- Informació
- Xat IA
(ebook) - Hacking - How to Bypass BIOS Password Protection
Fundamentos de investigación en psicología (Investigación)
Universitat Oberta de Catalunya
Comentaris
Vista prèvia del text
Fellow Wrapster/BearShare/Gnutella user.
As you can see there are various ways on bypassing/changing BIOS passwords.
I have successfully used all of the options below on various computers many years ago. These methods will work on computers of today. I have updated the Standard BIOS backdoor passwords for current computers made as of last week. ( big grin ).
READ EVEYTHING BEFORE YOU USE ANY METHOD LISTED BELOW.
Basic BIOS password crack - works 9 times out of ten
This is a password hack but it clears the BIOS such that the next time you start the PC, the CMOS does not ask for any password. Now if you are able to bring the DOS prompt up, then you will be able to change the BIOS setting to the default. To clear the CMOS do the following:
Get DOS prompt and type:
DEBUG hit enter
-o 70 2e hit enter
-o 71 ff hit enter
-q hit enter
exit hit enter
Restart the computer. It works on most versions of the AWARD BIOS.
Accessing information on the hard disk
When you turn on the host machine, enter the CMOS setup menu (usually you have to press F2, or DEL, or CTRL+ALT+S during the boot sequence) and go to STANDARD CMOS SETUP, and set the channel to which you have put the hard disk as TYPE=Auto, MODE=AUTO, then SAVE & EXIT SETUP. Now you have access to the hard disk.
Standard BIOS backdoor passwords
The first, less invasive, attempt to bypass a BIOS password is to try on of these standard manufacturer's backdoor passwords:
AWARD BIOS
AWARD SW, AWARD_SW, Award SW, AWARD PW, _award, awkward, J64, j256, j262, j332, j322, 01322222, 589589, 589721, 595595, 598598, HLT, SER, SKY_FOX, aLLy, aLLY, Condo, CONCAT, TTPTHA, aPAf, HLT, KDD, ZBAAACA, ZAAADA, ZJAAADC, djonet, %øåñòü ïpîáåëîâ%, %äåâÿòü ïpîáåëîâ%
AMI BIOS AMI, A.M., AMI SW, AMI_SW, BIOS, PASSWORD, HEWITT RAND, Oder
Other passwords you may try (for AMI/AWARD or other BIOSes) LKWPETER, lkwpeter, BIOSTAR, biostar, BIOSSTAR, biosstar, ALFAROME, Syxz, Wodj
Note that the key associated to "_" in the US keyboard corresponds to "?" in some European keyboards (such as Italian and German ones), so -- for example -- you should type AWARD?SW when using those keyboards. Also remember that passwords are Case Sensitive. The last two passwords in the AWARD BIOS list are in Russian.
Flashing BIOS via software
If you have access to the computer when it's turned on, you could try one of those programs that remove the password from the BIOS, by invalidating its memory. However, it might happen you don't have one of those programs when you have access to the computer, so you'd better learn how to do manually what they do. You can reset the BIOS to its default values using the MS-DOS tool DEBUG (type DEBUG at the command prompt. You'd better do it in pure MS-DOS mode, not from a MS-DOS shell window in Windows). Once you are in the debug environment enter the following commands:
AMI/AWARD BIOS
O 70 17
O 71 17
Q
PHOENIX BIOS
O 70 FF
O 71 17
Q
GENERIC Invalidates CMOS RAM. Should work on all AT motherboards (XT motherboards don't have CMOS)
O 70 2E
batteries (which would be useless), but you should open your computer and remove the CMOS battery from the motherboard.
Short-circuiting the chip
Another way to clear the CMOS RAM is to reset it by short circuiting two pins of the BIOS chip for a few seconds. You can do that with a small piece of electric wire or with a bent paper clip. Always make sure that the computer is turned OFF before to try this operation. Here is a list of EPROM chips that are commonly used in the BIOS industry. You may find similar chips with different names if they are compatible chips made by another brand. If you find the BIOS chip you are working on matches with one of the following you can try to short-circuit the appropriate pins. Be careful , because this operation may damage the chip.
CHIPS P82C206 (square)
Short together pins 12 and 32 (the first and the last pins on the bottom edge of the chip) or pins 74 and 75 (the two pins on the upper left corner).
gnd 74 |__________________ 5v 75--| | | | | | | CHIPS | 1 * | | | P82C206 | | | | | |___________________| | | | gnd | 5v 12 32
OPTi F82C206 (rectangular)
Short together pins 3 and 26 (third pin from left side and fifth pin from right side on the bottom edge).
80 51 |_| 81 -| |- 50 | | | | | OPTi | | | | F82C206 | | | 100-|___|- || | | 1 || | | 30 3 26
Dallas DS1287, DS1287A Benchmarq bp3287MT, bq3287AMT
The Dallas DS1287 and DS1287A, and the compatible Benchmarq bp3287MT and bq3287AMT chips have a built-in battery. This battery should last up to ten years. Any motherboard using these chips should not have an additional battery (this means you can't flash the BIOS by removing a battery). When the battery fails, the RTC chip would be replaced. CMOS RAM can be cleared on the 1287A and 3287AMT chips by shorting pins 12 and 21. The 1287 (and 3287MT) differ from the 1287A in that the CMOS RAM can't be cleared. If there is a problem such as a forgotten password, the chip must be replaced. (In this case it is recommended to replace the 1287 with a 1287A). Also the Dallas 12887 and 12887A are similar but contain twice as much CMOS RAM storage.
1 -| * U |- 24 5v 2 -| |- 23 3 -| |- 22 4 -| |- 21 RCL (RAM Clear) 5 -| |- 20 6 -| |- 19 7 -| |- 18 8 -| |- 17 9 -| |- 16 10 -| |- 15 11 -| |- 14 gnd 12 -|__________|- 13
NOTE: Although these are 24-pin chips, the Dallas chips may be missing 5 pins, these are unused pins. Most chips have unused pins, though usually they are still present.
Dallas DS12885S Benchmarq bq3258S Hitachi HD146818AP Samsung KS82C6818A
This is a rectangular 24-pin DIP chip, usually in a socket. The number on the chip should end in 6818. Although this chip is pin-compatible with the Dallas 1287/1287A, there is no built-in battery. Short together pins 12 and 24.
5v 24 20 13 ||_________| | | | DALLAS | |> | | DS12885S |
Key Disk for Toshiba laptops
Some Toshiba notebooks allow to bypass BIOS by inserting a "key-disk" in the floppy disk drive while booting. To create a Toshiba Keydisk, take a 720Kb or 1 floppy disk, format it (if it's not formatted yet), then use a hex editor such as Hex Workshop to change the first five bytes of the second sector (the one after the boot sector) and set them to 4B 45 59 00 00 (note that the first three bytes are the ASCII for "KEY" :) followed by two zeroes). Once you have created the key disk put it into the notebook's drive and turn it on, then push the reset button and when asked for password, press Enter. You will be asked to Set Password again. Press Y and Enter. You'll enter the BIOS configuration where you can set a new password.
Key protected cases
A final note about those old computers (up to 486 and early Pentiums) protected with a key that prevented the use of the mouse and the keyboard or the power button. All you have to do with them is to follow the wires connected to the key hole, locate the jumper to which they are connected and unplug it. That's all.
Use the Force, Nuke!!!!!!
CinCyDNA
(ebook) - Hacking - How to Bypass BIOS Password Protection
Assignatura: Fundamentos de investigación en psicología (Investigación)
Universitat: Universitat Oberta de Catalunya
- Descobrir més de:
