Unlocking a password-protected hard disk

TL;DR: Recovering data from a password-protected SATA hard disk that was locked by a Thinkpad

I wish this post would be as generally valid as the title suggests; at this hour I’m just unspeakably glad to have unlocked a hard disk I didn’t even know I had locked and can finally go to bed.

What happened?

I enabled password protection in the Thinkpad BIOS, believing that it’s “just” a UI thing. If the laptop ever would break down, I’d be able to salvage the disk, install it in a new computer, worst case re-enter the password and all would be good. Until said Thinkpad broke down.

I removed the hard disk from the dead Thinkpad and connected it via USB to a different computer which couldn’t read it. Weirdly enough, none of the recovery tools I tried would even find a trace of data on the disk, not even a partition table. At that point it dawned on me that BIOS password must have had activated the SATA protection feature of the disk.

Trying out stuff

These two [1] posts [2] helped unlock the hard disk after a few tries. I don’t think any of this will work over USB because of the low-level SATA interactions. I installed the hard disk (/dev/sdb) in a Linux NAS where I had root access.

First let’s see if the drive is indeed locked:

hdparm -I /dev/sdb
...
 supported
 enabled
 not locked
 not frozen
 not expired: security count

A naive

hdparm --security-disable mypassword /dev/sdb

of course didn’t work. The reason is that Thinkpads transform the password so it’s not stored in clear text. Jethro Beekman wrote a Ruby programme [3] which encodes the password.

I cloned his repository:

git clone https://github.com/jethrogb/lenovo-password.git
cd lenovo-password

(alternatively download the ZIP, extract)

Next installed ruby

sudo apt install ruby

Then followed the instructions, not knowing much what I was doing:

sudo hdparm --Istdout /dev/sda > sda.ata_identify
P="$(ruby pw.rb sda.ata_identify)"
sudo hdparm --security-unlock "$P" /dev/sdb
sudo hdparm --security-disable "$P" /dev/sdb
sudo partprobe /dev/sdb

After that, the hard disk was visible again and could be mounted over a USB cable.

Thanks go to users MegaBrutal and jethrogb.

Resources

[1] Disable HDD password when master password is unknown
https://forum.hddguru.com/viewtopic.php?f=1&t=32046

[2] Lenovo ThinkPad HDD Password
https://jbeekman.nl/blog/2015/03/lenovo-thinkpad-hdd-password/

[3] lenovo-password
https://github.com/jethrogb/lenovo-password

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s