{"id":579,"date":"2011-11-28T23:09:00","date_gmt":"2011-11-28T23:09:00","guid":{"rendered":"http:\/\/zensonic.dk\/?p=579"},"modified":"2017-04-09T10:03:05","modified_gmt":"2017-04-09T10:03:05","slug":"brute-force-password-cracking-of-ata-security-locked-harddrives","status":"publish","type":"post","link":"https:\/\/zensonic.dk\/?p=579","title":{"rendered":"Brute force password cracking of ATA security locked harddrives"},"content":{"rendered":"<p>Recently I found a <a href=\"http:\/\/www.thinkwiki.org\/wiki\/Category:X41\">x41 thinkpad<\/a> in good condition, but with a locked 1.8&#8243;\u00c2\u00a0drive. I google a bit and found that there is almost no chance of buying a new 1.8&#8243; drive. So now what? I could mod the machine with <a href=\"http:\/\/wiki.marek-walther.de\/wiki\/projekte\/pimpmeup\/thinkpad_x41_hdd_upgrade_pata\">SSD like this guy<\/a> has done. Or I could try to crack the password of the 1.8&#8243; drive. I&#8217;ll try the latter before I give in an mod the machine.<\/p>\n<p>So how do I crack the password of a 1.8&#8243; drive. You can buy all kinds of stuff of the internet. And lo and behold. <a href=\"http:\/\/www.hddunlock.com\/\">Someone<\/a> claims to be able to give you the master password if you give them some stash.<\/p>\n<p>Instead of handing out my money to strangers on the internet, I read the <a href=\"http:\/\/t13.org\/Documents\/UploadedDocuments\/project\/d1410r3b-ATA-ATAPI-6.pdf\">ATA specs<\/a> and tried to do it like this:<\/p>\n<ul>\n<li>Realize that the drive is in maximum security mode. So you have to cycle the drive power for every X failed tries with the user password. Go for a security erase of the drive with the master password instead. Might be a harder password, but atleast I can try unlimited amount of times without the drive demanding a power cycle.<\/li>\n<\/ul>\n<p>So I ended up like this<\/p>\n<ul>\n<li>Download <a href=\"http:\/\/www.ubuntu.com\/\">ubuntu<\/a> 10.04. Create bootable usb pen.<\/li>\n<li>pull out the drive of the x41<\/li>\n<li>Boot the x41 of the usb pen<\/li>\n<li>put the drive back into the x41 while ubuntu boots.<\/li>\n<li>issue &#8216;echo &#8220;- &#8211; -&#8221;\u00c2\u00a0 &gt;\u00c2\u00a0 \/sys\/class\/scsi_host\/host0\/scan<\/li>\n<li>download <a href=\"http:\/\/www.openwall.com\/john\/\">john the ripper<\/a> from openwall together with a dictionary.<\/li>\n<li>compile john the ripper.<\/li>\n<li>Figure out details of the drive with hdparm -I \/dev\/sda<\/li>\n<li>Execute this command: .\/john &#8211;wordlist=.\/all &#8211;stdout | while read pass ; do hdparm &#8211;security-erase &#8220;$pass&#8221;\u00c2\u00a0 \/dev\/sda ; if [ $? -ne 5 ]; then exit 1; fi ; done &gt; \/dev\/null 2&gt;&amp;1<\/li>\n<\/ul>\n<p>Presently I brute force attack the drive with 1000 words pr. second. Might not yield anything. But atleast I tried <img src='https:\/\/zensonic.dk\/wp-includes\/images\/smilies\/icon_wink.gif' alt=';-)' class='wp-smiley' \/> <\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Recently I found a x41 thinkpad in good condition, but with a locked 1.8&#8243;\u00c2\u00a0drive. I google a bit and found that there is almost no chance of buying a new 1.8&#8243; drive. So now what? I could mod the machine with SSD like this guy has done. Or I could try to crack the password [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16,19,22,6],"tags":[],"class_list":["post-579","post","type-post","status-publish","format-standard","hentry","category-fun-projects","category-linux-lvm","category-power-hardware","category-unix"],"_links":{"self":[{"href":"https:\/\/zensonic.dk\/index.php?rest_route=\/wp\/v2\/posts\/579"}],"collection":[{"href":"https:\/\/zensonic.dk\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zensonic.dk\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zensonic.dk\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/zensonic.dk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=579"}],"version-history":[{"count":0,"href":"https:\/\/zensonic.dk\/index.php?rest_route=\/wp\/v2\/posts\/579\/revisions"}],"wp:attachment":[{"href":"https:\/\/zensonic.dk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=579"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zensonic.dk\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=579"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zensonic.dk\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=579"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}