After spending a few hours working on this and finding it very interesting I now write this little article to maybe help or guide people having the same problem as me, because in my opinion this really simple matter isn’t covered enough on the internet. Don’t get me wrong it is extensively covered, but most of the coverage repeats and rehashes the same thing over and over again. There is no new knowledge and no community (that I found) that works on this.I found the hddguru forum helpful, but exchanging real information isn’t common in there.Most times I found a question that was askable the second or third post would be like “We can’t verify it’s your hd so we can’t help”.This seems to be purely because of the lack of knowledge because they didn’t seem to have a problem with the thread itself. But let me start at the beginning: One week ago my uncle gave me a laptop hdd of a colleague.This guy had a friend help him setup his pc and lock his laptops hd with a password.After a few months of not using or needing the laptop both of these guys forgot the password and tried guessing it (guess how that went).My uncle is the PC expert of their choice and so they let him work on it.Because he had no luck unlocking he asked me to take a look at it.

Sep 09, 2017 Repair Station is in fact a pack of two. One is ATA password removal and another is a diagnostic and recovery tool for HDD firmware area. There are two. METHOD #1 Do search with Bing for atapwd or 'ata password' its part of the new ATA spec. You can enter a 'master password' that will remove the 'user.

This was the first time I had ever seen someone use this feature.If someone gave me this without telling me that it was locked I would probably just insert it into my usb sata reader see input output errors and forget it and even if I would have inserted it into my desktop pc I probably wouldn’t have checked hdparm for the locked status.Now if I get a hd like this,this will be one of the first things I’ll check. Now how did I go about it? After a short search I found a few sites and links I thought could be helpful.Especially seemed interesting.I even found additional infos on.The people didn’t seem that interested in it, even thought it helps you recover your hdd password. So I downloaded the image and booted it, the third PC I tested it on even recognized my sata controller and succesfully identified my hard disks. Sidenote: I didn’t write on the article for 2 month now so the whole thing isn’t as fresh in my memory as it could be Sadly it didn’t work all too well. I was using a Seagate hd and this only seems to work for WD hds.Some commands just didn’t get executed. Anyway after a while I found.Now I could play around with a serial console,for which I had no documentation.

After I played with it for a bit I started to see that this actually might lead to something.A quick google helped and I actually found a pdf that documented the. Another 5 minutes later I saw the first few lines of memory and buffer (Dxx and Bxx).

Psp Custom Firmware 5.55 M33. Driver For Usb Vag 106. I still didn’t know what to expect of this output, but I had a new angle I could work on. I don’t want to go into to much detail for now, but I quickly realised that I could easily write a script that dumps the buffer and the memory for me and hopefully that would lead to something.I already read somewhere that you could unlock the hd by writing something to the memory of it and I thought to myself that I would have to find out how to do this if I couldn’t find the password in one of the dumps.I can tell you I didn’t had high hopes for this,I already planned on writing an entry for the Hackaday “Fail of the Week” series. 2 hours and 2 python scripts later I had my first working POC.For aesthetics I also hacked together a wget style status and watched the memory dump crawl 🙂 Another half an hour later I had the complete dump. Like I said I wrote this for someone else,I gave him the hd back after I unlocked it so, no part numbers for you. But it doesn’t matter because I tested it with 3 disks that all had different offsets. That’s why I made the little script called extract-pw Right now I’m rewriting this whole mess I call code 😉 But if you got your hd simply hook it up to your pc like described in the hackaday article I linked to (the one to fix the seagate bug), run one of the dump scripts (I think see.py is the newest right now) and then you can extract the pw using the script linked above.The address changes but not the “frame” around it. Hope I could help.