Recovery Procedure of the Bios Power-on and Setup Passwords by A.C. (23/08/2000) http://acc.hop.to |
Disclaimer All trademarks used in
this private archive are the property of their respective
owners. |
Index | |||
Step 1: Master Password Usage | |||
Step 3: Password
Decrypt / Erase CMOS:
|
|||
Step 3: Tips&Triks about single machines to disable Power-On Password and Setup Password | |||
<<__Back to main index |
<-- back to Index | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Thanks to: - Eleventh Alliance - Ankit Fadia ankit@bol.net.in - Elf Qrin (http://www.elfqrin.com/) |
Note that the key associated to "_" in the US keyboard corresponds to "?" in some European keyboards (such as Italian and German ones), so -- for example -- you should type AWARD?SW when using those keyboards. Also remember that passwords are Case Sensitive. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Bios Manufacturer / Machine Manufacturer | Master Password |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Generic Procedure | Hold down a key, prefearably ins, del , left Shift, right Shift, or F1. Boot the computer and release the key when the BIOS finishes testing the memory. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Phoenix Bios | phoenix | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Ami Bios | A.M.I aammii ALFAROME AM AMI AMI!SW AMI.KEY AMI.KEZ AMI?SW AMI_SW AMI~ AMIAMI AMIDECOD AMIPSWD amipswd AMISETUP BIOSPASS BIOSSTAR biosstar BIOSTAR biostar CMOSPWD HEWITT RAND LKWPETER lkwpeter Syxz Wodj wodj |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Award Bios | %девять (Russian) %шесть (Russian) ?award ?award _award 1322222 256256 589589 589721 595595 598598 admin ALFAROME alfarome aLLy aPAf award AWARD Award award AWARD PW AWARD SW Award SW award sw Award SW award.sw AWARD?SW award_? award_ps AWARD_PW AWARD_SW award_sw awkward azaaxx AZAAXX BIOS BIOSSTAR biosstar BIOSTAR biostar CONCAT Condo condo CONDO d8on djonet efmukl g6PJ h6BB HELGA-S HEWITT RAND HLT пpобелов% j09F j256 j262 j322 j332 j64 KDD lkw peter LKWPETER lkwpeter LKWPETER PASSWORD SER setup SKY_FOX SW_AWARD SWITCHES_SW Sxyz Syxz SZYX t0ch20x t0ch88 TTPTHA ttptha TzqF Wodj wodj ZAAADA ZBAAACA zbaaaca ZJAAADC zjaaadc |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
<-- back to Index |
<-- back to Index Thanks to - Elf Qrin (http://www.elfqrin.com/) If you can't access to
the computer when it's turned on, got to If you have access to the computer when it's turned on,
you could try one of those procedures that try to decrypt
password or remove it from the BIOS, by invalidating its
cmos memory. Step A] Password Decrypt Download "CmosPDW" and "Bios310" from "Utilities"-->"Bios Utilities". Run those utilities on your system and try to decrypt your password: don't use "clear cmos" features ! If you can't decrypt your password, try to discover it using "brute force attak" procedures contained in "Bios310" utility. Invalidates CMOS RAM
: Software Procedure: . Step B] Erase Cmos If "brute force" attak don't work and if the password isn't stored in eeprom, you can try to invalidate the cmos system memory area, using various software/hardware procedures.Whether is the method you use, when you clear cmos not only the password, but also all the other configuration data will be reset to the factory defaults, so when you are booting for the first time after a cmos reset , you should enter the CMOS configuration menu and fix up some things. Use Bios310 to backup your cmos-configuration. Procedure B-1] Clear Cmos using Debug You can reset the BIOS to its default values using the MS-DOS tool DEBUG (type DEBUG at the command prompt. You'd better do it in pure MS-DOS mode, not from a MS-DOS shell window in Windows). Once you are in the debug environment enter the following commands: ( for AMI/AWARD BIOS ) O 70 17 O 71 17 Q ( for PHOENIX BIOS ) O 70 FF O 71 17 Q ( for Generic bios ) O 70 2E O 71 FF Q Note that the first letter is a "O" not the number "0". The numbers which follow are two bytes in hex format. Procedure B-2] Clear Cmos using "CmosPWD /k " or "Bios310" clear cmos features. Download and use these utilities from "Utilities"
-->"Bios Utilities" section. Invalidates CMOS RAM
: Hardware Procedure: . Procedure B-3] Short or Open "Cmos Clear" jumper Try to found the special jumper "clear cmos" or "reset cmos" on your mainboard user's manual and short (or open) it. Procedure B-4] Remove the Cmos Battery If you can't found the "clear cmos" jumper , try to remove cmos battery (sometimes this battery is solded in the RTC component ) . It's a button-size battery somewhere on the motherboard (on elder computers the battery could be a small, typically blue, cylinder soldered to the motherboard, otherwise you'll have to unsolder it and then solder it back). Take it away for 15-30 minutes or more, then put it back and the data contained into the CMOS memory should be volatilized. Procedure B-5] Short-circuiting the chip Another way to clear the CMOS RAM is to reset it by
short circuiting two pins of the BIOS chip (<ndr>
RTC chips ..? ) for a few seconds. You
can do that with a small piece of electric wire or with a
bended paper clip. Always make sure that the computer is turned
OFF before to try this operation. CHIPS P82C206 (square) Short together pins 12 and 32 (the first and the last pins on the bottom edge of the chip) or pins 74 and 75 (the two pins on the upper left corner). gnd 74 |__________________ 5v 75--| | | | | | | CHIPS | 1 * | | | P82C206 | | | | | |___________________| | | | | 5v 12 gnd 32 OPTi F82C206 (rectangular) Short together pins 3 and 26 (third pin from left side and fifth pin from right side on the bottom edge). 80 51 |______________| 81 -| |- 50 | | | | | OPTi | | | | F82C206 | | | 100-|________________|-31 || | | 1 || | | 30 3 26
The Dallas DS1287 and DS1287A, and the compatible
Benchmarq bp3287MT and bq3287AMT chips have a built-in
battery. This battery should last up to ten years. Any
motherboard using these chips should not have an
additional battery (this means you can't clear cmos by
removing a battery). When the battery fails, the RTC chip
would be replaced. __________ 1 -| * U |- 24 5v 2 -| |- 23 3 -| |- 22 4 -| |- 21 RCL (RAM Clear) 5 -| |- 20 6 -| |- 19 7 -| |- 18 8 -| |- 17 9 -| |- 16 10 -| |- 15 11 -| |- 14 gnd 12 -|__________|- 13 NOTE: Although these are 24-pin chips, the Dallas chips may be missing 5 pins, these are unused pins. Most chips have unused pins, though usually they are still present.
This is a rectangular 24-pin DIP chip, usually in a
socket. The number on the chip should end in 6818. 5v 24 20 13 |___________|____________________| | | | DALLAS | |> | | DS12885S | | | |__________________________________| | | 1 12 gnd
Short pins 12 and 24. These are the pins on diagonally opposite corners - lower left and upper right. You might also try pins 12 and 20. __________ 1 -| * U |- 24 5v 2 -| |- 23 3 -| |- 22 4 -| |- 21 5 -| |- 20 6 -| |- 19 7 -| |- 18 8 -| |- 17 9 -| |- 16 10 -| |- 15 11 -| |- 14 gnd 12 -|__________|- 13 |
|||
If the 'Erasing Cmos' procedures don't clear your password, the password is stored in the system EEPROM !! Please, see the next section " Tips&Triks about single machine to disable Power-on Password and Setup Password " | |||
<-- back to Index |
Tips&Triks about single machines to disable Power-on Password and Setup Password |
|||
<-- back to
Index Thanks to : - Christophe GRENIER - IBM Thinkpad informations service Note : CmosPWD is a powerfull tool : download it from "Utilities" --> "Bios Utilities" |
|||
Manufacturer | Model | Tips | |
Generic | Generic | Hold down a key, prefearably ins, del , left Shift, right Shift, or F1. Boot the computer and release the key when the BIOS finishes testing the memory. | |
COMPAQ | LTE 5300 notebook | there is a reset jumper on the motherboard | |
DIGITAL | PC300, Phoenix 4.0 Rel 6.0,0 | cmospwd /k works | |
Fujitsu | ICL | passwords are stored in EEPROM | |
Hewlett Packard | Passwords are often (always) stored in EEPROM There are reset jumper on some model |
||
IBM | PS/2 Aptiva | Holding both mouse buttons down at power-up until the first "beep", then releasing the buttons.....which might also reset other Bios settings such as Rapid Resume and the like. | |
Thinkpad TP 770 | Get eeprom 24c01 contents and run cmospwd on this file | ||
Thinkpad TP 765D | Read eeprom 93c46 Don't try to kill the cmos! |
||
IBM Thinkpad Series Power-on password | L40SX | Use jumper J23 | |
CL57 | connector J12 . | . . . | . . or use connector J13 (2-pin connector) |
||
Notebook N45SL |
To service a computer with an active, unknown, power-on
password, do the following. 1. Power-off the computer and unplug the power cord. 2. Remove the battery pack. 3. Remove the math coprocessor access panel. 4. Locate the two override pins on opposite sides of the socket. 5. Install a jumper wire between the pins. 6. Install the battery pack. 7. Power-on the computer and leave it on until the LEDs blink and the computer locks up. 8. Remove the jumper wire. 9. Press and hold the lid switch, then power-on the computer. |
||
N51XX | 1. Power-off the computer and unplug the power cord. 2. Remove the bottom cover and the battery pack. 3. Locate the override connector on the system board. 4. Install a jumper over the pins 1. 5. Power-on the computer to erase the password. 6. After POST completes, remove the jumper. Otherwise, you will not be able to reset a power-on password |
||
Model P70, P75 | To service a computer with an active, unknown, power-on
password do the following. 1. Power-off the computer and unplug the power cord. 2. Remove the system-unit cover. 3. Short the two pins 1 together. With the pins shorted, power-on the computer. This erases the power-on password. Remove the short after POST is finished. |
||
ThinkPad 2609-240 | Short the jumper JP1 | ||
ThinkPad 2610 ThinkPad 365C 365CD 365CS 365CSD 365E and 365ED (2625) |
The following procedure disables user and supervisor
passwords. 1. Power-off the computer. 2. Disconnect the AC Adapter. 3. Open the keyboard and remove the battery pack. 4. Remove the Mylar cover. See FRU Removals and Replacements 5. Locate the S2 switch block on the system board. 6. Set Switch 1 to Off. 7. Wait 30 seconds. 8. Set Switch 1 to On. 9. Replace the Mylar cover. 10. Replace the battery. 11. Connect the AC Adapter. 12. Power-on the computer. 13. Go to a DOS full screen. 14. Press Ctrl+Alt+F11 to access the setup screen and reset the passwords. |
||
ThinkPad 2600-310 / 310D / 310E / 310ED | Use switch SW2 near CPU socket (second bit switch couting from the lowest side) | ||
ThinkPad 355x - IBM 2619 ThinkPad 360x - IBM 2620 ThinkPad 370C, 750x, 755C, 755CS - IBM 9545 |
How to Disable the Power-On Password: 1. Power-off the computer. 2. Open the keyboard and remove the battery pack and the diskette drive. 3. Remove the attachment holder. For Models 355x and 360x, see >> '1115 Standby Battery' For Models 370C, 750x, 755C, and 755Cs, see >> '2105 Standby Battery' 4. Install a jumper on the power-on password connector -1- at bottom left side of the system board. 5. Reinstall the diskette drive and the battery pack. 6. Power-on the computer and wait until the POST ends. 7. Verify that the password prompt does not appear. 8. After the service check is completed, remove the jumper |
||
ThinkPad 710T (2523) | To disable the power-on password: 1. Power-off the computer. 2. Remove the backup battery cover. 3. Locate the security switch beside the backup battery. 4. Move the slide switch to the opposite side. 5. Power-on the computer. |
||
730TE (2524) | Use the following procedure to disable the power-on
password if needed. 1. Power off the system. 2. Remove the Pen Compartment Cover and the Sub Battery cover. 3. Identify the security pin wich is located beside the sub battery. 4. Power on the system while making a short-circuit between the two security pins with a regular screwdriver's flat tip. |
||
(9546, 9547) | How to Disable the Power-On Password: 1. Power-off the computer. 2. Open the keyboard, and remove the diskette drive or CD-ROM drive and the battery pack. 3. Install a jumper on the power-on password connector on the left side of the FDD connector. (See 'Password Connector' for location.) 4. Reinstall the battery pack and the diskette drive/CD-ROM drive. 5. Power-on the computer and wait until the POST ends. 6. Verify that the password prompt does not appear. 7. After the service check is completed, remove the jumper. |
||
TP 300 (2615) | To override a password , do the following. 1. Power-off the computer. 2. Remove the access panel. 3. Remove the battery pack. 4. Remove the top assembly (do not disconnect any cables). 5. Connect a jumper to the two pads (R39) at the side of the math coprocessor socket. 6. Reinstall the battery pack. 7. Power-on the computer. Keep the computer on until the LEDs blink and the system locks. 8. Remove the jumper. 9. Press and hold the reset switch, then power-on the computer. 10. Power-off the computer. 11. Replace the top assembly and the access panel. |
||
TP 350, PS/Note 425 (2618) | Remove the cmos battery 5 minutes | ||
(2625 365X, XD) | How to Disable the Power-On Password 1. Power off the computer. 2. Open the keyboard and lift the right-most section of the insulator sheet. 3. Push out the small door on the right side of the base cover. 4. Apply a short across the Power-On Password Jumper Pads. 5. With the jumper tool in place, power on the computer to clear the password. 6. Remove the jumper and power off the computer. 7. Power on the computer and verify that the password has been cleared. |
||
2635 380-385 | 1. Power off the computer. 2. Turn the computer upside down, loosen the DIMM cover screw, remove the DIMM cover, then power-on the computer by applying a short across the power-on password jumper pads 315 |
||
TP 380XD, 385XD, 380Z - 2635 | A. Power off the computer. B. Turn the computer upside down, loosen the memory-slot cover screw, and remove the memory-slot cover. C. Short across the power-on password jumper pads D. Power on the computer and wait until the POST ends. E. Reinstall the memory-slot cover, and turn the computer right side up. |
||
ThinkPad i-Series 1400 - 2611 | 1. Turn off the computer. 2. Unplug the AC Adapter and remove the battery. 3. Remove the keyboard and the thermal plate. 4. Move the password switch (SW2, switch 2) from OFF to ON to bypass the password. Note: SW2 has four switches, the second upper switch (switch 2) is the password bypass/check switch. Turning the switch to the left (ON position) is "bypass password", the right (OFF position) is "check password". 5. Plug in the AC adapter and turn on the system. 6. While the ThinkPad logo is being displayed, wait for a beep before pressing F1 to enter the BIOS Utility. 7. Select "System Security" from the BIOS Utility main menu and press Enter. 8. Set the "Power-On Password" setting to "None" to clear the password. 9. Save and exit the BIOS Utility. 10. Turn off the system and unplug the AC Adapter. 11. Move the password switch from ON to OFF to enable the password function. 12. Reinstall the thermal plate and keyboard. 13. Reinstall the battery pack and plug in the AC Adapter. |
||
ThinkPad - 2621 - i Series 1400/1500 | If only the power-on pasword is set, do the following
to remove it: 1. Power off the computer. 2. Remove the battery and the AC Adapter. 3. Remove the backup battery (RTC) 20 minutes or use the screw driver to touch the backup battery (RTC) 1 sec. 4. Put back the backup battery (RTC). 5. Power on the computer and wait until the POST ends. 6. Verify that the password prompt does not appear. |
||
ThinkPad 390/i Series 1700 - 2626, 2627 390E - 2626 ThinkPad 390X / i 1700 - (2624, 2627) |
A. Power off the computer. B. Remove the battery pack and AC Adapter. C. Remove the backup battery (RTC) for 20 minutes or use a screwdriver to touch the backup battery (RTC) for 1 second. D. Put back the backup battery (RTC). E. Power on the computer and wait until POST ends. F. Verifty that the password prompt does not appear. |
||
ThinkPad 500 (2603) | 1. Power-off the computer. 2. Disconnect all cables attached to the computer. 3. Remove the memory card access panel and memory card (if installed). 4. Power-on the computer. 5. Locate the two pins labeled PAD1-2 on the system board (in the memory card access area). 6. Short the two pins together. 7. Press Ctrl+Alt+F3 to access the System Parameters Setup Menu. 8. Press Esc. 9. Press F5 to reset the parameter to their default values. 10. The System Time, System Date, and Password (if required) parameters need to be set manually. 11. Press Esc, then F4 to save the values, exit the Setup program, and reboot the computer. 12. If a memory card was removed, power-off the computer and install the memory card. 13. Install the memory card access panel. |
||
ThinkPad 510 (2604) | 1. Power-off the computer. 2. Disconnect all cables attached to the computer. 3. Remove the memory card access panel and DRAM card (if installed). 4. Power-on the computer. 5. Locate the two pins labeled PAD1-2 on the system board (see 'System Board Connectors'). 6. Short the two pins together. 7. Press Ctrl+Alt+F3 to access the System Parameters Setup Menu. 8. Press Esc. 9. Press F5 to reset the parameter to their default values. 10. The System Time, System Date, and Password (if required) parameters need to be set manually. 11. Press Esc, then F4 to save the values, exit the Setup program, and reboot the computer. 12. If a DRAM card was removed, power-off the computer and install the DRAM card. 13. Install the memory card access panel. |
||
ThinkPad 560, 560E (2640) | 1. Power off the computer 2. Remove the frame 3. Flip the keyboard over as shown in the figure 4. Jumper the two password jumper pads (R364 or R39) located on the system board 5. Power on the computer to clear the password 6. Replace the keyboard and the frame When replacing the frame, make sure that the frame fits correctly in place. If it is not in place, the click buttons of the TrackPoint III cannot be pressed. 7. Replace the screws 8. Power on the computer and wait until the POST ends 9. Verify that the password prompt does not appear. The hard disk password is stoed on the hard disk. |
||
ThinkPad 560x (2640-560 - 60x, 70x) | 1. Power off the computer 2. Remove the frame 3. Position the keyboard over as shown in the figure 4. Jumper the two password jumper pads (BIT-X) on the system board 5. Power on the computer to clear the password 6. Replace the keyboard and the frame When replacing the frame, make sure that the frame fits correctly in place. If it is not in place, the click buttons of the TrackPoint III will not work.7. Replace the screws. 8. Power on the computer and wait until the POST ends. 9. Verify that the password prompt does not appear |
||
ThinkPad 560Z-2640 | 1. Power off the computer. 2. Turn the computer upside down. 3. Loosen the DIMM socket lid screw -1- , and remove the DIMM socket lid. 4. Short the power-on password jumper pads (R522). 5. Power on the computer and wait until the POST ends. The password is cleared. 6. Reinstall the DIMM socket lid, and turn the computer right side up. 7. Verify that the password promp does not appear. 8. To reactivate the password, set the password again. |
||
ThinkPad 570 - (2644) | 1. Power off the computer. 2. Remove the DIMM cover on the bottom side of the computer. 3. Short-circuit the two password pads. 4. Under the short-circuit condition, power on the computer and wait until the POST ends. After the POST ends, the password prompt does not appear. The power-on password is removed. 5. Reinstall the DIMM cover. |
||
Model 765D-9546, 765L-9547 | 1. Power off the computer. 2. Open the keyboard, and remove the battery pack and the diskette or CD-ROM drive. 3. Instal a jumper on the power-on Password connector on the left side of the FDD connector. 4. Reinstall the battery pack and the diskette drive/CD-ROM drive. 5. Power on the computer and wait until POST ends. 6. Verify that the password prompt does not appear. 7. After the service check is completed, remove the jumper. |
||
TP-770 - 9548/49 | 1. Power off the computer. 2. Remove the DIMM cover. 3. Short-circuit the two password pads or put the jumper (pads near the top of the cover). 4. Under the short-circuit condition, power on the computer and wait until POST ends. After the POST ends, the password prompt does not appear. The power-on password is removed. If a jumper has been used for short the password pads, then remove the jumper. 5. Reinstall the DIMM cover. |
||
Siemens Nixdorf | PCD-4ND | You can clear the password of this phoenix 1.03 with "cmospwd /k" | |
Scenic Mobil 700 | "cmospwd /k" works! Phoenix Note BIOS v4.0 | ||
Toshiba | Ols laptops | Hold down left shift key when you start it up | |
Laptops | To reset the password of a Toshiba,
you can use KeyDisk. (see CmosPWD
tool)
Note: The "KeyDisk Creation Utility" is contained in "CmosPWD" tool (downloadable from "Utilities"--> "Bios Utilities" section ). However. to manually create a Toshiba Keydisk, take a 720Kb or 1.44Mb floppy disk, format it , then use a hex editor such as Hex Workshop to change the first five bytes of the second sector (the one after the boot sector) and set them to 4B 45 59 00 00 (note that the first three bytes are the ASCII for "KEY" :) followed by two zeroes). Once you have created the key disk put it into the notebook's drive and turn it on, then push the reset button and when asked for password, press Enter. You will be asked to Set Password again. Press Y and Enter. You'll enter the BIOS configuration where you can set a new password |
||
<-- back to Index |
(C) A.C.Comp. 2000-2001, All Rights Reserved