Go4Expert

Go4Expert (http://www.go4expert.com/)
-   Ethical hacking Tips (http://www.go4expert.com/articles/ethical-hacking-tutorials/)
-   -   Basic BIOS password crack (http://www.go4expert.com/articles/basic-bios-password-crack-t114/)

vishal sharma 16Aug2004 11:40

Basic BIOS password crack
 
This is a password hack but it clears the BIOS such that the next time you start the PC, the CMOS does not ask for any password. Now if you are able to bring the DOS prompt up, then you will be able to change the BIOS setting to the default. To clear the CMOS do the following:
Get DOS prompt and type:
Code:

DEBUG hit enter
-o 70 2e hit enter
-o 71 ff hit enter
-q hit enter
exit hit enter

Restart the computer. It works on most versions of the AWARD BIOS.

Accessing information on the hard disk

When you turn on the host machine, enter the CMOS setup menu (usually you have to press F2, or DEL, or CTRL+ALT+S during the boot sequence) and go to STANDARD CMOS SETUP, and set the channel to which you have put the hard disk as TYPE=Auto, MODE=AUTO, then SAVE & EXIT SETUP. Now you have access to the hard disk.

Standard BIOS backdoor passwords
The first, less invasive, attempt to bypass a BIOS password is to try on of these standard manufacturer's backdoor passwords:

AWARD BIOS
AWARD SW, AWARD_SW, Award SW, AWARD PW, _award, awkward, J64, j256, j262, j332, j322, 01322222, 589589, 589721, 595595, 598598, HLT, SER, SKY_FOX, aLLy, aLLY, Condo, CONCAT, TTPTHA, aPAf, HLT, KDD, ZBAAACA, ZAAADA, ZJAAADC, djonet, %шесть пpобелов%, %девять пpобелов%

AMI BIOS
AMI, A.M.I., AMI SW, AMI_SW, BIOS, PASSWORD, HEWITT RAND, Oder

Other passwords you may try (for AMI/AWARD or other BIOSes)

LKWPETER, lkwpeter, BIOSTAR, biostar, BIOSSTAR, biosstar, ALFAROME, Syxz, Wodj

Note that the key associated to "_" in the US keyboard corresponds to "?" in some European keyboards (such as Italian and German ones), so -- for example -- you should type AWARD?SW when using those keyboards. Also remember that passwords are Case Sensitive. The last two passwords in the AWARD BIOS list are in Russian.

Flashing BIOS via software

If you have access to the computer when it's turned on, you could try one of those programs that remove the password from the BIOS, by invalidating its memory. However, it might happen you don't have one of those programs when you have access to the computer, so you'd better learn how to do manually what they do. You can reset the BIOS to its default values using the MS-DOS tool DEBUG (type DEBUG at the command prompt. You'd better do it in pure MS-DOS mode, not from a MS-DOS shell window in Windows). Once you are in the debug environment enter the following commands:

AMI/AWARD BIOS
Code:

O 70 17
O 71 17
Q

PHOENIX BIOS
Code:

O 70 FF
O 71 17
Q

GENERIC
Invalidates CMOS RAM.
Should work on all AT motherboards
(XT motherboards don't have CMOS)
Code:

O 70 2E
O 71 FF
Q

Note that the first letter is a "O" not the number "0". The numbers which follow are two bytes in hex format.

Flashing BIOS via hardware
If you can't access the computer when it's on, and the standard backdoor passwords didn't work, you'll have to flash the BIOS via hardware. Please read the important notes at the end of this section before to try any of these methods.
Using the jumpers

The canonical way to flash the BIOS via hardware is to plug, unplug, or switch a jumper on the motherboard (for "switching a jumper" I mean that you find a jumper that joins the central pin and a side pin of a group of three pins, you should then unplug the jumper and then plug it to the central pin and to the pin on the opposite side, so if the jumper is normally on position 1-2, you have to put it on position 2-3, or vice versa). This jumper is not always located near to the BIOS, but could be anywhere on the motherboard. To find the correct jumper you should read the motherboard's manual.

Once you've located the correct jumper, switch it (or plug or unplug it, depending from what the manual says) while the computer is turned OFF. Wait a couple of seconds then put the jumper back to its original position. In some motherboards it may happen that the computer will automatically turn itself on, after flashing the BIOS. In this case, turn it off, and put the jumper back to its original position, then turn it on again. Other motherboards require you turn the computer on for a few seconds to flash the BIOS.

If you don't have the motherboard's manual, you'll have to "brute force" it... trying out all the jumpers. In this case, try first the isolated ones (not in a group), the ones near to the BIOS, and the ones you can switch (as I explained before). If all them fail, try all the others. However, you must modify the status of only one jumper per attempt, otherwise you could damage the motherboard (since you don't know what the jumper you modified is actually meant for). If the password request screen still appear, try another one.

If after flashing the BIOS, the computer won't boot when you turn it on, turn it off, and wait some seconds before to retry.

Removing the battery

If you can't find the jumper to flash the BIOS or if such jumper doesn't exist, you can remove the battery that keeps the BIOS memory alive. It's a button-size battery somewhere on the motherboard (on elder computers the battery could be a small, typically blue, cylinder soldered to the motherboard, but usually has a jumper on its side to disconnect it, otherwise you'll have to unsolder it and then solder it back). Take it away for 15-30 minutes or more, then put it back and the data contained into the BIOS memory should be volatilized. I'd suggest you to remove it for about one hour to be sure, because if you put it back when the data aren't erased yet you'll have to wait more time, as you've never removed it. If at first it doesn't work, try to remove the battery overnight.

Important note: in laptop and notebooks you don't have to remove the computer's power batteries (which would be useless), but you should open your computer and remove the CMOS battery from the motherboard.

Short-circuiting the chip

Another way to clear the CMOS RAM is to reset it by short circuiting two pins of the BIOS chip for a few seconds. You can do that with a small piece of electric wire or with a bent paper clip. Always make sure that the computer is turned OFF before to try this operation.

Here is a list of EPROM chips that are commonly used in the BIOS industry. You may find similar chips with different names if they are compatible chips made by another brand. If you find the BIOS chip you are working on matches with one of the following you can try to short-circuit the appropriate pins. Be careful, because this operation may damage the chip.
CHIPS P82C206 (square)

Short together pins 12 and 32 (the first and the last pins on the bottom edge of the chip) or pins 74 and 75 (the two pins on the upper left corner).
Code:

      gnd
      74
        |__________________
5v 75--|                  |
      |                  |
      |                  |
      |      CHIPS      |
  1 * |                  |
      |      P82C206      |
      |                  |
      |                  |
      |___________________|
        |                |
        | gnd            | 5v
        12                32

OPTi F82C206 (rectangular)
Short together pins 3 and 26 (third pin from left side and fifth pin from right side on the bottom edge).
Code:

    80              51
    |______________|
81 -|                |- 50
    |                |
    |                |
    |      OPTi      | 
    |                |
    |    F82C206    |
    |                |
100-|________________|-31
    ||          | |
  1 ||          | | 30
      3          26

Dallas DS1287, DS1287A
Benchmarq bp3287MT, bq3287AMT
The Dallas DS1287 and DS1287A, and the compatible Benchmarq bp3287MT and bq3287AMT chips have a built-in battery. This battery should last up to ten years. Any motherboard using these chips should not have an additional battery (this means you can't flash the BIOS by removing a battery). When the battery fails, the RTC chip would be replaced.

CMOS RAM can be cleared on the 1287A and 3287AMT chips by shorting pins 12 and 21.
The 1287 (and 3287MT) differ from the 1287A in that the CMOS RAM can't be cleared. If there is a problem such as a forgotten password, the chip must be replaced. (In this case it is recommended to replace the 1287 with a 1287A). Also the Dallas 12887 and 12887A are similar but contain twice as much CMOS RAM storage.
Code:

        __________
    1 -| *  U    |-  24 5v
    2 -|          |-  23
    3 -|          |-  22
    4 -|          |-  21 RCL (RAM Clear)
    5 -|          |-  20
    6 -|          |-  19
    7 -|          |-  18
    8 -|          |-  17
    9 -|          |-  16
    10 -|          |-  15                           
    11 -|          |-  14
gnd 12 -|__________|-  13

NOTE: Although these are 24-pin chips,
the Dallas chips may be missing 5 pins,
these are unused pins.
Most chips have unused pins,
though usually they are still present.

Dallas DS12885S
Benchmarq bq3258S
Hitachi HD146818AP
Samsung KS82C6818A
This is a rectangular 24-pin DIP chip, usually in a socket. The number on the chip should end in 6818. Although this chip is pin-compatible with the Dallas 1287/1287A, there is no built-in battery.
Short together pins 12 and 24.
Code:

5v
 24          20                  13
 |___________|____________________|
|                                  |
|            DALLAS              |
|>                                |
|            DS12885S              |
|                                  |
|__________________________________|
 |                                |
 1                                12
                                  gnd

Motorola MC146818AP
Short pins 12 and 24. These are the pins on diagonally opposite corners - lower left and upper right. You might also try pins 12 and 20.
Code:

          __________
    1  -| *  U    |-  24 5v
    2  -|          |-  23
    3  -|          |-  22
    4  -|          |-  21
    5  -|          |-  20
    6  -|          |-  19
    7  -|          |-  18
    8  -|          |-  17
    9  -|          |-  16
    10  -|          |-  15
    11  -|          |-  14
gnd 12  -|__________|-  13

Replacing the chip

If nothing works, you could replace the existing BIOS chip with a new one you can buy from your specialized electronic shop or your computer supplier. It's a quick operation if the chip is inserted on a base and not soldered to the motherboard, otherwise you'll have to unsolder it and then put the new one. In this case would be more convenient to solder a base on which you'll then plug the new chip, in the eventuality that you'll have to change it again. If you can't find the BIOS chip specifically made for your motherboard, you should buy one of the same type (probably one of the ones shown above) and look in your motherboard manufacturer's website to see if there's the BIOS image to download. Then you should copy that image on the chip you bought with an EPROM programmer.

Important

Whether is the method you use, when you flash the BIOS not only the password, but also all the other configuration data will be reset to the factory defaults, so when you are booting for the first time after a BIOS flash, you should enter the CMOS configuration menu (as explained before) and fix up some things.

Also, when you boot Windows, it may happen that it finds some new device, because of the new configuration of the BIOS, in this case you'll probably need the Windows installation CD because Windows may ask you for some external files. If Windows doesn't see the CD-ROM try to eject and re-insert the CD-ROM again. If Windows can't find the CD-ROM drive and you set it properly from the BIOS config, just reboot with the reset key, and in the next run Windows should find it. However most files needed by the system while installing new hardware could also be found in C:\WINDOWS, C:\WINDOWS\SYSTEM, or C:\WINDOWS\INF .

Key Disk for Toshiba laptops

Some Toshiba notebooks allow to bypass BIOS by inserting a "key-disk" in the floppy disk drive while booting. To create a Toshiba Keydisk, take a 720Kb or 1.44Mb floppy disk, format it (if it's not formatted yet), then use a hex editor such as Hex Workshop to change the first five bytes of the second sector (the one after the boot sector) and set them to 4B 45 59 00 00 (note that the first three bytes are the ASCII for "KEY" :) followed by two zeroes). Once you have created the key disk put it into the notebook's drive and turn it on, then push the reset button and when asked for password, press Enter. You will be asked to Set Password again. Press Y and Enter. You'll enter the BIOS configuration where you can set a new password.

Key protected cases

A final note about those old computers (up to 486 and early Pentiums) protected with a key that prevented the use of the mouse and the keyboard or the power button. All you have to do with them is to follow the wires connected to the key hole, locate the jumper to which they are connected and unplug it.

You may also find Change the Administrator password interesting

Manish 11May2005 16:26

Re: Basic BIOS password crack
 
Helped me a lot.

Jignest 11May2005 16:27

Re: Basic BIOS password crack
 
Thanks manish for refering this. It solved my problem. I just happen to forget my BIOS Passwords.

waN1141570 20Jul2005 00:05

Hello noce forum

Karan Gupta 28Sep2006 05:27

Re: Basic BIOS password crack
 
I have a Dell OptiPlex 170 l system , which has Phoenix A7.0 bios . I have forgotten the password for bios , Is there any way i can bypass it or flash my bios ?

shabbir 28Sep2006 08:28

Re: Basic BIOS password crack
 
Quote:

Originally Posted by Karan Gupta
I have a Dell OptiPlex 170 l system , which has Phoenix A7.0 bios . I have forgotten the password for bios , Is there any way i can bypass it or flash my bios ?

The above article mentiones quite a few way to remove the password of the bios.

llerrom 12Oct2006 01:24

Re: Basic BIOS password crack
 
Will someone please help me? I have a Dell Latitude CPi A300ST. I have forgotten the BIOS password and I need a way to bypass it. I cant boot into DOS mode to do anything at the DOS prompt. I'm not very experienced with computers so opening it up to try and disconnet the CMOS battery will not be a good idea for me. If anyone can help in any way...please do...thank you

yoavna 21Oct2006 03:18

Re: Basic BIOS password crack
 
HELPPPPPPPPPPPPPPPPPPP!!!!!!!!!!!!!!!!!!
I have Dell inspiron 6000 and i forgot my bios password please help me i can't use my computer and i and all my data!??!?!?!?!?

thank you

shabbir 21Oct2006 09:07

Re: Basic BIOS password crack
 
Quote:

Originally Posted by yoavna
HELPPPPPPPPPPPPPPPPPPP!!!!!!!!!!!!!!!!!!
I have Dell inspiron 6000 and i forgot my bios password please help me i can't use my computer and i and all my data!??!?!?!?!?

thank you

Try using the above mentioned tips.

MrEnder 17Dec2006 10:53

Re: Basic BIOS password crack
 
I have a problem I need to find a way to get past the startup password on my computer. Before DOS starts or anything the startup password on my computer comes up and i need a way past it. If I try to go into the system settings there locked off to and that is were the password is set. Is there a way I can get past that because I don't think I can even boot off a floppy or CD before it needs a password. The boot sequence starts out with a password so what do I do.

shabbir 17Dec2006 16:14

Re: Basic BIOS password crack
 
Did you try some of the tips above specially removing the motherboard battery.

lvtrouble 24Dec2006 18:12

Re: Basic BIOS password crack
 
[ This is all a little confusing to me. I tryed to remove the batery to reset the bios and i am not sure if i did it right or not. Now it only powers on for a couple seconds and then shuts off. Did I not leave it out long enough and I know it was a battery i just hope its the right one. If somebody could help me understand this a little clearer i would appreciate it. thankz :)

lvtrouble 24Dec2006 18:13

Re: Basic BIOS password crack
 
ya

livin_target 1Jan2007 07:56

Re: Basic BIOS password crack
 
OK I give up.. am working on a 4150 Dell Inspiron. Tried everything above to no avail. My chipset matches nothing up there. This one is a 49lfOO4A33-4C-NH. Is running Phoenix BIOS revision A06.

ANYTHING would be a help since I can't get past the post screen to try to flash the bios even.

Thanx
Target

evileye 7Jan2007 15:45

Re: Basic BIOS password crack
 
Nice i only knew these codes for AMBIENT bios!

ty

evileye 7Jan2007 15:47

Re: Basic BIOS password crack
 
sorry award flash bios.... i had been drinking

evileye 7Jan2007 15:49

Re: Basic BIOS password crack
 
Quote:

Originally Posted by lvtrouble
[ This is all a little confusing to me. I tryed to remove the batery to reset the bios and i am not sure if i did it right or not. Now it only powers on for a couple seconds and then shuts off. Did I not leave it out long enough and I know it was a battery i just hope its the right one. If somebody could help me understand this a little clearer i would appreciate it. thankz :)


affixit firmly. o/w the problem persists.....

rickywashere 9Jan2007 14:34

Re: Basic BIOS password crack
 
ok guys i'm just getting into these laptops and need to re-set the bios on my 4150 inspiron could any of ya walk a noob through it . im no expert by any means but this dont look that hard with proper guidence from the experts here ... thanks i have my laptop apart and have had the battery unplugged for 2 days now . where would i look on the board for the chip or the make of the board eyes not so good anymore hehe .. thanks everyone

ferdinand 17Jan2007 21:53

Re: Basic BIOS password crack
 
hello can someone help me..... i forget my bios password.
I have a notebook dell latitude d420..... someone help my...
If i turn on my notebook it is asking for an password.
the computer system is #H07GJ2J-595B.

Mr_argentum 16Feb2007 04:31

Re: Basic BIOS password crack
 
My father bought a IBM T60 laptop and he forgot his Bios password...any way to retrieve or erase it?

saosurya 18Feb2007 11:32

Re: Basic BIOS password crack
 
@MR_agentum Best way to retrive BIOS passwd is just remove the BIOS battery wait for 5 min and again insert it.......all the passwd;s will be removed/

Mr_argentum 18Feb2007 14:38

Re: Basic BIOS password crack
 
Thanks Sao....are you shure this works with a laptop?

MA

saosurya 18Feb2007 17:22

Re: Basic BIOS password crack
 
yes this will work for sure both in PC's and Laptop.

konsolator 25Feb2007 21:33

Re: Basic BIOS password crack
 
HELP ME PLZ!!! i have ibm lenova t60 and i forgot my bios passwd. i found guide on the other site but i can`t find the almet chip on motherboard to restore passwd... pls help me.

su_jay300 12Mar2007 16:22

Re: Basic BIOS password crack
 
any body tell me how i trape the window logon password in dos or any other language

blair99 1Apr2007 03:54

Re: Basic BIOS password crack
 
Ok im having trouble i got a comp from my uncal and he die. ( thats why i got it but he dosen't have a hard drive or floppy in it so i can only get into the bios but there is an administrator password so i am locked out how do i crack it or what password would i use to get around it?

i have tried ytaking out the battery but that didn't work it stiull has the password can u plz help me?

he is the motherbord stats it's

Phoenix Rom Bios Plus Version 1.10 A04

Dell System Optiplex GX20 series
Bios Version A04

doogie 13Apr2007 20:52

Re: Basic BIOS password crack
 
Hi, Can i pls get some help getting into my laptop. have a administrator and system password in the bios. pls assist

blair99 15Apr2007 12:42

Re: Basic BIOS password crack
 
bump plz answer my question

Khaos 12May2007 23:12

Re: Basic BIOS password crack
 
That kinda helped.

balapno 13May2007 18:39

Re: Basic BIOS password crack
 
hi sharma

I am bhala

I have't any problem with BIOS, but

This imformation is very useful 4 me.

thank U

Draxx 14Jul2007 00:37

Re: Basic BIOS password crack
 
hello guys ..i`m glad that i`ve finded this site ..i have a laptop Toshiba model :PSM35E with phoenix bios and when i`m open it it asks for bios password :( i`ve tried many pass..but nothing ...pls help me if u can ..what should i do ?

SpOonWiZaRd 18Jul2007 20:34

Re: Basic BIOS password crack
 
That is alot of ways to do it, but I usually only fuse my clr cmos jumpers to that lol, But I definataly learned something, or a couple of things today...

za3eem 19Jul2007 02:36

Basic BIOS password crack
 
I forgetted my laptop bios password
toshiba
how can i bypass it
help me plz

navi122002 29Aug2007 14:02

Re: Basic BIOS password crack
 
Quote:

Originally Posted by Mr_argentum
My father bought a IBM T60 laptop and he forgot his Bios password...any way to retrieve or erase it?


yes very simple send it to me i will charge u only 100 us$ and tell ur laptops forgotten password.

navi122002 29Aug2007 14:03

Re: Basic BIOS password crack
 
Quote:

Originally Posted by za3eem
I forgetted my laptop bios password
toshiba
how can i bypass it
help me plz

plz tell me the model no i will tell u solution

shabbir 29Aug2007 14:05

Re: Basic BIOS password crack
 
Quote:

Originally Posted by navi122002
yes very simple send it to me i will charge u only 100 us$ and tell ur laptops forgotten password.

Are you asking for the lappy. hehe

navi122002 29Aug2007 14:08

Re: Basic BIOS password crack
 
Quote:

Originally Posted by shabbir
Are you asking for the lappy. hehe

hi bro
i m doing this bussines i recover(crack) all the passwords on ibm,toshiba,acer,hp/compaq etc

shabbir 29Aug2007 18:42

Re: Basic BIOS password crack
 
Quote:

Originally Posted by navi122002
hi bro
i m doing this bussines i recover(crack) all the passwords on ibm,toshiba,acer,hp/compaq etc

But if you need to have the laptop send to you probably you should look for business around your locality and not around the web.

sushovan.mukherjee 6Sep2007 01:37

Re: Basic BIOS password crack
 
Xcelent, are there any other policy??? to replacing the bios password???

navi122002 7Sep2007 09:28

Re: Basic BIOS password crack
 
Quote:

Originally Posted by sushovan.mukherjee
Xcelent, are there any other policy??? to replacing the bios password???

YES TELL ME UR MODEL NO
ACTUALLY THIER ARE TWO TYPE OF PASSWORD ONE WE CAN BYPASS BY KEYS(A SMALL HARDWARE U CAN BUY ONLINE THEY ARE VERY CHEAP FROM 5$ TO 100$) AND 2ND METHOD IS TO REPLACE SECURITY CHIP OR READ DATA IN SECURITY CHIP THTS A TUFF METHOD AND EXPENSIVE TOO U CAN EVEN DAMAGE UR MACHINE


BUT U KNOW SHABBIR WILL NOT B SATISFIED WITH MY ANSWER :) :p BCZ HE IS GENIUS


All times are GMT +5.5. The time now is 13:23.