Slashdot Mirror

← Back to Stories (view on slashdot.org)

How To Head Off ATA HDD Password Abuse

Posted by timothy on from the I-did-not-know-that dept.

An anonymous reader submits "German c't magazine has a story about abusing the security features of ATA hard disks. The bottom line is that almost all ATA hard disks in desktop PCs can be password-protected. However, on most desktop PCs, the BIOS does not support locking this option -- so viruses or malware could set a random password, making any data unreadable unless recovered by professionals."

9 of 215 comments (clear)

  1. professional? by AmigaAvenger · · Score: 4, Informative
    unless recovered by a professional? It takes all of 2 minutes to make a boot disk with atapwd and reset it. Besides, the reason no virus does this is because it needs an operational machine. If you lock out the drive you aren't going to spread yourself very far.

    Here is a website that shows how to unlock it, and you don't even have to be a professional!

    http://www.rockbox.org/lock.html

    1. Re:professional? by C_To · · Score: 3, Informative

      Did you read the bottom part of the page you quoted? It said there was no way to fix the ATA password in Maximum security mode without knowing what it is.

    2. Re:professional? by warrior · · Score: 5, Informative

      No, you cannot use atapwd to reset it. There are two passwords, a master and a user. If you know the master password, you can use atapwd to reset the user password. These passwords are stored across platters and are stored as a checksum in flash on the HD controller. Resetting the password is not trivial at all. There are two options, use a logic analyzer and try to intercept the pieces of the password on it's way in to generate the checksum (haven't heard of anyone being able to accomplish this), or take the drive apart in a clean room, erase the password of the platters and attach a virgin controller. There are no companies in the US that will do either of these for you, and I don't think that's a coincidence. The very few (3-4) companies that perform this service make very good money of it. If you don't believe me, set your master ATA pwd to a known value and try to reset it by any means _without_ using the password. You can't, you're hosed. Most people at this point chuck the disk, they're cheap. But if you need the data you'll pay anything. The idea behind it is that should it get stolen, the data is safe. The companies that do data retrievel require proofs of ownership. However, for the fool that forgets or accidentally sets the password, you're hosed. For those of you that own Toshiba 80GB laptop hdds, beware, there's a flaw in the controller that may glitch and set a random password for you. In that case you'll want to talk to Nortek.

      --
      Intel transfer the difficult from Hadware to software, for get more power, programmer need more technology. -- chinaitn
    3. Re:professional? by darkwhite · · Score: 3, Informative

      Your reasoning is correct - that should be the easiest way. But I'm willing to bet the HDD manufacturers don't have a few of these laying around because if it became known that a particular HDD has password-bypassing controller boards available on the grey/black market, the corporations who use this feature as part of their security procedures would stop buying that manufacturer's drives.

      --

      [an error occurred while processing this directive]
    4. Re:professional? by evilviper · · Score: 3, Informative
      you can wipe the disk for a recover if the master password is tampered.

      No, you certainly can't.

      The hard drive will not accept any commands until you give it the correct password (stored in an eeprom). You'll get a stream of errors even if you just try to cat zeros to the drive's device.

      In case it isn't obvious, I have first-hand experience with this, though on notebook drives, never desktop drives.
      --
      Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
  2. Re:why would you do this? by tivoKlr · · Score: 5, Informative

    Well, for software modding an Xbox for starters.

    Xboxen will only boot from a locked hard drive, and to modify the files on an Xbox to, you know, allow you to run your own home written unsigned code, you need to be able to lock the drive once you've modified it to get the Xbox to recognize it.

    I have encountered bioses that won't allow you to lock or unlock drives. Very annoying...

    --
    Ocean is land, covered with water.
  3. Re:the word being "could" by kwalker · · Score: 4, Informative

    Yes but the MOST successful viruses go years before they kill the host so as to maximize their infection rates. Plus often when a virus kills the host it's because the virus became TOO successful. Some viruses, like some of the herpes viruses, never kill the host, thereby living as long as the host organism does.

    --
    ... And so it comes to this.
  4. Recent destructive worm by Bunyip+Redgum · · Score: 3, Informative

    but when was the last highly destructive virus you saw ?
    What about the witty worm?
    It spread in less than an hour and the proceded to destroy data on the hosts hard disks.

  5. Re:easy prevention: only set administrator passwor by argent · · Score: 3, Informative

    There is no "administrator password". The "master password" is like a janitor's master key. It's a failsafe to let you unlock the drive if the user password was set.

    The incredibly stupid thing is there doesn't seem to be a way to say "disable the password mechanism completely". IMHO, this should be the default state, and it should require physical access to the drive (say, with a jumper) as well as (of course, any passwords) to switch it from one state to another. A laptop could connect that jumper to an external "security" button that you hold down while the BIOS does its thing.