OSDev.org :: View topic - ATA command SET SECURITY PASSWORD DONT WORK

Hi,

The ATA/ATAPI specs say "The device shall return command aborted if the command is not supported, the device is in Locked mode, or the device is in Frozen mode."

I'd expect that the computer's firmware puts all hard drives (that support the feature) into one of these modes during power on, so that the feature can't become a massive "denial of service" security disaster. In fact the ATA/ATAPI specs also say "The SECURITY FREEZE LOCK command prevents changes to passwords until a following power cycle. The purpose of the SECURITY FREEZE LOCK command is to prevent password setting attacks on the security system." so it does look very much like the designers aren't completely incompetent.

Cheers,

Brendan

Author:	Attacker [ Tue Apr 24, 2018 2:14 am ]
Post subject:	ATA command SET SECURITY PASSWORD DONT WORK
i am trying to lock HDD with a password with ATA Command 0F1h SET SECURITY PASSWORD but my code don't lock HDDs with a password. see the source that i write: Code: LOCK_HDD: MOV DX,[HDC_PORT_BASE] ADD DX,6 MOV AL,0E0h OUT DX,AL INC DX MOV AL,0F1H OUT DX,AL DONTREADY: IN AL,DX CMP AL,58H JNZ DONTREADY LEA DI,[pwdbuffer+2] MOV SI,pwd MOV CX,5 REP MOVSB MOV ECX,256 MOV DI,pwdbuffer SUB DX,7 REP OUTSW RET where is wrong in my source?

Author:	MollenOS [ Tue Apr 24, 2018 3:27 am ]
Post subject:	Re: ATA command SET SECURITY PASSWORD DONT WORK
You need to check if the HDD has the Security extension feature, otherwise it does not support it

Author:	Attacker [ Tue Apr 24, 2018 4:50 am ]
Post subject:	Re: ATA command SET SECURITY PASSWORD DONT WORK
MollenOS wrote: You need to check if the HDD has the Security extension feature, otherwise it does not support it i already check it with ATA Command 0ECh(IDENTIFY DEVICE) and the HDD have this feature however my code dont work. why?

Author:	Brendan [ Tue Apr 24, 2018 6:32 am ]
Post subject:	Re: ATA command SET SECURITY PASSWORD DONT WORK
Hi, Attacker wrote: MollenOS wrote: You need to check if the HDD has the Security extension feature, otherwise it does not support it i already check it with ATA Command 0ECh(IDENTIFY DEVICE) and the HDD have this feature however my code dont work. why? The ATA/ATAPI specs say "The device shall return command aborted if the command is not supported, the device is in Locked mode, or the device is in Frozen mode." I'd expect that the computer's firmware puts all hard drives (that support the feature) into one of these modes during power on, so that the feature can't become a massive "denial of service" security disaster. In fact the ATA/ATAPI specs also say "The SECURITY FREEZE LOCK command prevents changes to passwords until a following power cycle. The purpose of the SECURITY FREEZE LOCK command is to prevent password setting attacks on the security system." so it does look very much like the designers aren't completely incompetent. Cheers, Brendan

Author:	Attacker [ Tue Apr 24, 2018 11:17 am ]
Post subject:	Re: ATA command SET SECURITY PASSWORD DONT WORK
Brendan wrote: Hi, The ATA/ATAPI specs say "The device shall return command aborted if the command is not supported, the device is in Locked mode, or the device is in Frozen mode." I'd expect that the computer's firmware puts all hard drives (that support the feature) into one of these modes during power on, so that the feature can't become a massive "denial of service" security disaster. In fact the ATA/ATAPI specs also say "The SECURITY FREEZE LOCK command prevents changes to passwords until a following power cycle. The purpose of the SECURITY FREEZE LOCK command is to prevent password setting attacks on the security system." so it does look very much like the designers aren't completely incompetent. Cheers, Brendan If the HDC issue this ATA Command then how to disable the SECURITY FREEZE LOCK?

OSDev.org https://forum.osdev.org/

ATA command SET SECURITY PASSWORD DONT WORK https://forum.osdev.org/viewtopic.php?f=13&t=32888	Page 1 of 1

Author:	iansjack [ Tue Apr 24, 2018 12:16 pm ]
Post subject:	Re: ATA command SET SECURITY PASSWORD DONT WORK
You'll forgive me for saying this, but your chosen username doesn't give me 100% confidence about the motives behind this request.

Author:	Attacker [ Tue Apr 24, 2018 12:29 pm ]
Post subject:	Re: ATA command SET SECURITY PASSWORD DONT WORK
iansjack wrote: You'll forgive me for saying this, but your chosen username doesn't give me 100% confidence about the motives behind this request. Ii am asking about HDD security only for educational purposes.

Author:	Octocontrabass [ Tue Apr 24, 2018 12:39 pm ]
Post subject:	Re: ATA command SET SECURITY PASSWORD DONT WORK
Most firmware issues a SECURITY FREEZE LOCK command during POST, before booting the OS. Some (mostly in servers) have an option to disable that behavior. Hotplugging can also return the disk to its "not frozen" state, but requires hotplug-capable hardware. If you have to ask, your hardware is probably not hotplug capable.

Page 1 of 1	All times are UTC - 6 hours
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/