My Weekend Project - Locked HDD's
Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: My Weekend Project - Locked HDD's

  1. #1
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744

    Post My Weekend Project - Locked HDD's

    This Thread stsrted in the Addicts And it was recommended that we move it on up here:

    Hi Guy's

    A phoene call from a friend (of virus fame), has lead me on a bit of a quest:

    He purchased a number of 10Gb Seagate HDDs on ebay, these were supposedly out of working XBox's.
    When he connec ted them up in a test system, recognised in BIOS, but no data..ok no problem
    Fdisk, partition magic. ranish?..nope.. only a subtle message on one of the tools "Locked Drive"
    Now untill he said that, I was thinking he had blown his house keeping on a set of door stops..
    now after reading a few of his links we have learnt a little on the problem.. as well created a few questions for regular repair decisions.

    1/ The xbox Locks the HDD in (the HDD's) BIOS, apparently many HDDS are lockable. (the locked HDD and the xbox bios go to gether.. you can't just stick the hdd in another xbox and play the two passwords will be different).
    2/ Malware can also Lock the HDD
    3/ So can random System problems, hardware, psu etc
    4/ There are tolls available to lock and unlock the HDD's.. well unlock IF you have the locking password
    5/ No bastard on any of the sites I have visited know anymore than I have posted here, save some furfy passwords..
    6/Some manufactures have a "Universal" Password..(or is this a urban ledgend)


    so my questions:

    1/ Anyone had anything to do with locking HDD's or encountered a locke hdd (I suspect now I have seen many..unknownly)
    2/It must be possable to read the HDD's BIOS, and if not get directly to the encrypted password, at least be able to reflash the BIOS
    3/ Just how many dead HDD's are out there that are only locked..

    I have to go.. I will post some Links for your reading when I return
    A reply from groovicus

    It sounds like an interesting project. I have a thought and a question (for when you get back) ..actually, I really don't want to know the answer to my question, so I'll just skip it

    From what I understand, even if you are able to get it unlocked, the format will still be as such that your test box still won't be able to read it....

    It still sounds like a fun way to spend a weekend.
    instronics offered some help and recommended that everyone else will benifit from this thread:

    My Follow up Post: (while insotronics was posting his):

    Back:

    The first info was to work out what the hell was going on so where else but google and what looked like the best sort of site to get some good goss.. A XBox hacker site.. this page at xbox-linux project was my first stop. Followed by a bit of filler from xbox-scene.. so far I am at risk of becoming a XBox Hacker most of the other links were xbox related This one was handy for tools: Rockbox

    So As I said in my first post the "Lock" appears to be in the HDD's "BIOS".. i am calling it the BIOS untill I am corrected.. So it isn't a File system specific thing.. we have tried various tools (we are lost to find a low level formating tool..and i suspect we will be f...d there as well) and all have failed.. we have tried some suposed "Manufacturer" passwords, and no results.. and my pity is I had only three weeks ago thrownout some 20 or so hdd's of which a few would have been good candidates for a unlocking experiment - ie the symptoms ar that of what we see here...

    I am currently looking into a more techno side of the problem.. ie: using "tool" to read the BIOS.. this is to enable comparison with other known good hdds and locked hdds.. with a view of - flashing the bios and returninng the drive to normal operation..
    This is important to me as it likly could involve a virus infection or a hardware failure that locks a customers or worse a work PC.. I want to be prepared for such an occasion..

    I will attach most of the usable links to thios post for any that are interested.. whail 99% is XBox related.. the basics of Drive locking can be gleaned from these links..

    On with my Quest

    Ok There you have it.. so far..

    Cheers
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  2. #2
    Senior Member
    Join Date
    Jul 2003
    Posts
    634
    Im not sure whether this would work, but i assume that the disk is locked by the eeprom on the board? well could you not just get the same harddisk and copy the eeprom to the xbox's HD's eeprom?

    Or is it locked on the disk itself? if so that makes it harder, but i would have thought you'd be able to look at the sectors of the disk,

    its a pretty interesting project, I liked the link to xbox linux about using a logic analyser, looked quite complex, and i can't say ive seen many with the capability to have 30+ probes running at the same time,

    i2c

  3. #3
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Hi, Undies,

    eeprom.............RC22 chips?.................I do not know Xboxes.............is the chip on the MoBo, or on the HDD..............all this sounds kind of familiar, but in a dfferent context.

    Please PM me, as I do not wish to discuss this "in front of the children".............like I need to cover my A$$..................you can the post the answer, in a "sanitised form".........

    Think about getting a shipment of a few hundred Dell and Compaq stolen laptops...........

    I hope you understand my comment?............hell I know that YOU are OK.....?


    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  4. #4
    Senior Member
    Join Date
    Oct 2001
    Posts
    786
    How about switching out the circuits underneath the HDD?

    I have never played any XBox games, let alone take apart an XBOX. But if you could figure out the manufactuer of the HDD, and find a compatible HDD from that manufactuer, would replacing the XBOX's HDD controller with the normal controller fix it?

    Again, just a random thought. I have no idea if those things can even be replaced, and weither or not the XBOX is made to prevent that from happening... Good luck, and have fun.

    -Tim_axe

  5. #5
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    From the information I have gleaned:

    The easy way to unlock the Xbox HDD's is to have the original machine they were removed from.. Have the machine modded..so as to run on of the linux versions.. a couple of tools and voila one unlocked hdd..

    And so far on the project:

    We got a hold of an old, working hdd (seagate - 10G dif model to the Xbox babies): partitioned and formatted .. copied 4G of random files on to the drive..
    Placed it in our test box..confirmed readable.. and able to read and write to the drive.
    Restarted and ran one of the locking progs listed..
    Restarted.. WinXP on the CTD (Crash Test Dummy) would recognise the existance of the HDD.. but No access to the drive....
    restsrt and unlock.. restart
    drive now back to as before.. full read write..

    Ok yes swapping Controller boards is an option..But I have used that only for data recovery..

    BTW.. If you play with these tools.. be prepared to waste a HDD.. I still don't trust any of them.

    If I havent made it clear: my goal here is to learn how to recover customers hdd's/files, after a virus or a hdd failure. And in doing so help a friend get a few drive working for his little hobby business. (he gets what evere bits and peices..builds basic PC's for low income familys)

    Cheers
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  6. #6
    Senior Member
    Join Date
    Jul 2003
    Posts
    634
    Tim_axe: I was going to suggest switching the boards, but economically its pointless as your going to have to spend money on new disks and then make 1 lot unworkable by removing the board.

    I think buying one and copying the eeproms is good solution, building an eeprom copier isnt difficult once you have the data sheet.

    Im sure this isnt the simplest solution and would like to see what nihil's solution is...shame theres so many crooks about your worried about people stealing computers to share it in the public domain

    i2c

  7. #7
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    Not exactly sure if this will help you out... but check out the following.

    The XBox harddrive uses a fairly old but relatively unused set of security
    commands to prevent easy access to it's built in drive. However, since the
    password system does not specify any form of challenge/reply system the
    password is transmitted in "clear" form. Thus with the right equipment and
    a little bit of patience you can easilly read the values.

    The ATA spec provides a command labeled SECURITY UNLOCK (command code 0xF2)
    which provides a means for passing a 32 byte password to an IDE drive in
    order to unlock it. There are two passwords, a master and a user password.
    The xbox uses the user passord.
    http://www.xbox-linux.org/docs/hdextractpassword.html

    Oh... and

    http://www.xbox-linux.org/docs/hdpassword.html

    Also, I heard that the xboxes use a seagate harddrive?

    If so... and the drive isn't in max security mode... the defualt master password should be "SEAGATE". Not sure if this has been tested... I read it on some mailing list.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  8. #8
    Senior Member
    Join Date
    Oct 2001
    Posts
    786
    i2c - I didn't quite understand what you were saying at first, but now I see what you said.

    I never knew that the HDD could be locked, it's completely new territory for me. But I did some quick research, and came across some information regarding IBM Travelstar (Notebook) Enhanced Security HDDs... As far as I can tell, it was officially published by IBM in 2002, so I don't think it is something that is supposed to be held secretly by a select few...

    ( Google terms at bottom )


    You definately need the Master Password. The document goes to mention a "Protected Area" which "cannot be accessed via conventional methods," and mentions that it stores "critical system data such as BIOS or system management information. The contents of the entire system main memory may also be dumped into the protected area to resume after a system power off." It also mentions how to access this area by setting the HDD size, and some other crazy stuff.

    High level security
    When the device lock function is enabled and the User Password is forgotten, the device can be unlocked via a Master Password.

    Maximum level security
    When the device lock function is enabled and the User Password is forgotten,
    then only the Master Password with a Security Erase Unit command can
    unlock the device. Then user data is erased.
    The SECURITY UNLOCK command has an attempt limit the purpose of which is to prevent someone from attempting to unlock the drive with various passwords numerous times. The device counts the password mismatch. If the password does not match, the device counts it without distinguishing the Master password and the User password. If the count reaches 5, EXPIRE bit (bit 4) of Word 128 in Identify Device information is set, and then the SECURITY ERASE UNIT command and the SECURITY UNLOCK command are aborted until a hard reset or a power off. The count and EXPIRE bit are cleared after a power on reset or a hard reset.

    Terms:
    Google "T40GNX_enh_sp10.pdf" - There is only 1 result

  9. #9
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Hi Undies,

    I have done a bit more research, and discovered that Xbox harddrive security is designed to prevent people connecting them to PCs and looking at the Xbox files.

    I guess that there is a eeprom chip on the Xbox mobo, and corresponding information on the drive, but I have no idea where. A locked drive will only work with the MoBo it was supplied with, unless you remove the eeprom chip from it.

    I did come across this:


    "...when you don't know the password.
    I found a method to do this, and I thought I might share it with you...
    1. Find a Windows XP (or 2000, probably) machine with IDE. Plug the
    locked drive into the power, but not the IDE, while the computer is off.
    2. Power on. It'll boot normally (my computer wouldn't start with a
    locked drive in the IDE chain).
    3. Plug in the IDE, then use Device Manager to look for new devices
    until it finds the drive. Don't worry, it won't fry anything.
    4. Use LiveInfo ( http://www.team-assembly.com/downloads/ ) to find the
    drive's password. Print it out.
    5. Go to DOS and use HDUNLOCK
    ( http://dwl.xbox-scene.net/~xbox/xbox.../hddunlock.zip ).
    Enter the password for the drive. It'll say that it succeeded even if
    it's the wrong password, so make sure you put it in correctly.
    6. Use HDDISABL (same archive) and enter the same password. It will
    give you an error if you have the wrong password.
    Et voila.

    No idea if it will work, but it sounds plausible?

    Point being, I suspect that the Xbox security is different from standard HDD locking? so the info might not be that useful for your recovery situation?

    Did you try the seagate analysis/installation tools on it?


    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  10. #10
    Junior Member
    Join Date
    Oct 2002
    Posts
    7
    Is there a default password for Toshiba drives?
    \"Do not mettle in the affairs of dragons, for you are crunchy and taste good with ketchup.\"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides