Community
cancel
Showing results for 
Search instead for 
Did you mean: 
idata
Community Manager
9,690 Views

What to do about Password protected SSD drive?

I buy used computer hardware in bulk lots most of it comes from companies that are upgrading or shutting down. I recently came into possession of an Intel X25-V SSD that is password protected. The data on the drive is irrelevant to me and I would just like to do a format/partition and make the drive usable. Is this possible to do myself or would I have to send the drive to Intel? Anyone have any experience with this?

Tags (1)
0 Kudos
18 Replies
idata
Community Manager
3,660 Views

The data is encrypted so you will not be able to read it. However, that should not prevent you from reformatting the drive.

idata
Community Manager
3,660 Views

If I understand correctly it is an ATA Password, the bios pops up a screen on boot asking for the drive's password (or the master password). When I connect it to a computer that has Windows it appears in the device manager but I can't access anything from it or query it for any config info.

idata
Community Manager
3,660 Views

Are you sure it is an ATA Password protected SSD and not just data encrypted?

I am not aware of any unlock software that support SSDs yet.

idata
Community Manager
3,660 Views

I'm pretty sure that its a ATA Password or whatever the "hard drive password" that you set from the bios is.

DSilv11
Valued Contributor III
3,660 Views

Have you tried deleteing the partition and reformating?

idata
Community Manager
3,660 Views

There is a password prompt on boot, it appears to be the bios asking for the SSD's ATA Password. I don't have the password so when I ignore the prompt and boot into windows the drive is in a security locked state. This prevents Windows (or whatever OS) from initializing the drive/partitions and allowing me to do anything to the drive. I tried running the Intel SSD Toolbox, it recognizes the drive (just like Device Manager does) but secure erase fails. This is because the drive is security locked and is not accessible.

Here is a section from http://en.wikipedia.org/wiki/Parallel_ATA wikipedia describing the ATA Password feature:

The disk lock is a built-in security feature in the disk. It is part of the ATA specification, and thus not specific to any brand or device. The disk lock can be enabled and disabled by sending special ATA commands to the drive. If a disk is locked, it will refuse all access until it is unlocked.

 

A disk always has two passwords: A User password and a Master password. Most disks support a Master Password Revision Code. Reportedly some disks can report if the Master password has been changed, or if it still the http://en.wikipedia.org/wiki/Default_password factory default. The revision code is word 92 in the IDENTIFY response. Reportedly on some disks a value of 0xFFFE means the Master password is unchanged. The standard does not distinguish this value.

A disk can be locked in two modes: High security mode or Maximum security mode. Bit 8 in word 128 of the IDENTIFY response shows which mode the disk is in: 0 = High, 1 = Maximum.

 

In High security mode, the disk can be unlocked with either the User or Master password, using the "SECURITY UNLOCK DEVICE" ATA command. There is an attempt limit, normally set to 5, after which the disk must be power cycled or hard-reset before unlocking can be attempted again. Also in High security mode the SECURITY ERASE UNIT command can be used with either the User or Master password.

 

In Maximum security mode, the disk cannot be unlocked without the User password — the only way to get the disk back to a usable state is to issue the SECURITY ERASE PREPARE command, immediately followed by SECURITY ERASE UNIT. In Maximum security mode the SECURITY ERASE UNIT command requires the User password and will completely erase all data on the disk. The operation is slow, it may take longer than half an hour or more, depending on the size of the disk. (Word 89 in the IDENTIFY response indicates how long the operation will take.) http://en.wikipedia.org/wiki/Parallel_ATA# cite_note-18 [19]

 

While the ATA disk lock is intended to be impossible to defeat without a valid password, there are workarounds to unlock a drive. Many data recovery companies offer unlocking services,http://en.wikipedia.org/wiki/Parallel_ATA# cite_note-19 [20] so while the disk lock will deter a casual attacker, it is not secure against a qualified adversary.

DSilv11
Valued Contributor III
3,660 Views

You might want to try a DOS based security erase comman like http://cmrr.ucsd.edu http://cmrr.ucsd.edu know if it will work or if it will brick the drive.

idata
Community Manager
3,660 Views

I've tried a few dos based hd tool suites but they all cannot perform any erase on a locked disk. For example here is a blurb from the ReadMe fror HDDErase:

 

 

If selected drive is locked with a non-HDDerase password the user is given the option to: 1) unlock with user password, 2) unlock with master password (if high security), 3) secure erase with user password, 4) secure erase with master password, 5) enhanced secure erase with user password (if supported), 6) enhanced secure erase with master password (if supported). If option 3, 4, 5 or 6 is selected any possible HPA and/or DCO areas will not be reset. It would seem that I need either the User password or the Master password to erase/unlock the drive.

 

Perhaps I will have to send my drive into Intel so they can unlock it and secure erase it for me...
idata
Community Manager
3,660 Views

to disable SSD code/lock

USE HD erase version 3.3

unplug power from the SSD but keep the data plugged in

start PC and when you get to the

A:/ prompt plug the SSD power back in

and proceed as normal

you should no longer see the security freeze

I think only HDE 3.3 works with SSDs for some reasonIf anybody needs it and can't find it, PM me
idata
Community Manager
3,660 Views

Perhaps I will have to send my drive into Intel so they can unlock it and secure erase it for me...

Intel does not support unlocking drives.

Zaq posted a possible solution but it is at your own risk.

idata
Community Manager
3,660 Views

Is that a fact? It perplexes me how Intel would not support their own drives?

DSilv11
Valued Contributor III
3,660 Views

It would kind of defeat the purpose of a HDD security lock if the manufacture maintained a default password.

Some one would figure it out & post it on the internet ....

idata
Community Manager
3,660 Views

There are also liability issues.... can anyone prove that they own the data on the drive?

idata
Community Manager
3,660 Views

The method I posted above to bypass the hard-drive password comes from the author of HDDerase itself.

This will allow the program to proceed without knowing the password and thus perform a TOTAL secure erase of the SSD(or any hard-drive actually), but will not allow you to see or access the data on the drive. So this method does not defeat the encryption for this purpose.

There is little to no risk to the harddrive itself, rather the risk is to the user itself from messing around with electrical connections if the user is not familiar with the internal workings of a typical PC.

CIAO

idata
Community Manager
3,660 Views

It would kind of defeat the purpose of a HDD security lock if the manufacture maintained a default password.

Its true though, master passwords exist and are a documented part of the ATA spec, some have been leaked, others have been easily broken.

There are also liability issues.... can anyone prove that they own the data on the drive?

I have the original retail box and drive, surely that would be enough. Either way, I wouldn't expect a manufacturer to unlock the drive for an individual, but more importantly law enforcement. For an individual customer I would expect them to offer to secure erase/reset the drive.

The method I posted above to bypass the hard-drive password comes from the author of HDDerase itself.

Zaq, I haven't had a chance to try out your suggestion but I will soon. The instructions look like they are for drives that are in a security locked state, rather than just drives that have a password...I'm not sure it will work, but I'll try it tomorrow.

idata
Community Manager
3,660 Views

THIS IS IMPORTANT if using HDD erase for an SSD from

http://cmrr.ucsd.edu http://cmrr.ucsd.edu

use ver 3.3, the new version 4.X does not work on SSDs

enable bios to boot from the bootable media the HDDerase is on ie floppy or USB stick

(PM me if you need easy 15 second info on making a bootable USB stick)

In the bios the boot up method must be changed from AHCI or RAID back to simple IDE

Use a PC with IDE and SATA support on motherboard and make sure the SSD is connected to one of the 4 primary SATA motherboard connectors if there are more than 4 SATA connectors. The HDDerase only recognised drives on the primary 4 slots, so if your drive does not show at the drive selection screen, reboot and change SATA connector on the motherboard.

dbavaria

I pretty sure this method will work

I had a brand new 2tb Hard drive for my kid's PC and a few weeks later I wanted to partition and reinstall with a newer OS

I used HDDerase and kept getting stuck with the same problem you are having even after the reboot.

I had used HDerase dozens of time prior to this and never had this problem, so I read the author's README file and found the solution ie remove the power wire upto the A prompt and then reattach it when the A prompt is visible

(C prompt if using a bootable USB stick which i now use for everything that requires a bootable media)

Google thisHow to Secure Erase (reset) an Intel Solid State Drive (SSD) – IISall the details and links for Ver 3.3 are on that site CIAO
idata
Community Manager
3,660 Views

As I suspected earlier, HDDErase does not work for drives that are password locked. It basically says "The drive is locked..." then gives a set of options to unlock with user/master password before it can continue. As I pointed out earlier, this is documented behavior of HDDErase because this is just how the ATA Password works:

If selected drive is locked with a non-HDDerase password the user is given the option to: 1) unlock with user password, 2) unlock with master password (if high security), 3) secure erase with user password, 4) secure erase with master password, 5) enhanced secure erase with user password (if supported), 6) enhanced secure erase with master password (if supported). If option 3, 4, 5 or 6 is selected any possible HPA and/or DCO areas will not be reset.

Back to the drawing board. Does anyone have a direct email contact to Intel support, I can't seem to get through explaining this one on the phone...

idata
Community Manager
3,660 Views

dbavaria

so the removal of power supply to the SSD prior to booting up HDDerase via bootable media did not work?

Reply