TL;DR: Recovering data from a password-protected SATA hard disk that was locked by a Thinkpad
I wish this post would be as generally valid as the title suggests; at this hour I’m just unspeakably glad to have unlocked a hard disk I didn’t even know I had locked and can finally go to bed.
What happened?
I enabled password protection in the Thinkpad BIOS, believing that it’s “just” a UI thing. If the laptop ever would break down, I’d be able to salvage the disk, install it in a new computer, worst case re-enter the password and all would be good. Until said Thinkpad broke down.
I removed the hard disk from the dead Thinkpad and connected it via USB to a different computer which couldn’t read it. Weirdly enough, none of the recovery tools I tried would even find a trace of data on the disk, not even a partition table. At that point it dawned on me that BIOS password must have had activated the SATA protection feature of the disk.
Trying out stuff
These two [1] posts [2] helped unlock the hard disk after a few tries. I don’t think any of this will work over USB because of the low-level SATA interactions. I installed the hard disk (/dev/sdb) in a Linux NAS where I had root access.
First let’s see if the drive is indeed locked:
hdparm -I /dev/sdb ... supported enabled not locked not frozen not expired: security count
A naive
hdparm --security-disable mypassword /dev/sdb
of course didn’t work. The reason is that Thinkpads transform the password so it’s not stored in clear text. Jethro Beekman wrote a Ruby programme [3] which encodes the password.
I cloned his repository:
git clone https://github.com/jethrogb/lenovo-password.git cd lenovo-password
(alternatively download the ZIP, extract)
Next installed ruby
sudo apt install ruby
Then followed the instructions, not knowing much what I was doing:
sudo hdparm --Istdout /dev/sda > sda.ata_identify P="$(ruby pw.rb sda.ata_identify)" sudo hdparm --security-unlock "$P" /dev/sdb sudo hdparm --security-disable "$P" /dev/sdb sudo partprobe /dev/sdb
After that, the hard disk was visible again and could be mounted over a USB cable.
Thanks go to users MegaBrutal and jethrogb.
Resources
[1] Disable HDD password when master password is unknown
https://forum.hddguru.com/viewtopic.php?f=1&t=32046
[2] Lenovo ThinkPad HDD Password
https://jbeekman.nl/blog/2015/03/lenovo-thinkpad-hdd-password/
[3] lenovo-password
https://github.com/jethrogb/lenovo-password
Thanks the post I managed to unlock my drive from my dead lenovo thinkpad because of it.
LikeLike
Thank you.
In my case I issued a master password via hdparm. After reboot Thinkpad wanted the password (fine). But as you write, ThinkPad adds “salt”. Altough I typed the corrent password, access was denied.
So the solution for me (worked via USB!) was
hdparm –security-unlock MYPASS /dev/sdb
hdparm –security-disable MYPASS /dev/sdb
Fun Fact: Windows managed to see the disk. They know the master passwords from manufacturers? I wanted the data, so I didn’t formatted. Something to test in future.
LikeLike