Modern hard disks feature an area that contains information that the CPU on the HDD logic board uses to operate the drive. The area is called the “system area” (“SA”). This area contains for example the drive ‘microcode’ (a.k.a. firmware), HDD Configuration Tables, Defect sector tables, SMART information, Security info (drive passwords etc), Disk ID info and more. These categories of information are called ‘modules’. So the SA contains a module for the firmware code, a module for the SMART info etc.
The SA is stored on ‘negative cylinders’ of the HDD and therefore is not accessible by normal read commands. However, the area can be accessed with other ATA commands. An example of a (more or less) ‘standard’ ATA command that can access info on the SA is the ‘download microcode’ ATA command that can be used to update information in the firmware code module. However, most of the commands that can be used to access the SA are vendor specific. Since vendors (obviously) don’t want users to mess around with the SA, these commands are generally not made public. However, these commands can be deduced by, for example, reverse engineering the firmware code itself.
This reverse engineering has been done and led to development of tools that can issue these (vendor specific) ATA commands and can read/write almost all sectors in the SA. One example of such tool is PC3000 (‘PC3K’). A tool like this contains tables per HDD model, containing these vendor specific ATA commands and also tables with sector numbers on which the different modules are stored, also per HDD model. SA Sector numbers are counted in “UBA’s”. For example, one specific HDD might use UBA 4 to store the ‘DISK ID’ module, where another HDD model might use another sector for this module.
So in short, to create a tool that can read/write data in the SA, you need to:
1) know (and understand) the (vendor-) specific ATA commands that can be used to access this area and
2) know on which UBA sector the specific modules are stored.