Defeating the ATA password on Samsung drives :
This time I'm going to demonstrate how to remove the ATA password on a Samsung drive.
This method should work for the majority of the Samsung drives on the market, except the latest ones (maybe).
For my example I'm going to use an older 80 GB SP0802N (Palo) drive, as those were very popular several years ago.
- Lock the drive with the ATA password. On this example i'm going to use "HDDOracle" as Master and "Spildit" as User.
- Make sure the drive is locked
As you can see by trying to verify the drive there is no access to LBA at all, because the ATA password is preventing access to the user data.
- Now you will need a Firmware Tool that can work with Samsung. For this example I'm going to use the SRT (Samsung Repair Tool) but all the major commercial Samsung firmware tools on the market should allow the same sort of actions that I'm going to describe on this guide. Also note that I have my test drive connected to the PC-3000 card on this example, so I'm going to use the SRT to select the PC-3000 card where my drive is connected. This would of course work without any PC-3000 card, you would just have to plug the drive to the IDE port of the computer and run SRT selecting that port instead.
More info about SRT can be found here :viewforum.php?f=33
- For reference here you have some info on my drive :
- Now let's use SRT and by right clicking on the main window let's find "Modules Operations" under the "Service" menu and click on it. Then let's select MOD ID 16 - Security and READ it. A green check mark means that the module have been retrieved ok. Also note that the fact that the module list appear on the window of SRT Module Operation panel means that MC (SA) can be accessed and the ATA password is not blocking it's access.
- Let's now DUMP the password using the option to do so on SRT. Can you see the Master and User password on the module ? Can you see the byte that define that the password is on and the byte that defines the level of security ?
- Now you could just use your favorite program, like MHDD to unlock the drive by inputting the password manually. Pay close attention for the way the password is stored on the module !!!
- But let's just clear everything from the module using the integrated Hex-Editor of SRT. Don't forget to zero out the value that define that the password is on, as well as the passwords, if you want so. Just leave the work SECURITY on the module. All the rest should be zeroed out.
- And now let's save the module back to the drive by writing it with SRT.
- Don't forget to power off and on the drive so that the firmware is reloaded again and the result will be ....
Drive Unlocked !!!!
- Also note that if you don't have any firmware tool but you have a very old Samsung drive you might still be able to unlock it with the Samsung special vendor tools (that allow MC access) posted here :viewforum.php?f=124
Hope that this guide can be of some use.