Slashdot Mirror

← Back to Stories (view on slashdot.org)

How To Head Off ATA HDD Password Abuse

Posted by timothy on from the I-did-not-know-that dept.

An anonymous reader submits "German c't magazine has a story about abusing the security features of ATA hard disks. The bottom line is that almost all ATA hard disks in desktop PCs can be password-protected. However, on most desktop PCs, the BIOS does not support locking this option -- so viruses or malware could set a random password, making any data unreadable unless recovered by professionals."

4 of 215 comments (clear)

  1. professional? by AmigaAvenger · · Score: 4, Informative
    unless recovered by a professional? It takes all of 2 minutes to make a boot disk with atapwd and reset it. Besides, the reason no virus does this is because it needs an operational machine. If you lock out the drive you aren't going to spread yourself very far.

    Here is a website that shows how to unlock it, and you don't even have to be a professional!

    http://www.rockbox.org/lock.html

    1. Re:professional? by warrior · · Score: 5, Informative

      No, you cannot use atapwd to reset it. There are two passwords, a master and a user. If you know the master password, you can use atapwd to reset the user password. These passwords are stored across platters and are stored as a checksum in flash on the HD controller. Resetting the password is not trivial at all. There are two options, use a logic analyzer and try to intercept the pieces of the password on it's way in to generate the checksum (haven't heard of anyone being able to accomplish this), or take the drive apart in a clean room, erase the password of the platters and attach a virgin controller. There are no companies in the US that will do either of these for you, and I don't think that's a coincidence. The very few (3-4) companies that perform this service make very good money of it. If you don't believe me, set your master ATA pwd to a known value and try to reset it by any means _without_ using the password. You can't, you're hosed. Most people at this point chuck the disk, they're cheap. But if you need the data you'll pay anything. The idea behind it is that should it get stolen, the data is safe. The companies that do data retrievel require proofs of ownership. However, for the fool that forgets or accidentally sets the password, you're hosed. For those of you that own Toshiba 80GB laptop hdds, beware, there's a flaw in the controller that may glitch and set a random password for you. In that case you'll want to talk to Nortek.

      --
      Intel transfer the difficult from Hadware to software, for get more power, programmer need more technology. -- chinaitn
  2. Re:why would you do this? by tivoKlr · · Score: 5, Informative

    Well, for software modding an Xbox for starters.

    Xboxen will only boot from a locked hard drive, and to modify the files on an Xbox to, you know, allow you to run your own home written unsigned code, you need to be able to lock the drive once you've modified it to get the Xbox to recognize it.

    I have encountered bioses that won't allow you to lock or unlock drives. Very annoying...

    --
    Ocean is land, covered with water.
  3. Re:the word being "could" by kwalker · · Score: 4, Informative

    Yes but the MOST successful viruses go years before they kill the host so as to maximize their infection rates. Plus often when a virus kills the host it's because the virus became TOO successful. Some viruses, like some of the herpes viruses, never kill the host, thereby living as long as the host organism does.

    --
    ... And so it comes to this.