DMS Locking FAQ

From PhatHack Wiki
Jump to navigation Jump to search

Well, the 2.5" harddrive found in the DMS is someway signed preventing the users to upgrade/replace it. This is what we know about that "issue"

An RSA signature block is stored on the hard drive which contains information identifying the actual hardware.

Specifically, the boot loader queries the drive for its model number and serial number on startup, compares that to the signature stored on the drive, and gives you the Blinking Green LED Of Death if they don't match.

There are a number of vital bits at the beginning of the drive that you need to be careful to not disturb if you repartition or in any other way manipulate the drive.

  • Bytes 0x1b0-0x1ff: The drive's partition table
  • Bytes 0xe0000-0xf13c7: 100 1024-bit RSA private keys, of unknown purpose
  • Bytes 0xf13c7-0xff5f3: Unknown binary data. It's either compressed, encrypted, or both.
  • Bytes 0xffe00-0xffeff: The drive signature.

The rest of the first megabyte of the drive is all zeros.

Changing the partition layout (partition table) doesn't affect the protection, hence is not used for calculation/encryption.

It should be noted that the partition table can be modified, but the start of the first partition should not be moved.

If this data becomes corrupt, you could put the drive in your laptop, but it will be useless to use with the PhatBox. For this reason, if you are worried, it would be a good idea to back up the first megabyte of your hard drive. In linux, this command would do the trick: 

dd if=/dev/sda of=backup.img bs=1024 count=1024
Retrieved from "https://wiki.phathack.com/index.php?title=DMS_Locking_FAQ&oldid=1215"