800+ IT
News
als RSS Feed abonnieren๐ My girlfriend's mother passed away. We have the hard drive from her old computer, but it is locked with an (unknown) ATA password. Is there any way we can get past it?
๐ก Newskategorie: IT Security Nachrichten
๐ Quelle: reddit.com
The computer is older, and the drive is IDE. Drive is a Hitachi Travelstar: https://i.imgur.com/QXUHInG.jpg. The computer it came out (DoA) may have once belonged to an organization that knew what they were doing (my partner's mother would NOT have known how to lock a hard drive, much less change the Master Password. . . which it looks like was done?) and been "improperly requisitioned" by a higher up in said organization (there's a family connection and we do NOT trust this individual or want contact with him).
You can see I have it hooked to one of these to even talk to it: https://www.amazon.com/gp/product/B077JNTSYH/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1
I'm quite good with the linux command line and I've been poking at the drive with hdparm, but I've never encountered a locked drive before. My research seems to say some combination of
1) There's nothing you can do.
2) You might be able to extract the hex values of the old password after lots of screwing around and this might or might not do you any good.
3) This one hacker / lab / researcher / university IT dept. broke the password on $otherHardDriveByOtherManufacturer by doing XYZ, but every manufacturer and sometimes even drive model implements this sort of thing differently so good luck trying to apply this and four times out of five they needed the master password.
4) This expensive Windows software will maybe just do it for you. Also someone sells some piece of hardware that might do it for $10,000 and data recovery labs have those. Anyway, if you pay a lab thousands of dollars, they might be able to help (this isn't out of the question, just I like to hack things and we'd like to NOT spend thousands if we can avoid it).
5) There is a master password which may still work. I believe it's 32 spaces, but based on the ouput of hdparm -I, I think it's been changed though? And I've read contradictory things that say maybe it can only be used for a secure wipe anyway?
Is there any thing I'm missing? Any tool out there I haven't managed to hunt down? It's really weird to be googling this and find a bunch of old pages and forums that say "You're SOL, there's nothing you can do!" and a bunch of other old pages and forums that say "breaking these is pretty easy, you just need X expensive Windows tool." It sounds like most of the people cracking them are just using the Master Password, and I think mine's been changed?
Here's the hdparm -I output:
TA device, with non-removable media Model Number: HTS541080G9AT00 Serial Number: MPB4LAXKKDGKLG Firmware Revision: MB4OA60A Standards: Used: ATA/ATAPI-6 T13 1410D revision 3a Supported: 6 5 4 Configuration: Logical max current cylinders 16383 16383 heads 16 16 sectors/track 63 63 -- CHS current addressable sectors: 16514064 LBA user addressable sectors: 156301488 LBA48 user addressable sectors: 156301488 Logical/Physical Sector size: 512 bytes device size with M = 1024*1024: 76319 MBytes device size with M = 1000*1000: 80026 MBytes (80 GB) cache/buffer size = 7539 KBytes (type=DualPortCache) Capabilities: LBA, IORDY(can be disabled) Standby timer values: spec'd by Vendor, no device specific minimum R/W multiple sector transfer: Max = 16 Current = 0 Advanced power management level: 254 Recommended acoustic management value: 128, current value: 254 DMA: mdma0 mdma1 mdma2 udma0 udma1 udma2 udma3 udma4 *udma5 Cycle time: min=120ns recommended=120ns PIO: pio0 pio1 pio2 pio3 pio4 Cycle time: no flow control=240ns IORDY flow control=120ns Commands/features: Enabled Supported: * SMART feature set * Security Mode feature set * Power Management feature set * Write cache * Look-ahead * Host Protected Area feature set * WRITE_BUFFER command * READ_BUFFER command * NOP cmd * DOWNLOAD_MICROCODE * Advanced Power Management feature set Power-Up In Standby feature set * SET_FEATURES required to spinup after power up Address Offset Reserved Area Boot SET_MAX security extension Automatic Acoustic Management feature set * 48-bit Address feature set * Device Configuration Overlay feature set * Mandatory FLUSH_CACHE * FLUSH_CACHE_EXT * SMART error logging * SMART self-test * General Purpose Logging feature set * Gen1 signaling speed (1.5Gb/s) Security: Master password revision code = 65534 supported enabled locked not frozen not expired: security count not supported: enhanced erase Security level high 52min for SECURITY ERASE UNIT. Integrity word not set (found 0x0000, expected 0xb8a5) [link] [comments] ...