software vendor having a back door.   Even the existence of such a thing makes using that vendor unacceptable risk for end-users.


0
 
LVL 11

Expert Comment

by:ocanada_techguy
ID: 34199209
@dlethe um, no not exactly, I think you're mistaken.
The thing about the "locking" is it's not encryption at all, quite the contrary.
As for the government or military never using them, hahaha c'mon, don't you remember all the stories of military security incompetence?  Like when the military finally decided the way to secure repeated usb stick theft was to super-glue all usb ports shut?  Anyway, the manufacturers cover their butts in the terms of use fine print, right? It can all go to $#^!, and usually does, and they all absovle themselves of any responsibility for anything.
Actually disk lock is weak.  Steve Gibson among others has shown this.  
Say, maybe revisit the link I posted here http://www.wwpi.com/?option=com_content&task=view&id=2669&Itemid=129  from what I understood the Michael Crooker case was not simply a case of he set the user but not the master password and yet still his data was obtained.  Yes a device to do it far exceeds the cost of simply getting a new disk.
Neener neener (just kidding) lol  can't know everything right?  Still, an interesting topic and fun discussion to have.
0
 
LVL 47

Expert Comment

by:dlethe
ID: 34199443
The data can be recovered in a lab if the Master password is set. The password does not prevent anybody from reading the data who has the right hardware.   However, the point is, that it requires hardware that bypasses the SATA/ATA disk interface.

This is the risk.  If there was a back-door password, then it would  be unsuitable for use, as it would be too easy to obtain access to the data and get around the password.    Some vendors use this password in their RAID implementations for a variety of purposes.

The master password serves 2 purposes ... to prevent a user from READING/WRITING data to the disk, as a method of inexpensively "locking" the drive.  Or, as a precursor to running the NIST PURGE, or SECURE ERASE.  If one was able to read/write data between the time the disk was locked and continuing on with the erase, then there would be a security hole.  

This password has nothing to do with encryption. It has to do with preventing access to data once a disk has been locked.

There are rules for what commands that can be accepted by the disk when user / master passwords are set in combination with some bit settings from the SET FEATURES.  but it is moot, the point I am making is that one can not just send a command that will remove the password w/o either blowing away the entire disk as a consequence, or knowing the password and making that password part of the ATA command that removes it.   (There are rules that are exceptions, that one can read up on by going to the T13 site, but getting too deep into it).
0
 
LVL 12

Expert Comment

by:coredatarecovery
ID: 34201458
On that model, I'd just replace the drive, you can get a 250 gig replacement drive for as little as $44 and it should not run more than 89.00 for a brand new 250 gig.

That said, if it's the bios hard disk lock, you can try these backdoor passwords.

 
For Award:

589721
awkward
CONCAT
syxz
ALLy
589589
AWARD_SW
j262
HLT
SER
SKY_FOX
BIOSTAR
ALFAROME
Lkwpeter
j256
AWARD?SW
LKWPETER
d8on
CONDO
j64
szyx

 
AMI BIOS:

AMI
BIOS
AMI?SW
AMI_SW
LKWPETER
A.M.I.
CONDO
PASSWORD
HEWITT RAND

 
For PHOENIX:

phoenix

This is a partial list obtained from 3 sources online and has been rewritten for purposes here.

If it's a software lock on the drive, not a bios lock, you can pull the drive, use a usb-sata dock and plug the drive into a unix box and remove all partitions and initialize it with a Linux partition. then put it back in the laptop and format it normally.
0
 
LVL 47

Expert Comment

by:dlethe
ID: 34215529
"If it's a software lock on the drive, not a bios lock, you can pull the drive, use a usb-sata dock and plug the drive into a unix box and remove all partitions and initialize it with a Linux partition."

That does not make sense, unless you are talking about some sort of application software.  When the drive is "locked" with the ATA security master or user password, then the disk will NOT allow any program to read or write to any block until the disk is unlocked.  Because of this, it would be impossible to get around this by using a USB-sata bridge, because such devices still have to eventually write to the disk to modify block 0.

0
 
LVL 38

Expert Comment

by:younghv
ID: 34221567
@ocanada_tec…,
I take it that your comment at http:#a34199209 is based on your many years of experience in the military?

The pure fact is that the military has always set the standard for IT security and people like you always forget that there would not be an "Internet" if it weren't for the U.S. Military.

EE has a number of "opinion" Zones where veracity is not important, but you may want to try sticking to facts when you're posting in a Technical Zone.
0
 
LVL 34

Expert Comment

by:Michael-Best
ID: 34910381
You can unlock it with this:
Price — $19.95

http://www.hddunlock.com/

Your WD2500BEVS is supported by this software: http://www.hddunlock.com/drives/wd/

0
 
LVL 87

Expert Comment

by:rindi
ID: 34936480
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Many people find themselves in a situation while using PC's that they suspect or find out they have a hard disk problem. The big question then is what to do about it; how to handle the problem, and in which order.  This article is intended to help p…
Bellevue, WA, USA; Late December, 1980 "OK, folks, we nailed the IBM contract. We're going to have many meetings like this to discuss features and functions...and how to move from 86-DOS, the CP/M clone we just purchased, to our baby, MS-DOS. Thi…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now