[unisog] Laptop Hard Drive Password

Peter Van Epp vanepp at sfu.ca
Thu Jul 7 04:00:00 GMT 2005

On Thu, Jul 07, 2005 at 12:19:39PM +1000, Leigh Vincent wrote:
> Hello All,
> Does anyone know how to remove a hard drive password from a laptop?? 
> We know the password but we want to be able to remove it.  Now, this is
> NOT a BIOS password.  This is NOT a Windows password.  But it is a
> security password placed on the Hard drive which you must enter before
> the drive boots up.
> Any suggestions would be greatly appreciated.
> Thanks
> Leigh Vincent
> Information Security Officer
> Information Services
> University of Ballarat
> PO Box 663
> BALLARAT   VIC   3353
> Ph.: 03-5327 9386
> Mobile: 0439 357 203 
> l.vincent at ballarat.edu.au
> _______________________________________________

	Since you have the password presumably the data can be (and is) backed
up elsewhere. Next you need to figure out if this is worth doing i.e. buying
a HD that isn't password protected and copying the data there and installing it
in the laptop may be the most practical solution here. That may not be possible 
however, in which case an entirely new laptop may start to look attractive.
	Once all these fine options have been discarded the next item is to 
figure out if the protection is a software add on (i.e. on the disk only) or 
embedded in ROM in either BIOS or in the option ROM of the disk controller.
This case makes a review of the first few suggestions worth another pass 
because its likely to be hard to impossible and thus not worth it.
	The preferable case is an entirely software solution that has modified 
the boot sector of the disk to load the password processing code from (for
instance) the 64 optional use sectors on track 0 of the HD. In this case a
sector editor and/or debug from a DOS disk (and a fair bit of time and 
knowledge) can likely defeat it. 
	The easist (if most dangerous) alternative is to have an image backup
of the disk (from something like ghost or a program that reads the raw disk 
sectors) so you can restore it (you should test that this works on a less 
valuable disk first probably :-)). Then boot a DOS disk and do a fdisk /mbr 
(which rewrites the boot sector) or use something like pfdisk to rewrite the 
boot sector with a known bootloader. If the machine now boots without a 
password after that, you are away to the races. If it doesn't boot at all its 
time to restore the original disk contents with a sector writer and try again 
(carefully going back to step 1 to see if its attractive yet :-)).
	The bios typically loads sector 0 off the disk in to low memory
(7c:0000 if I remember correctly) then jumps to it (after checking that it has 
the magic bytes at the end of the sector). Arranging to do that under DOS and 
using debug it is possible to single step through the code while it boots 
which should lead you to the password routine, at which point suitable nops 
and a write back to the disk will fix the problem (this of course assumes you 
are familiar with X86 assembler, DOS and debug). Depending how creative they 
have been in attempting to foil this, step 1 may yet start to look more 
attractive, but if you are up for a challange it would probably be fun (for 
some warped definition of fun :-)) and certainly educational. 
	Good luck, and remember you can never have too many backups when doing 
this kind of thing ...

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada

More information about the unisog mailing list