I work for a Technology Consultant, Baker Robbins & Co., in Houston, TX. I work in the Forensic and E-discovery practice group. I have been researching "locked" hard drives and solutions. From all my research , over 2 months of all day, every day research I came to these conclusions.
1. There is no universal way of unlocking all types and models of hard drives.
2. Logic board swapping, and platter swapping will not bypass "locked" hard drives
2. There are many ways to lock hard drives, but the common thread is that the password is stored on what are referred to negative cylinders on the disk.
3. Negative cylinders can contain around 100MB of data.
4. Software alone can never "crack" this method of protection because of the logic in which the ATA-3 standard was created.
5. The general way to bypass this protection is to buy or develop a device that is able to access these negative cylinders, and or the firmware on the logic board.
5a. If you get to the negative cylinders of the hard drive the password will be there HEX form. Each make and model places the password in a different location within these negative cylinders.
5b. If you have the know how, you can crack the firmware on the logic board and or re-write the firmware to not look for the password when the device is turned on. For forensics purposes this method would not be an advisable solution.Im sure I left out some points, but these are some of the more important ones. Oh and there are devices for sale that can do this. They are very expensive around the $10,000 range. I apologize but I cannot tell you what device we use. I hope this information can guide you to the answer you are looking for. If you cannot find the answere search in the data recovery forums.
The above information is good, but not totally accurate. Although the password is often stored in HEX, on the more 'businessy' machines it is now encrypted too! There are still ways of accessing this password, that is by removing specific semi-conductors from the PCB, and using the information on them to crack the encryption. It is a very timely and costly way of doing this, but it works.
To manipulate the firmware, you need to have access to a database of modules - but thats another story!
Simon
I am not very familiar with ATA secure mode. Can anybody recommend a good tutorial for using it under Linux? (something beyond the hdparm man page). Thanks,
We can do it too at
The password is kept mainly in the system area of the hard disk drive. Some manufacturers also encrypt them, some put part of the password on a chip on the board and also in the system area on the platter.
If you have access to both areas then you are pretty much sorted!
Regards,
Simon