You are currently viewing Unlock HDD that are locked after Secure Erase

Unlock HDD that are locked after Secure Erase

I normally rely on Synology to do secure erase procedure on any HDD before storing or selling them. I now wish I didn’t as the drive may get locked, so I’ve wasted alot of time to test a bulk of HDD I have done in the past to ensure that they are not locked. Synology should provide a visual aid if the HDD is still locked, and provide a means to prevent the security lock still in place.


In Windows you get the ‘Data error (cyclic redundancy check).’ error, while the Mint Linux would ask for the password for that particular drive.

Manufacture Master Password

These are the commands you needs, but first you need the master password on which ever HDD manufacture you are using. There is a list of passwords from Forensics Wiki

  • Maxtor: Maxtor*INIT SECURITY TEST STEP*F (* means 00h)
  • Seagate: Seagate
  • Fujitsu, Hitachi, Toshiba: 32 spaces
  • Samsung: tttttttttttttttttttttttttttttttt
  • IBM:


Drive Information

sudo hdparm -I /dev/sd[drive letter]

Switching ‘Locked’ into ‘Not Locked’

sudo hdparm --user-master m --security-unlock [Password] /dev/sd[drive letter]

Switching ‘Enabled’ into ‘Not Enabled’ security lock

sudo hdparm --user-master m --security-disable [Password] /dev/sd[drive letter]


If you still got your Synology, you can telnet into the system.

o [IP Address] [port]


o 23

Use your admin account to login to the system.

List all drives

cat /proc/diskstats

Find the drive that you wish to poll, then use this command to find which drive letters available could be ‘sda’, ‘sdb’ and so on.

Drive information

sudo hdparm -I /dev/sd[drive letter]

For DSM 6 onwards, to become root do this first.

sudo -i
hdparm -I /dev/sd[drive letter]

You want to gather the drive information, you only need to look at the security section (near bottom), if it’s says the following ‘enabled’, ‘locked’ and ‘Security level high’ which mean it’s locked.

Now run the disable and unlock command

sudo hdparm --user-master m --security-unlock [Password] /dev/sd[drive letter]
sudo hdparm --user-master m --security-disable [Password] /dev/sd[drive letter]

Check the drive information again, you should see ‘not enabled’ and ‘not locked’ and the security level high message disappeared.

Linux Mint Distribution

If you don’t have an Synology you can use a bootable Linux Operating System, I recommend Linux Mint download their popular edition “Cinnamon 64-bit edition” on their download page.

Please note that you connect the drive directly using SATA not via USB as I could not send the command correctly.

Get Rufus which is the best software to make bootable USB, it’s very tiny and very simple to use. I just download the portable version, and just loaded the ISO Image using the CD disk image icon next to “Create a bootable disk using”. Remember that all data will be deleted ensure you select the correct USB device to start with.

Boot that USB, and open terminal once Mint loaded.

Display drive information and check out the security section. For this example it was the only drive so I know it’s ‘sda’

sudo hdparm -I /dev/sda

You can see that the security is ‘enable’, ‘locked’ and ‘Security level high’.


sudo hdparm --user-master m --security-unlock WDCWDCWDCWDCWDCWDCWDCWDCWDCWDCW /dev/sda
sudo hdparm --user-master m --security-disable WDCWDCWDCWDCWDCWDCWDCWDCWDCWDCW /dev/sda

Eventually you get this

To avoid using secure erase you can just send command to write the whole drive with zeros or random bit.

sudo dd if=/dev/zero of=/dev/sd[Drive letter] bs=16k


sudo dd if=/dev/random of=/dev/sd[Drive letter] bs=16k

This Post Has 6 Comments

  1. Tim

    fantastic post, however, note that the commands to remove the password and the security need “sudo” in front of them. in your post, the first time the commands appear, the sudo is missing and I typed as is and it didn’t work, said wrong password. so i scrolled down and then i copy/pasted the second iteration under the mint instructions and it worked fine.

    1. poyu

      Hi Tim, just updated the post to include ‘sudo’ on all commands, I believe you only need to state sudo once on Synology then provide a password and you become root from then onward. Though being root has changed from Synology DSM 6 onwards, I’ve also updated the forensicswiki link to their new domain Glad that it works for you, this post is quite old.

  2. Mike

    This saved my week-end, crazy. Why does secure erase lock a drive ?
    One point, in the forensics you put one character too much at the end …

    1. poyu

      Glad that it helps you Mike, oddly forensics has been wrong all this time. I think I’ve corrected the code when I was experimenting with unlocking my Western Digital. I believe the secure lock was just a half bake process that was a great idea at the time, but as you can tell it’s useless.

  3. lavigna

    Any way to gain access to seagate hdd which has the master pswd changed ( I don’t care about the user’s data)?

    1. poyu

      Hiya, the master password cannot be changed, you use it to unlock the drive that was set by the user password. This would erase all data and allow you to use the HDD. You may have to get/ask Seagate what is the master password, for newer drive as this list is very old.

      From what I know you can set a user password to secure the drive, but there is also a master password embedded inside the firmware to allow people to regain control of lost password HDD.

      Please note that laptop may not be able to send the master password to the HDD, so external HDD or caddy doesn’t work.

Leave a Reply