1.1 KiB
1.1 KiB
The ATA key is derived in the BIOS during boot, based on the 40-byte model number of the drive provided by the ATA identify device data command (0xEC). The 32-byte password is then calculated based on the following algorithm. This algorithm is consistent between RingWide, RingEdge and RingEdge2 (thanks to Darksoft for some info here). Happy unlocking!
CHARSET = bytearray(b'/-AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz0123456789')
def charset_index(x: int) -> int:
if x in CHARSET:
return CHARSET.index(x)
return 0x55
def prepare_password(model: bytes) -> bytes:
assert len(model) == 40
password = bytearray(32)
for i in range(32):
a = charset_index(model[i])
b = charset_index(model[39 - i])
if i % 2 == 0:
password[i] = (((i ^ a) & 0x1f) << 3) ^ ((b & 0x2e) >> 1)
else:
password[i] = (((i ^ b) & 0x3b) << 2) ^ ((a & 0x66) >> 1)
return password
Some common disks:
GBDriver RS2:7242525aba526a5aea726278ca42da4a2a223a2a0a221a2a6a027a0a5cce4a0aGBDriver RS3:7242525aba526a5aea726278ca42da4a2a223a2a0a221a2a6a027a0a5cce4a0a