SPONSORED LINKS
OK, I have been working on trying to crack the passwords on the 75X machines for while now, and here is my preliminary conclusion. They're locked! But good! :) Seriously, I think I understand how the hard drives are locked, and it's a neat little trick. I'm not giving up on cracking this yet though. Here is what I have been through today... Basically I got a 2.5" -> IDE adapter and hooked a 'locked' drive up to a desktop machine. After messing around with the jumpers, I finally got the machine to recognize the drive. It reported a 168 Meg drive as hard drive #2 (I used the standard 170 drive). I then went in with Norton and looked at the sectors on the disk 'low level'. It would kept telling me that the drive was not formatted. I was able to jump around on the disk, but soon noticed that all of the sectors looked the same. It was still only showing sector 1! The sector was filled with nothing decernable, so I exited out of Norton, and ran FDisk. It would start, and then tell me there wasn't enough room for the DOS partition. It read that the drive was still 168Meg, but it would not fdisk it. Hmmm... So I messed around with the Norton stuff some more, when I decided to 'test' the disk. Suddenly it reported that there was a controller error. D'oh! I tried a few more partitioning programs to see if I could just get the disk reformatted, but nothing worked. I entered Diskedit and removed all of the characters from the sector (essentially making it a blank sector), and still no change. Eventually I gave up, put the drive back into the IBM case, and popped it back into my machine. Sure enough I turned it on, and it booted up to the hard drive password. I cleared the hard drive password (did I mention that I knew the password, this was a test), and the machine booted fine. I couldn't even find a error from all of the messing/erasing I did in the 'phantom' sector on the disk. So here are my conclusions (hey IBM, pay attention!). I now believe that the password is stored on an EPROM on the drive itsself. Once the drive is in the laptop, the machine tests the drive to see if it can only see 1 sector. If it sees only one, it knows to go look at the EPROM, ask for the password, and signal the controller to run if it matches. The controller knows to look on the EPROM, and it if sees anything, it will only show 1 sector of the drive. If the correct password is not entered, then the controller on the drive will not show past that one sector. The password could still be stored on the hard drive, but something on the laptop itself must be able to see onto the drive. I still believe the password is in the curcuitry on the drive. Any other tricks anyone wants me to try? I'm open to suggestions. I have Norton, and IBM DOS available to me. Interesting other notes: In Norton's Diskedit, it reported that the disk was using media type F8, and it didn't like that, so it switched it to F0... Diskedit wouldn't show me anything but 1 partition, with that junk sector in it. Is there a program that will 'simulate' a disks controller using software? Maybe something that sees past the 540 barrier? If the controller is disabled, how does the system know it is a 168M drive? still hackin'... RK