Introducing
Your new presentation assistant.
Refine, enhance, and tailor your content, source relevant images, and edit visuals quicker than ever before.
Trending searches
1. Set up harddisk password
2. Set up fingerprint reader to unlock HDD
3. Regularly change passwords
...except the harddisk password
4. Let time pass
1. Get BIOS to unlock HDD and remove password
Only works if I type it in,
not with a fingerprint
possible, but not supported by the BIOS
2. Hack BIOS to remove
password on fingerprint
Involves reverse-engineering your BIOS:
Been there, done that, big waste of time
..and you don't want to know the nasty details.
3. Listen on IDE bus when
BIOS sends password to HDD
Too much effort, too little knowledge
Involves expensive hardware:
Waaaaay too expensive!
...or is it?
USB connection
16 buffered inputs
16 unbuffered inputs
Read Sector
Write Sector
Seek
Security Unlock
Security Disable
etc.
Ready
Seek Done
Error
etc.
1. Write "UNLOCK" command (F2) to Command Reg
2. Read Status Reg until HDD signals "Data Request"
3. Write a full sector (2 bytes header, 32 bytes
password, padded to 512 bytes with zeros) to Data Reg
We also tried linking two OLSes via their Clock Out / Clock In pins for 32 buffered inputs, but that didn't work out well; probably needs work on the OLS developers' side.
Includes finding latest non-buggy firmware ;)
Let's hope it still works!
Idea: Put extra pin header on HDD pins, clamp wires between HDD pins and header.
Getting 16 loose wires into the header without one of them falling out again, then plugging the HDD into that: impossible!
That didn't work at first...
...until I realized I had reversed the bus pins!
So here's what I found:
Register Write
Data 0..7
Each HDD has a bunch of registers
PC controls HDD by reading/ writing these registers
Register Read
Example: Reading a sector
1. Write sector address to Address Reg(s)
2. Write "Read Sector" command to Command Reg
3. Read Status Reg until HDD signals "Data Request"
4. Read 16bit Data Reg 256 times --> one sector / 512 bytes
Register Select
...and your password fade into oblivion
or
All data pins, no control
Some control, only partial data
Data 8..15
Sniffer
Host
HDD
Normal IDE cable with two taps:
Bus likes this
Both our OLSes in the background
Sniffer
Host
HDD
Direct Host-HDD connection with long T-style tap:
Bus does not like this
Traced all 16 data signals
Solution: Break header apart, plug individual header pins onto HDD!
Divide, Conquer, Wait until hands stop trembling.
Run Length Encoding: Record trace entry only when something changes; i.e. trace compression.
Only start tracing when something predefined happens
And it's completely
I had to dismantle most of my notebook to be able to fit the HDD with the extra wires in there!
Source, too.
(HDD Password is 32 bytes)
Buy new HDD
This is where I want to end up
Security disabled
DISABLE PASSWORD
SET PASSWORD
Holy Cow!
Security enabled
HDD unlocked
My HDD only moves through these states right now
This is what the BIOS sends to the HDD when I use the fingerprint reader
UNLOCK
Power off, power on
Security enabled
HDD locked
http://www.pjrc.com/tech/8051/ide/wesley.html
http://de.wikipedia.org/wiki/ATA/ATAPI
http://dangerousprototypes.com/open-logic-sniffer/
@hdznrrd - partner in crime
@momorientes - moral support
@shackspace - awesome place, awesome people!