OSDev.org

The Place to Start for Operating System Developers
It is currently Thu Mar 04, 2021 10:42 pm

All times are UTC - 6 hours




Post new topic Reply to topic  [ 8 posts ] 
Author Message
 Post subject: ATA command SET SECURITY PASSWORD DONT WORK
PostPosted: Tue Apr 24, 2018 2:14 am 
Offline

Joined: Tue Apr 24, 2018 2:07 am
Posts: 6
i am trying to lock HDD with a password with ATA Command 0F1h SET SECURITY PASSWORD but my code don't lock HDDs with a password. see the source that i write:
Code:
LOCK_HDD:
MOV DX,[HDC_PORT_BASE]
ADD DX,6
MOV AL,0E0h
OUT DX,AL

INC DX
MOV AL,0F1H
OUT DX,AL

DONTREADY:
IN AL,DX
CMP AL,58H
JNZ DONTREADY

LEA DI,[pwdbuffer+2]
MOV SI,pwd
MOV CX,5
REP MOVSB

MOV ECX,256
MOV DI,pwdbuffer
SUB DX,7
REP OUTSW
RET

where is wrong in my source?


Top
 Profile  
 
 Post subject: Re: ATA command SET SECURITY PASSWORD DONT WORK
PostPosted: Tue Apr 24, 2018 3:27 am 
Offline
Member
Member

Joined: Wed Oct 26, 2011 12:00 pm
Posts: 194
You need to check if the HDD has the Security extension feature, otherwise it does not support it

_________________
Github
Website


Top
 Profile  
 
 Post subject: Re: ATA command SET SECURITY PASSWORD DONT WORK
PostPosted: Tue Apr 24, 2018 4:50 am 
Offline

Joined: Tue Apr 24, 2018 2:07 am
Posts: 6
MollenOS wrote:
You need to check if the HDD has the Security extension feature, otherwise it does not support it

i already check it with ATA Command 0ECh(IDENTIFY DEVICE) and the HDD have this feature however my code dont work. why?


Top
 Profile  
 
 Post subject: Re: ATA command SET SECURITY PASSWORD DONT WORK
PostPosted: Tue Apr 24, 2018 6:32 am 
Offline
Member
Member
User avatar

Joined: Sat Jan 15, 2005 12:00 am
Posts: 8561
Location: At his keyboard!
Hi,

Attacker wrote:
MollenOS wrote:
You need to check if the HDD has the Security extension feature, otherwise it does not support it

i already check it with ATA Command 0ECh(IDENTIFY DEVICE) and the HDD have this feature however my code dont work. why?


The ATA/ATAPI specs say "The device shall return command aborted if the command is not supported, the device is in Locked mode, or the device is in Frozen mode."

I'd expect that the computer's firmware puts all hard drives (that support the feature) into one of these modes during power on, so that the feature can't become a massive "denial of service" security disaster. In fact the ATA/ATAPI specs also say "The SECURITY FREEZE LOCK command prevents changes to passwords until a following power cycle. The purpose of the SECURITY FREEZE LOCK command is to prevent password setting attacks on the security system." so it does look very much like the designers aren't completely incompetent.


Cheers,

Brendan

_________________
For all things; perfection is, and will always remain, impossible to achieve in practice. However; by striving for perfection we create things that are as perfect as practically possible. Let the pursuit of perfection be our guide.


Top
 Profile  
 
 Post subject: Re: ATA command SET SECURITY PASSWORD DONT WORK
PostPosted: Tue Apr 24, 2018 11:17 am 
Offline

Joined: Tue Apr 24, 2018 2:07 am
Posts: 6
Brendan wrote:
Hi,

The ATA/ATAPI specs say "The device shall return command aborted if the command is not supported, the device is in Locked mode, or the device is in Frozen mode."

I'd expect that the computer's firmware puts all hard drives (that support the feature) into one of these modes during power on, so that the feature can't become a massive "denial of service" security disaster. In fact the ATA/ATAPI specs also say "The SECURITY FREEZE LOCK command prevents changes to passwords until a following power cycle. The purpose of the SECURITY FREEZE LOCK command is to prevent password setting attacks on the security system." so it does look very much like the designers aren't completely incompetent.


Cheers,

Brendan


If the HDC issue this ATA Command then how to disable the SECURITY FREEZE LOCK?


Top
 Profile  
 
 Post subject: Re: ATA command SET SECURITY PASSWORD DONT WORK
PostPosted: Tue Apr 24, 2018 12:16 pm 
Offline
Member
Member
User avatar

Joined: Sat Mar 31, 2012 3:07 am
Posts: 4109
Location: Chichester, UK
You'll forgive me for saying this, but your chosen username doesn't give me 100% confidence about the motives behind this request.


Top
 Profile  
 
 Post subject: Re: ATA command SET SECURITY PASSWORD DONT WORK
PostPosted: Tue Apr 24, 2018 12:29 pm 
Offline

Joined: Tue Apr 24, 2018 2:07 am
Posts: 6
iansjack wrote:
You'll forgive me for saying this, but your chosen username doesn't give me 100% confidence about the motives behind this request.

Ii am asking about HDD security only for educational purposes.


Top
 Profile  
 
 Post subject: Re: ATA command SET SECURITY PASSWORD DONT WORK
PostPosted: Tue Apr 24, 2018 12:39 pm 
Offline
Member
Member

Joined: Mon Mar 25, 2013 7:01 pm
Posts: 2817
Most firmware issues a SECURITY FREEZE LOCK command during POST, before booting the OS. Some (mostly in servers) have an option to disable that behavior.

Hotplugging can also return the disk to its "not frozen" state, but requires hotplug-capable hardware. If you have to ask, your hardware is probably not hotplug capable.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 8 posts ] 

All times are UTC - 6 hours


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group