Data Recovery from an ATA password protected Seagate Momentus hard drive

Hard Disk Drive: Seagate Momentus ST96812A 5400.2
Type: Laptop
Capacity: 60Gb
Problem: ATA password protected, no commercially available means of bypassing the password

An ATA password effectively locks a hard drive on a sector by sector basis; the data held on the drive can not be read unless the correct password is entered, or the password is removed / bypassed.

At the time this article was written there were no commercially available means to unlock / remove / bypass this password. So using Diskmaster (our in house hard disk R&D tool) we decided to write one.

The trick was to find the service data area on the hard drive – this is the area of the hard disk that contains information the drive needs in order to function correctly. In amongst this data will be the ATA password. Using existing knowledge of the Momentus hard drive families we were able to identify the location of this data within the hard drives service area. From there it was a case of correctly identifying the password offset and (re)setting the flag(s) that define whether the ATA password is set or not. Writing the changes to the service data area and cycling the power completed the password bypass process.

Interestingly the password was stored in an unencrypted form within the service data area.