Print

[Bomb Bloke]

Concerning drive locking.

At present, an unmodded BIOS will only read the hard drive the system is locked to. You put in an unlocked drive you get an error 05, you put in an incorrectly locked drive you get an error 06.

Most modded BIOS types remove the limitation regarding unlocked drives, so the console does not throw error 05 and works normally with one installed.

What I'm wondering is this. Would it be possible to modify a BIOS to be able to access a locked drive using the master passcode as well as the user passcode?

Currently, many third party drives out there have been locked by ConfigMagic/EvoX/XBoxHDM, which use master passcodes of TEAMASSEMBLY or XBOXSCENE.

Many stock Seagate drives have been confirmed to use "Seagate" + 25 spaces as the master code, and Western Digital drives apparently use WDCWDCWDCWDCWDCWDCWDCWDCWDCWDCWD.

If a BIOS could be made to try each of these four codes if the user code fails, then it'd be much MUCH easier to transfer hard drives between systems - especially those using softmods.

Say you have a chipped/flashed box with this feature in the BIOS. You get a new unmodded console with a Western Digital drive in it. You slot the drive in the modded box and it can read it straight off the bat; no need to extract the EEPROM data from the new system or hotswap as the master passcode gives access. You install a softmod, put the drive back in the new console and off you go...

One problem I can see here is that I'm not sure if you can access a drive using the master passcode without unlocking it entirely.  (IMG:style_emoticons/default/unsure.gif)

This post has been edited by xboxgamer733: Nov 27 2008, 01:31 PM

[ldotsfan]

QUOTE(Bomb Bloke @ Jun 23 2008, 03:22 PM)

One problem I can see here is that I'm not sure if you can access a drive using the master passcode without unlocking it entirely.  

It depends on the security level. For "High", either user or master password may be used. For "Maximum", only user password may be used. I don't know what's the default security level set by the xbox kernel though.

Edit: Xbox linux reports that the default security level is High: http://www.xbox-linu...chnical_Details

so your idea should work.

[Bomb Bloke]

Bwahaha, that's what I like to hear.  (IMG:style_emoticons/default/muhaha.gif)

Actually, isn't it possible to access a drive using one of XBoxHDM's tools without unlocking it? Can't remember, but I've got a vague hunch it can be done... If I ever get to spend more then a day at home I'll give it a test.

This post has been edited by Bomb Bloke: Jun 24 2008, 07:36 AM

[ldotsfan]

QUOTE(Bomb Bloke @ Jun 24 2008, 02:32 PM)

Bwahaha, that's what I like to hear.  

Actually, isn't it possible to access a drive using one of XBoxHDM's tools without unlocking it? Can't remember, but I've got a vague hunch it can be done... If I ever get to spend more then a day at home I'll give it a test.

  Without unlocking? Hotswapping before xboxhdm is the only other way. I found another xbox-scene news item that refuted xbox linux's claims about the security level so I have my doubts again. Anyway only way to verify is to try it  

[Bomb Bloke]

No, I'm serious. As per the docs included with XBoxHDM:

QUOTE("Tutorial.txt")

* hdunlock, Only unlocks a HDD but doesn't disable locking. The drive will relock after reboot if you only run this tool.

Whatever that tool supposedly does is exactly what the X-Box does when you turn it on. It gets past the lock without actually removing it from the drive.

What I was meaning to test was whether this can be done with the Master passcode.

Also picked up this little gem:

QUOTE

The disk lock is a built-in security feature in the disk. It is part of the ATA specification, and thus not specific to any brand or device.

A disk always has two passwords: A User password and a Master password. Most disks support a Master Password Revision Code, which can tell you if the Master password has been changed, or it it still the factory default. The revision code is word 92 in the IDENTIFY response. A value of 0xFFFE means the Master password is unchanged.

A disk can be locked in two modes: High security mode or Maximum security mode. Bit 8 in word 128 of the IDENTIFY response tell you which mode your disk is in: 0 = High, 1 = Maximum.

In High security mode, you can unlock the disk with either the user or master password, using the "SECURITY UNLOCK DEVICE" ATA command. There is an attempt limit, normally set to 5, after which you must power cycle or hard-reset the disk before you can attempt again.

In Maximum security mode, you cannot unlock the disk! The only way to get the disk back to a usable state is to issue the SECURITY ERASE PREPARE command, immediately followed by SECURITY ERASE UNIT. The SECURITY ERASE UNIT command requires the Master password and will completely erase all data on the disk. The operation is rather slow, expect half an hour or more for big disks. (Word 89 in the IDENTIFY response indicates how long the operation will take.)

Assuming that lot's correct, there's no way the drives we're dealing with are using Maximum level codes. They'd be unreadable; it appears Maximum mode should only be used in dire circumstances (such as when a drive containing sensitive data is to be disposed of permanently - though note that there are companies out there who claim they can bypass even this sort of code).

Everything I'm reading online suggests this same hdunlock tool should be able to do with the master code what it does with the user code. Just a matter of checking it now...

This post has been edited by Bomb Bloke: Jun 25 2008, 04:21 PM

[ldotsfan]

QUOTE(Bomb Bloke @ Jun 25 2008, 11:02 PM)

What I was meaning to test was whether this can be done with the Master passcode.

I see your point now, when I was working on the usb version of xboxhdm, I came across this:
http://xbox-linux.cv...amp;view=markup

CODE

 102             case 'o':
  103                 if (!strcmp(optarg,"LOCK") || !strcmp(optarg,"lock"))
  104                     ide_cmd = WIN_SECURITY_SET_PASS;
  105                 else if(!strcmp(optarg,"UNLOCK") || !strcmp(optarg,"unlock"))
  106                     ide_cmd = WIN_SECURITY_UNLOCK;
  107                 else if (!strcmp(optarg,"DISABLE-PW") || !strcmp(optarg,"disable-pw"))
  108                     ide_cmd = WIN_SECURITY_DISABLE;
  109                 else showUsage(argv[0]);
  110         }
  111     }

So you are referring to line 106 but with the master password in HIGH security level.
We usually invoke line 107 when we use xboxhdm boot option 3.

[Bomb Bloke]

It just occurred to me that if this works, then it doesn't matter in the slightest if it can be turned into a BIOS feature or not. Just the ability to do it via XBoxHDM will just about nullify the need for anyone to hotswap ever again. The BIOS patch would just be a nice extra.

I've got a spare drive. I'm testing this one out right now...

[Bomb Bloke]

I've never used ATAPWD before tonight. Never needed to. In fact, I've only ever used XBoxHDM once, and that was to build a new drive from scratch (and even then I didn't use Kingroach's stuff, I just used the basic "copy C files over" setup to install a softmod).

I cannot believe no one has reported doing this before...

But, you can load it up, select "UNLOCK WITH MASTER PASSWORD"... Enter the password... ("TEAMASSEMBLY" in my particular case)...

And it removes the lock status without disabling it entirely. It comes back on the next reboot, but not if you just close ATAPWD and reload that.

ATAPWD even tells you the security level. Press the F1 button for more info on what the display means. It's a really, really cool program.

Though, and this is the aggravating part, even a "soft" reboot via Ctr-Alt-Del results in the drive going back to fully locked. I don't know how to get at the more useful tools XBoxHDM provides without re-instating the lock as there seems to be no command from the DOS environment to return to the initial boot screens.

But, best I can make out this works. And I bet something really kick-ass can be done with that knowledge.  

[ldotsfan]

QUOTE(Bomb Bloke @ Jun 26 2008, 12:06 AM)

I cannot believe no one has reported doing this before...

But, you can load it up, select "UNLOCK WITH MASTER PASSWORD"... Enter the password... ("TEAMASSEMBLY" in my particular case)...

And it removes the lock status without disabling it entirely. It comes back on the next reboot, but not if you just close ATAPWD and reload that.

ATAPWD even tells you the security level. Press the F1 button for more info on what the display means. It's a really, really cool program.

Though, and this is the aggravating part, even a "soft" reboot via Ctr-Alt-Del results in the drive going back to fully locked. I don't know how to get at the more useful tools XBoxHDM provides without re-instating the lock as there seems to be no command from the DOS environment to return to the initial boot screens.

But, best I can make out this works. And I bet something really kick-ass can be done with that knowledge.  

The Linux tools (xboxhdm option 3) can do what the DOS tools can do too. A simple modification of the unlocking shell script to try the master password WDCWDC... or SeagateXXXXXX. I think this covers 2 out of the 3 stock hdds used in xbox. Or does the pair of master passwords cover all stock hdds?

I don't have the the unmodded seagate to try anymore as I've used xboxhdm to lock it so the master password has changed but I can try the procedure with the xboxhdm master password ... actually does xboxhdm change the master password?  

[Bomb Bloke]

To my understanding, the Linux based drive locking tools included with XBoxHDM use "XBOXSCENE" as the master passcode. I would recommend having it check that code as well, along with "TEAMASSEMBLY".

I've put my testing computer back together again already, but I seem to remember ATAPWD having an option to set the code to whatever you want.

In my case, I used ConfigMagic to lock the drive.

I'm not sure if any X-Boxes were released with drives other then Seagates or WD's. I can't seem to find mention of any other brands. That said, I don't know if the master codes work with all Seagates/WDs out there.

Edit: This thread has been merged. Ldotsfan's below post is linking to the above post's original location, where they have since been moved from.

This post has been edited by Bomb Bloke: Jun 27 2008, 03:54 AM

[ldotsfan]

This started from http://forums.xbox-s...&...t&p=4297057

CODE

Many stock Seagate drives have been confirmed to use "Seagate" + 25 spaces as the master code, and Western Digital drives apparently use WDCWDCWDCWDCWDCWDCWDCWDCWDCWDCWD.

Bomb Bloke made the discovery that we can temporarily unlock the hdd with the master password until the next reboot. He tested with the master password TEAMASSEMBLY as he locked his with ConfigMagic.

If the stock hdd's security level is default to High which is claimed by a xbox linux article, we can then use the known master password to unlock the hdd and then softmod it with xplorer360 without doing any hotswapping.

It gets better, there is actually a windows based tool: http://hdparm-win32.dyndns.org/hdparm/ that might be able to unlock the hdd with this command:

CODE

hdparm --security-unlock WDCWDCWDCWDCWDCWDCWDCWDCWDCWDCWD /dev/hdb

Assuming the xbox hdd is the second hdd in your system. The Seagate stock hdd can't be tested yet as the tool doesn't handle spaces in the password yet but the source code is available.

So if you have a stock WD hdd that was never unlocked, could you test it out and let us know the result?

This will pave a new way to softmod without the need to hotswap if the results are positive.

[lordvader129]

i know the WD password works, ive used it to unlock (and disable the the lock, its a separate command) on a stock WD of unknown origin

This post has been edited by lordvader129: Jun 26 2008, 04:36 PM

[ldotsfan]

QUOTE(Bomb Bloke @ Jun 26 2008, 12:37 AM)

To my understanding, the Linux based drive locking tools included with XBoxHDM use "XBOXSCENE" as the master passcode. I would recommend having it check that code as well, along with "TEAMASSEMBLY".

The original xboxhdm can't be used as after temporarily unlocking the hdd in kernel 2.6 (option 3), you need to reboot to option 1/2 (kernel 2.4) to use the rest of the tools: xboxhd and xbrowser. And that will activate the hd lock again.

My usb version - xboxhdm2 doesn't require a reboot as it uses qemu to run the 2.4 kernel emulated but as it is, it doesn't work yet. Let's see the responses in the pinned topic first before I modify xboxhdm2. I suspect memory requirements as my test machine for xboxhdm stuff is a very old PC with 128Mb RAM since the BIOS doesn't implement Freeze Lock which is another nuisance we have to deal with when doing hdd security stuff. Freeze Locked hdd ignore all subsequent security commands until the next reboot.

[run088]

Im a hardware guy software shit like this gets over my head sometimes and I usually stay away from threads like this but you all gave me an idea.
Why not build a master password for the hdd into the softmod installer.This way if the mobo ever died and the hdd is locked and you dont have an eeprom backup all would still be good.
Would it be possible to do this?

[Bomb Bloke]

Sort of. It's already fully possible to unlock a drive completely using the master passcode. It just seems to have been assumed that most drives won't accept the codes, so we always tell people to rip the EEPROM...

Whether or not the master code does work on most drives? I have no idea. But, um, I haven't seen someone report a failure yet.  

The idea here is if a new HDD needs softmodding, or has reverted to an error 16 or something, you can mess with the files on it without removing the lock via the EEPROM or hotswapping.

Ldotsfan, is that tool bright enough to take advantage of quotes around the passcode? So you'd have a command like this for a Seagate:

CODE

hdparm --security-unlock "SEAGATE                         " /dev/hdb

If not, perhaps the tools bundled with XBoxHDM can CHANGE the master passcode. You boot ATAPWD for eg, switch the master code to something the Windows tool will work with (taking care to leave the user code well alone of course), and then reboot.