Monday, December 19, 2011

BIOS Password Hacking



Standard BIOS backdoor passwords

The first, less invasive, attempt to bypass a BIOS password is to try on of these standard
 manufacturer’s backdoor passwords:
AWARD BIOS
 AWARD SW, AWARD_SW, Award SW, AWARD PW, _award, awkward, J64, j256,
 j262, j332, j322, 01322222, 589589, 589721, 595595, 598598, HLT, SER,
 SKY_FOX, aLLy, aLLY, Condo, CONCAT, TTPTHA, aPAf, HLT, KDD, ZBAAACA,
 ZAAADA, ZJAAADC, djonet,
AMI BIOS
 AMI, A.M.I., AMI SW, AMI_SW, BIOS, PASSWORD, HEWITT RAND, Oder



Other passwords you may try (for AMI/AWARD or other BIOSes)

LKWPETER, lkwpeter, BIOSTAR, biostar, BIOSSTAR, biosstar, ALFAROME, Syxz, Wodj,phonix,toshiba

 remember that passwords are Case Sensitive.
hacking BIOS via software

If you have access to the computer when it’s turned on, you could try one of those
 programs that remove the password from the BIOS, by invalidating its memory.


 However, it might happen you don’t have one of those programs when you have access
 to the computer, so you’d better learn how to do manually what they do. You can reset
 the BIOS to its default values using the MS-DOS tool DEBUG (type DEBUG at the
 command prompt. You’d better do it in pure MS-DOS mode, not from a MS-DOS shell
 window in Windows). Once you are in the debug environment enter the following
 commands:
AMI/AWARD BIOS
 O 70 17
 O 71 17
 Q


PHOENIX BIOS
 O 70 FF
 O 71 17
 Q
GENERIC
 Invalidates CMOS RAM.
 Should work on all AT motherboards
 (XT motherboards don’t have CMOS)
 O 70 2E
 O 71 FF
 Q
 Note that the first letter is a “O” not the number “0″. The numbers which follow are two
 bytes in hex format.

Hacking BIOS via hardware
 If you can’t access the computer when it’s on, and the standard backdoor passwords
 didn’t work, you’ll have to flash the BIOS via hardware. Please read the important notes
 at the end of this section before to try any of these methods.

Using the jumpers
 The canonical way to flash the BIOS via hardware is to plug, unplug, or switch a jumper
 on the motherboard (for “switching a jumper” I mean that you find a jumper that joins
 the central pin and a side pin of a group of three pins, you should then unplug the
 jumper and then plug it to the central pin and to the pin on the opposite side, so if the
 jumper is normally on position 1-2, you have to put it on position 2-3, or viceversa).
 This jumper is not always located near to the BIOS, but could be anywhere on the
 motherboard.
 To find the correct jumper you should read the motherboard’s manual.Once you’ve located the correct jumper, switch it (or plug or unplug it, depending from
 what the manual says) while the computer is turned OFF. Wait a couple of seconds then
 put the jumper back to its original position. In some motherboards it may happen that
 the computer will automatically turn itself on, after flashing the BIOS. In this case, turn
 it off, and put the jumper back to its original position, then turn it on again. Other
 motherboards require you turn the computer on for a few seconds to flash the BIOS.
 If you don’t have the motherboard’s manual, you’ll have to “bruteforce” it… trying out all
 the jumpers. In this case, try first the isolated ones (not in a group), the ones near to the
 BIOS, and the ones you can switch (as I explained before). If all them fail, try all the
 others. However, you must modify the status of only one jumper per attempt, otherwise
 you could damage the motherboard (since you don’t know what the jumper you
 modified is actually meant for). If the password request screen still appear, try another
 one.
 If after flashing the BIOS, the computer won’t boot when you turn it on, turn it off, and
 wait some seconds before to retry.

Removing the battery
 If you can’t find the jumper to flash the BIOS or if such jumper doesn’t exist, you can
 remove the battery that keeps the BIOS memory alive. It’s a button-size battery
 somewhere on the motherboard (on elder computers the battery could be a small,
 typically blue, cylinder soldered to the motherboard, but usually has a jumper on its side
 to disconnect it, otherwise you’ll have to unsolder it and then solder it back). Take it
 away for 15-30 minutes or more, then put it back and the data contained into the BIOS
 memory should be volatilized. I’d suggest you to remove it for about one hour to be
 sure, because if you put it back when the data aren’t erased yet you’ll have to wait more
 time, as you’ve never removed it. If at first it doesn’t work, try to remove the battery
 overnight.

Important note: in laptop and notebooks you don’t have to remove the computer’s power
 batteries (which would be useless), but you should open your computer and remove the
 CMOS battery from the motherboard.

Short-circuiting the chip
 Another way to clear the CMOS RAM is to reset it by short circuiting two pins of the
 BIOS chip for a few seconds. You can do that with a small piece of electric wire or with
 a bended paper clip. Always make sure that the computer is turned OFF before to try
 this operation.
 Here is a list of EPROM chips that are commonly used in the BIOS industry. You may
 find similar chips with different names if they are compatible chips made by another
 brand. If you find the BIOS chip you are working on matches with one of the following
 you can try to short-cicuit the appropriate pins. Be careful, because this operation may
damage the chip.

Important
 Whether is the method you use, when you flash the BIOS not only the password, but
 also all the other configuration data will be reset to the factory defaults, so when you are
 booting for the first time after a BIOS flash, you should enter the CMOS configuration
 menu (as explained before) and fix up some things.
 Also, when you boot Windows, it may happen that it finds some new device, because of
 the new configuration of the BIOS, in this case you’ll probably need the Windows
 installation CD because Windows may ask you for some external files. If Windows
 doesn’t see the CD-ROM try to eject and re-insert the CD-ROM again. If Windows can’t
 find the CD-ROM drive and you set it properly from the BIOS config, just reboot with
 the reset key, and in the next run Windows should find it. However most files needed by
 the system while installing new hardware could also be found in C:\WINDOWS,
 C:\WINDOWS\SYSTEM, or C:\WINDOWS\INF .


About Author

Hi everyone ! I am a Fresher in Cybersec. Gaming, Learning, Sharing with the community is my hobby. I help "students" who are looking to "start" their career in Cybersecurity with my opinions that I learn from my Journey.

You Might Also Like

0 comments:

Post a Comment

Search This Blog

Powered by Blogger.

Pages