COMMAND
BIOS
SYSTEMS AFFECTED
most systems
PROBLEM
Christophe Grenier found following. If you can boot, it is
possible to get a password with the same checksum and enter the
Bios. The checksum value is stored in Cmos. If you create a
recovery disk, this value is stored after the word "KEY" in the 1
first sector (sector 0 is boot sector). To crack Toshiba password
(Award, AMI and some others models), you can try CmosPwd
(Dos/Win9x, WinNT, Linux versions) avaible at
http://www.esiea.fr/public_html/Christophe.GRENIER/
The one and only way to bypass the Power On BIOS password of a
Toshiba Notebook. This method works on all models. This is what
you need:
1. Your notebook
2. An empty formatted diskette (720 kb or 1,44 mb)
3. A second computer (e.g. a DOS desktop PC)
4. A hex-editor (e.g. Norton DiskEdit or HexWorks)
This is what you have to do:
1. Start the desktop PC and start the hex-editor
2. Put the disk in drive A:
3. Change the first five bytes of sector 1 (boot sector is
sector 0) to: 4B 45 59 00 00
4. Save it! Now you have a KEYDISK
5. Remove the disk from drive A:
6. Put the disk in the notebook drive
7. Start the notebook in Boot Mode (push the reset button)
8. Press Enter when asked for Password:
9. You will be asked to Set Password again. Press Y and Enter.
10. You now see the BIOS configuration where you can set a new
password.
Another way is to put in DOS and/or Win (if you can get there):
c:\> debug
-o 70 17
-o 71 ff
-q
Award BIOS password removed. Also, for killing BIOS:
ASM: Inline:
mov al,2eh B0 2E
out 70h, al E6 70
out 71h, al E6 71
retn C3
On the PC Chips & Technologies boards that my company sells, you
can merely hold down the END key to clear the BIOS, Award BIOS,
MS6380SG motherboard (matsonic).
www.11a.nu provides a number of open source password deciphers
for bioses.
SOLUTION
Nothing yet.... There'll be always the way....