How to unlock an SSD disk with hdparm?

Question

I have an SSD disk with password protection, but the password was lost long time ago... so I tried to erase the ATA security with the hdparm command.

With "hdparm -I", the disk information looks interesting as below:

root@ubuntu:~# hdparm -I /dev/sda

/dev/sda:

ATA device, with non-removable media
    Model Number:       TX21B10400GE8001                        
    Serial Number:      FG002VTA
    Firmware Revision:  PRO6F515
    Transport:          Serial, ATA8-AST, SATA 1.0a, SATA II Extensions, SATA Rev 2.5, SATA Rev 2.6, SATA Rev 3.0
Standards:
...........................
Commands/features:
    Enabled Supported:
       *    SMART feature set
            Security Mode feature set
...........................
Security: 
    Master password revision code = 65534
        supported
    not enabled
        locked
    not frozen
    not expired: security count
        supported: enhanced erase
    2min for SECURITY ERASE UNIT. 2min for ENHANCED SECURITY ERASE UNIT. 
Logical Unit WWN Device Identifier: 50011731001636dc
    NAA     : 5
    IEEE OUI    : 001173
    Unique ID   : 1001636dc
Checksum: correct

As you can see, the disk is in the security locked state, and it doesn't support hdparm security mode feature.

When use the security unlock command on this disk, the results are as below:

root@ubuntu:~# hdparm --user-master u --security-unlock 123456 /dev/sda
security_password="123456"

/dev/sda:
 Issuing SECURITY_UNLOCK command, password="123456", user=user
SECURITY_UNLOCK: Input/output error

I'm wondering if there is any other way to unlock this SSD disk and remove the password?

thank you, @ThorbjørnRavnAndersen! Do you mean the disk will be "locked" after the operating system start up? — user3016997, Aug 11 '15 at 13:04
It is the "frozen" state. See https://www.thomas-krenn.com/en/wiki/SSD_Secure_Erase to learn more. — Thorbjørn Ravn Andersen, Aug 11 '15 at 13:56
Thank you for your patient feedback, @ThorbjørnRavnAndersen! It's very unlucky that I already lost the user password long time ago, and rebooted the sytem several times. so now every time after I startup the ubuntu system and check this disk, it's in "locked" state, and I can not read/write to this disk anymore. Is there any way to clear the password and do secure ease when the SSD is locked? or is there anyway to unlock the disk without password? — user3016997, Aug 13 '15 at 12:26
@ThorbjørnRavnAndersen, Thanks anyway, will update this ticket later if I could figure out how to unlock it. — user3016997, Aug 13 '15 at 14:32
I'm not sure there was ever a 'timer', but how this works is the BIOS/EFI freezes the drive if the user fails to unlock it during system boot. Once in the OS, you can hot plug the drive and it will come up thawed/unfrozen and you can send security (i.e. SECURE ERASE) commands. Nowadays, I don't think you will be able to unlock without the password, only ERASE and start with a fresh drive. — Wilbur Whateley, Mar 15 '19 at 21:51

score 17 · Accepted Answer · edited Jan 24 '21 at 15:54

17

I was able to get this to work on my Western Digital WD20EURS. After piecing together tips from all over Google, I was able to get a master password, research the commands of hdparm, and use your example in your original question to resolve my issue. Maybe this will help you too.

First off, I found a list of master passwords for various brands of drives.

Here are two locations, (replaced with Web Archive versions to avoid link rot)

My method:

Used ESCAPE to cancel Bios HD password request.
Booted into CentOS7 CLI (previously installed yum install hdparm)
Command hdparm -I /dev/sda to check if drive was "locked" ( -I is capital i )
Command hdparm --user-master m --security-unlock PASS /dev/sda
- m = using master password
- PASS = for me, typing 'WDC' ten times, with a finishing 'W'
  - found this password in the links listed above
Command hdparm -I /dev/sda again ( -I is capital i ). This time the drive showed "not locked" (at which I hesitantly rejoiced)
Command hdparm --user-master m --security-disable PASS /dev/sda
- This should disable the password on the hard drive and allow you to boot without needing a password next time.
Then I put the drive back into my Windows machine. I was able to see all the partitions in the drive, erase them, and use this new drive!

edited Jan 24 '21 at 15:54

Matthias Braun

205
1
8

answered Nov 04 '15 at 08:40

Taylor

186
1
6

4

Your solution is just slightly terrifying... using the "master" password (a.k.a public value) it should of course never be possible to unlock a locked drive, only to perform a secure erase, which would also remove the user password. If the master password actually lets you unlock the drive and *retain* the old data, then you can only ask... WTF is the point? In this case it is security theater, there is no actual security or encryption occurring at all on that particular drive model. – JeremyS Feb 29 '16 at 21:00
This would be my findings... I was able to remove the password, and retain the data which was previously on this drive. 97% of the drive was encrypted, so that data was not recoverable. But a small partition was not encrypted which only had a few files which related to the cloud system the drive was salvaged from. Nothing exposing sensitive information belonging to the cloud company. The password lock on the drive was more of an advanced step in making the drive less likely to be interchanged by others, or the data easily accessed by others. – Taylor Mar 02 '16 at 03:30
3

I don't think the design of the password lock on hard drives that was developed decades ago accounted for people eventually figuring out how to hack the drive. It's a rudimentary form of locking either way. In theory, I could swap the logical board of the hard drive with one from the same model, and bypass the password this way as well. As the password is only on the logic board, and not the disk itself. – Taylor Mar 02 '16 at 03:32
Is it possible to avoid having the password as a cli parameter? I don't want it to show up in bash history and process list. – donquixote Jan 19 '17 at 15:29
https://www.zeitgeist.se/2014/09/07/enabling-ata-security-on-a-self-encrypting-ssd/ there is actually a setting, "MASTER PASSWORD CAPABILITY", that defines what you can do with the master password! – donquixote Jan 20 '17 at 23:53
1

I believe you can earse the drive without a password using the `--security-erase` option (of hdparm). [Look here for more information.](https://www.thomas-krenn.com/de/wiki/SSD_Secure_Erase#Schritt_3:_Secure_Erase) – Marcus Mönius Sep 23 '18 at 10:45
1

Regarding this being "slightly terrifying" the point of the PSID "password" is to be able to recover a drive whose password is unknown so it can be used as a new _blank_ drive. Its contents after being unlocked in this way are encrypted and therefore approximately the same as random garbage. I don't see how that's actually terrifying. It can't be used to actually erase anything (for those who have the password for the drive or lock range), but it makes the drive reusable as if new for those who do not. – Alan Mimms Feb 22 '19 at 21:03
1

I know this is an old thread. @donquixote you can always prefix bash commands with whitespace, these will not likely show up in history. other option is disabling the HISTFILE or pointing it to /dev/null (discussed here: [temporarily-suspend-bash-history-on-a-given-shell](https://unix.stackexchange.com/questions/10922/temporarily-suspend-bash-history-on-a-given-shell) ) – ethanole Aug 12 '20 at 10:40
@JeremyS There also is a "security-mode" switch. If you set it to maximum together with a custom master password, that password can no longer be used to unlock the drive but just to erase it. – Bachsau Feb 01 '22 at 22:49

score 4 · Answer 2 · answered Aug 30 '15 at 17:39

Try using the master password to secure-erase the disk. Performing a secure erase will reset the user password. You can find lists of default master passwords by vendor through google searches. For example, this web site may be useful:

https://ipv5.wordpress.com/2008/04/14/list-of-hard-disk-ata-master-passwords/

How to unlock an SSD disk with hdparm?

2 Answers2

Linked