[SOLVED] Synology "Secure Erase" Locks Drive (WDs unlocked / Seagate still locked)

Kristian

Active Member
Jun 1, 2013
347
83
28
When using the built in Synology "Secure Erase" on ALL of my drives (6x WD30EFRX and 1x ST3000DM01) , after encountering several filesystem errors, to start with clean wiped drives, I was trying to create a new volume out of the erased drives:

Operation failed.

What I found out is that synology drive erase locks the drives.

So I used Putty for a SSH connection

Code:
 cat /proc/diskstats
showed me a list of the disks available

Code:
 hdparm -I /dev/sd<insert drive letter (sda, sdb etc)>
gave back the following

Code:
Security:
Master password revision code = 65534
               supported
               enabled
               locked
     not     frozen
     not     expired: security count
               supported: enhanced erase
     Security level high
Comparing the master password revision codes of the erased drive to a non-erased drive (same model), the code is the same and probably still factory default. Searching other forums reveal several common ATA factory passwords for the drives

---------------
Solution (for those who are to lazy to read the whole post)
Code:
hdparm --security-disable synology /dev/sda
---------------

Code:
hdparm --user-master m --security-unlock WDCWDCWDCWDCWDCWDCWDCWDCWDCWDCW /dev/sd<insert drive letter (sda, sdb etc)>
hdparm --user-master m --security-disable WDCWDCWDCWDCWDCWDCWDCWDCWDCWDCW /dev/sd<insert drive letter (sda, sdb etc)>
This worked for the WD drives. So they are working again as intended.

For the Seagate drive:
The Default Password should be Seatate + 25 Space (Pressing the Space Bar 25 times)
For whatever reasons that is not working.

HDD UNLOCK costs Money and the Trial does not Support my hd Controller (or I am to stupid getting this to work)
Same with A*FF Repair Station and MHDD.
Victoria isn't working either (couldn't get the Software to work in PIO mode)

<Will try this evening if changing the BIOS Settings from AHCI to IDE / Legacy changes anything>


Any other ideas that I could try this evening?
@Chuckleb: As I have noticed in your cleaning out thread: you happen to have a Seagate Barracuda 3TB ST3000DM001:
could you do a
Code:
 hdparm -I /dev/<insert drive letter (sda, sdb etc) without "<"">">
and post the Master Password Revision code?
so I can check if the master Password should work or not? That would be really great.
 
Last edited:
  • Like
Reactions: neoen

neoen

New Member
Apr 30, 2015
7
6
3
35
Hi there ... I too managed to brick my seagate ST3000DM001 drives ... 4 of them actually. I just got off the phone with seagate and they said that to unlock the newer drives you have to know the password that was placed on them when it was locked. That is to say, they confirmed that they no longer have a master key password available to unlock a drive in the state we are seeing (I.E. Seagate with 25 spaces after it is not a thing on newer drives). So that means that we have to know the password that synology itself placed on it during the beginning of the wipe that failed otherwise we are SOL.

I have a ticket in with synology now so we'll see what they have to say. Otherwise Seagate said all I can do is RMA the drives, which I'm ok with.

I'll let you know how it goes.
 
  • Like
Reactions: Kristian

rubylaser

Active Member
Jan 4, 2013
842
229
43
Michigan, USA
If anyone is interested here is what the Master Code shows on one of my working ST3000DM001's. It's the same value as Kristian's locked drive.
Code:
hdparm -I /dev/sde | grep Master
Master password revision code = 65534
 
  • Like
Reactions: Kristian

Kristian

Active Member
Jun 1, 2013
347
83
28
Hi there ... I too managed to brick my seagate ST3000DM001 drives ... 4 of them actually. I just got off the phone with seagate and they said that to unlock the newer drives you have to know the password that was placed on them when it was locked. That is to say, they confirmed that they no longer have a master key password available to unlock a drive in the state we are seeing (I.E. Seagate with 25 spaces after it is not a thing on newer drives). So that means that we have to know the password that synology itself placed on it during the beginning of the wipe that failed otherwise we are SOL.

I have a ticket in with synology now so we'll see what they have to say. Otherwise Seagate said all I can do is RMA the drives, which I'm ok with.

I'll let you know how it goes.
Thank you that would be really fantastic.

RMAing my drive is sadly not an option, because the warranty period ended in January :-/
 
  • Like
Reactions: neoen

neoen

New Member
Apr 30, 2015
7
6
3
35
I tried that master password rubylaser, no luck. Granted I only have about a 10% understanding of what I'm even doing. Does this look right?

SSHed to my synology box

Code:
Synology> hdparm --user-master m --security-unlock 65334 /dev/sda
That comes back as permission denied.
 
Last edited:

Kristian

Active Member
Jun 1, 2013
347
83
28
65334 is just a kind of a "checksum" if I remember that correctly
65534 means that the master password is still factory default

65534 is what all my drives are reporting back, no matter if locked or not.
The value should change if you actually set a new master password.
(Of course you can only set a new master password if you have the existing one)

I am to afraid to do that on one of my working WDs where I have the master password because just like you I only understand half of what I am doing
 
Last edited:
  • Like
Reactions: neoen

neoen

New Member
Apr 30, 2015
7
6
3
35
Just wanted to post an update.

I am getting a bit out of synology support but I'm not sure if they're going to be able to help me. I'd say that if you have not put in a ticket with them yet to go ahead and give it a shot. I am going to begin the RMA process for my drives today and cancel it if Synology can work some magic. The issue I'm facing right now is that I have 4 drives that are bricked and only 4 slots to work with. They want me to have all the drives in that were affected but if I do that then I kill the OS by taking out the only drive that has the OS on it, which is what caused this to begin with. Since you only have one bricked drive maybe they can work with that.

We'll see, I'm emailing them back and forth right now.

It would be nice for Synology to put a fail safe in that won't let you clean the last drive with an error that says something like "You can't do this until the other drives complete because it will completely wipe out the OS and cause the clean task to fail potentially bricking your hard drives"

When I started the tasks I didn't really think about the fact that the OS lives on each drive and if you wipe all 4 it will freak out and die.

Wish I had better news for you. I'll update again with how the Synology support ends up.
 

Kristian

Active Member
Jun 1, 2013
347
83
28
Thanks neoen,

as I have no Synology device: just ran XPenology on a old PC to test if Synology devices are worth the money...

Well I would say they are, if it wouldn't be for the issues we are facing
 
Last edited:
  • Like
Reactions: neoen

neoen

New Member
Apr 30, 2015
7
6
3
35
Ahh. I did the same thing before I bought the Synology device I ended up with. I love the device even though I could build a slightly more powerful machine for a little less cost. When it comes time to upgrade I will consider building my own but I do like not having to hack it.

This may be your best bet - ATA security lock removal for seagate [Solved] ;) | my blag,my life,my linux

I found that post when I was first looking into this, but my eyes crossed probably because it was 4am and really should have been sleeping and not trying to fix my bricked hard drives. It may be your best bet though. It looks to be some sort of hack to extract what the expected password is. Something I likely will not pursue since I can RMA all of my drives.

Still nothing new from Synology.
 
  • Like
Reactions: Kristian

neoen

New Member
Apr 30, 2015
7
6
3
35
Wow, I'm impressed. Synology pulled it off. They SSHed in and unlocked all 4 drives, they all work now. I'm still going to return them and get some WD Reds I think but at least I can return functional drives :)

So worst comes to worst you could set that drive aside and if/when you decided to purchase a Synology device you know that they can unlock it.

I am going to try to weasel the solution out of them in a final email I just sent off, but they may keep that one close to their chest for security purposes. I'll report back here either way.
 
  • Like
Reactions: Kristian and Marsh

neoen

New Member
Apr 30, 2015
7
6
3
35
Ok Kristian, got something for ya.

Try the password 'synology' all lowercase. The hdparm they say to use is --security-disable with password synolgoy.

So something along these lines

Code:
hdparm --security-disable synology /dev/sda
Let us know if it works.

-Neoen
 
  • Like
Reactions: Kristian

Kristian

Active Member
Jun 1, 2013
347
83
28
You Sir are my hero for the day - no not the day, but the complete week!!!

I can confirm: synology is working!

Thank your very much!
 
  • Like
Reactions: neoen

neoen

New Member
Apr 30, 2015
7
6
3
35
Awesome! Good to hear. 3TB now usable again :)

Now THIS is the post I would have liked to come across at 3am when I bricked all of my hard drives to begin with. Too bad google cant index posts from the future.
 
  • Like
Reactions: Kristian