User Tools

Site Tools


public:it:biospw

Bios-Passwörter knacken

Als erstes, dies ist eine Kopie der Seite: http://dogber1.blogspot.com/2009/05/table-of-reverse-engineered-bios.html Stand 3.10.2010, dort sind auch noch windows-binarys zu den skripten vorhanden.

getestet hab ich lediglich die Phoenix(generic) variante mit dem Acer Aspire 8943G meines Bruders, hat wunderbar funktioniert.

seite

BIOS Password Backdoors in Laptops When a laptop is locked with password, a checksum of that password is stored to a sector of the FlashROM - this is a chip on the mainboard of the device which also contains the BIOS and other settings, e.g. memory timings. For most brands, this checksum is displayed after entering an invalid password for the third time:

The dramatic 'System Disabled' message is just scare tactics: when you remove all power from the laptop and reboot it, there are not new penalties such as additional passwords, locks and so on. From such a checksum (also called “hash”), valid passwords can be found by means of brute-forcing. Another method commonly used is that instead of a checksum, a number is displayed from which a randomly generated password can be calculated. Quite often, vendors also resort to storing the password in plain text, and instead of printing out just a checksum, an encrypted version of the password is shown. Either way, my scripts can be used to derive valid passwords with the hash.

Some vendors have implemented obfuscation measures to hide the hash from the end user - for instance, some FSI laptops require you to enter three special passwords for the hash to show up (see other post). HP/Compaq laptops only show the hash if the F2 or F12 key has been pressed prior to entering an invalid password for the last time.

Depending on the “format” of the number code/hash (e.g. whether only numbers or both numbers and letters are used, whether it contains dashes, etc.), you need to choose the right script - it is mostly just a matter of trying them all and finding the right one. This is an overview of the algorithms that I took a look at so far:

Vendor Hash Encoding Example of Hash Code/Serial Scripts
Compaq 5 decimal digits 12345 pwgen-5dec.py
Dell serial number 1234567-595B; 1234567-D35B; 1234567-2A7B source + winbinary
Fujitsu-Siemens 5 decimal digits 12345 pwgen-5dec.py
Fujitsu-Siemens 8 hexadecimal digits DEADBEEF pwgen-fsi-hex.py
Fujitsu-Siemens 5×4 hexadecimal digits AAAA-BBBB-CCCC-DEAD-BEEF pwgen-fsi-hex.py
Fujitsu-Siemens 5×4 decimal digits 1234-4321-1234-4321-1234 pwgen-fsi-5x4dec.py
Hewlett-Packard 5 decimal digits 12345 pwgen-5dec.py
Hewlett-Packard/Compaq Netbooks 10 characters CNU1234ABC pwgen-hpmini.py
Phoenix (generic) 5 decimal digits 12345 pwgen-5dec.py
Samsung 12 hexadecimal digits 07088120410C0000 pwgen-samsung.py
public/it/biospw.txt · Last modified: 2016/10/20 19:40 by 127.0.0.1