OT: Driving Me Crazy

Google "unlock6"

"the_constructor" gurgled happily, sounding much like they were saying:

Yup, so the previous owner's set a system password to protect the machine in case it gets nicked. Like it probably has been.

It'd be a fairly shit bit of security if it WAS that easy to bypass, wouldn't it?

So don't buy stolen laptops off dodgy blokes in pubs.

Doesn't it only work if you can boot the machine?

You'll have to dismantle the laptop in order to reach the internal battery that powers the bios. If you're lucky it'll be placed somewhere convenient ( such as underneath the main battery, as on some Thinkpads ). There may well be two batteries, and they can sometimes be carefully tucked away. The are generally plug-in affairs - simply remove them for a few seconds then refit - this should reset the bios.

If the hard drive has had a password set then you're probably dead in the water.

Regards,

Just boot from a CD and reformat it, which the OP will presumably want to do anyway.

(BTW, this isn't a password from encryption software on the hard drive, is it? Such as SafeBoot, PGP or one of the other entire disk encryption products. If it is, it almost certainly means the laptop is stolen.)

You can't - the drive's ATA interface doesn't enable until the password is provided.

laptops use a similar mechanism for the system board password so removing the CMOS battery won't help. You need to either reflash an SMT chip (don't think this can be done wthout unsoldering) or replace the system board. Not sure if HP use the same method.

True but also most modern laptops, IBM Thinkpads certainly, use independant Flash/EEPROM (not neccesariliy the flash storage device for BIOS) to store critical passwords. Pulling the BIOS backup battery will do nothing.

If ye don't have inside information how to access that (i.e. can remove the part and program it, or program it in-situ(*), or find a backdoor) then the motherboard will need to be exchanged at considerable cost and inconvenience.

However, most stolen laptops end up living second lives in countries of the former soviet empire. Folks there are fairly hot at circumventing these security measures - especially for the main brands.

Ye can find this "inside information" on how to do it on google. Problem is, most of the hacking programs that can be downloaded to do this are laden with trojan viruses, so be careful.

• - programming in-situ is not running some code on the laptop that resets the code - that would be trivial. I've done a few where wires are connected to I2C pins of the locked laptop and connected to the parallel port of another PC running software sniffing activity. Do the soldering connections wrong (very small outline parts) and you end up with toast, no butter...

Bottom line for anyone, look after laptops - the protection methods are not as secure as you may think!

Ahh, so it is on the motherboard. Thanks.

Googling round suggests that you're stuffed unless you either have an eprom programmer or buy a new eprom & replace the one on the motherboard.

With desktops there is sometimes a bios "reset" jumper than can be used to reset/remove a bios password but it seems that this laptop doesn't have anything so handy. Removing batteries, grounding chips etc. don't seem to work with this laptop.

Might be easier just to try another motherboard.

|66%3A2|65%3A12|39%3A1|240%3A1318Given the uselessness of the laptop without the password, it does rather beg the question concerning the legitimacy of the source of the laptop.

Tim

Or Google "unlock6" :-)

Sorry, should have checked out that link before posting.

Tim

In message , Reentrant writes

It can be done without re-soldering if you have the relevant hardware or are capable of building it.

Depends on the machine. Safe to say it's not stored in volatile battery backed memory though. Which chip it's actually stored in depends on which machine you have.

The hard drive password is stored on the drive. The ATA interface is enabled before you give it the password, how would you be able to send the password to the drive if it wasn't?

Any *system* passwords (ones that are required for the machine to boot or to get into setup) will be held on the motherboard or a daughterboard.

Nope.

If it aint in NVRAM it is in flash RAM.

In message , The Natural Philosopher writes

Umm, depends on your definition of 'flash' RAM I suppose (it's become a bit of a generic term), but it's not stored on the same chip as the BIOS which is usually the only true 'flash' part in a machine. More likely stored in a small EEPROM (secure or otherwise) or a custom chip with on-board EEPROM. Some machines use EEPROM in a micro-controller.

I believe there are also semi-custom security processors on some machines and there's the TPM on 'business class' machines which I

*think* can be used for storing passwords but is a plug in part on almost all of the machines I've worked on (I've not found it necessary to look too deeply into how they work as I've yet to find anyone using them so I could be wrong about the password bit)

? Bios is normally hard wired PROM.

Then you have a few parameters like what device to boot off, in battery backed RAM, or used to..

I would assume any password would be in that too, but if not,there might be some small flash scratch ram.

More likely

Nope. Used to be either UV EPROM or OTP Prom but I don't think I've ever seen a mask programmed ROM used for BIOS code in a PC and I've been repairing them to component level for a *long* time. Flash EEPROM has been used since late 386/early 486 times.

Yes.

Battery backed RAM is used to hold passwords on some machines but on 'better' machines (name brand laptops) passwords are usually in EEPROM, possibly a simple I2C device or it could be integrated into another larger chip and be rather difficult to bypass in some cases unless you can identify the chip and re-program it.

To another poster, unlock 6, once I'd slept and re-read the instructions, you're right, it doesn't need the machine to boot, my apologies.