ATA command SET SECURITY PASSWORD DONT WORK

Programming, for all ages and all languages.
Post Reply
Attacker
Posts: 6
Joined: Tue Apr 24, 2018 2:07 am

ATA command SET SECURITY PASSWORD DONT WORK

Post by Attacker »

i am trying to lock HDD with a password with ATA Command 0F1h SET SECURITY PASSWORD but my code don't lock HDDs with a password. see the source that i write:

Code: Select all

LOCK_HDD:
MOV DX,[HDC_PORT_BASE]
ADD DX,6
MOV AL,0E0h
OUT DX,AL

INC DX
MOV AL,0F1H
OUT DX,AL

DONTREADY:
IN AL,DX
CMP AL,58H
JNZ DONTREADY

LEA DI,[pwdbuffer+2]
MOV SI,pwd
MOV CX,5
REP MOVSB

MOV ECX,256
MOV DI,pwdbuffer
SUB DX,7
REP OUTSW
RET
where is wrong in my source?
MollenOS
Member
Member
Posts: 202
Joined: Wed Oct 26, 2011 12:00 pm

Re: ATA command SET SECURITY PASSWORD DONT WORK

Post by MollenOS »

You need to check if the HDD has the Security extension feature, otherwise it does not support it
Attacker
Posts: 6
Joined: Tue Apr 24, 2018 2:07 am

Re: ATA command SET SECURITY PASSWORD DONT WORK

Post by Attacker »

MollenOS wrote:You need to check if the HDD has the Security extension feature, otherwise it does not support it
i already check it with ATA Command 0ECh(IDENTIFY DEVICE) and the HDD have this feature however my code dont work. why?
User avatar
Brendan
Member
Member
Posts: 8561
Joined: Sat Jan 15, 2005 12:00 am
Location: At his keyboard!
Contact:

Re: ATA command SET SECURITY PASSWORD DONT WORK

Post by Brendan »

Hi,
Attacker wrote:
MollenOS wrote:You need to check if the HDD has the Security extension feature, otherwise it does not support it
i already check it with ATA Command 0ECh(IDENTIFY DEVICE) and the HDD have this feature however my code dont work. why?
The ATA/ATAPI specs say "The device shall return command aborted if the command is not supported, the device is in Locked mode, or the device is in Frozen mode."

I'd expect that the computer's firmware puts all hard drives (that support the feature) into one of these modes during power on, so that the feature can't become a massive "denial of service" security disaster. In fact the ATA/ATAPI specs also say "The SECURITY FREEZE LOCK command prevents changes to passwords until a following power cycle. The purpose of the SECURITY FREEZE LOCK command is to prevent password setting attacks on the security system." so it does look very much like the designers aren't completely incompetent.


Cheers,

Brendan
For all things; perfection is, and will always remain, impossible to achieve in practice. However; by striving for perfection we create things that are as perfect as practically possible. Let the pursuit of perfection be our guide.
Attacker
Posts: 6
Joined: Tue Apr 24, 2018 2:07 am

Re: ATA command SET SECURITY PASSWORD DONT WORK

Post by Attacker »

Brendan wrote:Hi,

The ATA/ATAPI specs say "The device shall return command aborted if the command is not supported, the device is in Locked mode, or the device is in Frozen mode."

I'd expect that the computer's firmware puts all hard drives (that support the feature) into one of these modes during power on, so that the feature can't become a massive "denial of service" security disaster. In fact the ATA/ATAPI specs also say "The SECURITY FREEZE LOCK command prevents changes to passwords until a following power cycle. The purpose of the SECURITY FREEZE LOCK command is to prevent password setting attacks on the security system." so it does look very much like the designers aren't completely incompetent.


Cheers,

Brendan
If the HDC issue this ATA Command then how to disable the SECURITY FREEZE LOCK?
User avatar
iansjack
Member
Member
Posts: 4689
Joined: Sat Mar 31, 2012 3:07 am
Location: Chichester, UK

Re: ATA command SET SECURITY PASSWORD DONT WORK

Post by iansjack »

You'll forgive me for saying this, but your chosen username doesn't give me 100% confidence about the motives behind this request.
Attacker
Posts: 6
Joined: Tue Apr 24, 2018 2:07 am

Re: ATA command SET SECURITY PASSWORD DONT WORK

Post by Attacker »

iansjack wrote:You'll forgive me for saying this, but your chosen username doesn't give me 100% confidence about the motives behind this request.
Ii am asking about HDD security only for educational purposes.
Octocontrabass
Member
Member
Posts: 5521
Joined: Mon Mar 25, 2013 7:01 pm

Re: ATA command SET SECURITY PASSWORD DONT WORK

Post by Octocontrabass »

Most firmware issues a SECURITY FREEZE LOCK command during POST, before booting the OS. Some (mostly in servers) have an option to disable that behavior.

Hotplugging can also return the disk to its "not frozen" state, but requires hotplug-capable hardware. If you have to ask, your hardware is probably not hotplug capable.
Post Reply