[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [pen] Recovering HDD Password?

To: pen@xxxxxxxxxxxxxxxxxx
Subject: Re: [pen] Recovering HDD Password?
From: Toby <darthstrydre@xxxxxxxxx>
Date: Fri, 7 Nov 2008 15:04:11 -0500
Delivered-to: mailing list pen@xxxxxxxxxxxxxxxxxx
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=XXUi5e4ifb9FmlvPmxNgB8hCeq/Y+vLJ+LuloQMFxQI=; b=l+PhGHXszhhCWjJ4jhwG5h2TcJYJLY83O3vGnY6MSmII4Dr8P8uJKL+KDFwRFabGiq Ur7R8wNpbW7EnXG+tHeGRea8HCpdxm356OuKEsrht5sObVI8suozCSoglLkD1OPbnswA hVHD5BJSgegqcixDmr9ZQ2JbccO5R51IMvqs0=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=vmWPOjyU0YDRYOikXFlHqN+cYMZAplUyVkfuj2ufseQ3JW8qvmGprq9lj1t01JJmqm g2sBl4Dbt9a4tOr2wiL3NmtxzoFV4zUaVIwt4LJAEgbIJdMwRwIChUSTsoS4g47TvkXi w+u0FJtIUO0YDs1iM9Qze3qi3bt6LCF0G7Tj4=
In-reply-to: <bed6b5f40811071014q19ce25b5n9f59ac3b21a2df8e@xxxxxxxxxxxxxx>
Mailing-list: contact pen-help@xxxxxxxxxxxxxxxxxx; run by ezmlm
References: <65e540790810311120o7fa82cb5t81c75af21c68fd31@xxxxxxxxxxxxxx> <39e1a0e00810311246q2d0ebe85ub98d51aef3e156ce@xxxxxxxxxxxxxx> <fce1a8ed0810311258q7dc5d01dp608c09802a1a7e0b@xxxxxxxxxxxxxx> <5ebd0d950810311314n64e59d30ic7dea4572f12800c@xxxxxxxxxxxxxx> <490C54DB.8040603@xxxxxxxxxxxxxx> <65e540790811011857n565d43b4xdc87fe9c684bfa2b@xxxxxxxxxxxxxx> <E1Kxhe8-0008F9-Ui@xxxxxxxxxxxxxxxxxx> <1225898220.3628.82.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <154514.5518.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <bed6b5f40811071014q19ce25b5n9f59ac3b21a2df8e@xxxxxxxxxxxxxx>

Sadly, a Mac won't help - this isn't a driver issue. It is implemented
in hardware, and the hard drive is very stubborn - 256bit max
"password" length. It has a password attempt counter of 5... requiring
power cycle/reset after 5. (X10 hardhack?) When in Maximum security
mode, the master password doesn't do anything, and only the user
password works.
The only two possibilities I see for a software hack here is that

1. the firmware download functionality is not disabled when the drive
is locked. (Use imagination here. Replace BEQ with BNE)
2. the SEEK/READ BUFFER commands are not disabled. SEEK doesn't tell
the drive to read a sector... just that it WILL be asked to read the
sector. If the drive does an anticipatory read of the requested
sector, it will be read into the sector buffer, which you can dump
with READ BUFFER. Where in the buffer your sector would be is up to
the user to figure out. Circular buffer? maybe. maybe not. (Similar to
reconstructing paper shredder confetti at that point). If the drive
does NOT do an anticipatory read, this is useless.

<http://www.t10.org/t13/project/d1410r3a-ATA-ATAPI-6.pdf>
6.13 Security Mode feature set
The optional Security Mode feature set is a password system that
restricts access to user data stored on a
device. The system has two passwords, User and Master, and two
security levels, High and Maximum. The
security system is enabled by sending a user password to the device
with the SECURITY SET PASSWORD
command. When the security system is enabled, access to user data on
the device is denied after a power
cycle until the User password is sent to the device with the SECURITY
UNLOCK command.
A Master password may be set in a addition to the User password. The
purpose of the Master password is to
allow an administrator to establish a password that is kept secret
from the user, and which may be used to
unlock the device if the User password is lost. Setting the Master
password does not enable the password
system.
The security level is set to High or Maximum with the SECURITY SET
PASSWORD command. The security
level determines device behavior when the Master password is used to
unlock the device. When the security
level is set to High the device requires the SECURITY UNLOCK command
and the Master password to unlock.
When the security level is set to Maximum the device requires a
SECURITY ERASE PREPARE command and
a SECURITY ERASE UNIT command with the master password to unlock.
Execution of the SECURITY
ERASE UNIT command erases all user data on the device.
The SECURITY FREEZE LOCK command prevents changes to passwords until a
following power cycle. The
purpose of the SECURITY FREEZE LOCK command is to prevent password
setting attacks on the security
system.

6.13.3 Attempt limit for SECURITY UNLOCK command
The device shall have an attempt limit counter. The purpose of this
counter is to defeat repeated trial attacks.
After each failed User or Master password SECURITY UNLOCK command, the
counter is decremented. When
the counter value reaches zero the EXPIRE bit (bit 4) of word 128 in
the IDENTIFY DEVICE information is set to
one, and the SECURITY UNLOCK and SECURITY UNIT ERASE commands are
command aborted until the
device is powered off or hardware reset. The EXPIRE bit shall be
cleared to zero after power-on or hardware
reset. The counter shall be set to five after a power-on or hardware reset.

 - Strydre

On Fri, Nov 7, 2008 at 1:14 PM, Cameron Hanover <orange1@xxxxxxxxx> wrote:
> have you tried sticking the drive in a mac or something.  i know it's
> entirely different, but i once had a usb flash drive that said you
> could put a password on it.  thing is, it only worked in windows.  if
> it was password protected and you put it on a mac, you could access it
> just fine without a password.
>
> On Thu, Nov 6, 2008 at 7:59 PM, Chris White <gtpprix@xxxxxxxxx> wrote:
>> I've got a drive (40GB Toshiba MK4036GAC) thats locked and I have no clue
>> what the password is, does anyone know a way to recover the password on
>> these things?
>>
>> -Chris
>>
>>
>>
>
>
>
> --
> -cth
>
>  Chaos was the law of nature.  Order was the dream of man.
>

References:
- Help!
  - From: agent69
- Re: [pen] Help!
  - From: Andy Kaiser
- Re: [pen] Help!
  - From: Gavin Hanover
- Re: [pen] Help!
  - From: Illustrious niteshad
- Re: [pen] Help!
  - From: Barry Callahan
- Re: [pen] Help!
  - From: agent69
- Re: [pen] Help!
  - From: Matthew Thomas Harrison
- Re: [pen] Help!
  - From: Paul Timmins
- Recovering HDD Password?
  - From: Chris White
- Re: [pen] Recovering HDD Password?
  - From: Cameron Hanover

Prev by Date: Re: [pen] Recovering HDD Password?
Next by Date: HDD Haiku
Previous by thread: Re: [pen] Recovering HDD Password?
Next by thread: Re: [pen] Recovering HDD Password?
Index(es):
- Date
- Thread

Please visit www.the-collective.net.