How To Head Off ATA HDD Password Abuse
An anonymous reader submits "German c't magazine has a story about abusing the security features of ATA hard disks. The bottom line is that almost all ATA hard disks in desktop PCs can be password-protected. However, on most desktop PCs, the BIOS does not support locking this option -- so viruses or malware could set a random password, making any data unreadable unless recovered by professionals."
but when was the last highly destructive virus you saw ?
virus writers/skripterz have long since learnt, if you kill the host it is of no use to you, you achieve nothing
99% of viruses today are trojans because you can use your fancy stealth infection/propogation routines AND make a profit if you keep the host alive, locking a HD would be pointless and contrary to opinion most Virus writers are not stupid, misguided perhaps but not stupid
The problem is that if BIOS doesn't disable the function, a "well"-(i.e. viciously)-positioned malware (early in the boot process) could lock the hard drive on first reboot even before any protective software can kick in.
Why on earth would you want to password "protect" a hard drive? How would that be any better than properly encrypting your files?
Speed.
Only very sophisticated organizations have the means to lift data off a password-protected hard drive. Encryption, while more durable in that regard, sacrifices speed with every access to the files in question.
[an error occurred while processing this directive]
Further, it shouldn't be that hard to solve this problem. The drive reads the data off the disk. There's a ribbon cable between the controller board and the disk. Tap the data stream. Feed it into a logic analyzer that has a digital data ouptut (e.g. a USB logic analyzer). Take the data captured, find the sync bytes, then shove the remainder into an RLL decoder.
Now figure out the ECC format used (it will typically be four bytes at the end of each sector, but this may vary). Strip the ECC bytes. You now have a track image of the track in question, probably with some extra sync bytes between sectors, but I'm not sure. If you want, you could simply single-step the drive motor repeatedly and copy the entire disk this way, but it is probably more effective to write a program that scans for things that right be an ATA password and tries them sequentially.
To make this easier, every 4 passwords or so, the tool should ask you to power-cycle the drive. To facilitate this, take a power extender cable and cut the 5v line. Put a momentary off pushbutton inline. Press for a second and then release. In all likelihood, you should only need to power cycle the drive electronics, not the drive motor (12v).
I've never tried this, of course, but in principle, it shouldn't be that bad....
120 character sigs suck. Make it 250.