Archive for November, 2011

Brute force password cracking of ATA security locked harddrives

Monday, November 28th, 2011

Recently I found a x41 thinkpad in good condition, but with a locked 1.8″ drive. I google a bit and found that there is almost no chance of buying a new 1.8″ drive. So now what? I could mod the machine with SSD like this guy has done. Or I could try to crack the password of the 1.8″ drive. I’ll try the latter before I give in an mod the machine.

So how do I crack the password of a 1.8″ drive. You can buy all kinds of stuff of the internet. And lo and behold. Someone claims to be able to give you the master password if you give them some stash.

Instead of handing out my money to strangers on the internet, I read the ATA specs and tried to do it like this:

  • Realize that the drive is in maximum security mode. So you have to cycle the drive power for every X failed tries with the user password. Go for a security erase of the drive with the master password instead. Might be a harder password, but atleast I can try unlimited amount of times without the drive demanding a power cycle.

So I ended up like this

  • Download ubuntu 10.04. Create bootable usb pen.
  • pull out the drive of the x41
  • Boot the x41 of the usb pen
  • put the drive back into the x41 while ubuntu boots.
  • issue ‘echo “- – -”  >  /sys/class/scsi_host/host0/scan
  • download john the ripper from openwall together with a dictionary.
  • compile john the ripper.
  • Figure out details of the drive with hdparm -I /dev/sda
  • Execute this command: ./john –wordlist=./all –stdout | while read pass ; do hdparm –security-erase “$pass”  /dev/sda ; if [ $? -ne 5 ]; then exit 1; fi ; done > /dev/null 2>&1

Presently I brute force attack the drive with 1000 words pr. second. Might not yield anything. But atleast I tried ;-)