Has anybody ever used the "Shinobi hard drive password remover" for removing passwords from locked hard drives?
It says "it removes passwords from locked hard drives in under 2 minutes."
I usually do not believe this kind of advertisements. So, for verification, do you have experience with this product?
Thank you.
The links are below
http//
http//
The web page sounds like it does the job and I see that the supported drive list is limited (most manufacturers have fixed the security hole that allowed cracking) My6 guess would be thatit works as advertised, but on a very small number of drives.
The way disk drive password crackers worked back when our team was looking at them 12 years ago was that the password was passed to the drive a character at a time and the drive processed the password linearly and reported back as soon as it received a wrong character. This meant that for a password (sandy) you could pass aaaaaaaaaa baaaaaaaa caaaaaaa etc. measureing the period until an error was returned (i.e. until you got the slower than average error) return, this meant that the first character was correct but the second was wrong, and then continue with saaaaaaaaa sbaaaaaaaa….
We haven't tried this product, but we have had some business dealings with Steve at PCTestpro over several years.
I would be surprised if he was selling something that straight out didn't work at all.
On the other hand the list of supported drives is surprising long. It would be surprising that all these manufacturers would have the same flaw and didn't fix it. Would be trivial to fix if it was just an exploit on the time required to check the password.
Passmark - from a cursory glance the list of drives is in the main quite old and given the number of drives that have been on the market I would say the list is very short. The majority of drives appear to be under about 250GB
While it is trivial to fix, it is only going to be fixed when it is perceived to be a problem - 12 years ago no one was cracking these passwords, even 5 years ago it wasnt common knowledge.
It may be (speculation) that the methods used to deal with an entered password is part of the ATA spec (never checked), and changing anything written by committee takes an age.
I did a bit more research, it seems the brute force approach won't work. The drives lockup after 5 failed password attempts, and then require a hard power down.
The trick seems to be to either read the firmware on the HDD and get the password (often in clear text), or overwrite the firmware to reset the password, or to just clear the firmware flag saying the drive is locked.
But reading the firmware isn't part of the ATA command set. So you need to use a secret protocol, which it seems is different per manufacturer. Then some knowledge is needed of the firmware layout and position of the flag or password in the firmware dump.
Makes me wonder if you could use the manufacturers firmware updated tools, like this one,
http//
To reset the firmware and the password? Would be worth a try if you had a spare drive sitting around to experiment on.
I did a bit more research, it seems the brute force approach won't work. The drives lockup after 5 failed password attempts, and then require a hard power down.
I still have a little box in my spares store that sits between my PC and the molex power socket on an IDE drive that allows me to cycle the power by a controller operated via a serial port.
If you read my original post this is something that we did - it wasn't a theory, it worked in practice.
Thank you for the answers. It seems it is worth trying, at least the advertisement does not seem to be a hoax.
Thank you for the answers. It seems it is worth trying, at least the advertisement does not seem to be a hoax.
a more general (if complicated) solution might be PC3000.
I did a bit more research, it seems the brute force approach won't work. The drives lockup after 5 failed password attempts, and then require a hard power down.
I still have a little box in my spares store that sits between my PC and the molex power socket on an IDE drive that allows me to cycle the power by a controller operated via a serial port.
If you read my original post this is something that we did - it wasn't a theory, it worked in practice.
I've spoken to the guy who did all the development on this device, it was cleverer than just brute forcing the password.
"The cracker used a combination of methods depending upon the drive being worked on. Mostly brute force and firmware backdoors."
I've spoken to the guy who did all the development on this device, it was cleverer than just brute forcing the password.
"The cracker used a combination of methods depending upon the drive being worked on. Mostly brute force and firmware backdoors."
When R first came to me with his proposal (and I admit I thought he was wasting his time) it was a brute force only device - the firmware backdoors came some time after I left.
