Advanced Technology Attachment Interface
Disks Interfaces
Protected areas
Host Protected Area (HPA).
added with ATA-4.
special area to store vendor data.
size can be zero bytes.
guaranteed persistence – it won’t be erased with a format.
it is located at the end of the disk.
requires reconfiguration of the disk to be accessible.
it can be used to:
reduce the disk size for the old BIOS to recognize the drive.
to store diagnostic applications.
pre-loaded OS (e. g. dedicated buttons to web OS).
system recovery (e. g. IBM, LG, . . . ).
anti-theft tools.
but, it can also be used to hide illegal files.
some rootkits can hide themselves to avoid detection by anti-virus.
some NSA exploits are known to use HPA to guarantee persistence.
Create and check for HPA
Identify HPA
On Linux command line:
at boot time ->
dmesg | less
by comparing size values ->
hdparm -N /dev/sdX
to create an HPA ->
hdparm -N pZZZZZ /dev/sdX
Last updated