15 replies to this topic

[m2mike]

Well, I finally have a need to get around a password protected hard drive on a Dell Latitude D600. I know there are a few methods that can be used to do this, but I wanted to post here and see if anyone can suggest anything else.

The hard drive in question has a password on it. I believe the term is "platter locked".

What I know of follows:

http://www.rockbox.org/lock.html

The utility atapwd, linked at the above url, looks like it might work, but I haven't gotten it to work yet.

http://a-ff.com/products/rrs/drives/

This is a company that provides an unlocking service for around $60.00. I don't want to spend money though.

http://www.vogon-for...cracker-pod.htm

These guys sell hardware and software that can clear the password and then image a drive for forensic purposes. I don't think they sell to civilians though.

There is also a thread on this elsewhere:

http://www.hardwarea...opic/34045/?o=0

Any thoughts as to where I should go to get this done?

Edited by m2mike, 26 September 2005 - 05:55 PM.

[tokachu]

Remove the 2.5" IDE drive from its casing, then attach a 2.5" IDE adaptor to it and plug it into your computer. It'll cost you $9.99 at the most.

[Rightcoast]

I spent about an hour reading everything you have probably read m2mike. I don't know anything more than you do on this at this point, but agree that atapwd is going to be what you need to get working. After 2 years of back and forth on that Experts-Exchange thread, and all the rest of the references I found on this, that seems to be the key.

The hot swapping may work as some people around the net have said. I did this once to get data off an ATA drive on a system where the BIOS had no setting to see PATA before the SATA would boot up. The adapter suggested above, plus the balls to plug it in hot as the OS loads up may get the data off. Still can't format the drive, but I don't know if it's the data or use of the drive your really after.

What I did was plugged the ribbon cable in, then plugged in the Molex as the OS started booting.

Edited by Evolve, 26 September 2005 - 09:09 PM.

[lowtec]

This sounds really interesting, and I'd love to help.. I'll post again later this weekend. I have seen some russian site (passwordcrackers.com or something) that offered to decrypt or unlock hardrives like this. It would be neat to figure out how it's done.

[st0rm]

Well, I finally have a need to get around a password protected hard drive on a Dell Latitude D600. 

Hmm.. can you provide more information ? (or am i missing something you said?) What type of encryption is it using?.... or more better of a question How exactly is this drive protected ? (PGP Whole Disk Encryption? TripleDes? Just a folder pass? etc..?)

and one more question...How exactly did you come around a password protected laptop drive? lost and found/stolen?


should be interesting..post updates and good luck

[Rightcoast]

Well I kept looking a little bit, and hopefully the ultimate boot cd can help you. It comes with ATAPWD included.
http://ubcd.sourceforge.net/

Shitty option, and you said no money is to spent but yeah, the AF-F Repair Station is 69.95. If you have to, I suppose it's the cheapest way from what I have seen. It also will work on the machine you have.

I just wanted to let you guys know that it worked like a charm. I ran a recovery on a Fujitsu MTH2040AH laptop hard drive from a Dell Latitude D600, having connected the drive as the secondary master on my workstation. It only took 2-3 minutes, and after it finished and I did a hard reset, the drive was accessible again. I made an image of the drive just to be safe, then I popped it back into the laptop. It booted and loaded Windows without problems.

I also read about a program called MastID that can read the ID string of the hard drive. Possibly useful since it likely is used to generate the algorithim, but probably not that useful.

That stuff said, I suppose if you could get a hold of some nice data recovery gear that can rewrite servo tracks or something your in business. You could also try as_a_last_resort putting the platters in a different drive. It's bound to fail, usually requiring a level 10 or better clean room, but worth a try. If you go that route, clean the shit out of the room, and find a couple pages like this one to get an idea of what the drive internals are. I think it might be possible to cannablize a drive with this one to get the data off, if that was the goal.
http://www.overclock...s1035/index.asp

Good Luck man, let us know how it works out. I'm sure you've noticed that the people who have figured out how to crack the firmware and rewrite the password quickly are keeping it really close to the vest. It's pretty profitable with so many businesses using, and people locking themselves out of, laptops.

EDIT: I found a few more things you could look through:

http://www.xbox-scen...cles/pc-hdd.php
http://www.xbox100.c...wsofthacks.HTML

A few more tools you could check out:
http://konsolenprofi...load.php?id=758
http://www.xbox-hq.c...oads-cat59.html

Edited by Evolve, 01 October 2005 - 10:54 AM.

[Rightcoast]

I'm back in this boat at work, with a different drive. This is as much a gripe as anything else, but what the fuck is this?!

  7. For Toshiba and Hitachi disks, if the above doesn't work: Choose "unlock with master password", then "disable with master password". The password is all spaces.

from the atapwd txt file

How many spaces is all spaces? (hitachi drive)

Damn.

[chaostic]

I'm back in this boat at work, with a different drive. This is as much a gripe as anything else, but what the fuck is this?!

   7. For Toshiba and Hitachi disks, if the above doesn't work: Choose "unlock with master password", then "disable with master password". The password is all spaces.

from the atapwd txt file

How many spaces is all spaces? (hitachi drive)

Damn.

 

When in doubt, go with 8 spaces.

[Rightcoast]

I give up. This user is just fucked. I tried 1 .. 20 spaces and no dice. As well as blank for both master and user pw's.

I think that I just can't get atapwd to work with this particular drive, just like m2mike couldn't.

[lowlevelup]

This was a while back, and i don`t know if this will help any, but i found out that the MBR was password protected. So you had to enter the password before the OS booted. I used a floppy disk to boot the OS bypassing the MBR

[Exvitel]

This was a while back, and i don`t know if this will help any, but i found out that the MBR was password protected. So you had to enter the password before the OS booted. I used a floppy disk to boot the OS bypassing the MBR

 

You can password protect the MBR? Cool, at first I was going to say that maybe you were thinking a BIOS password, but nope

[lowlevelup]

This was a while back, and i don`t know if this will help any, but i found out that the MBR was password protected. So you had to enter the password before the OS booted. I used a floppy disk to boot the OS bypassing the MBR

 

You can password protect the MBR? Cool, at first I was going to say that maybe you were thinking a BIOS password, but nope

 

yes, you can. and if i remember right you can also do it with Smart BootManager (SBM) SBM is a boot loader that is completily in the MBR. The password is not encrypted (i think) but you have to have it in order to continue to boot.

[telesniper]

You might want to consider, as a last resort, replacing the controller card of the HD with one from an identical unit purchased of of eBay. Admittedly, a delicate task with a 2.5" notebook drive, but not at all infeasable.

I was poking around. atapw should work, but it will not work on ALL drives. The password is set into the firmware of the controller card of the HD.

Of course, this is only a solution if the data on the drive is more valuble than the cost of replacing it.

[Rightcoast]

This was a while back, and i don`t know if this will help any, but i found out that the MBR was password protected. So you had to enter the password before the OS booted. I used a floppy disk to boot the OS bypassing the MBR

 

Nah, lowlevelup. Once this password is set, there is no easy way to get back at that data. I work for a county, and we threw everything we had at it, including swapping the HDD's board as telesniper suggested (it was actually an out of the box idea I had that I thought would work, since we have hundreds of users using the same notebooks). Nothing worked, it's going to a specialty data recovery firm in CA. The data must be checked, it was locked by a person no longer employed here, an IT worker who violated every procedure we have in doing this. The question we are asking is why .... heh.

Oh yeah, and there is a lesson here. This shit is fucking hard to get around without big government resources (I've been told the AFF repair station I mentioned earlier is useless here). Local officials would likely be left holding their nutsack if they came into possesion of your drive.

Edited by RightCoast, 26 April 2006 - 07:43 AM.

[lowlevelup]

This was a while back, and i don`t know if this will help any, but i found out that the MBR was password protected. So you had to enter the password before the OS booted. I used a floppy disk to boot the OS bypassing the MBR

 

Nah, lowlevelup. Once this password is set, there is no easy way to get back at that data. I work for a county, and we threw everything we had at it, including swapping the HDD's board as telesniper suggested (it was actually an out of the box idea I had that I thought would work, since we have hundreds of users using the same notebooks). Nothing worked, it's going to a specialty data recovery firm in CA. The data must be checked, it was locked by a person no longer employed here, an IT worker who violated every procedure we have in doing this. The question we are asking is why .... heh.

Oh yeah, and there is a lesson here. This shit is fucking hard to get around without big government resources (I've been told the AFF repair station I mentioned earlier is useless here). Local officials would likely be left holding their nutsack if they came into possesion of your drive.

This shit sounds pretty good? how can i do this to my hard drive or is there a way?

[Rightcoast]

This can be enabled in the bios of a lot of laptops now. From what I understand, the forensics guys could have unlocked the drive but not without erasing the data. It didn't make a lot of sense to me why that is, I was on to something else and don't know why that is. Maybe someone else knows. He mentioned something about the specific ATA command that could be used to delete the data, in conjuction with an ATA utility, but not recover it. I thought maybe using a logic analyzer would have worked to read the password as it is passed to the controller, but I couldn't find one to use, not that I ever had used one, but it would have been worth a try.

Yeah though lowlevelup, this was locked from a bios option called Hard Disk Password I believe, or something pretty similar sounding.