HDPARM - Reading password from a file? (Or inputting hex)

0

Almost complete Linux noob here, but I've been forced to switch over from Windows to a live Ubuntu to do some HDLocking magic.

TLDR; I have an old Original Xbox that needs the internal drive to be locked with a certain password to be able to boot up again (original drive died, but I managed to recover the internal EEPROM serial key, which is used to lock/unlock the drive)

So far : I have spent a few hours digging through google and can now comfortably lock, unlock and disable a plaintext password on the drive. But I dare not try with hex, given how there seems to be no '' or "" bracket support?, or any mention of reading hex (or converted hex)

This is the key in hex that I need to lock the drive with. 8e 05 80 83 89 85 67 2b c6 c3 c1 2a 9c ef d5 2a 44 63 90 e7 00 00 00 00 00 00 00 00 00 00 00 00

So far I've been using the following command to do a plaintext pass. hdparm --user-master u --security-set-pass PASSWORD /dev/sdc

Any Linux/Hex wizards here who can help me along? :)

Mansen

Posted 2019-05-19T22:16:32.390

Reputation: 3

Answers

1

Updated Answer

Since hdparm version 9.46 (released on 2015-06-14), hdparm supports binary passwords in the form of a hex string. All you need to do is prepend hex: to the password, so your input would look like this:

hdparm --user-master u --security-set-pass hex:8e0580838985672bc6c3c12a9cefd52a446390e7000000000000000000000000 /dev/sdc

You need to supply a full 64-character hex password, so make sure the right side is padded with zeroes if your password is shorter than the required 32 bytes.

This method also accepts left-padded null bytes, which was a feature request mentioned by @myxal.

Old Answer

You can use xxd -r -p to take that hex and turn it into binary for use as the security password in hdparm.

hdparm --user-master u --security-set-pass "$(echo '8e 05 80 83 89 85 67 2b c6 c3 c1 2a 9c ef d5 2a 44 63 90 e7' | xxd -r -p)" /dev/sdc

(The null bytes (00) are unnecessary, and hdparm automatically pads them anyway.)

If you've made a mistake, unset the password like so:

hdparm --user-master u --security-disable "$(echo '8e 05 80 83 89 85 67 2b c6 c3 c1 2a 9c ef d5 2a 44 63 90 e7' | xxd -r -p)" /dev/sdc

explainshell.com explanation of <code>xxd -r -p</code>

Deltik

Posted 2019-05-19T22:16:32.390

Reputation: 16 807

That seemed to do the trick nicely! :)

Did have to throw a sudo at it to get it working though. – Mansen – 2019-05-21T06:43:40.250

Is there no way to provide the hex string directly to hdparm? I don't think this solves the issue when the password begins with null character, as bash will trim such string as part of expansion. – myxal – 2019-07-24T11:15:52.853

@myxal: There is no implementation in hdparm to handle a left-padding of null characters. Furthermore, C, the language in which hdparm is written, uses the null character as a string terminator, so even if you could pass in an argument that began with null, the whole string would be null. (This is not a Bash limitation.) If your hard drive password begins with a null, you will have to craft a raw SCSI command to send to the disk.

– Deltik – 2019-07-24T13:13:07.163

@Deltik: Yes, that's exactly the problem. I was hoping hdparm itself would take the hex string as an argument and transform it into a byte array internally. There's a feature request with a patch that enables hdparm to read the password from a file, which would also resolve the problem, but it was never committed AFAICT.

– myxal – 2019-07-24T15:48:38.790

1

@myxal: Good news! Turns out I was mistaken about hdparm's binary security password capabilities. hdparm version 9.46 and newer support binary passwords in the form of a hex string. See my updated answer for more information.

– Deltik – 2019-07-25T08:23:56.387

Asked: 2019-05-19T22:16:32.390

Viewed: 210 times

Active: 2019-07-25T08:22:42.617