Instead of finding someone or something to shoot at I tried to test the locking mechanism.
I have experiemented with 3 hard disks, locked them and then unlocked them about a dozen times.
Haven't found a solution yet but can report the behaviour of it.
(1) To show both hard disks available
First as an example I started with two disks, sda for working and sdb is to be locked. I first became the root user (as Windows Admin) and showed the existence of the two disks by a Linux command "fdisk -l". I have colored the Linux commands in blue inside the boxes. The uncolored text are resposes by the Linux kernel, to assist reading
Secondly I confirmed the
sdb status by the command hdparm with the -I option. hdparm is the only command to lock and unlock the disk.
(note: the display of "hdparm -I" has been truncated except showing the last relevant section)
At this stage the disk is not locked.
(2) To show how one disk is locked
I then locked the disk device sdb twice, first as the master ( m) using a password " somebody" and then as the user ( u) by password " anybody".
The above commands were accepted by Linux and so the disk has a record of both master and user passwords. The locking by the master does not lock the disk at all. The disk can only be locked if a password is set when the "user" switch is used. I then rebooted the PC.
(3) To show the results after a disk has been locked
After reboot the PC took longer to boot because an operating system found it hard to understand what is going on with a hard disk that cannot be read. I found a Linux kernel, Ubuntu 8.04, hanged but others just spent time displaying the error trying to read the disk.
The following 3 items of information confirmed the disk is indeed locked
(1) If an attempt is made to boot the locked disk the BIos would report
(2) If the disk is booted by Grub, which is a Linux boot loader capable of booting any installed PC system, it reported
If the disk does not exist the normal error in Grub is "Error 21 : Selected disk does not exist". Here the disk was not displayed I knew it was there and could ask Grub to show its geometry by command "geometry (hd0)", hence the error reported.
(3) In an operational operating system the disk is simply not reported.
I now booted a Linux (Open Suse) in sda disk (which has XP, Vista and 10 Linux distros) and the response of command "fdisk -l" confirmed the disk sdb wasn't there.
It is noteworthy to point out although the device sdb was not reported yet the Linux kernel knew it was there and the command hdparm could find the relevant disk information and reported that it was indeed locked as shown by the last section of the display above.
The locked disk is not available at the software level but there seems to be a limited access from the hardware level. It did not respond to the dd command with which I could possibly copy its MBR or any sector out to have a look. To the operating system itself the disk simply does not exist.
Since a raw disk, directly off a new purchase, would still respond to command "fdisk -l" the evidence would suggest the locking mechanism could possibly be part of the controller physically attached to the hard disk by a function inhibitating the disk to be read sensibly, judging from the amount of errors a Linux kernel reports when detecting the locked disk.
(4) To show how a hard is unlocked (requiring the knowledge of the password)
To unlock it I just use the hdparm command again with the "--security--disable" switch and the master-password " somebody"
The Linux then immediately reporting the disk was no longer locked if the "hdparm -I /dev/sdb" was issued
Naturally it was showned up in "fdisk -l". (output not showed due to limitation of the post length)
The disk at this stage is not yet available from the Bios but will be operational after a reboot.
I have tried all the security switches of the hdparm command but did not find a way to overcome a locked hard disk unless I have a prior knowledge of either the user or master password.
However as I could unlocked the disk with an operating system this means I could possibly ask the same operating system to display the reserved password location of the hard disk and obtain the knowledge of the previous password, say just for the purpose of unlocking it. Unfortunately I am not experienced enough to do this yet and as a security measure there is almost nothing written on the subject.
For completeness I also post the help section relating to the --security switch of the hdparm command from Linux kernel. All the locking and unlocking activities involve the use of just one command hdparm and nothing else.
Explanation of the commands
The locking command
linux:/home/saikee # hdparm --user-master u --security-mode h --security-set-pass anybody /dev/sdb
The --user-master switch is to select u for user amd m for master. The disk can only be locked if " u" is selected for this switch. Type " m" doesn't lock the disk at all, it only set up a password inside the hard disk.
The --security-mode switch is to select h for high amd m for maximum. If m is selected the disk can only be re-used after being completely erased.
The --security-set-pass with the password followed is to lock the disk making it unavailable for use.
The password used is type " u" anybody while the device to be locked is /dev/sdb
The unlocking command
linux:/home/saikee # hdparm --user-master m --security-disable somebody /dev/sdb
Only the --security-disable with the appropriate password can unlock the disk. I purposely use a different password, previously established as the master password, to unlock the disk. The --security-unlock switch seems only to inhibit the disk from being locked in the first place. The feature disappears if the PC is booted.
I have experiemented with 3 hard disks, locked them and then unlocked them about a dozen times.
Haven't found a solution yet but can report the behaviour of it.
(1) To show both hard disks available
First as an example I started with two disks, sda for working and sdb is to be locked. I first became the root user (as Windows Admin) and showed the existence of the two disks by a Linux command "fdisk -l". I have colored the Linux commands in blue inside the boxes. The uncolored text are resposes by the Linux kernel, to assist reading
Code:
saikee@linux:~> su
Password:
linux:/home/saikee # fdisk -l
Disk /dev/sda: 500.1 GB, 500107862016 bytes
255 heads, 63 sectors/track, 60801 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0xbe153241
Device Boot Start End Blocks Id System
/dev/sda1 1 12158 97659103+ 17 Hidden HPFS/NTFS
/dev/sda2 * 12159 24316 97659135 7 HPFS/NTFS
/dev/sda3 24317 36598 98655165 5 Extended
/dev/sda4 36599 60801 194410597+ 83 Linux
/dev/sda5 24317 24438 979933+ 82 Linux swap / Solaris
/dev/sda6 24439 25654 9767488+ 83 Linux
/dev/sda7 25655 26870 9767488+ 83 Linux
/dev/sda8 26871 28086 9767488+ 83 Linux
/dev/sda9 28087 29302 9767488+ 83 Linux
/dev/sda10 29303 30518 9767488+ 83 Linux
/dev/sda11 30519 31734 9767488+ 83 Linux
/dev/sda12 31735 32950 9767488+ 83 Linux
/dev/sda13 32951 34166 9767488+ 83 Linux
/dev/sda14 34167 35382 9767488+ 83 Linux
/dev/sda15 35383 36598 9767488+ 83 Linux
Disk /dev/sdb: 61.4 GB, 61492838400 bytes
255 heads, 63 sectors/track, 7476 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0xba91ba91
Device Boot Start End Blocks Id System
/dev/sdb1 * 1 7476 60050938+ c W95 FAT32 (LBA)
Code:
linux:/home/saikee # hdparm -I /dev/sdb
Security:
Master password revision code = 65297
supported
not enabled
not locked
not frozen
not expired: security count
not supported: enhanced erase
36min for SECURITY ERASE UNIT.
Checksum: correct
At this stage the disk is not locked.
(2) To show how one disk is locked
I then locked the disk device sdb twice, first as the master ( m) using a password " somebody" and then as the user ( u) by password " anybody".
Code:
linux:/home/saikee # hdparm --user-master m --security-mode h --security-set-pass somebody /dev/sdb
security_password="somebody"
/dev/sdb:
Issuing SECURITY_SET_PASS command, password="somebody", user=master, mode=high
linux:/home/saikee # hdparm --user-master u --security-mode h --security-set-pass anybody /dev/sdb
security_password="anybody"
/dev/sdb:
Issuing SECURITY_SET_PASS command, password="anybody", user=user, mode=high
linux:/home/saikee # reboot
(3) To show the results after a disk has been locked
After reboot the PC took longer to boot because an operating system found it hard to understand what is going on with a hard disk that cannot be read. I found a Linux kernel, Ubuntu 8.04, hanged but others just spent time displaying the error trying to read the disk.
The following 3 items of information confirmed the disk is indeed locked
(1) If an attempt is made to boot the locked disk the BIos would report
Code:
DISK BOOT FAILURE, INSERT SYSTEM DISK AND PRESS RETURN
Code:
Error 22 Disk read error
(3) In an operational operating system the disk is simply not reported.
I now booted a Linux (Open Suse) in sda disk (which has XP, Vista and 10 Linux distros) and the response of command "fdisk -l" confirmed the disk sdb wasn't there.
Code:
linux:/home/saikee # fdisk -l
Disk /dev/sda: 500.1 GB, 500107862016 bytes
255 heads, 63 sectors/track, 60801 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0xbe153241
Device Boot Start End Blocks Id System
/dev/sda1 1 12158 97659103+ 17 Hidden HPFS/NTFS
/dev/sda2 * 12159 24316 97659135 7 HPFS/NTFS
/dev/sda3 24317 36598 98655165 5 Extended
/dev/sda4 36599 60801 194410597+ 83 Linux
/dev/sda5 24317 24438 979933+ 82 Linux swap / Solaris
/dev/sda6 24439 25654 9767488+ 83 Linux
/dev/sda7 25655 26870 9767488+ 83 Linux
/dev/sda8 26871 28086 9767488+ 83 Linux
/dev/sda9 28087 29302 9767488+ 83 Linux
/dev/sda10 29303 30518 9767488+ 83 Linux
/dev/sda11 30519 31734 9767488+ 83 Linux
/dev/sda12 31735 32950 9767488+ 83 Linux
/dev/sda13 32951 34166 9767488+ 83 Linux
/dev/sda14 34167 35382 9767488+ 83 Linux
/dev/sda15 35383 36598 9767488+ 83 Linux
linux:/home/saikee # hdparm -I /dev/sdb
Security:
Master password revision code = 65297
supported
enabled
locked
not frozen
not expired: security count
not supported: enhanced erase
Security level high
36min for SECURITY ERASE UNIT.
Checksum: correct
The locked disk is not available at the software level but there seems to be a limited access from the hardware level. It did not respond to the dd command with which I could possibly copy its MBR or any sector out to have a look. To the operating system itself the disk simply does not exist.
Since a raw disk, directly off a new purchase, would still respond to command "fdisk -l" the evidence would suggest the locking mechanism could possibly be part of the controller physically attached to the hard disk by a function inhibitating the disk to be read sensibly, judging from the amount of errors a Linux kernel reports when detecting the locked disk.
(4) To show how a hard is unlocked (requiring the knowledge of the password)
To unlock it I just use the hdparm command again with the "--security--disable" switch and the master-password " somebody"
Code:
linux:/home/saikee # hdparm --user-master m --security-disable somebody /dev/sdb
security_password="somebody"
/dev/sdb:
Issuing SECURITY_DISABLE command, password="somebody", user=master
Code:
linux:/home/saikee # hdparm -I /dev/sdb
Security:
Master password revision code = 65297
supported
not enabled
not locked
not frozen
not expired: security count
not supported: enhanced erase
36min for SECURITY ERASE UNIT.
Checksum: correct
The disk at this stage is not yet available from the Bios but will be operational after a reboot.
I have tried all the security switches of the hdparm command but did not find a way to overcome a locked hard disk unless I have a prior knowledge of either the user or master password.
However as I could unlocked the disk with an operating system this means I could possibly ask the same operating system to display the reserved password location of the hard disk and obtain the knowledge of the previous password, say just for the purpose of unlocking it. Unfortunately I am not experienced enough to do this yet and as a security measure there is almost nothing written on the subject.
For completeness I also post the help section relating to the --security switch of the hdparm command from Linux kernel. All the locking and unlocking activities involve the use of just one command hdparm and nothing else.
Code:
linux:/home/saikee # hdparm --security-help
ATA Security Commands:
Most of these are VERY DANGEROUS and can KILL your drive!
Due to bugs in most Linux kernels, use of these commands may even
trigger kernel segfaults or worse. EXPERIMENT AT YOUR OWN RISK!
--security-freeze Freeze security settings until reset.
--security-set-pass PASSWD Lock drive, using password PASSWD:
Use 'NULL' to set empty password.
Drive gets locked if user-passwd is selected.
--security-unlock PASSWD Unlock drive.
--security-disable PASSWD Disable drive locking.
--security-erase PASSWD Erase a (locked) drive.
--security-erase-enhanced PASSWD Enhanced-erase a (locked) drive.
The above four commands may optionally be preceeded by these options:
--security-mode LEVEL Use LEVEL to select security level:
h high security (default).
m maximum security.
--user-master WHICH Use WHICH to choose password type:
u user-password.
m master-password (default).
linux:/home/saikee #
The locking command
linux:/home/saikee # hdparm --user-master u --security-mode h --security-set-pass anybody /dev/sdb
The --user-master switch is to select u for user amd m for master. The disk can only be locked if " u" is selected for this switch. Type " m" doesn't lock the disk at all, it only set up a password inside the hard disk.
The --security-mode switch is to select h for high amd m for maximum. If m is selected the disk can only be re-used after being completely erased.
The --security-set-pass with the password followed is to lock the disk making it unavailable for use.
The password used is type " u" anybody while the device to be locked is /dev/sdb
The unlocking command
linux:/home/saikee # hdparm --user-master m --security-disable somebody /dev/sdb
Only the --security-disable with the appropriate password can unlock the disk. I purposely use a different password, previously established as the master password, to unlock the disk. The --security-unlock switch seems only to inhibit the disk from being locked in the first place. The feature disappears if the PC is booted.
扫一扫
746
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
