IBM travelstar password recovery.

Discussion in 'NZ Computing' started by Richard, May 14, 2007.

  1. Richard

    Richard Guest

    Anyone local able to recover the password for one of these? Its an old
    30 gig one.
     
    Richard, May 14, 2007
    #1
    1. Advertising

  2. Richard

    Dave Taylor Guest

    Richard <> wrote in news:464830b7$:

    > Anyone local able to recover the password for one of these? Its an old
    > 30 gig one.
    >


    HDD good luck, IIRC they were the first to be a real trouble to crack if
    you were a hacker

    Ther is some creative google that might get you some info, but from what I
    recall it was all dead end.
    I would just call Ontrack and pay for data, no data no pay. Do they offer
    that? Does R-studio get you anything?
    http://www.r-studio.com/


    --
    Ciao, Dave
     
    Dave Taylor, May 14, 2007
    #2
    1. Advertising

  3. Richard

    Roger_Nickel Guest

    On Mon, 14 May 2007 21:44:57 +1200, Richard wrote:

    > Anyone local able to recover the password for one of these? Its an old
    > 30 gig one.


    Think carefully before clearing CMOS memory. Some
    IBM laptops store a hash of the disk password here
    and have it linked to the power-up password. If you lose this
    memory then the master copy of the disk password is stored on the
    service area of the disk and is by all accounts impregnable,
    although maybe it could be possible to access it via the JTAG
    interface on the disk controller.
     
    Roger_Nickel, May 15, 2007
    #3
  4. Richard

    Richard Guest

    Roger_Nickel wrote:
    > On Mon, 14 May 2007 21:44:57 +1200, Richard wrote:
    >
    >> Anyone local able to recover the password for one of these? Its an old
    >> 30 gig one.

    >
    > Think carefully before clearing CMOS memory. Some
    > IBM laptops store a hash of the disk password here
    > and have it linked to the power-up password. If you lose this
    > memory then the master copy of the disk password is stored on the
    > service area of the disk and is by all accounts impregnable,
    > although maybe it could be possible to access it via the JTAG
    > interface on the disk controller.


    The laptop is not an IBM, so its all ok from that perspective. Just
    hoping that I can get the data off it for less then the $800 that one
    place quoted me for it.
     
    Richard, May 16, 2007
    #4
  5. Richard

    El Chippy Guest

    On Wed, 16 May 2007 11:25:09 +0200, Miguel wrote:

    >
    > By the sounds of it, isolating your hard drive from your machine and
    > using a bit of free software seems to be a possible solution for you.
    > Look at it as a learning experience :)
    >
    > And before anyone else says it, I'm not being a linux troll. Just giving
    > a bit of encouragement. If I can do it, anyone can do it.
    >
    > Regards
    > Miguel


    I think the problem is a bit more complicated than you realise.. Richard is
    trying to crack/bypass the password that allows access to the
    (unencrypted?) data on the drive. ie. there is no access at all to what
    is on the drive until he bypasses this security measure (which is built
    into the drive firmware).
    This would require at the very least a fair bit of low-level programming
    knowledge, and possibly some embedded system debugging tools.

    Hence why some people will charge US$295 to unlock it and save the data.

    http://www.nortek.on.ca/Password Removal/PasswordRemoval.aspx#HardDisk

    Nortek charge US$295 to remove the lock and save the data, or just US$85 to
    clear the lock and wipe the data. Even including shipping thats a lot
    cheaper than NZ$800
     
    El Chippy, May 16, 2007
    #5
  6. Richard

    Miguel Guest


    > The laptop is not an IBM, so its all ok from that perspective. Just
    > hoping that I can get the data off it for less then the $800 that one
    > place quoted me for it.


    Can't help you at all with the password Richard. Sorry about that. But
    cos you mentioned data recovery I had to throw my two cents in.

    Don't spend $800. Do it yourself. (Where's your kiwi initiative)

    Last week my sisters' (soon to be ex :) partner accidentally deleted a
    huge amount of data from her computer. Years of accounts, photos, cv etc.
    Not all of it was backed up. Her (soon to be ex) partner then had the
    bright idea of reformatting the drive and reinstalling XP cos it might
    find the deleted data. Not clever at all.

    So she sent me the hard drive with a "see what you can do".

    First off, the hard disk didn't survive NZ Post cos, when I received it,
    it wouldn't spin up. I always thought it was an urban myth but a few
    hours in the freezer fixed that.

    Next I used dd to clone the newly installed XP partition to a 50GB
    partition on my Xubuntu machine.

    Then I installed Autopsy from the Ubuntu repository and I was away. It
    was incredible how much data from the original installation was still
    there. And incredibly easy to recover. Not just complete files, like the
    point-and-click commercial recovery software finds, but partially
    incomplete files, images, web pages....you name it, Autopsy found it and
    displayed it.

    I'm no computer genius but by using freely available software and a bit
    of patience I recovered heaps of the deleted data from the formatted
    partition. And now my sister thinks I'm a superhero.

    By the sounds of it, isolating your hard drive from your machine and
    using a bit of free software seems to be a possible solution for you.
    Look at it as a learning experience :)

    And before anyone else says it, I'm not being a linux troll. Just giving
    a bit of encouragement. If I can do it, anyone can do it.

    Regards
    Miguel
     
    Miguel, May 16, 2007
    #6
  7. Richard

    Dave Taylor Guest

    El Chippy <> wrote in
    news:464ad42e$:

    >
    > I think the problem is a bit more complicated than you realise..
    > Richard is trying to crack/bypass the password that allows access to
    > the (unencrypted?) data on the drive. ie. there is no access at all
    > to what is on the drive until he bypasses this security measure (which
    > is built into the drive firmware).
    > This would require at the very least a fair bit of low-level
    > programming knowledge, and possibly some embedded system debugging
    > tools.
    >
    > Hence why some people will charge US$295 to unlock it and save the
    > data.
    >
    > http://www.nortek.on.ca/Password Removal/PasswordRemoval.aspx#HardDis
    > k
    >
    > Nortek charge US$295 to remove the lock and save the data, or just
    > US$85 to clear the lock and wipe the data. Even including shipping
    > thats a lot cheaper than NZ$800


    So the bios HDD lock has been cracked. (for some drives)
    A good to know fact for when you need it.

    --
    Ciao, Dave
     
    Dave Taylor, May 16, 2007
    #7
  8. Richard

    Miguel Guest

    On Wed, 16 May 2007 21:51:42 +1300, El Chippy wrote:


    > I think the problem is a bit more complicated than you realise.. Richard
    > is trying to crack/bypass the password that allows access to the
    > (unencrypted?) data on the drive. ie. there is no access at all to what
    > is on the drive until he bypasses this security measure (which is built
    > into the drive firmware).


    Hi El Chippy...I guess I'm proof that good intentions are no substitute
    for knowing what you're talking about.

    I thought the situation was similar to a Toshiba Satellite 6000 laptop I
    worked on a few months ago that also had a Travelstar in it. That laptop
    needed a password to get going (Toshiba hardware locked by the mobo
    apparently. Not a BIOS password but some sneaky Toshiba software/hardware
    protection). I just circumvented the password by removing the hard disk
    from the Toshiba, slaving it to my Xubuntu machine then running DBAN.
    Threw it back in the Toshiba and re-installed Win98. Job done.

    I assumed that, as I could DBAN a Travelstar, I could just as easily dd a
    Travelstar. And once I've got an image from dd, as long as it's not
    encrypted, I'm practically home and hosed (being the superhero that I am)

    I've never come across a password-protected hard drive. I thought it
    would have to interact with the mobo pre-password. If it's doing that
    then it must be accesible somehow. Live and learn I guess. Would love to
    have a play around with one.

    Just googled a bit and found the ATA password tool which looks promising.

    And there's always my Linux Forensics Boot Disk which has got heaps of
    tools on it which I've been dying to try out :)

    Regards
    Miguel
     
    Miguel, May 16, 2007
    #8
  9. Richard

    ~misfit~ Guest

    Miguel wrote:
    > On Wed, 16 May 2007 21:51:42 +1300, El Chippy wrote:
    >
    >
    > > I think the problem is a bit more complicated than you realise..
    > > Richard is trying to crack/bypass the password that allows access
    > > to the (unencrypted?) data on the drive. ie. there is no access at
    > > all to what is on the drive until he bypasses this security measure
    > > (which is built into the drive firmware).

    >
    > Hi El Chippy...I guess I'm proof that good intentions are no
    > substitute for knowing what you're talking about.
    >
    > I thought the situation was similar to a Toshiba Satellite 6000
    > laptop I worked on a few months ago that also had a Travelstar in it.
    > That laptop needed a password to get going (Toshiba hardware locked
    > by the mobo apparently. Not a BIOS password but some sneaky Toshiba
    > software/hardware protection). I just circumvented the password by
    > removing the hard disk from the Toshiba, slaving it to my Xubuntu
    > machine then running DBAN. Threw it back in the Toshiba and
    > re-installed Win98. Job done.
    >
    > I assumed that, as I could DBAN a Travelstar, I could just as easily
    > dd a Travelstar. And once I've got an image from dd, as long as it's
    > not encrypted, I'm practically home and hosed (being the superhero
    > that I am)
    >
    > I've never come across a password-protected hard drive. I thought it
    > would have to interact with the mobo pre-password. If it's doing that
    > then it must be accesible somehow. Live and learn I guess. Would love
    > to have a play around with one.
    >
    > Just googled a bit and found the ATA password tool which looks
    > promising.
    >
    > And there's always my Linux Forensics Boot Disk which has got heaps of
    > tools on it which I've been dying to try out :)
    >
    > Regards
    > Miguel


    Hmm, wonder if SpinRite would be of any use?
    --
    Shaun.
     
    ~misfit~, May 17, 2007
    #9
  10. Richard

    Dave Taylor Guest

    Miguel <> wrote in news:f2fvuj$8tl$:

    > I assumed that, as I could DBAN a Travelstar, I could just as easily
    > dd a Travelstar. And once I've got an image from dd, as long as it's
    > not encrypted, I'm practically home and hosed (being the superhero
    > that I am)


    Those travelstars use the chips on the hdd controller to encrypt the data
    going onto the platters after it has left the ide controller. (if you turn
    that feature on)
    They are supposed to be very secure. That means that pulling the drive out
    and putting it into a USB cradle, or a 2.5 inch adapter is supposed to show
    you a big bunch of random data, not a partition or anything to be found.
    IIRC.

    --
    Ciao, Dave
     
    Dave Taylor, May 17, 2007
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Digital Image Recovery
    Replies:
    1
    Views:
    1,274
  2. Digital Image Recovery

    Digital Image Recovery and Memory Stick Recovery; Recovery of Lost Photos

    Digital Image Recovery, Sep 10, 2004, in forum: Digital Photography
    Replies:
    0
    Views:
    1,124
    Digital Image Recovery
    Sep 10, 2004
  3. Mike
    Replies:
    0
    Views:
    1,538
  4. Mike
    Replies:
    0
    Views:
    1,569
  5. Mike
    Replies:
    0
    Views:
    2,292
Loading...

Share This Page