Xbox:Drive Locking
ATA security allows disk drives to be placed into a "locked" state. This is imposed at the drive firmware level, and while actively locked, a HDD/SSD will simply ignore any I/O requests sent to it. Even a manufacturer provided low-level formatting tool will be unable to read or alter any of the contents. This feature is supported by most PATA/IDE disks, and probably all SATA disks.
Each disk may be locked with a "user" and/or a "master" level password. So long as the security system is enabled, one or the other of these passwords must be provided each time the drive powers up in order to unlock it and gain access to the storage area. That is to say, powering the disk down automatically secures it until such time as a correct password is provided again.
Entering an incorrect password for a drive multiple times will place it into a "frozen" state, after which it'll ignore further ATA security commands until power cycled. Some PCs automatically freeze their attached HDDs on boot, making it harder for malicious users to impose unwanted locks.
Drive Locks and Xboxes
Microsoft made use of ATA security locks to protect Xbox HDDs from tampering. Each system EEPROM contains a unique HDD key, which is algorithmically combined with the installed drive's serial to generate a user level password for the disk.
On boot, a stock Xbox will first check that its currently installed drive is locked (crashing to error 05 if it's not), and will then attempt to unlock it using the password derived from the visible EEPROM/drive serial combination (crashing to error 06 if the drive turns out to be using an incorrect user level password).
A softmodded console still boots via a stock BIOS before its exploits kick in, meaning that its drive must also be locked correctly in order for it to start without an error 05. Although they can't work around this restriction entirely, certain softmod installers (such as Rocky5's Xbox Softmodding Tool) do offer functions to change an Xbox's HDD key at the EEPROM level, switching it to all 1's (or all 0's, for older versions). If multiple Xboxes happen to have the same key, then any drives that're locked against them can at least be swapped at will.
A hardmodded Xbox (with either a flashed TSOP or an addon modchip) boots from a customised BIOS which usually skips the initial lock check. As with any console, it'll still be unable to boot if a drive with an incorrect user password is installed (error 06: the drive is locked against an incorrect HDD key), but it will accept a disk which has no lock in place at all (bypassing error 05). This freedom makes it significantly easier to upgrade your hard drive to one with a higher capacity, or to recover if your old HDD dies completely.
User Passwords
Every locked Xbox HDD has a specific and unique user level password. This password is a mix of the console's own HDD key stored on the EEPROM on the motherboard, and the hard drive's own unique serial number.
Original Xbox hard drives are locked at maximum security level from the factory and require the user password to be unlocked.
Master Passwords
The secondary master level password for a hard drive can be set to most anything within the alloted space. Although Xboxes do not attempt to unlock their disks using master level passwords, this password can be handy when working on such drives through a PC. For some stock consoles with Seagate drives, the master password is "Seagate" followed by 25 spaces:
Seagate
For some stock consoles with Western Digital drives, the password is 32 characters of "WDC":
WDCWDCWDCWDCWDCWDCWDCWDCWDCWDCWD
Aftermarket drives installed using such software tools as XboxHDM or CHIMP most always have a master password of either XBOXSCENE
or TEAMASSEMBLY
.
Scene tools such as XboxHDM, FatXplorer, Config Magic, and PrometheOS lock the drive at high security level, because of this the Master Password can be used to unlock a drive locked with any of these tools.
Manipulating Drive Locks with an Xbox
Notes on ConfigMagic and other such tools should go here. Important to stress that you shouldn't be telling an Xbox software tool to "unlock" your disk unless you're hardmodded, as it'll actually go ahead and disable locking, softbricking you on error 05.
Manipulating Drive Locks with a PC
If your console boots to an error code in the range of 13 or above, odds are the issue can be fixed using a separate computer to re-write the file system. You may also be able to use a computer to completely disable the security on a drive, if you believe it's no longer required.
Complicating the matter, however, some PC BIOS types will automatically put hard drives into a "frozen" state during the boot process. While frozen, a HDD ignores locking commands - it must be powered down again in order to unfreeze. Usually this feature can be managed in the CMOS setup screens, though the process varies from machine to machine.
Using a USB adapter to connect a drive to your PC may also cause problems, as many are unable to pass on the ATA security commands needed to manage drive locks.
Often users have XboxHDM manage their drive locks, as this tool can also format Xbox drives and copy files to them. hdparm can be used to check whether your drive is frozen and whether locking commands are currently accepted (and of course to lock/unlock drives). The hotswapping technique can be used to work around freezing and adapter issues entirely, by having an Xbox unlock your drive before you even attach it to your PC in the first place.
XboxHDM
Guides for both the USB and non-USB versions should go into the actual XboxHDM page, whenever someone can be bothered to write them. XboxHDM includes a suite of tools for working with ATA security (as well as for formatting disks to FATX), although exactly which tools you get depends on which version you're using. Some can determine drive passwords automatically using an EEPROM backup (good for user level), some require manual code entry (good for master level). This stub should stay here as an explanatory note for as long as that content remains missing.
hdparm
Available for a variety of platforms, although most users will likely want the win32 edition.
A command-line based tool that requires an administrative command prompt to run correctly (usually an option when right clicking the Windows Start menu button). Defaults to the use of master level passwords. Simply typing its name provides a list of supported parameters.
hdparm eg1: Identifying your drive
hdparm -I hda
Lists out information about your first connected HDD, such as the model number. "hda" refers to your first detected disk, "hdb" to your second, and so on. Drive model and serial are provided near the top of the listing, and the drive's current locking state is near the bottom.
Eg:
Security: Master password revision code: ????? supported enabled not locked not frozen not expired: security count supported: enhanced erase
The above is the Security info you'd expect to see for a drive which has locking *enabled* (passwords are required after powering up the disk), but with the lock currently *open* (a valid password has been provided since the disk last powered up).
If the command returns "Problem issuing security command: Function not implemented", then your drive is connected in a way that doesn't allow the use of ATA security commands. If you're using a USB adapter, try switching to a different model, or doing away with it entirely and instead connecting your HDD directly to your motherboard.
If a drive comes up as "frozen", then either you've tried to unlock it using the wrong password too many times (powering your PC off will reset the counter), or your PC automatically froze the drive on boot (check your CMOS setup screens to disable this feature, or take the computer in and out of standby mode). A disk cannot be unlocked while it's frozen.
hdparm eg2: Temporarily opening a drive lock
hdparm --security-unlock TEAMASSEMBLY hdb
Attempts to unlock your second connected HDD using a master password of TEAMASSEMBLY. It'll automatically relock during its next power cycle.
hdparm eg3: Completely disabling security
hdparm --security-disable "Seagate " hdc
Attempts to completely disable the security system on your third connected drive, using a master password of "Seagate" followed by 25 spaces. Don't use --security-disable
unless you're sure you don't want your drive to automatically lock itself again - until a --security-enable command is issued, that is!
Hotswapping
This method is not recommended, and all other methods should be exhausted before attempting this. You can seriously damage your Xbox hard drive, Xbox motherboard or PC motherboard attempting this!
If neither a drive's user nor master password is known, and there's no easy method available with which to obtain the associated console's EEPROM data, a hotswap will likely allow you to gain read/write access anyway.
(So long as your Xbox can at least boot to the point of giving video output, at least. Although if it can't, then a file system rewrite isn't going to help you!)
This technique also works around issues with USB adapters which refuse to pass through ATA security commands.
Start with your Xbox and PC powered down, with the drive installed within the console as normal. Disconnect both cables attached to the DVD drive, and then start the Xbox: it should come to rest on an error 12 screen. In this state, the HDD is unlocked and the console won't attempt any further writes to it, making it safe to proceed.
Without turning the Xbox off or disturbing the drive's power lead (the disk must not power down!), disconnect the data cable and connect the drive to your PC instead. Booting your PC at this point should give you access to the drive's content through a FATX-compatible tool such as XboxHDM or FATXplorer.
Service/Technician mode unlocking
All HDDs store their ATA security status on the disk itself in a normally inaccessible area called the Service Area. This area also contains vital information such as drive firmware and modules needed for the drive to function, Using these methods, it's possible to unlock drives without the EEPROM data on all OEM Xbox Hard Drives. This is especially useful for orphaned drives which were never set to HIGH security mode to allow for unlocking using a Master Password.
For OEM Western Digital Hard Drives:
The latest builds of FATXplorer 3.0 Beta have the ability to extract the User Password and unlock using Vendor Specific Commands. Most cheap USB-to-IDE adapters will work for this just fine, as they use the JM20337 chipset which plays nice with FATXplorer's use of security commands. More information and specific directions can be found on FATXplorer's release page
For OEM Seagate Hard Drives:
Using a cheap TTL-to-USB Serial Adapter, it's possible to issue commands to the drive using free software such as PuTTY which will extract and display the User Password which can be used to unlock the drive using FATXplorer's HDD Security Tools menu. After entering the commands, the User Password should be displayed in the second line of the output as shown below.
picoPromSD by dtomcat can also be used to recover the user password from both original Xbox Seagate model hard drives. After powering up in hard drive password recvovery mode picoPromSD will audodetect which model hard drive is installed and dump the user password to folder on the SD card. A log file will also be written to the SD card.
WARNING: The commands are specific to each variant of Seagate Hard Drive, and using the wrong commands on the wrong drive or typos could render the drive inoperable. Proceed at your own risk.
If a typo or the wrong command is entered, simply use CTRL+Z to undo and get a fresh terminal line. Backspace does not work in PuTTY so Ctrl+Z is your only recourse.
Commands for dumping the User Password on ST310211A (Rubber Jacket) Hard Drives:
Ctrl+Z to get T> GFFF3 /2 B0,0
Commands for dumping the User Password on ST310014ACE (White Label Slim) Hard Drives:
Ctrl+Z to get T> /2 S006b R20,01 C0,570 B570
As of version 1.2.0 PrometheOS can use Vendor Specific Commands to unlock all models of factory installed original Xbox hard drives.