Trying to get into the BIOS
mike
Once again stumped by a 'puter problem, as usual my hopes turn to SER
as my prospects starts looking rather hopeless.
Does anybody out there have some clues for getting into a password-
protected BIOS
On a 5 or 6 year old Jetway motherboard? Background follows:
I found it at the scrapyard a while back, and recently scored a
processor for it,
only to find that it's set up to boot from hard drive only. I can't
get in to change the
boot order since the BIOS is set to have a password.
It won't boot from a floppy, nor a cd, but will boot from a hard drive
that has DOS on
it, and also one that has Ubuntu on it, as well as the one that came
with it, which is
a 40 Gb drive that has, I think, Mandrake on it.
All I get when I boot with the 40 Gb one is a login prompt, but, not
having any login
info or passwords I can't really get any where by booting with it;
but, I can kind of
poke around in it's file-system if I boot with the drive that has
Ubuntu set as the
primary master.
I think it may be pretty well secured by IT pros, as it came in a
rack-mount enclosure with BarracudaNetworks logo and markings, and was
formerly used
as a spam firewall or some-such thing.
The main reason I'm hoping to turn it into a working system is it has
SATA onboard, and it's a step up in processing power (AMD 64) from the
P4- and AMD Athlon- boxes that are presently my 'daily drivers'.
In searching the web I've managed to secure the motherboard manual and
the latest
drivers and a BIOS update for it, but when I try to flash the bios
(it's Award bios
and I'm using the flash program from the Jetway site) it looks like
it's working until
the end, when it gives a message "flash rom is write-protected, make
sure all jumpers
is set to proper" or some such slightly mangled English, and I've
followed the
manual's instructions on clearing the cmos and I find no other jumpers
that deal with
write-protection. I also tried removing the battery for several days
and jumpering
where the battery contacts are, but I guess there must be some non-
volatile memory
somewhere that is defeating my efforts.
I've emailed Jetway a couple weeks ago, so far no response. I haven't
tried BarracudaNetworks, other than to poke around on their site, but
technical info there seems mostly about selling systems and not how
the systems work (except for IT speak, which I'm not very conversant
in).
It has the bios contained in a PLCC-32 package which fits into a
socket. I found some
pin-out info on the Winbond site:
http://www.winbond.com/hq/enu/ProductAndSales/ProductLines/FlashMemory/ParallelFlash/APNote.htm
APPnote 21 has a table, but not much in the way of instructions.
Sorry to be so long-winded, I've tried a couple other things but the
one I'd most like to learn more about
I ran into in a few different places, where from a Dos prompt you go
into DEBUG and supposedly change the values in some register that will
make the bios lose the password requirement - so far it hasn't worked,
don't know if I'm following the instructions correctly or not.
TIA for any info,
Mike
Geo
<mlig...@survivormail.com> wrote:
<snip>
>(it's Award bios
What version?
CmosPwd says it works for Award 4.5x/4.6x/6.0 - also look at their
readme for some backdoor passwords to try.
mike
> On Mon, 18 Apr 2011 08:06:30 -0700 (PDT), mike
>
>
> <snip>
>
> >(it's Award bios
>
> What version?
> CmosPwd says it works for Award 4.5x/4.6x/6.0 - also look at their
> readme for some backdoor passwords to try.
6.0, I think - when I run it from DOS, cmospwd says something about be
sure
to use the numerical keypad, but I haven't yet figured out what or
when to do that...
as for the back door passwords, I've tried alot of 'em, but not all of
them in their
possible forms WRT caps, underscores, spaces, etc...But, I do still
wonder about
the keypad thing, and the numbers listed for version 6.0, I'll try a
few things next I
spend some time with it.
Thanks,
Mike
Geo
<mlig...@survivormail.com> wrote:
>6.0, I think - when I run it from DOS, cmospwd says something about be
>sure
> to use the numerical keypad, but I haven't yet figured out what or
>when to do that...
Sorry - no idea.
>as for the back door passwords, I've tried alot of 'em, but not all of
>them
Have you tried this one for Jetway spooml
If removing the cmos battery did not work, the other place with
non-volatile memory is the RTC (clock) chip. Some of them have
internal battery so a momentary short is required across a couple of
pins to wipe the memory.
The is a table on this page giving the pin numbers for 3 common RTCs:-
http://www.tech-faq.com/reset-bios-password.html
Geo
wrote:
Muddled stuff - sorry that did not come out as I intended - it is
unlikely you have an external battery /and/ an RTC+CMOS with an
internal one - best ignore the post.
mike
> On Mon, 18 Apr 2011 09:36:58 -0700 (PDT), mike
>
> Have you tried this one for Jetway spooml
>
Yep, tried it, and I'll probably try it again a few more times before
its over :)
> If removing the cmos battery did not work, the other place with
> non-volatile memory is the RTC (clock) chip. Some of them have
> internal battery so a momentary short is required across a couple of
> pins to wipe the memory.
> The is a table on this page giving the pin numbers for 3 common RTCs:
http://www.tech-faq.com/reset-bios-password.html
I'll have a look at that, thanks.
Mike Tomlinson
s.com>, mike <mlig...@survivormail.com> writes
> I ran into in a few different places, where from a Dos prompt you go
>into DEBUG and supposedly change the values in some register that will
>make the bios lose the password requirement - so far it hasn't worked,
>don't know if I'm following the instructions correctly or not.
boot DOS
run debug. '-' is the debug prompt, you don't type this.
- o 70 10
- o 71 0
- q
that's "oh, seventy, ten / oh, seventy-one, zero"
reboot.
with a bit of luck, password will be gone.
--
(\__/)
(='.'=)
(")_(")
mike
> In article <e0900b0a-d06f-4d77-87bd-aada32faf...@gu8g2000vbb.googlegroup
> s.com>, mike <mlight...@survivormail.com> writes
>
> > I ran into in a few different places, where from a Dos prompt you go
> >into DEBUG and supposedly change the values in some register that will
> >make the bios lose the password requirement - so far it hasn't worked,
> >don't know if I'm following the instructions correctly or not.
>
> boot DOS
> run debug. '-' is the debug prompt, you don't type this.
>
> - o 70 10
> - o 71 0
> - q
>
> that's "oh, seventy, ten / oh, seventy-one, zero"
>
> reboot.
>
> with a bit of luck, password will be gone.
>
> --
> (\__/)
> (='.'=)
> (")_(")
All right, thanks! I'll give that a try probably this evening.
who where
Failing that, locate a copy of KILLCMOS, a small utility that writes
to cmos RAM and *causes* a checksum error there. The result is that
on a subsequent bootup you will be directed to setup (without
requiring a pswd) where you can clear the pswd requirement.
mike
who where wrote:
> On Mon, 18 Apr 2011 12:54:58 -0700 (PDT), mike
> <mlig...@survivormail.com> wrote:
>
> >>
> >> with a bit of luck, password will be gone.
Guess my luck is lacking, I tried entering a few different values in
DEBUG as found here and there, to no effect so far...
> >>
> >> --
> >> (\__/) �
> >> (='.'=)
> >> (")_(")
> >
>
> Failing that, locate a copy of KILLCMOS, a small utility that writes
> to cmos RAM and *causes* a checksum error there. The result is that
> on a subsequent bootup you will be directed to setup (without
> requiring a pswd) where you can clear the pswd requirement.\
All right, I got a copy of it, will try that later today.
Thanks
Geoffrey S. Mendelson
> All right, I got a copy of it, will try that later today.
> Thanks
Walking in late, and not having a clue as to what computer you are talking
about, desktop PC's since 1990 have batteries to keep the CMOS RAM intact.
There was a brief flirtation with clock chips with batteries built in, some
which also had the CMOS RAM on them, but they are long obsolete.
Modern ones use lithium coin cells in little holders. PC/AT computers and
most 386/486 ones used external batteries which pluged into the motherboard
and the later 386/486 had NICAD batteries (all of which must of leaked and
died 10 years ago).
If it has a lithim coin cell, the easiest thing to do is to remove it and
wait an hour. You can also find a "clear CMOS" jumper on the motherboard,
you set it, turn on the power, wait until BIOS text appears on the screen, turn
off power and remove the jumper.
If it's a laptop, you can often find a clear CMOS jumper hidden inside or
take out the battery and let it sit overnight. Modern laptops use capacitors
to hold the CMOS settings for a few hours with no battery.
Some of the BIOSes have "backdoor" passwords in them, you should google the
exact model of your laptop/desktop motherboard for more information.
You can also google BIOS password, or BIOS backdoor.
Geoff.
--
Geoffrey S. Mendelson N3OWJ/4X1GM
Those who cannot remember the past are condemned to misquote it.
spamtrap1888
> Greetings to all,
>
...
> I found it at the scrapyard a while back, and recently scored a
> processor for it,
> only to find that it's set up to boot from hard drive only. I can't
> get in to change the
> boot order since the BIOS is set to have a password.
>
> It won't boot from a floppy, nor a cd, but will boot from a hard drive
> that has DOS on
> it, and also one that has Ubuntu on it, as well as the one that came
> with it, which is
> a 40 Gb drive that has, I think, Mandrake on it.
>
>
> I think it may be pretty well secured by IT pros, as it came in a
> rack-mount enclosure with BarracudaNetworks logo and markings, and was
> formerly used
> as a spam firewall or some-such thing.
This made me curious: In my experience with BIOS the system will run
through a list of boot devices to try to boot. Is it common to set a
system up to rely on one device only?
William Sommerwerck
> system will run through a list of boot devices to try to boot.
> Is it common to set a system up to rely on one device only?
Not that I know of. The BIOS usually lets you select the order. I set mine
to CD, floppy, HD.
Geoffrey S. Mendelson
> This made me curious: In my experience with BIOS the system will run
> through a list of boot devices to try to boot. Is it common to set a
> system up to rely on one device only?
The "Press F8 for a boot menu" option did not appear until around 2002, and
as late as 2005 some BIOSes did not have it.
Before then, you could set the boot order and whether to try other devices
in the BIOS.
It was probably an office computer and was set to prevent people from booting
CD/DVD's and floppies.
mike
wrote:
> mike wrote:
> > All right, I got a copy of it, will try that later today.
> > Thanks
>
> Walking in late, and not having a clue as to what computer you are talking
> about,
If you read the first post in the thread that info will be revealed to
you.
desktop PC's since 1990 have batteries to keep the CMOS RAM intact.
> There was a brief flirtation with clock chips with batteries built in, some
> which also had the CMOS RAM on them, but they are long obsolete.
>
> Modern ones use lithium coin cells in little holders. PC/AT computers and
> most 386/486 ones used external batteries which pluged into the motherboard
> and the later 386/486 had NICAD batteries (all of which must of leaked and
> died 10 years ago).
>
> If it has a lithim coin cell, the easiest thing to do is to remove it and
> wait an hour. You can also find a "clear CMOS" jumper on the motherboard,
> you set it, turn on the power, wait until BIOS text appears on the screen, turn
> off power and remove the jumper.
>
> If it's a laptop, you can often find a clear CMOS jumper hidden inside or
> take out the battery and let it sit overnight. Modern laptops use capacitors
> to hold the CMOS settings for a few hours with no battery.
>
> Some of the BIOSes have "backdoor" passwords in them, you should google the
> exact model of your laptop/desktop motherboard for more information.
>
> You can also google BIOS password, or BIOS backdoor.
I usually DAGS first these days, don't want to look like an idiot,
don't ya know :)
Geoffrey S. Mendelson
> If you read the first post in the thread that info will be revealed to
> you.
It's long since rolled off my system.
David Nebenzahl
> mike wrote:
>
>> If you read the first post in the thread that info will be revealed
>> to you.
>
> It's long since rolled off my system.
Is *everything* in Israel as piss-poor as you say it is? Retention time
of 2 days? Sheesh ...
--
The current state of literacy in our advanced civilization:
yo
wassup
nuttin
wan2 hang
k
where
here
k
l8tr
by
- from Usenet (what's *that*?)
Geoffrey S. Mendelson
> Is *everything* in Israel as piss-poor as you say it is? Retention time
> of 2 days? Sheesh ...
Cut me a break. It's a private news feed sent to a private system. I set
it up over 10 years ago when I had a dial up and 2g hard drive and it has
worked fine for me ever since.
I'm sure there are plenty of news servers out there (or out here) with much
longer retention and many more groups, but I've never had a need to change.
I probably should up the retention, but since I'm the only one who uses it,
and USENET is full of crap, I don't see much of a reason. By two days, almost
every posting on every group has befallen Godwin's Law or Mendelson's corollary
(change calling someone a NAZI in Godwin's to reference to the Wikipedia).
Plai...@yawhoo.com
Current BIOS will generate a list of boot devices; it is possible to
remove devices from the list. Given the application - Firewall -
restricting the eligible boot devices to the hard drive is an
elementary precaution.
PlainBill
mike
Geoffrey S. Mendelson wrote:
> mike wrote:
> > If you read the first post in the thread that info will be revealed to
> > you.
>
> It's long since rolled off my system.
Oh, now I see - quoting from 1st post:
"Does anybody out there have some clues for getting into a password-
protected BIOS
On a 5 or 6 year old Jetway motherboard? Background follows:
I found it at the scrapyard a while back, and recently scored a
processor for it,
only to find that it's set up to boot from hard drive only. I can't
get in to change the
boot order since the BIOS is set to have a password.
It won't boot from a floppy, nor a cd, but will boot from a hard drive
that has DOS on
it, and also one that has Ubuntu on it, as well as the one that came
with it, which is
a 40 Gb drive that has, I think, Mandrake on it.
All I get when I boot with the 40 Gb one is a login prompt, but, not
having any login
info or passwords I can't really get any where by booting with it;
but, I can kind of
poke around in it's file-system if I boot with the drive that has
Ubuntu set as the
primary master.
I think it may be pretty well secured by IT pros, as it came in a
rack-mount enclosure with BarracudaNetworks logo and markings, and was
formerly used
as a spam firewall or some-such thing. "
"In searching the web I've managed to secure the motherboard manual
http://www.winbond.com/hq/enu/ProductAndSales/ProductLines/FlashMemor...
APPnote 21 has a table, but not much in the way of instructions.
Sorry to be so long-winded, I've tried a couple other things but the
one I'd most like to learn more about
I ran into in a few different places, where from a Dos prompt you go
into DEBUG and supposedly change the values in some register that will
make the bios lose the password requirement - so far it hasn't worked,
don't know if I'm following the instructions correctly or not.
TIA for any info,
Mike "
So, at this point I've still yet to try KILLCMOS , still trying to
figure out what's with the values assigned to different flavors of
BIOS as listed in the program Cmospwd.exe
Anyway, thanks for your thoughts,
Mike
Geoffrey S. Mendelson
> Mike "
>
> So, at this point I've still yet to try KILLCMOS , still trying to
> figure out what's with the values assigned to different flavors of
> BIOS as listed in the program Cmospwd.exe
try "bcndk1" (I found that by googling "baracuda bios password")
Mike Tomlinson
>Guess my luck is lacking, I tried entering a few different values in
>DEBUG as found here and there, to no effect so far...
Try the ctbios utility from here:
http://www.biosflash.com/e/bios-passwords.htm
the output is in German, but not hard to follow. That may show you what
the password is.
I had the same problem with an HP Vectra VL420 motherboard last week.
This uses a modified Asus P4B-MX board. An unknown password was set on
the BIOS setup so I could not configure the machine.
The debug trick worked to deliberately cause a CMOS checksum error, but
it didn't get rid of the password. Googling found me a link with a tip
to set a certain jumper to clear the passwords and that worked.
I tried the ctbios utility above but that didn't show me anything that
looked like a password.
If you google for "BIOS backdoor password" or "BIOS master password"
you'll get a lot of hits with lists of different passwords to try.
There will be a way to do it, just persevere.
David Nebenzahl
> By two days, almost every posting on every group has befallen
> Godwin's Law or Mendelson's corollary (change calling someone a NAZI
> in Godwin's to reference to the Wikipedia).
Heh; I do agree that that is an excellent reason for swift thread
termination!
mike
wrote:
>
> try "bcndk1" (I found that by googling "baracuda bios password")
>
Bingo! Geoff, your google-fu is incredible, I never would have
thought to try that.
I got right into the bios, disabled write protect and the passwords,
then was able to
go flash the board into the most recent bios version. Sure was nice
to see the flash program complete like it was supposed to.
Many thanks!
Mike
mike
> On Mon, 18 Apr 2011 12:54:58 -0700 (PDT), mike
>
> Failing that, locate a copy of KILLCMOS, a small utility that writes
> to cmos RAM and *causes* a checksum error there. The result is that
> on a subsequent bootup you will be directed to setup (without
> requiring a pswd) where you can clear the pswd requirement.
When I tried out KILLCMOS I guess it really did kill it cause the
computer
shut down all on it's own - had a few minutes there I thought I was
SOL,
but it came back on when I cycled power to the 'puter - whew!
I think that somehow the flash memory was being refreshed after each
onslaught
against the checksums or whatever it was that those debug routines do.
mike
>
> Try the ctbios utility from here:
>
> http://www.biosflash.com/e/bios-passwords.htm
>
> the output is in German, but not hard to follow. That may show you what
> the password is.
>
> I had the same problem with an HP Vectra VL420 motherboard last week.
> This uses a modified Asus P4B-MX board. An unknown password was set on
> the BIOS setup so I could not configure the machine.
>
> The debug trick worked to deliberately cause a CMOS checksum error, but
> it didn't get rid of the password. Googling found me a link with a tip
> to set a certain jumper to clear the passwords and that worked.
>
> I tried the ctbios utility above but that didn't show me anything that
> looked like a password.
>
> If you google for "BIOS backdoor password" or "BIOS master password"
> you'll get a lot of hits with lists of different passwords to try.
>
> There will be a way to do it, just persevere.
Thanks for the link, I'll be checking that out tomorrow, but in my
leisure, as Geoff M. was able to come up with the right password -
what a great group!
Thanks to you all,
Mike