BIOS passwords are a very basic form of security and can be set to prevent the system from booting or to prevent the BIOS from being altered by unintended parties. They provide a minimum level of security with a minimum amount of effort. To assist in accessing the BIOS in the event an administrator has forgotten the BIOS password, many of the BIOS providers have included a backdoor BIOS password for easy recovery. A list of them is contained on the http://pwcrack.com website, and at the time of this writing, they are as follows.
Award BIOS Backdoor Passwords
ALFAROME BIOSTAR KDD ZAAADA ALLy CONCAT Lkwpeter ZBAAACA Ally CONDO LKWPETER ZJAAADC Ally Condo PINT 1322222 ALLY d8on Pint 589589 APAf djonet SER 589721 _award HLT SKY_FOX 595595 AWARD_SW J64 SYXZ 598598 AWARD?SW J256 Syxz AWARD SW J262 shift + syxz AWARD PW j332 TTPTHA AWKWARD j322 Awkward
AMI BIOS Backdoor Passwords
AMI PASSWORD AMI_SW CONDO AAAMMMIII HEWITT RAND LKWPETER BIOS AMI?SW A.M.I.
PHOENIX BIOS Backdoor Passwords
BIOS CMOS phoenix PHOENIX Miscellaneous
Common BIOS Passwords
ALFAROME CMOS setup Syxz BIOSTAR cmos SETUP Wodj biostar LKWPETER biosstar lkwpeter
|Manufacturer||Other BIOS Passwords|
BIOS Password Bypass Techniques
Using Input Devices
Many Toshiba laptops and desktops will bypass the BIOS password if you press the left shift key during the boot process.
You can bypass the IBM Aptiva BIOS password by clicking both mouse buttons repeatedly during the boot process.
Using Boot Disk Utilities
If none of these backdoor passwords or techniques is successful, but the machine will boot from a USB or other removable media, a BIOS password removal tool is the next step to try. Numerous utilities operate from boot disks that will effectively remove BIOS passwords quickly and effortlessly.
Following are several BIOS password removal tools that run from removable media:
- CMOS password recovery tools 3.2
Using CMOS Battery Removal
If the machine has a BIOS password and you cannot boot and log in to it, you can bypass the password easily in several ways. The most common ways involve removing the CMOS battery, modifying jumper settings, and using various software utilities. If attackers are patient and have about 10 minutes to wait, they can remove BIOS passwords simply by removing the CMOS battery. At that point, the motherboard discharges its stored electricity (from capacitors), and the password is erased and the BIOS is reset to factory defaults.
Modifying Jumper Settings
Another approach is to modify the jumper settings on the motherboard. Settings are usually easily obtained via a quick Internet search to the motherboard manufacturer, which makes it possible to speed up BIOS password removal. Changing the jumper settings to the manufacturer-specified option for password recovery makes it possible to boot the machine and remove the BIOS password.
The information below was obtained from a quick Google search of Intel’s website:
Password Clear (J9C1-A) Use this jumper to clear the password if the password is forgotten. The default setting is pins 1-2 (password enabled). To clear the password, turn off the computer, move the jumper to pins 2-3, and turn on the computer. Then, turn off the computer and return the jumper to pins 1-2 to restore normal operation. If the jumper is in the 2-3 position (password disabled), you cannot set a password. (from http://www.intel.com/support/motherboards/desktop/AN430TX/sb/cs-012846.htm)
As any systems administrator who has forgotten a BIOS password and needed to gain access knows, it generally takes less than a few minutes to get around this obstacle. If a BIOS password is successfully removed, attackers can simply edit the BIOS settings and allow booting from removable devices. From that point, they can boot to any form of removable media and reset the password on the machine.
Published on Mon 02 January 2012 by Anthony Norton in Security with tag(s): accounts