Hacking a Seagate hard disk

I will document here how to hack a Seagate hard disk that ran into one of these annoying firmware bugs that affected the Seagate Barracuda 7200.11 series lately. If you want to know more about the background you may want to start with the first part of the story.

The friend who brought me the disk kindly came by the next day to help with the operation. According to the recipes I found here and here, we had to connect the hard drives service port to a serial console via a RS232-TTL converter. My friend prepared the RS232-TTL converter, brought a stable power supply as we needed 5V to operate. My task was to prepare the operating table, find a serial cable and a computer with a serial port, a two-pin-connector with wires and to get to know minicom.

So and here is how we did it:

RS232-TTL converter
RS232-TTL converter

First we connected the converter to the devices. The docking station of my notebook has a serial port, so I connected it via a serial cable to the converter. The three wires coming from the converter had to be connected the hard drive directly. We fixed the ground wire with a screw of the board. The Rx and Tx connectors had to be connected to the Tx and Rx connectors of the drive (so just cross them). Thats where we used the two-pin-connector. On the drive the pin next to the SATA connector is the Rx and next to this one is Tx. The other two are reserved and we did not need them.


The most tricky part was about to be next. We had to interrupt the power supply for the motor of the platters but keep everything else connected properly. And it must be possible to remove this interruption during the operation. We unscrew all screws a little and pushed a piece of paper between the contacts of the board and the connector, and fastened the screws just a bit.


So much for the preparation. Let’s start. Here is my minicomrc I used to communicate with the drives firmware:

$ cat minirc.seagateBug
# Machine-generated file - use "minicom -s" to change parameters.
pu port             /dev/ttyS0
pu baudrate         38400
pu bits             8
pu parity           N
pu stopbits         1

Now we connected the the SATA power cable to the drive and let minicom establish the serial connection. And really, I got first contact with the drive:

img_6584Even the error codes the drive dumped to the screen were correct according to the recipe. So we were on the right track. Now it was just about to properly retype the commands into minicom and patiently wait for the drive to complete the commands. Here is a screenshot with some comments in it.

Hacking the firmware (commented)
Hacking the firmware (commented)

Then finally we were done. But we did not repair the drive, but only reactivated it. Now it can run into the same bug again any time (but only on startup, so we would notice). So we tried to prevent as many restarts as we could. The first thing I did was connect it to an external SATA-2-firewire case and use the first startup of the disk to backup all important data. The second thing I did was connect the drive to the onboard connectors of my workstation and boot from the firmware upgrade CD I downloaded from the Seagate website the day before and deployed the new firmware to finally get rid of the bug.

In the end the disk felt quite well back in its original machine. Fortunately we had nothing more to fix within the installed system (yes, it was the other operating system).

Btw. the commands we sent to the drive took serveral seconds each to process, so we had to wait for for them to finish. Disconnecting power too early would have broken the disk. Thats why I connected all vital systems to my UPS for this hack. If you happen to have such a Seagate drive, my deepest regrets to you and good luck for your recovery hack.

A disk on the shelf

Some days ago a friend came by late at a Friday night and brought a hard disk. He did not know what was wrong with it, but told me, that he was not able to access the data but he needs it within six days. As I was just about to develop a nice cold that evening and only wanted to hide in my bed that weekend I just put the disk on my shelf and promised him to look at it by Sunday evening.

I tought it was some partitioning problem or filesystem corruption that could be repaired. In the worst case I thought I needed to do an image of the disk and dig for files manually or try to find some data with foremost which is a nice tool to recover files from storage media that got deleted. It will walk though the complete media and look for known file headers and dump the data. This works quite nice. I restored a friend’s holiday pictures of a deleted memory card that way last year .

The cold came and so did the headache. Saturday came and passed by. But on Sunday evening when I opened the box with the hard disk and saw the manufacturer label I directly understood the problem. It was a Seagate drive. I remembered that a few weeks ago I read about a firmware bug on Seagate drives in the IT news here and here.

This firmware bug can turn the drive unusable. When I connected this drive to my computer in an external HDD case it was not detected. Connecting the drive with a SATA cable directly with the mainboard even prevented the bios from completing its hardware probes. Meanwhile I found a firmware upgrade boot CD on the Seagate support website but either I could boot from CD without connecting the defective drive or the drive was connected and my machine wasn’t able to boot anything.

After some googling I found out what happened to the drive. It ran into the firmware bug, it detected the malfunction on is own and deactivated itself in order to not loose any data. The bad thing about that was, that for a firmware update the drive had to start which was prevented due to the self protection of deactivating itself. Nice deadlock. Ok, the data was still there and could be recovered by data recovery companies like Ontrack. As the regular service would have taken too long and the 24-hour service was too expensive there was only one way left. Hack the drive yourself!

When I was searching for more information on the topic I found two posts about a team that successfully hacked the firmware and reactivated multiple drives after they ran into this bug. Find them here and here. In the next post I will describe how we did it (my friend came by on Monday and helped me).