Dec 14, 2010

How To Byepass BIOS Passwords : The Smart Way


Introduction to BIOS Passwords

The best method to reset a BIOS password depends on what BIOS the computer has. Common BIOS's include AMI, Award, IBM and Phoenix. Numerous other BIOS's do exist, but these are the most common.
Some BIOS's allow you to require a password be entered before the system will boot. Some BIOS's allow you to require a password to be entered before the BIOS setup may be accessed.
The general categories of solutions to reset a BIOS password are:
  • Using a Backdoor BIOS Password
  • Resetting the BIOS Password using Software
  • Resetting the BIOS Password using Hardware
  • Vendor Specific Solutions for resetting the BIOS Password

Using a Backdoor BIOS Password

Some BIOS manufacturers implement a backdoor password. The backdoor password is a BIOS password that works, no matter what the user sets the BIOS password to. These passwords are typically used for testing and maintenance. Manufacturers typically change the backdoor BIOS passwords from time to time.

AMI Backdoor BIOS Passwords

Reported AMI backdoor BIOS passwords include A.M.I., AAAMMMIII, AMI?SW , AMI_SW, BIOS, CONDO, HEWITT RAND, LKWPETER, MI, and PASSWORD.

Award Backdoor BIOS Passwords

One reported Award backdoor BIOS password is eight spaces. Other reported Award backdoor BIOS passwords include 01322222, 589589, 589721, 595595, 598598 , ALFAROME, ALLY, ALLy, aLLY, aLLy, aPAf, award, AWARD PW, AWARD SW, AWARD?SW, AWARD_PW, AWARD_SW, AWKWARD, awkward, BIOSTAR, CONCAT, CONDO, Condo, condo, d8on, djonet, HLT, J256, J262, j262, j322, j332, J64, KDD, LKWPETER, Lkwpeter, PINT, pint, SER, SKY_FOX, SYXZ, syxz, TTPTHA, ZAAAADA, ZAAADA, ZBAAACA, and ZJAAADC.

Phoenix Backdoor BIOS Passwords

Reported Phoenix BIOS backdoor passwords include BIOS, CMOS, phoenix, and PHOENIX.

Backdoor BIOS Passwords from Other Manufacturers

Reported BIOS backdoor passwords for other manufacturers include:
ManufacturerBIOS Password
VOBIS & IBM merlin
Dell Dell
Biostar Biostar
Compaq Compaq
Enox xo11nE
Epox central
Freetech Posterie
IWill iwill
Jetway spooml
Packard Bell bell9
QDI QDI
Siemens SKY_FOX
SOYO SY_MB
TMC BIGO
Toshiba Toshiba
Remember that what you see listed may not be the actual backdoor BIOS password, this BIOS password may simply have the same checksum as the real backdoor BIOS password. For Award BIOS, this checksum is stored at F000:EC60.

Resetting the BIOS Password using Software

Every system must store the BIOS password information somewhere. If you are able to access the machine after it has been booted successfully, you may be able to view the BIOS password. You must know the memory address where the BIOS password is stored, and the format in which the BIOS password is stored. Or, you must have a program that knows these things.
You can write your own program to read the BIOS password from the CMOS memory on a PC by writing the address of the byte of CMOS memory that you wish to read in port 0x370, and then reading the contents of port 0x371.
!BIOS will recover the BIOS password for most common BIOS versions, including IBM, American Megatrends Inc, Award and Phoenix.
CmosPwd will recover the BIOS password for the following BIOS versions:
  • ACER/IBM BIOS
  • AMI BIOS
  • AMI WinBIOS 2.5
  • Award 4.5x/4.6x/6.0
  • Compaq (1992)
  • Compaq (New version)
  • IBM (PS/2, Activa, Thinkpad)
  • Packard Bell
  • Phoenix 1.00.09.AC0 (1994), a486 1.03, 1.04, 1.10 A03, 4.05 rev 1.02.943, 4.06 rev 1.13.1107
  • Phoenix 4 release 6 (User)
  • Gateway Solo - Phoenix 4.0 release 6
  • Toshiba
  • Zenith AMI

Resetting the BIOS Password using Hardware

If you cannot access the machine after if has been powered up, it is still possible to get past the BIOS password. The BIOS password is stored in CMOS memory that is maintained while the PC is powered off by a small battery, which is attached to the motherboard. If you remove this battery, all CMOS information (including the BIOS password) will be lost. You will need to re-enter the correct CMOS setup information to use the machine. The machines owner or user will most likely be alarmed when it is discovered that the BIOS password has been deleted.
On some motherboards, the battery is soldered to the motherboard, making it difficult to remove. If this is the case, you have another alternative. Somewhere on the motherboard you should find a jumper that will clear the BIOS password. If you have the motherboard documentation, you will know where that jumper is. If not, the jumper may be labeled on the motherboard. If you are not fortunate enough for either of these to be the case, you may be able to guess which jumper is the correct jumper. This jumper is usually standing alone near the battery. If you cannot locate this jumper, you might short both of the points where the battery connects to the motherboard.
If all else fails, you may have to clear the BIOS password by resetting the RTC (Real Time Clock) IC (Integrated Circuit) on your motherboard.
Many RTC's require an external battery. If your RTC is one of this type, you can clear the BIOS password just by unsocketing the RTC and reseating it.
RTC's which require external batteries include:
  • Dallas Semiconductor DS12885S
  • TI benchmarq bq3258S
  • Motorola MC146818AP
  • Hitachi HD146818AP
  • Samsung KS82C6818A
Most RTC chips with integrated batteries can be reset to clear the BIOS password by shorting two pins together for a few seconds.
You will see more than one option for some chips due to testing by various people in the field. Remember to remove power from the system before shorting these pins.
RTC ChipPins
Dallas DS1287ATI benchmarq bp3287AMT 3 (N.C.) and 21 (NC/RCL)
Chips & Technologies P82C206 12 (GND) and 32 (5V)-or-74 (GND) and 75 (5V)
OPTi F82C206 3 and 26
Dallas Semiconductor DS12887A 3 (N.C.) and 21 (RCLR)
You should be able to discover how to reset the BIOS password stored in most RTC (Real Time Clock) chips by reading the manufacturers data sheet for that RTC. Some RTC's, like the Dallas DS1287 and TI benchmarq bq3287mt cannot be cleared. The solution to resetting the BIOS password on systems with those RTC's is to purchase a replacement RTC chip. How inconvenient!

i Hope You guys enjoyed the Article, Enjoy Hacking, Enjoy Hackplanet.

Labels: , , , , , , ,

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home