[[alpine]]
 
Trace:

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

alpine [2014/08/03 17:01]
 alpine [2022/04/16 12:22] (current)
Line 1: Line 1:
 +While Trying to UnLock ST3120026A A SeaGate HdD, I wrote some notes of my research :
 +
 +  * http://rzr.online.fr/q/alpine# How to reset #SeaGate #HdD #ST3120026A (#AlpinE) and #UnLock #MaxSecurity activation , #HdParm fails to rd
 +
 +
 +===== TODO =====
 +
 +  * http://darthcircuit.com/2012/07/05/hacking-a-seagate-hard-drive-to-work-in-the-xbox-360/
 +  * http://tlvps.tomvanleeuwen.nl/~tom/wordpress/?p=7
 +
 +
 +===== KNOWN INFORMATION =====
 +
 +  * http://www.seagate.com/support/internal-hard-drives/desktop-hard-drives/barracuda/?sku=ST3120026A&q=ST3120026A
 +  * http://www.seagate.com/files/docs/pdf/datasheet/disc/ds_barracuda_7200_9.pdf
 +
 +  Generation: 7200.7
 +
 +
 +Before HackIng on UarT :
 +<code>
 +
 +hdparm -i /dev/sdb
 +
 +/dev/sdb:
 +
 + Model=ST3120026A, FwRev=3.06, SerialNo=5JT1GGXH
 + Config={ HardSect NotMFM HdSw>15uSec Fixed DTR>10Mbs RotSpdTol>.5% }
 + RawCHS=16383/16/63, TrkSize=0, SectSize=0, ECCbytes=4
 + BuffType=unknown, BuffSize=8192kB, MaxMultSect=16, MultSect=16
 + CurCHS=4047/16/255, CurSects=16511760, LBA=yes, LBAsects=234441648
 + IORDY=on/off, tPIO={min:240,w/IORDY:120}, tDMA={min:120,rec:120}
 + PIO modes:  pio0 pio1 pio2 pio3 pio4
 + DMA modes:  mdma0 mdma1 mdma2
 + UDMA modes: udma0 udma1 *udma2 udma3 udma4 udma5
 + AdvancedPM=no WriteCache=enabled
 + Drive conforms to: ATA/ATAPI-6 T13 1410D revision 2:  ATA/ATAPI-1,2,3,4,5,6
 +
 + * signifies the current active mode
 +</code>
 +
 +==== DONE : ATA / SERIAL LINK =====
 +
 +<code>
 +______   ________________      _____________________________
 +| PW |  |  2  (4)  6 (8) |    |  ATA        -  CONNECTOR    |
 +\____/  |  1  (3)  5  7  |    |____________| |______________|
 +        |________________|
 +
 +1 : GND
 +2 : GND
 +3 : TXD
 +4 : RXD
 +5 : open?
 +6 : open?
 +7 : open?
 +8 : 5V?
 +</code>
 +
 +Using RpI as UarT ConsolE :
 +
 +
 +<code>
 +screen /dev/ttyAMA0
 +
 +
 +4096k x 16 buffer detected 
 +ALPINE - 1_Disk    M.14  01-16-03 11:51
 +
 +Buzz  - Head Mask 0000 - Switch to full int.
 +              Spin Ready
 +3.06  10-21-03 15:53
 +(P)PATA Reset
 +Slave
 +
 +</code>
 +
 +{{http://nt4.com/ss/seagate-diagnostic-uart-pata.png}}
 +
 +
 +
 +
 +
 +===== SHELL =====
 +
 +Now hit Ctrl + z
 +
 +<code>
 +T>  AT Interface Registers
 +ec00: 01 00 00 01 00 00 01 00  0f 3f fe 04 50 92 42 68 
 +ec10: 00 00 00 00 00 00 00 10  00 00 00 01 00 00 0a 00 
 +ec20: 00 01 ff ff a0 00 10 04  00 00 01 c6 50 40 ff 18 
 +ec30: 00 00 00 00 00 00 00 80  00 0a 07 45 01 00 00 00 
 +ec40: 00 00 00 00 00 00 00 00  c0 c0 c0 00 01 00 e6 fc 
 +
 +  Data Manager Registers
 +ed00: 0003  0000  0000  1000   0000  0000  0001  0000  
 +ed10: 6400  0210  fce6  0000   0000  0000  0000  0000  
 +
 +  Buffer Controller Registers
 +ed30: fce6  0000  0000  0200   0000  3ffe  3ffe  3ffe  
 +ed40: 0000  0200  080c  0a06   f00c  0000  0000  0000  
 +ed50: 00fb  00fb  0000  0000   fce6  235c  8aa2  0000  
 +ed60: 0000  0000  0000  0000   fce6  fce6  fce6  fce6  
 +
 +  Disk Sequencer Registers
 +eb00: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 
 +
 +  Cache Hardware Registers
 +ef00: 00 00 00 00 00 00 00 00  3f 00 00 00 37 00 00 00 
 +ef10: 00 00 00 00 00 00 
 +
 +</code>
 +
 +Ctrl + letter : commands ?
 +
 +  * a : Eng Rev = .M67
 +  * c : View Firmware Revision : FirmWare  : Slave3.06  10-21-03 15:53
 +  * d : ?
 +  * e : CurrentCHS=3fff/10/3f  MltSiz=10  DMAMod=02
 +  * f : dump stuff : ACHD Hardware
 +  * g : dump stuff : WSAV 0000 WSAD 0000 WCSAD 0003 WSIZE 1000 HPRE 0200
 +  * i : dump stuff :   AT Interface Registers
 +  * k : DST Status=00  Test=01
 +  * l : View PLatform Information : RoM InfO
 +  * n : 
 +  * p : 
 +  * r : Online Mode : ceRt : ALID Cert Disk Code Detected - Revision # .137
 +  * t : reseT ? : ALPINE - 1_Disk    M.14  01-16-03 11:51
 +  * u : View raw cUrent At stUff : dump Part #: 100268841       
 +  * v : EchoInterfaceCmds: On 
 +  * w : Rd/Wr Stats On
 +  * x : User Activity : dT(ms)   Cmd Cnt LBA       |  LBA      Cmd     Cyl Hd Sct Cnt  Start Sz Ofs
 +  * y : DST Status=00  Test=01
 +  * z : Enter Terminal Diagnostics : T> shell
 +
 +
 +  * http://events.ccc.de/congress/2010/Fahrplan/attachments/1776_slides_DRT.pdf
 +
 +Control Codes 7200.10
 +  ● ^Z: Enter Terminal Diagnostics
 +  ● ^A: View Firmware Revision
 +  ● ^B: View Temperature
 +  ● ^C: Reset
 +  ● ^D/^N: Set Tracing Bits up/down
 +  ● ^L: View Platform Information
 +  ● ^U: View raw AT Stuff 
 +
 +
 +Letters :
 +
 +  * . (dot)
 +  * ; (semicolon)
 +  * %
 +  * ?
 +  * k [ENTER] : Command Inactive - No VALID Cert Code Detected
 +  * y [ENTER] (wait few seconds)
 +
 +
 +  * http://forum.hddguru.com/viewtopic.php?f=1&t=26132&view=previous
 +
 +CommandS :
 +
 +  * /2 B : The /2 B command will display the contents of a buffer block note - you use the Blk number not the BufAddr, Another percularity of the B command is it compares blocks, so to actually see the contents you have to compare it with itself.
 +  ** http://forum.hddguru.com/viewtopic.php?f=13&t=27119
 +  * The A command shows the current mode and the available modes
 +  * Rx,1 reads the sector into the read buffer (where x is sector number if in sector mode)
 +  * Wx,1 writes the sector from the write buffer . only the 200 hex data bytes are written, and fresh set of final 4 byte crc/id bytes is written
 +  * C : Copy :  copy the read buffer to the write buffer
 +  * /1 U : edit ?
 +  * http://forum.hddguru.com/viewtopic.php?f=1&t=6411
 +
 +
 +
 +
 +
 +
 +===== ID =====
 +
 +<code>
 +Interface task reset
 +4096k x 16 buffer detected 
 +ALPINE - 1_Disk    M.14  01-16-03 11:51
 +nterface task reHead Mask 0000 - Switch               Spin Ready
 +3.06  10-21-03 15:53
 +(P)PATA Reset
 +Slave
 +</code>
 +
 +
 +===== Stuff =====
 +
 +  Stuff Was Unreadable
 +  T>F
 +
 +  SetStuff->ASCIFE 
 +  Setting stuff to defaults
 +
 +
 +
 +Ctrl+U :
 +
 +<code>
 +AT Stuff
 +0000: 0c5a  3fff  0000  0010   0000  0000  003f  0000  
 +0008: 0000  0000  004a  5431   4747  5848  2020  2020  
 +0010: 2020  2020  2020  2020   0000  4000  0000  332e  
 +0018: 3036  2020  2020  5354   3144  6973  6b31  4865  
 +0020: 6164  2020  2020  2020   2020  2020  2020  2020  
 +0028: 2020  2020  2020  2020   2020  2020  2020  8010  
 +0030: 0000  2f00  0000  0200   0200  0007  3fff  0010  
 +0038: 003f  0000  0000  0010   ffff  0fff  0000  0007  
 +0040: 0003  0078  0078  00f0   0078  0000  0000  0000  
 +0048: 0000  0000  0000  0000   0000  0000  0000  0000  
 +0050: 001e  0000  306b  4001   4000  0063  0000  0000  
 +0058: 003f  0000  0000  0000   0000  4b00  0000  0000  
 +0060: 0000  0000  0000  0000   ffff  ffff  0000  0000  
 +0068: 0000  0000  0000  0000   0000  0000  0000  0000  
 +0070: 0000  0000  0000  0000   0000  0000  0000  0000  
 +0078: 0000  0000  0000  0000   0000  0000  0000  0000  
 +0080: 0107  0000  0000  ffff   ffff  2020  0002  02b6  
 +0088: 0000  198a  3c24  3c02   ffff  07c6  0100  0800  
 +0090: 06c0  0500  0002  0000   0000  0000  0000  0000  
 +0098: 0000  0000  0000  0000   0000  0000  0020  000b  
 +00a0: 000e  0019  0002  0000   0032  0014  0032  0024  
 +00a8: 000e  001e  0032  0000   0012  00c1  0032  0014  
 +00b0: 0022  0000  001a  0000   0012  0000  0010  0000  
 +00b8: 003e  0000  0000  0000   0032  0000  0000  0000  
 +00c0: 0000  0000  0000  0000   0000  0000  0000  0000  
 +00c8: 0000  0000  0000  0000   0000  0000  0000  0000  
 +00d0: 0000  0000  0000  0000   0000  0000  0000  0000  
 +00d8: 0000  0000  0000  0000   0000  0000  0000  0000  
 +00e0: 0000  0030  0003  07d0   1770  3c0a  0000  0000  
 +00e8: 0000  07d0  03e8  ffff   00bd  0000  0006  0096  
 +00f0: 0000  0000  0000  0000   0000  0000  0000  0000  
 +00f8: 0000  0000  0000  0000   0000  0000  0000  0000  
 +
 +
 +
 +Not configured-0
 +</code>
 +
 +
 +Hints ?
 +
 +  * http://www.slideshare.net/er0080/pc-seag-bara p84
 +  * http://www.rom.by/forum/Imeem_seagate_barracuda_st340016a_-_bios_nahodit_bez?page=2
 +  * http://darthcircuit.com/2012/07/05/hacking-a-seagate-hard-drive-to-work-in-the-xbox-360/
 +
 +Model is [[ST3120026A]], lets encode it
 +
 +  printf 'ST3120026A                      ' | xxd
 +  0000000: 5354 3331 3230 3032 3641 2020 2020 2020  ST3120026A      
 +  0000010: 2020 2020 2020 2020 2020 2020 2020 2020                  
 +
 +
 +  echo "0x:5354333132303032364120202020202020202020" | xxd -r # will show : 'ST3120026A      '
 +
 +  ST3120026A 
 +  Key3C,83 : 4BB10DF9
 +  Key1B : 5354333132303032364120202020202020202020 2020202020202020202020202020202020202020
 +
 +
 +So If I understood right it will be something like :
 +Ctrl+Z :
 +
 +  T> F
 +  SetStuff-> ASCI1B5354333132303032364120202020202020202020
 +  # Stuff key 1b -> 53 54 33 31 32 30 30 32 36 41 20 20 20 20 20 20 20 20 20 20 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 
 +
 +  T> F
 +  SetStuff-> ASCI834BB10DF9
 +  # Stuff key 83 -> 4b b1 0d f9 
 +
 +  T> F
 +  SetStuff-> ASCI3C4BB10DF9
 +  #
 +  
 +  T># 
 +  Enter Drive S/N  5JT1GGXH
 +  Enter Packwriter S/N 
 +
 +
 +  T>W
 +
 +
 +HdParm :
 +
 +<code>
 +sudo hdparm -i /dev/sdb
 +
 +/dev/sdb:
 +SG_IO: bad/missing sense data, sb[]:  70 00 05 00 00 00 00 0a 00 00 00 00 24 00 00 c0 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 + HDIO_GET_IDENTITY failed: Invalid argument
 +
 +
 +
 +sudo hdparm -I /dev/sdb
 +
 +/dev/sdb:
 +SG_IO: bad/missing sense data, sb[]:  70 00 05 00 00 00 00 0a 00 00 00 00 24 00 00 c0 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 +
 +ATA device, with non-removable media
 +        Model Number:       ��ޭ ޭO�����j�3����
 +        Serial Number:      ����
 +        Firmware Revision:  ��m`�▒��
 +        Media Manufacturer: ����r�g����
 +Standards:
 +        Likely used: 4
 +Configuration:
 +        Logical         max     current
 +        cylinders       0       34818
 +        heads           0       65535
 +        sectors/track   34818   28000
 +        --
 +        bytes/track: 39376      bytes/sector: 13368
 +        CHS current addressable sectors: 4294934810
 +        Logical/Physical Sector size:           512 bytes
 +        device size with M = 1024*1024:     2097136 MBytes
 +        device size with M = 1000*1000:     2199006 MBytes (2199 GB)
 +        cache/buffer size  = unknown
 +        Nominal Media Rotation Rate: 33050
 +Capabilities:
 +        IORDY(may be)(cannot be disabled)
 +        Buffer size: 6653.5kB   bytes avail on r/w long: 34818
 +        Standby timer values: spec'd by Vendor
 +        R/W multiple sector transfer: Max = 0   Current = 255
 +        DMA: not supported
 +        PIO: unknown
 +             Cycle time: no flow control=57005ns  IORDY flow control=19968ns
 +                Removable Media Status Notification feature set supported
 +Security: 
 +        Master password revision code = 256
 +        not     supported
 +        not     enabled
 +        not     locked
 +        not     frozen
 +        not     expired: security count
 +        not     supported: enhanced erase
 +Logical Unit WWN Device Identifier: 00db000000000000
 +        NAA             : 0
 +        IEEE OUI        : 0db000
 +        Unique ID       : 000000000
 +</code>
 +
 +
 +==== WIP : LBA ====
 +
 +  LBAsects=234441648 ; printf "LBAsects_hex=0x%x\n" $LBAsects
 +  LBAsects_hex=0xdf94bb0
 +
 +  printf "%d" 0x4BB10DF9
 +  1269894649
 +
 +
 +  * https://en.wikipedia.org/wiki/Logical_block_addressing
 +
 +===== MORE =====
 +
 +@TaG: UnLock
  
alpine.txt · Last modified: 2022/04/16 12:22 (external edit)
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 3.0 Unported
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki