L
Louis Bybee
I have been trying to discover a workaround for accessing a Hard Drive
locked via the ATA Standard. I have copied various posts regarding my quest
below. I would really like to hear from anyone that has knowledge of the ATA
Standard Hard Drive Locking Technology, and/or has successfully unlocked a
password protected drive without knowledge of the User, or Master Password.
Thank you.
Louis--
********************************
Remove the two fish in address to respond
A friend? of mine locked the Hard Drive in my Laptop (it was his way of
"sticking it to me", and so far it's worked very well). As the boot process
begins it stops, and asks for the password. The boot sequence is set for
floppy first, but even trying to boot with a floppy wont allow progress past
the password prompt.
So far I've tried to boot to a floppy - no success - with the thought of a
Low Level Format. I've placed the drive, with an adapter, into a desktop,
and I discovered that BIOSs without a password scheme like a Laptop, reports
the drive as a "failed disk". If I place it into another Laptop it asks for
the password. I locked a different drive, placed it into the desktop, and it
reported as a "failed disk". I put it back into the Laptop, unlocked it, and
back into the desktop where it worked normally.
Further research led me to the Hard Disk ATA Standard, which allows for a
Hard Drive to be locked, and unlocked. It appears that the passwords (user,
and master) are not on the platter, but stored in a register on the
controller board. The logic sequence on boot up is to check if the drive is
locked, and if it is it wont unlock the drive until the proper command, then
the password is sent to the drive.
The ATA Standard also indicates that if you know the Master Password, it
will unlock the drive, and reset the user password to null.
I understand the need for security, but I can't help but suspect that some
clever chap has discovered a workaround short of sending the drive to a data
recovery facility, and spending thousands of $$$.
There has to be a way of probing the register in question, and reading the
data necessary to unlock the drive.
I can buy a new drive for my Laptop, but I guess the challenge of overcoming
situation is too much to pass up.
Any suggestions, Web Sites, other news groups, or assistance would be
appreciated!!
The Laptop is functional with a different Hard Drive (I am currently using
the unit). The value of the locked Hard Drive isn't worth the effort. It's
the frustration of not having access to the Hard Drive, and the opportunity
to learn something that is driving me at this point.
The machine in question is an older IBM Thinkpad Laptop. I am currently
using it with a new Hard Drive. The old drive is locked (he locked the drive
only), and that's what I'm trying to get into. The drive itself isn't worth
any time or expense, but I am determined to learn how to gain access to it.
IBM at their Web Site, and the local service center, indicated there is
nothing they could do for me.
I am convinced that accessing my drive is possible if I get the proper
information. I have received a few suggestions that make me believe I'm well
on the way to success!
I have discovered the user, and master password, are resident in the
firmware of the drive controller. When the drive is accessed as part of the
boot process (regardless if it is a master, or slave) if the drive is
locked, and the password hasn't been entered, the drive returns a signal
that most systems without a Hard Drive password routine interpret as a
failed drive.
It would be interesting to see if the drive password register could be
probed to revel the contained data.
I know some method is possible as evidenced by the specialty firms that will
unlock a Hard Drive. Just take a wheel barrow full of money with you! :-]
I have confirmed that per the ATA Standard the password data is resident on
the controller card. It has nothing to do with the platter. There are third
party software solutions to lock a drive, and in that case the password is
located on the drive media. I have recovered data from a locked Hard Drive
by replacing the controller board with an identical unit, and then accessing
the drive normally.
With the IBM Thinkpad I have you can have a BIOS or Boot Password, Hard
Drive Password, or an Admin. Password. Someone set the Hard Drive Lock, and
the unit required a password at turn on. Not knowing the password, I removed
the drive, and tried it on a Desktop. It reported as a failed drive. Using a
utility, I discovered the drive was locked with a user password. Replacing
the controller card allowed me to recover the data, and use the drive in the
Thinkpad again. The Thinkpad also would work with a different drive (the
other passwords (BIOS & Admin) hadn't been set).
As I reviewed the ATA Standard, the indication was that the User, and Master
passwords, were stored in the firmware (with no placement on the drive
media).
I locked a different drive (with a desktop) using the utility I have, and
the Laptop requested a password before access, and the Desktop reported a
failed drive.
It would appear to me that in this case the drive media wasn't used as a
storage medium for the password data.
I would dearly like to hear from someone that has unraveled this enigma!
locked via the ATA Standard. I have copied various posts regarding my quest
below. I would really like to hear from anyone that has knowledge of the ATA
Standard Hard Drive Locking Technology, and/or has successfully unlocked a
password protected drive without knowledge of the User, or Master Password.
Thank you.
Louis--
********************************
Remove the two fish in address to respond
A friend? of mine locked the Hard Drive in my Laptop (it was his way of
"sticking it to me", and so far it's worked very well). As the boot process
begins it stops, and asks for the password. The boot sequence is set for
floppy first, but even trying to boot with a floppy wont allow progress past
the password prompt.
So far I've tried to boot to a floppy - no success - with the thought of a
Low Level Format. I've placed the drive, with an adapter, into a desktop,
and I discovered that BIOSs without a password scheme like a Laptop, reports
the drive as a "failed disk". If I place it into another Laptop it asks for
the password. I locked a different drive, placed it into the desktop, and it
reported as a "failed disk". I put it back into the Laptop, unlocked it, and
back into the desktop where it worked normally.
Further research led me to the Hard Disk ATA Standard, which allows for a
Hard Drive to be locked, and unlocked. It appears that the passwords (user,
and master) are not on the platter, but stored in a register on the
controller board. The logic sequence on boot up is to check if the drive is
locked, and if it is it wont unlock the drive until the proper command, then
the password is sent to the drive.
The ATA Standard also indicates that if you know the Master Password, it
will unlock the drive, and reset the user password to null.
I understand the need for security, but I can't help but suspect that some
clever chap has discovered a workaround short of sending the drive to a data
recovery facility, and spending thousands of $$$.
There has to be a way of probing the register in question, and reading the
data necessary to unlock the drive.
I can buy a new drive for my Laptop, but I guess the challenge of overcoming
situation is too much to pass up.
Any suggestions, Web Sites, other news groups, or assistance would be
appreciated!!
The Laptop is functional with a different Hard Drive (I am currently using
the unit). The value of the locked Hard Drive isn't worth the effort. It's
the frustration of not having access to the Hard Drive, and the opportunity
to learn something that is driving me at this point.
The machine in question is an older IBM Thinkpad Laptop. I am currently
using it with a new Hard Drive. The old drive is locked (he locked the drive
only), and that's what I'm trying to get into. The drive itself isn't worth
any time or expense, but I am determined to learn how to gain access to it.
IBM at their Web Site, and the local service center, indicated there is
nothing they could do for me.
I am convinced that accessing my drive is possible if I get the proper
information. I have received a few suggestions that make me believe I'm well
on the way to success!
I have discovered the user, and master password, are resident in the
firmware of the drive controller. When the drive is accessed as part of the
boot process (regardless if it is a master, or slave) if the drive is
locked, and the password hasn't been entered, the drive returns a signal
that most systems without a Hard Drive password routine interpret as a
failed drive.
It would be interesting to see if the drive password register could be
probed to revel the contained data.
I know some method is possible as evidenced by the specialty firms that will
unlock a Hard Drive. Just take a wheel barrow full of money with you! :-]
I have confirmed that per the ATA Standard the password data is resident on
the controller card. It has nothing to do with the platter. There are third
party software solutions to lock a drive, and in that case the password is
located on the drive media. I have recovered data from a locked Hard Drive
by replacing the controller board with an identical unit, and then accessing
the drive normally.
With the IBM Thinkpad I have you can have a BIOS or Boot Password, Hard
Drive Password, or an Admin. Password. Someone set the Hard Drive Lock, and
the unit required a password at turn on. Not knowing the password, I removed
the drive, and tried it on a Desktop. It reported as a failed drive. Using a
utility, I discovered the drive was locked with a user password. Replacing
the controller card allowed me to recover the data, and use the drive in the
Thinkpad again. The Thinkpad also would work with a different drive (the
other passwords (BIOS & Admin) hadn't been set).
As I reviewed the ATA Standard, the indication was that the User, and Master
passwords, were stored in the firmware (with no placement on the drive
media).
I locked a different drive (with a desktop) using the utility I have, and
the Laptop requested a password before access, and the Desktop reported a
failed drive.
It would appear to me that in this case the drive media wasn't used as a
storage medium for the password data.
I would dearly like to hear from someone that has unraveled this enigma!