I'm trying to figure out how I can write a program that will use the ATA spec's command codes to perform tasks on hard drives. My main reason for this is I want to try to make a bruteforcer for the ATA security feature used in the XBox. The ATA sepc provides a set of security features to lock the hard drive unless you have the password. I'm trying to write a program that will attempt to brutforce this password but I have no knowledge of programming the PIO. The ATA spec talks about using registers and command codes to do stuff but I have no idea how to do that. Does anyone have any experience in this area of programming? or has ny idea where I can get more info?

Thanks,

goatass

hi, goatass, i cant help on this, but i know theres lot of H/W guys at http://board.win32asmcommunity.net/

that surely/maybe can help you about PIO.

regards

Heh well now adays must harddrives use DMA or UDMA(there is 133-mode 6 out now). PIO mode 4 is quite slow in comparisson. I would probably get the specs for the harddrives in question though. The ATA standard is a public standard too I believe you can obtain.

Snatch

Hello goatass,

I am not entirely sure if this is what you are looking for,
but the "security scheme" you describe sounds quite similar to
the one present on the microsoft xbox gaming console.

I have included some links for you, if nothing else they provide
an interresting read.

Unlocker program with source code:
http://web2.athen227.server4free.de/hddunlock.zip

Interresting forum thread:
http://www.xboxhacker.net/cgi-bin/ikonboard/ikonboard.cgi?s=3d85898d28b2ffff;act=ST;f=4;t=6184

also check out the harddisk information at:
http://xbox-linux.sourceforge.net/articles.php

if you are looking for source code and information for doing lowlevel
ida/ata coding/hacking you should check out:

http://www.ata-atapi.com/

Best Regards, xor37h

Re,

lolness, just read your post again, this time a little more detailed
and see that you are infact talking about the xbox ;-)

anyway, for the xbox the password can be recovered by knowing
only the xbox serial number (on the sticker), if you contact me (private message/email) I will share the information with you.

Best Regards, xor37h

Thanks alot for all the help guys. I got the ATA specs and read over them and found out sorta how to use the command codes described in the specs. Basically what I found out was that you need to use the IN or OUT commands in assembly, for example:

out 0f2h, eax will do the Security Unlock command with whatever (in eax) as the value (password).
I wrote a small program that issues some of these commands and it works ok, I still have to research the more complicated commands before I use them and break my HD

xor37h, I'm not really trying to find the password for a Xbox but mainly trying to unlock a HD that is located in some kind of HomeServer so I can use it as a computer. But this would help in making a util for unlocking anything, Xbox, HomeServers, whatever.

Thanks for the links, they were all helpful.
goatass