How to erase a self-encrypted drive?

[Karlin High]

A customer brought in a Dell Vostro 3400 laptop. He got it from a friend who used it at a police department or somewhere, and it was set up with a drive-encryption password which the friend had forgotten. We powered up the laptop; it goes through the BIOS process and then says:

----------------------------------------------------------
Wave Systems Corp
www.wave.com

User name: [...]
Password:

Trusted Drive [HDD S/N], is locally managed and is
protected by a password authentication system. You cannot
access data on this hard drive without a correct password.
----------------------------------------------------------

I immediately thought this was something like TrueCrypt, and said we'd need to erase the hard drive and reinstall Windows. No problem, go ahead, the customer said.

But, now I realize I'm in over my head.

The hard drive is a Seagate Momentus 7200 FDE.2 (ST9250464ASG.) Here's the manual:

http://www.seagate.com/staticfiles/support/disc/manuals/notebook/momentus/7200 FDE.2/100571983a.pdf

Apparently it doesn't allow access to the drive AT ALL without proper authentication. It has secure erase instructions, but apparently requires knowing the password first.

I tried the PartedMagic live Linux CD and Seagate's own SeaTools on the Ultimate Boot CD. Both list the drive capacity as something ridiculously low, like 128MB (yes, the number is megabytes.) I'm thinking, anything I try on the file system level isn't going to wipe it, since most of the drive isn't even appearing. So, I tried using the ATA secure erase command in PartedMagic, as well as the erase drive command in SeaTools. ATA secure erase disappears with no message. SeaTools says its command failed. So, I tried the S.M.A.R.T extended self test, and it completed with no problems.

So, I rebooted the computer, and the same login screen came up again. None of my erasure attempts seems to have fazed it a bit.

On to more research; here's Wave Computing, their Embassy Trust Suite is what I think I have:

http://www.wave.com/support/self-en...cation-fails-unknown-or-incorrect-credentials

Wave says to call Dell. The computer's warranty expired 5 months ago; Dell wants to sell me a warranty upgrade before they'll help me.

At this point, I'm debating whether I'd be better off just replacing the hard drive, even though it seems otherwise OK.

Unless someone knows how you unlock one of these things?

 

[mraikes]

Yup, replace the drive.

 

[YeOldeStonecat]

That's called Hardware Full Disk Encryption. "Hardware FDE".
I have some healthcare clients that I have laptops with this FDE setup at. It's a great way of securing information on laptops, unlike software FDE..there is no performance hit, the HDD has a little daughtercard on it with a processor that does all the CPU work to encrypt/decrypt on the fly. So they run as fast as if they didn't have encryption.

The FDE...including the password, is set outside of the software. On the Latitudes I manage..it's done in the BIOS of the laptop...in a special setup section...which I also lock out with yet another password.

This is not easily bypassed...this is the ultimate in HDD security. You cannot access anything on that HDD...including partitions...until you satisfy the security challenge. Even if you yank that HDD from the laptop and slave it to another system.

Now since it was an OEM option by Dell, they may have the option to reset it..depending upon if that option was selected during initial setup of the FDE. (I always opted to allow the factory reset option). Your problem will be....Dell knows that the service tag was sold to a police department..and it's registered to them..not to you. So they won't give you the time of day if you call (rightfully so..can you imagine if they would unlock a security system for any joe blow that calls them up? Think about how easy it would be for information thieves!)

Your best choice...if you can at least get into the BIOS of that system..you should be able to install a new HDD, install Windows..and get it going. However, I would be skeptical about this...a customer that got it from a friend who got it from the PD...that makes me raise an eyebrow. The PD would properly retire the laptop and remove the security and wipe the drive..if they willingly wanted to "let it go" or donate it to someone.

 

[Karlin High]

Thanks for the info. And, I guess I hadn't thought about the police department story sounding shady. The customer gave me almost too much info; they're buddies on a volunteer fire department (common for police to serve on those in rural America) and the user name on the Wave login screen comes up "James-PC\James." Looks like the policeman either got it as employee-purchase through the department's Dell account (I heard of that before, anyway) or reinstalled Windows himself.

The BIOS has the Admin password set, so I can look around but not change anything. I don't know how to clear the BIOS password on these without doing some research.

What really gets me is I can go into the BIOS, select the drive under HDD Security Configuration, and it says:

Security Supported: Yes
Security Enabled: No
Security Locked: No
Security Frozen: No
Disk Password Status: Not Set

So... wouldn't that mean I should be able to wipe the drive? Anyway, I'll probably have to go the new hard drive route.

 

[MobileTechie]

So have you actually tried wiping the drive then?

 

[300DDR]

It may be possible, but probably not cheaply:
http://www.hddsync.com/services/unlock-fde/

 

[smashedbotatos]

I asked a person I know and he said this.

If the Master password has been changed from the default and forgetten then the drive is trash.

If the user password has been lost, but the master password has not been changed you can unlock the drive with the master password that came with the drive on a label. If directly from an OEM such as Dell, HP, etc it may be affixed to the drive, in the drive bay, or with the laptops OEM disks/manual/white pages.

From what I gather there is no "master" password to rule them all, atleast not one that the public has. This master password is unique to the drive from the manufacturer, but can be changed.

It looks as if you are missing a user password. If you can have a look for the master password or ask the customer if he has any of the origional documentation that shipped with the drive.

Otherwise it's pretty much trash....

 

[Karlin High]

Thanks again, everyone. I am concluding that replacing the drive would be a better deal for my customer, rather than trying to replace it.