Return to Level1Techs.com

Help with removing decrypted partitions on two HDD's

helpdesk
hardware

#1

Hey all,

I have this problem, which I have never done before, cause this particular problem lies with some old tech, I've searched the web about this but no methods work such as booting into gparted.

I have two drives that have encryption from toshiba, my investigation resulted into thinking that the drives are married with the hardware of the laptop that it derived in. If you connect it to anything other than the laptop that it's married too it will hide the partitions and your out of luck, they both function fine when i boot them in the laptop but another problem arises when no one knows the password. The story of the laptop from a friends parents request to gain access back into it, I didn't ask questions since they said they didn't care for the data on it, they just want to use it again.

Here are the hardware specs: (Pictures are low quality due to crappy interwebs)

HDD1

HDD2

LAPTOP

And yes, since this is really old, it has no warranty so I'm all ears at this point.


#2

What OS are you trying to access them on?


#3

I've tried gparted from bootable usb, opensuse 42, fedora 25 and windows 8.1.


#4

Do them a favour and get them some SSD. It will make them happy because "the laptop feels like a new computer".

As for the HDDs: Tried DD?


#5

Their not really going the "buy a new drive" route, I've actually tried that once I got stumped on getting the current drives in working order. So it's basically fix the drives or dump the whole thing altogether.

Not sure about dd, I wonder if it can see the partitions when gparted can't?


#6

Well, try?

What does fdisk -l tell you?


#7

I'm working on the results for you now, but from what I gather, dd is not the answer when detecting partitions.

EDIT:

fdisk -l

Disk /dev/mapper/luks-3f4b5694-d7f9-4ed7-be21-43902f49b921: 110.8 GiB, 118956752896 bytes, 232337408 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes

#8

If fdsik -l can see it, most likely DD can destroy it. Just make sure not to nuke the wrong thing.


#9

Yeah, I'm not familiar with dd, should this do it?

dd if=/dev/zero of=/dev/mapper/luks-3f4b5694-d7f9-4ed7-be21-43902f49b921 bs=16M


#10

I will not confirm DD commands to be safe. Ever.


#11

I wasn't asking if it was safe, I was asking if this command will do the job. Well, not that it matters now, I've already run the command when I triple checked the wiki.


#12

Well, sorry for making your life so hard that you had to read.

Anyway, did it work? Because if not I guess it is the drives firmware.


#13

What? I love reading, not sure where your getting this from, mixed signals I guess?

In the matter of working, I uh, may have done it to my main linux drive, not sure, I may have fucked up. Things started changing on my system when I started that command and that it was getting to a 20.00 load average in the 1 min, I did check to see if it was the the external drive I plugged in, looking at it from dolphin it looked fine, also checked fdisk before mounting it too.

Gonna do some troubleshooting, 12:20am though...maybe 30 minutes won't kill me.

EDIT:

Yep, I fucked up. Time to reinstall and start from scratch I guess, but that's tomorrow, gotta do a checklist now so I don't miss anything.


#14

Round Two


#15

Password? What password? BIOS? Windows?

Frequently, there are ways to clear, or crack a BIOS, or Windows password. That accomplished, the encryption can then be addressed.


#16

I believe that is already answered in my first post.

There is also a risk that flashing new BIOS firmware will destroy the marriage of the drives with the system, that I cannot allow. With regard to the windows password, I may have to look into that, it's been too long since I did this.

All I need access too is the partitions, if I connect the drives to ANYTHING ELSE besides the laptop, they do not appear, the drives don't even seek when connected. I've tried both gparted and fdisk, they both failed me in this task. Again I'll look into the bypassing the windows password as it's pretty much the only thing I can do at this point.

If anyone could give me advise on other methods, please tell me.


#17

Sorry, but that's just not clear to me. Hopefully someone else can read between the lines and help you with this.

I didn't mention anything about flashing the BIOS. I'm not even clear if your BIOS has a password set. I only brought this up, because on some laptops you can short two connections on the motherboard to clear the BIOS password. You'll obviously need to refer to your hardware documentation to see if this is a feature for your model.

I've used Trinity Rescue to reset Windoz passwords, though IDK if it works on W10. If you are using TrueCrypt, or similar, I can't help you, but like I said before, I'm still not clear on what is prompting you for the missing password.


#18

Sorry, I meant this:

I cannot get into windows, it seems to be set in the BIOS:

To summarize, the BIOS password's I don't know, flashing BIOS is a risk cause of; If I connect to any other system besides this laptop, the drives do not seek nor connect, meaning I cannot see the partitions.

EDIT: On a side note, somehow, even trying to boot via USB or CD seems to go to the same result, back to the HDD1 password prompt...

EDIT: I wonder if @wendell has faced this problem in the past?


#19

I've seen this. The password is likely not in the BIOS, but on the drive PCB itself. Flashing the PC BIOS probably won't help. Your best bet it to try to obtain the original password and unlock (disable) the password in the BIOS.

If you have bootable Linux media, look at the output of "hdparm -I /dev/sdX" (where I = uppercase i, and X is the device).
Research the "ATA Security Feature Set". The "hdparm" man page is a good place to start.

Good luck!
M


#20

Good advice, if push comes to shove I may try to find replacement controllers for the hdd's...or just quit and leave it.