DigiSign Data Security Logo   Productos, servicios, consultoría Seguridad en la transmisión de información y en el comercio electrónico Noticias sobre Seguridad, Criptografía, etc.
  Temas de hacking y seguridad Pagina Central Preguntas Frecuentes y Ayudas
  Ir a la Página Superior
 

BIOS Password Removal

 

Working in a computer store, I can tell you roommates love to insert these little passwords on computers. If the password prevents booting, you pretty much have to clear the CMOS. If the password only prevents changing the setup, its fairly easy to discover the password.

Special thanks goes to Matt Carlson for letting me know that "j262" opens most versions of Award BIOS. I've found it works about 80% of the time. "AWARD_SW" and "AWARD_PW" work on some computers as well, but much less often. AmiBIOS 4.5x usually opens up with 589589. If anyone knows anything similar for Pheonix BIOS, both Matt & I would be very thankful...

I do have another list of passwords that readers have said work as default passwords on various versions of various BIOS's, so they're worth trying: condo, djonet, lkwpeter, biostar, biosstar.

IBM Aptiva's can be cleared by holding down both mouse buttons at boot-up until the computer boots. Toshiba laptops can bypass the password by holding down the left shift key during boot-up.

To clear the CMOS, you'll normally need to short a jumper on the motherboard. Most motherboards actually label the correct jumper, making your job easier. In most motherboards the jumper must be shorted while the computer is on. However, a small percentage of boards will be damaged if you try this. For that reason, I always trying shorting the jumper with the computer off first, removing the jumper and turning the computer on. If that fails, then turn the computer on with the jumper in place.

If you can't find the jumper, or it doesn't exist, unplug the computer. Find the internal battery and remove it. Most computers will clear CMOS anywhere between 10 seconds and 24 hours without any power.

If the computer boots, the encryption on BIOS passwords is trivial. However, the plaintext is so short that analysis is impossible unless you have access to another version of the BIOS to play around with. Some programs will automatically decrypt the passwords for some BIOS'es using known algorithms, others will simply clear out the BIOS. The BIOS wipers shouldn't damage hardware or prevent the computer from booting, but I really don't take responsibility for anything that happens, and I suggest you only try them if you know what you're doing.

 
11th Alliance BIOS Toolkit (a great collection of BIOS crackers)

KillCMOS wipes almost all CMOS checksums, ought to clear the entire BIOS. Be sure read the documents in this file, as it resets all settings in the CMOS to defaults...
Note: KillCMOS will be detected by anti-virus software as containing a virus, since KillCMOS's primary function is exactly like a virus. Please note that the file is completely safe and contains NO Virus!

AMI BIOS Cracker

Award BIOS Cracker

CMOS wiper also claims to wipe BIOS'es. It doesn't look as good as 11th Alliance's or KillCMOS, but I include it for completeness. This one warns that it never be run from within Win95. I don't suggest running ANY BIOS programs from within Windows, but this is the only one that specifically advises against it.

CMOSCrack
is another program that can decrypt a couple of BIOS'es.

The original AMI BIOS did not encrypt the password at all, so any utility capable of reading CMOS could edit it (PC Plus spring to mind, I believe Norton has a utility as well). The AMI WinBIOS does encrypt the password, but using a simple substitution chipher. I would print it here, but it encrypts plaintext to non-printable characters.

If none of this helps you, you needn't give up quite yet. On some computers, flooding the keyboard buffer will crash the password routine and allow the computer to boot. Simply wait for the password prompt, then press ESC repeatedly. This may require 50 to 100 presses, and may not work in all machines, but its worked before, and its worth a try.

 


Recopilado por: Miguel Angel Fraga

Back to Top