Thread: [sleuthkit-users] HD Passwords
Brought to you by:
carrier
Menu
▾
▴
sleuthkit-users
|
From: J B <je...@ad...> - 2006-05-18 15:08:33
|
This is off topic, though it does pertain to forensic = recovery...sorry... I was about to post a question about the best reference on cracking ata = hd passwords; The best reference is google pointing to caches of = experts-exchange threads mentioning loads of possibilities, but only a = couple certainties. A company called vogon has a product; rumour has it = it's 30.000 pounds, $50,000? =20 http://www.vogon-forensic-hardware.co.uk/forensic-hardware/data-capture/p= assword-cracker-pod.htm And the spec for ata3. http://www.seagate.com/support/disc/manuals/ata/d1153r17.pdf Some suggested swapping the pcb from the disk with another similar. = Since the drive security info is stored on a certain "track description = area" cylinder rather than on the board (only), the board would just = read that cylinder and continue securing the drive, no?. Instead, I = would propose using a pre-ata3 board. I would guess that the problem is = that it may not understand the new language of the track description = area. Consequently, the solution to the problem lies in replacing the = pcb with a custom pcb which can control the heads and understands the = track description language of the (even proprietary) drive. I don't = pretend this is an original idea, but I would be interested in knowing = what I'm missing - In short, going back to programatic control of the = heads. Even if it's not fast, it would be faster and cheaper than the = electron microscope method and less invasive than any kind of custom = spindle/heads rig. From what I've seen, there are no chips 'after' the = ribon cable entering the housing. If you control the heads (and spindle = motor), do you not control the drive? BTW, any idea how these guys operate? =20 http://a-ff.com/products/rrs/ thanks. -JB |
|
From: LERTI - D. B. <Dav...@le...> - 2006-05-18 19:43:35
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear JB, There is a long thread on the forensic focus forum (http://www.forens= icfocus.com/ got to forum Hardware->Forensic Recovery and ATA-3 'Secu= re Mode', possible?). Some people stated that you can use a particular manufacturer interfa= ce to recover the ATA password. I'm not entirely convinced but one ne= ver knows with undocumented features. I suggested a way of bypassing the password, using a second similar d= rive and hotswapping the data/command cable, but this solution has be= en rejected by people with more knowledge than myself. I wish you good luck, David. J B a =E9crit : > This is off topic, though it does pertain to forensic recovery...so= rry... > =20 > I was about to post a question about the best reference on cracking= ata > hd passwords; The best reference is google pointing to caches of > experts-exchange threads mentioning loads of possibilities, but onl= y a > couple certainties. A company called vogon has a product; rumour h= as it > it's 30.000 pounds, $50,000?=20 > =20 > http://www.vogon-forensic-hardware.co.uk/forensic-hardware/data-cap= ture/password-cracker-pod.htm > =20 > And the spec for ata3. > =20 > http://www.seagate.com/support/disc/manuals/ata/d1153r17.pdf > =20 > Some suggested swapping the pcb from the disk with another similar.= =20 > Since the drive security info is stored on a certain "track descrip= tion > area" cylinder rather than on the board (only), the board would jus= t > read that cylinder and continue securing the drive, no?. Instead, = I > would propose using a pre-ata3 board. I would guess that the probl= em is > that it may not understand the new language of the track descriptio= n > area. Consequently, the solution to the problem lies in replacing = the > pcb with a custom pcb which can control the heads and understands t= he > track description language of the (even proprietary) drive. I don't > pretend this is an original idea, but I would be interested in know= ing > what I'm missing - In short, going back to programatic control of t= he > heads. Even if it's not fast, it would be faster and cheaper than = the > electron microscope method and less invasive than any kind of custo= m > spindle/heads rig. From what I've seen, there are no chips 'after'= the > ribon cable entering the housing. If you control the heads (and sp= indle > motor), do you not control the drive? > =20 > BTW, any idea how these guys operate?=20 > http://a-ff.com/products/rrs/ > =20 > thanks. > -JB - -- LERTI - Laboratoire d'Expertise et de Recherche de Traces Informatiques http://www.lerti.fr | mobile : +41 79 746 7305 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEbM5Dv6mUNUu+e+URAtn2AJ9dBUXQiLAs8913TW1YwzZD+IeXzgCeMoaP tsi11p00JIaIInWFCmOB7yA=3D =3D1fg6 -----END PGP SIGNATURE----- |
|
From: <mm...@ta...> - 2006-05-18 22:13:49
|
I seem to recall sporadic success with the Rockbox=2Eorg tools (built for= removing the password on the Archos mp3 hard drive)=2E http=3A//www=2Erockbox=2Eorg/lock=2Ehtml Good Luck! M Shannon ----- Original Message ----- From=3A LERTI - David Billard =3CDavid=2EBillard=40lerti=2Efr=3E Date=3A Thursday=2C May 18=2C 2006 3=3A44 pm Subject=3A Re=3A =5Bsleuthkit-users=5D HD Passwords To=3A J B =3Cjessopb=40adelphia=2Enet=3E Cc=3A sleuthkit-users=40lists=2Esourceforge=2Enet =3E -----BEGIN PGP SIGNED MESSAGE----- =3E Hash=3A SHA1 =3E = =3E Dear JB=2C =3E = =3E There is a long thread on the forensic focus forum = =3E (http=3A//www=2Eforensicfocus=2Ecom/ got to forum Hardware-=3EForensi= c = =3E Recovery and ATA-3 =27Secure Mode=27=2C possible=3F)=2E =3E Some people stated that you can use a particular manufacturer = =3E interface to recover the ATA password=2E I=27m not entirely convinced= = =3E but one never knows with undocumented features=2E =3E I suggested a way of bypassing the password=2C using a second similar= = =3E drive and hotswapping the data/command cable=2C but this solution has= = =3E been rejected by people with more knowledge than myself=2E =3E = =3E I wish you good luck=2C =3E = =3E David=2E =3E J B a =E9crit =3A =3E =3E This is off topic=2C though it does pertain to forensic = =3E recovery=2E=2E=2Esorry=2E=2E=2E=3E = =3E =3E I was about to post a question about the best reference on = =3E cracking ata =3E =3E hd passwords=3B The best reference is google pointing to caches o= f =3E =3E experts-exchange threads mentioning loads of possibilities=2C but= = =3E only a =3E =3E couple certainties=2E A company called vogon has a product=3B ru= mour = =3E has it =3E =3E it=27s 30=2E000 pounds=2C =2450=2C000=3F = =3E =3E = =3E =3E http=3A//www=2Evogon-forensic-hardware=2Eco=2Euk/forensic-hardwar= e/data- =3E capture/password-cracker-pod=2Ehtm =3E =3E = =3E =3E And the spec for ata3=2E =3E =3E = =3E =3E http=3A//www=2Eseagate=2Ecom/support/disc/manuals/ata/d1153r17=2E= pdf =3E =3E = =3E =3E Some suggested swapping the pcb from the disk with another = =3E similar=2E = =3E =3E Since the drive security info is stored on a certain =22track = =3E description=3E area=22 cylinder rather than on the board (only)=2C th= e = =3E board would just =3E =3E read that cylinder and continue securing the drive=2C no=3F=2E = =3E Instead=2C I =3E =3E would propose using a pre-ata3 board=2E I would guess that the = =3E problem is =3E =3E that it may not understand the new language of the track descript= ion =3E =3E area=2E Consequently=2C the solution to the problem lies in = =3E replacing the =3E =3E pcb with a custom pcb which can control the heads and understands= = =3E the=3E track description language of the (even proprietary) drive=2E = I = =3E don=27t=3E pretend this is an original idea=2C but I would be interes= ted = =3E in knowing =3E =3E what I=27m missing - In short=2C going back to programatic contro= l of = =3E the=3E heads=2E Even if it=27s not fast=2C it would be faster and ch= eaper = =3E than the =3E =3E electron microscope method and less invasive than any kind of cus= tom =3E =3E spindle/heads rig=2E From what I=27ve seen=2C there are no chips= = =3E =27after=27 the =3E =3E ribon cable entering the housing=2E If you control the heads (an= d = =3E spindle=3E motor)=2C do you not control the drive=3F =3E =3E = =3E =3E BTW=2C any idea how these guys operate=3F = =3E =3E http=3A//a-ff=2Ecom/products/rrs/ =3E =3E = =3E =3E thanks=2E =3E =3E -JB =3E = =3E - -- =3E LERTI - Laboratoire d=27Expertise et de =3E Recherche de Traces Informatiques =3E http=3A//www=2Elerti=2Efr =7C mobile =3A +41 79 746 7305 =3E -----BEGIN PGP SIGNATURE----- =3E Version=3A GnuPG v1=2E4=2E2 (MingW32) =3E Comment=3A Using GnuPG with Mozilla - http=3A//enigmail=2Emozdev=2Eor= g =3E = =3E iD8DBQFEbM5Dv6mUNUu+e+URAtn2AJ9dBUXQiLAs8913TW1YwzZD+IeXzgCeMoaP =3E tsi11p00JIaIInWFCmOB7yA=3D =3E =3D1fg6 =3E -----END PGP SIGNATURE----- =3E = =3E = =3E = =3E ------------------------------------------------------- =3E Using Tomcat but need to do more=3F Need to support web services=2C = =3E security=3FGet stuff done quickly with pre-integrated technology to = =3E make your job easier =3E Download IBM WebSphere Application Server v=2E1=2E0=2E1 based on Apac= he = =3E Geronimohttp=3A//sel=2Eas- =3E us=2Efalkag=2Enet/sel=3Fcmdgk=26kid=120709=26bid=263057=26dat=121642=5F=5F= =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F =3E sleuthkit-users mailing list =3E https=3A//lists=2Esourceforge=2Enet/lists/listinfo/sleuthkit-users =3E http=3A//www=2Esleuthkit=2Eorg =3E |
Thanks for helping keep SourceForge clean.
X