this post was submitted on 19 Apr 2025
4 points (83.3% liked)

Passwords

195 readers
2 users here now

Discussion of passwords, password managers, biometrics, CAPTCHAs, secret questions, MFA/2FA/2SV, or other factors related to user authentication.

founded 2 years ago
MODERATORS
m8urn@infosec.pub
4
Apacer SSD forced itself into read-only mode -- how can this be reversed? Anyone know what pw Apacer uses? (slrpnk.net)
submitted 1 week ago by activistPnk@slrpnk.net to c/passwords@infosec.pub
5 comments fedilink hide all child comments
 

cross-posted from: https://slrpnk.net/post/21033639

The background is here. In short, an SSD with the “Apacer” brand froze itself into read-only mode, presumably due to reaching a point of poor reliability.

The data on the drive is useless. It was part way through installing linux when it happened. I would like to reverse that switch to make one last write operation (to write a live linux distro), which thereafter can be read-only.

I have heard some speculation that the manufacturer uses password to impose read-only mode. If true, then the password would be in the drive’s firmware. Does anyone know what Apacer uses for this password?

top 5 comments
sorted by: hot top controversial new old
[–] BilboBargains@lemmy.world 1 points 1 week ago* (last edited 1 week ago) (1 children)

If it were true that a password is required to write to the storage medium in the event of corruption, that would imply that it's required for every write event. Wouldn't that entail a performance hit for any reasonably secure password mechanism? Either the password is trivial or write speed is impacted by this process.

Is there an interface for examining the firmware?

[–] activistPnk@slrpnk.net 1 points 1 week ago* (last edited 1 week ago) (1 children)

Hard drive passwords are removeable. The nuts and bolts of it is performing a change password operation where the new password is the NULL char.

If it were true that a password is required to write to the storage medium in the event of corruption, that would imply that it’s required for every write event.

Consider how OPAL drives have passwords just to get read access. You only have to enter the password once when the controller first powers up the drive. It does not have to send the password with every read operation because the drive remains unlocked until it powers off.

But I have to say I’m hand-waving because I only heard speculation that a password is used for write-access gate-keeping to begin with. Certainly it’s feasible that the ATA standard could have included a separate password for write access, but my question is whether that’s actually the case.

[–] BilboBargains@lemmy.world 1 points 1 week ago (1 children)

I wonder if there are cases where the system malfunctioned and went read only early? Presumably there would be some means of reversing it that you could exploit. Their customer service dept might have the answer.

[–] activistPnk@slrpnk.net 1 points 1 week ago (1 children)

In this case it’s an “Apacer” drive.. some no name brand. It seems unlikely that I would be able to track down a responsive customer service worker. Seems like really a long-shot because even if I reach someone they will consider it a waste of their time and money that they are even talking to someone well after a warranty period is over. And from there, anything that enables someone to put a product back into service rather than buy a new drive is probably treated as a trade secret. Perhaps some social engineering could be used to reach an employee disgruntled enough to help.

[–] BilboBargains@lemmy.world 2 points 5 days ago

It sucks that we can't maintain much of our machinery. This problem is most acute with anything that has embedded code. Good luck with your search.