Unlock HDD that are locked after Secure Erase

Undefined Programming

Unlock HDD that are locked after Secure Erase

I normally rely on Synology to do secure erase procedure on any HDD before storing or selling them. I now wish I didn’t as the drive may get locked, so I’ve wasted alot of time to test a bulk of HDD I have done in the past to ensure that they are not locked. Synology should provide a visual aid if the HDD is still locked, and provide a means to prevent the security lock still in place.

Symptoms

In Windows you get the ‘Data error (cyclic redundancy check).’ error, while the Mint Linux would ask for the password for that particular drive.

Manufacture Master Password

These are the commands you needs, but first you need the master password on which ever HDD manufacture you are using. There is a list of passwords from Forensics Wiki

  • Western Digital: WDCWDCWDCWDCWDCWDCWDCWDCWDCWDCW
  • Maxtor: Maxtor*INIT SECURITY TEST STEP*F (* means 00h)
  • Seagate: Seagate
  • Fujitsu, Hitachi, Toshiba: 32 spaces
  • Samsung: tttttttttttttttttttttttttttttttt
  • IBM:
    • CED79IJUFNATIT
    • VON89IJUFSUNAJ
    • RAM00IJUFOTSELET

Command

Drive Information

sudo hdparm -I /dev/sd[drive letter]

Switching ‘Locked’ into ‘Not Locked’

sudo hdparm --user-master m --security-unlock [Password] /dev/sd[drive letter]

Switching ‘Enabled’ into ‘Not Enabled’ security lock

sudo hdparm --user-master m --security-disable [Password] /dev/sd[drive letter]

Synology

If you still got your Synology, you can telnet into the system.

o [IP Address] [port]

example

o 192.168.1.100 23

Use your admin account to login to the system.

List all drives

cat /proc/diskstats

Find the drive that you wish to poll, then use this command to find which drive letters available could be ‘sda’, ‘sdb’ and so on.

Drive information

sudo hdparm -I /dev/sd[drive letter]

For DSM 6 onwards, to become root do this first.

sudo -i
hdparm -I /dev/sd[drive letter]

You want to gather the drive information, you only need to look at the security section (near bottom), if it’s says the following ‘enabled’, ‘locked’ and ‘Security level high’ which mean it’s locked.

Now run the disable and unlock command

sudo hdparm --user-master m --security-unlock [Password] /dev/sd[drive letter]
sudo hdparm --user-master m --security-disable [Password] /dev/sd[drive letter]

Check the drive information again, you should see ‘not enabled’ and ‘not locked’ and the security level high message disappeared.

Linux Mint Distribution

If you don’t have an Synology you can use a bootable Linux Operating System, I recommend Linux Mint download their popular edition “Cinnamon 64-bit edition” on their download page.

Please note that you connect the drive directly using SATA not via USB as I could not send the command correctly.

Get Rufus which is the best software to make bootable USB, it’s very tiny and very simple to use. I just download the portable version, and just loaded the ISO Image using the CD disk image icon next to “Create a bootable disk using”. Remember that all data will be deleted ensure you select the correct USB device to start with.

Boot that USB, and open terminal once Mint loaded.

Display drive information and check out the security section. For this example it was the only drive so I know it’s ‘sda’

sudo hdparm -I /dev/sda

You can see that the security is ‘enable’, ‘locked’ and ‘Security level high’.

Run

sudo hdparm --user-master m --security-unlock WDCWDCWDCWDCWDCWDCWDCWDCWDCWDCW /dev/sda
sudo hdparm --user-master m --security-disable WDCWDCWDCWDCWDCWDCWDCWDCWDCWDCW /dev/sda

Eventually you get this

To avoid using secure erase you can just send command to write the whole drive with zeros or random bit.
Zeros

sudo dd if=/dev/zero of=/dev/sd[Drive letter] bs=16k

Random

sudo dd if=/dev/random of=/dev/sd[Drive letter] bs=16k

4 Responses

  1. Tim says:

    fantastic post, however, note that the commands to remove the password and the security need “sudo” in front of them. in your post, the first time the commands appear, the sudo is missing and I typed as is and it didn’t work, said wrong password. so i scrolled down and then i copy/pasted the second iteration under the mint instructions and it worked fine.

    • poyu says:

      Hi Tim, just updated the post to include ‘sudo’ on all commands, I believe you only need to state sudo once on Synology then provide a password and you become root from then onward. Though being root has changed from Synology DSM 6 onwards, I’ve also updated the forensicswiki link to their new domain https://forensicswiki.xyz/. Glad that it works for you, this post is quite old.

  2. Mike says:

    This saved my week-end, crazy. Why does secure erase lock a drive ?
    One point, in the forensics you put one character too much at the end …
    Cheers
    Mike

    • poyu says:

      Glad that it helps you Mike, oddly forensics has been wrong all this time. I think I’ve corrected the code when I was experimenting with unlocking my Western Digital. I believe the secure lock was just a half bake process that was a great idea at the time, but as you can tell it’s useless.

Leave a Reply

Your email address will not be published. Required fields are marked *