Page 1 of 1
ATA command SET SECURITY PASSWORD DONT WORK
Posted: Tue Apr 24, 2018 2:14 am
by Attacker
i am trying to lock HDD with a password with ATA Command 0F1h SET SECURITY PASSWORD but my code don't lock HDDs with a password. see the source that i write:
Code: Select all
LOCK_HDD:
MOV DX,[HDC_PORT_BASE]
ADD DX,6
MOV AL,0E0h
OUT DX,AL
INC DX
MOV AL,0F1H
OUT DX,AL
DONTREADY:
IN AL,DX
CMP AL,58H
JNZ DONTREADY
LEA DI,[pwdbuffer+2]
MOV SI,pwd
MOV CX,5
REP MOVSB
MOV ECX,256
MOV DI,pwdbuffer
SUB DX,7
REP OUTSW
RET
where is wrong in my source?
Re: ATA command SET SECURITY PASSWORD DONT WORK
Posted: Tue Apr 24, 2018 3:27 am
by MollenOS
You need to check if the HDD has the Security extension feature, otherwise it does not support it
Re: ATA command SET SECURITY PASSWORD DONT WORK
Posted: Tue Apr 24, 2018 4:50 am
by Attacker
MollenOS wrote:You need to check if the HDD has the Security extension feature, otherwise it does not support it
i already check it with ATA Command 0ECh(IDENTIFY DEVICE) and the HDD have this feature however my code dont work. why?
Re: ATA command SET SECURITY PASSWORD DONT WORK
Posted: Tue Apr 24, 2018 6:32 am
by Brendan
Hi,
Attacker wrote:MollenOS wrote:You need to check if the HDD has the Security extension feature, otherwise it does not support it
i already check it with ATA Command 0ECh(IDENTIFY DEVICE) and the HDD have this feature however my code dont work. why?
The ATA/ATAPI specs say "
The device shall return command aborted if the command is not supported, the device is in Locked mode, or the device is in Frozen mode."
I'd expect that the computer's firmware puts all hard drives (that support the feature) into one of these modes during power on, so that the feature can't become a massive "denial of service" security disaster. In fact the ATA/ATAPI specs also say "
The SECURITY FREEZE LOCK command prevents changes to passwords until a following power cycle. The purpose of the SECURITY FREEZE LOCK command is to prevent password setting attacks on the security system." so it does look very much like the designers aren't completely incompetent.
Cheers,
Brendan
Re: ATA command SET SECURITY PASSWORD DONT WORK
Posted: Tue Apr 24, 2018 11:17 am
by Attacker
Brendan wrote:Hi,
The ATA/ATAPI specs say "The device shall return command aborted if the command is not supported, the device is in Locked mode, or the device is in Frozen mode."
I'd expect that the computer's firmware puts all hard drives (that support the feature) into one of these modes during power on, so that the feature can't become a massive "denial of service" security disaster. In fact the ATA/ATAPI specs also say "The SECURITY FREEZE LOCK command prevents changes to passwords until a following power cycle. The purpose of the SECURITY FREEZE LOCK command is to prevent password setting attacks on the security system." so it does look very much like the designers aren't completely incompetent.
Cheers,
Brendan
If the HDC issue this ATA Command then how to disable the SECURITY FREEZE LOCK?
Re: ATA command SET SECURITY PASSWORD DONT WORK
Posted: Tue Apr 24, 2018 12:16 pm
by iansjack
You'll forgive me for saying this, but your chosen username doesn't give me 100% confidence about the motives behind this request.
Re: ATA command SET SECURITY PASSWORD DONT WORK
Posted: Tue Apr 24, 2018 12:29 pm
by Attacker
iansjack wrote:You'll forgive me for saying this, but your chosen username doesn't give me 100% confidence about the motives behind this request.
Ii am asking about HDD security only for educational purposes.
Re: ATA command SET SECURITY PASSWORD DONT WORK
Posted: Tue Apr 24, 2018 12:39 pm
by Octocontrabass
Most firmware issues a SECURITY FREEZE LOCK command during POST, before booting the OS. Some (mostly in servers) have an option to disable that behavior.
Hotplugging can also return the disk to its "not frozen" state, but requires hotplug-capable hardware. If you have to ask, your hardware is probably not hotplug capable.