Synopsis: The mechanics of BIOS password locks present in current generation laptops are briefly outlined. Trivial mechanisms have been put in place by most vendors to bypass such passwords, rendering the protection void. A set of master password generators and hands-on instructions are given to disable BIOS passwords.
Any amateur computer technician should know how to reset BIOS passwords that can be setup from within the BIOS because there are times when they need access to change some configuration options such as the boot order or disable functions like AHCI mode.If a password has been set, you cannot enter the BIOS or sometimes even boot the computer itself unless you know it, and this can be a real. To recover the password, you need to note the value to the right of the BIOS you have installed and then you have to type in cmospwd /m xxx to execute the module. If that doesn't work, you can kill the BIOS using the /k switch. However, DO NOT kill the CMOS if you are recovering the password for a laptop.
When a laptop is locked with password, a checksum of that password is stored to a so-called FlashROM - this is a chip on the mainboard of the device which also contains the BIOS code and other settings, e.g. memory timings.
For most brands, this checksum is displayed after entering an invalid password for the third time:
The dramatic 'System Disabled' message is just scare tactics: when you remove all power from the laptop and reboot it, it will work just as before. From such a checksum (also called 'hash'), valid passwords can be found by means of brute-forcing.
The bypass mechanisms of other vendors work by showing a number to the user from which a master password can be derived. This password is usually a sequence of numbers generated randomly.
Some vendors resort to storing the password in plain text onto the FlashROM, and instead of printing out just a checksum, an encrypted version of the password is shown.
Other vendors just derive the master password from the serial number. Either way, my scripts can be used to get valid passwords.
A few vendors have implemented obfuscation measures to hide the hash from the end user - for instance, some FSI laptops require you to enter three special passwords for the hash to show up (e.g. '3hqgo3 jqw534 0qww294e', 'enable master password' shifted one up/left on the keyboard). Some HP/Compaq laptops only show the hash if the F2 or F12 key has been pressed prior to entering an invalid password for the last time.
Depending on the 'format' of the number code/hash (e.g. whether only numbers or both numbers and letters are used, whether it contains dashes, etc.), you need to choose the right script - it is mostly just a matter of trying all of them and finding the one that fits your laptop.
It does not matter on what machine the script are executed, i.e. there is no reason to run them on the locked laptop.
This is an overview of the algorithms that I looked at so far:
| Vendor | Hash Encoding | Example of Hash Code/Serial | Scripts |
|---|---|---|---|
| Asus | Machine Date | 01-01-2011 | pwgen-asus.py |
| Compaq | 5 decimal digits | 12345 | pwgen-5dec.py Windows binary |
| Dell | serial number | 1234567-595B 1234567-D35B 1234567-2A7B | bios-pw.org |
| Fujitsu-Siemens | 5 decimal digits | 12345 | pwgen-5dec.py Windows binary |
| Fujitsu-Siemens | 8 hexadecimal digits | DEADBEEF | pwgen-fsi-hex.py Windows binary |
| Fujitsu-Siemens | 5x4 hexadecimal digits | AAAA-BBBB-CCCC-DEAD-BEEF | |
| Fujitsu-Siemens | 5x4 decimal digits | 1234-4321-1234-4321-1234 | pwgen-fsi-5x4dec.py Windows binary |
| Fujitsu-Siemens | 6x4 decimal digits | 8F16-1234-4321-1234-4321-1234 | pwgen-fsi-6x4dec.py |
| Hewlett-Packard | 5 decimal digits | 12345 | pwgen-5dec.py Windows binary |
| Hewlett-Packard/Compaq Netbooks | 10 characters | CNU1234ABC | pwgen-hpmini.py Windows binary |
| Insyde H20 (generic) | 8 decimal digits | 03133610 | pwgen-insyde.py Windows binary |
| Phoenix (generic) | 5 decimal digits | 12345 | pwgen-5dec.py Windows binary |
| Sony | 4x4 hexadecimal digits | 1234-1234-1234-1234 | pwgen-sony-4x4.py |
| Sony | 7 digit serial number | 1234567 | pwgen-sony-serial.py Windows binary |
| Samsung | 12 hexadecimal digits | 07088120410C0000 | pwgen-samsung.py Windows binary |
Bios Password Generator Hp
Here are some other folks' efforts (python/ocaml/javascript):| Vendor | Hash Encoding | Example of Hash Code/Serial | Scripts |
|---|---|---|---|
| HP | 8 decimal digits | i1234578 | https://gist.github.com/Rdp3389 |
| Acer/Insyde | 10 decimal digits | 123457890 | https://github.com/let-def/insydious |
The .NET runtime libraries are required for running the Windows binary files (extension .exe). If the binary files (.exe) don't work out for you, install Python 2.7 (not 3.x) and run the .py script directly by double-clicking them. Make sure that you correctly read each letter (e.g. number '1' vs letter 'l').Вячеслав Бачериков has also converted my scripts to javascript so you can calculate the passwords with your browser: http://bios-pw.org/ (sources).
Please leave a comment below on what make/model the scripts work. Also, be aware that some vendors use different schemes for master passwords that require hardware to be reset - among them are e.g. IBM/Lenovo. If you find that your laptop does not display a hash or the scripts do not work for you for whatever reason, try to:
- use a USB keyboard for entering the password for avoiding potential defects of the built-in keyboard,
- run CmosPwd to remove the password if you can still boot the machine,
- overwrite the BIOS using the emergency recovery procedures. Usually, the emergency flash code is activated by pressing a certain key combination while powering on the machine. You also need a specially prepared USB memory stick containing the BIOS binary. The details are very much dependent on your particular model. Also, be aware that this can potentially brick your device and should only be done as a last measure.
- Some dell service tags are missing the suffix - just try the passwords for all suffices by adding -595B, -2A7B and -D35B to your service tags.
- The passwords for some HP laptops are breakable with this script.
- Unlocking methods for some Toshiba laptops are described here (edit: gone).
- Some older laptop models have service manuals that specify a location of a jumper / solder bridge that can be set for removing the password.
If none of the generators/methods above works, please use the vendor support. Please understand that my motivation for reverse-engineering comes purely from a personal interest. I will not accept offers to look at the specifics of certain models.
SoftFuse PasswordGeneratorFree is a freeware program for generating random passwords with ease. Using this program, you can quickly create new password. Generate random passwords, PIN-codes, etc. Protect you information more securely than usually!
- passgenfree.exe
- SoftFuse Development
- Freeware (Free)
- 540 Kb
- Windows XP, Windows Vista, Windows7, Windows 2000, Windows 2003, Windows Server
PasswordGenerator allows to generate any quantity of passwords with one mouse click. Using PasswordGenerator you do not have to think out new passwords. PasswordGenerator will do it instead of you.
- pasgen_inst.exe
- WinCatalog.com
- Freeware (Free)
- 106 Kb
- Win95, Win98, WinME, WinXP, WinNT 4.x, Windows2000, Windows2003
X-Lizard PasswordGenerator is a software program to generate random passwords containing a varied set of characters, including lowercase and uppercase letters as well as numerals. You can copy the password to the clipboard or save it to file.
- pasgen-setup.exe
- Softkhoz Studio Ltd.
- Freeware (Free)
- 1.8 Mb
- Win98, WinME, WinNT 3.x, WinNT 4.x, Windows2000, WinXP, Windows2003, Windows Vista
Atory PasswordGenerator allows you to create random passwords that are highly secure and extremely difficult to hack or guess due to an optional combination of lower and upper case letters, numbers and punctuation symbols.
- password_generator.exe
- Atory Tools
- Freeware (Free)
- 620 Kb
- Win95, Win98, WinME, WinNT 4.x, WinXP, Windows2000
Tektune PasswordGenerator is a small and easy to use application that can create advanced and secure passwords from the most simple words. You don't have to remember your password, you only have to remember the simple word(s) you entered. Then you. ...
- setup.exe
- David Olsen
- Freeware (Free)
- WindowsAll
Quick PasswordGenerator is, just like the name suggests a small, easy to use application specially designed to help you create more secure passwords for your accounts.Using this tool is as easy as can be: you just select the symbols that you want. ...
- QuickPasswordGenerator1.0.zip
- mikle333
- Freeware (Free)
- WindowsAll
SoftFuse PasswordGenerator Lite 1. SoftFuse Password Generator Lite is a program designed for generating random passwords easily and quickly.Using SoftFuse Password Generator Lite, you can easily create random passwords up to 8-character length.
- passgenfree.exe
- SoftFuse Development
- Freeware (Free)
- 419 Kb
- Win All
ITS PasswordGenerator v2.0.0 is a free Windows utility that allows the user to generate an alphanumeric password from 4 to 20 characters in length, and copy this password to the Windows® Clipboard if. ...
- passgen2.zip
- Intelligent TechnologySolutions
- Freeware (Free)
- 115 Kb
- Windows 2003, XP, 2000, 98, Me, NT
There are a lot of password generators available in the Internet. Some of them use standard pseudorandom number generators which are unsuitable for cryptographic purposes. We use a cryptographic random generator, to generate good quality passwords.
- True Random PasswordGenerator
- LastBit Software PasswordRecovery
- Freeware (Free)
- 54 Kb
- WinXP, Windows2000, Windows2003, Windows Vista, Win98, WinME, WinNT 4.x, Win95
EPG Pro is a passwordgenerator utility which allows users to generate strong, difficult to crack random passwords. EPG Pro can be used by individual home computer users or large organizations. Generate fully customizable passwords with. ...
- EPGPro.exe
- Salo Storm Software
- Freeware (Free)
- 454 Kb
- Windows All
This tiny utility allows you convert your unique phrase to a secure password. It is simple solution of 'hard-to-remember safe password' problem. You just need remember your easy-to-remember phrase.
- PhrasePassGen-Installer.exe
- VaultMate Software
- Freeware (Free)
- 706 Kb
- WinXP, Windows2000, Windows2003, Windows Vista
RVL PasswordGenerator can generate millions of unique passwords in a matter of seconds. It will ensure the passwords are completely random, and cannot be guessed by hackers. You will be able to customize the format of the passwords in virtually any. ...
- setup_passgen.msi
- RVL Soft
- Freeware (Free)
- 410 Kb
- Win XP, Vista
Related:Free Bios Password Generator - Ibm Bios Password Generator - Dell Bios Password Generator - Fsc Bios Password Generator - Free Bios Generator