I Bought a BIOS-Locked PC. Should You?
Вставка
- Опубліковано 23 чер 2024
- For 50% off with HelloFresh PLUS free shipping, use code 50HARDWAREHAVEN at bit.ly/3Y7ty1l!
Links:
► @Adamant_IT- BIOS Mod and Fix: • Samsung 350v No POST, ...
►@mikesunboxing- Removing BIOS Password on HP Laptop: • Reset Or Clear BIOS Ad...
►BIOS Password Recovery for Laptops: bios-pw.org/
►Fixing 3 Lenovo Mini PCs: • Can I Fix These Broken...
---------------------------------------------------
Music (in order):
"Hardware Haven Theme" -Me ( • Hardware Haven Theme M... )
"CRENSHAW VIBES" - GARRISON ( / garrison-brown )
"Sunshower" - LATASHÁ( / best-music-pro.. )
---------------------------------------------------
Gear I Use: (affiliate links)
Recording Gear
► Camera - LUMIX G7 amzn.to/3LmfGdk
► SD Cards - SanDisk Extreme PRO amzn.to/3BPXrd1
► Capture Card - EVGA XR1 amzn.to/3Bn8qt7
► Studio Lights amzn.to/3BnYrUd
► Microphone - Shure SM7b amzn.to/3BP0TEB
► Interface - Presonus Quantum amzn.to/3QVeX3T
► Teleprompter amzn.to/3BxcN50
Servers and Networking
► My Remote Editing PC - amzn.to/3J1hN5g
► DriveStor 4 NAS - amzn.to/40R5LDz
► 2.5 GbE Switch - amzn.to/43unwub
---------------------------------------------------
Timestamps:
0:00 Intro
0:28 HelloFresh (Sponsor)
1:31 What is this video?
2:18 What does bios-locked even mean?
3:08 Do you need to remove them?
3:40 Some methods to remove them
5:27 How I "fixed" my bios-locked PC
5:59 Experimenting with BIOS reprogramming
10:34 Should you buy a "bios-locked" PC? - Наука та технологія
I used to have a defective RAM bar, if you insert it into the computer, the data loaded into the initial addresses will be corrupted by the BIOS in an attempt to restore it loads the default settings and the password disappears it was very convenient
Ooo! I can probably make one of those.
BIOS said: 37 times
🗿
Two more likes and we'll get this comment to 37, too.
Whoops lol
@@HardwareHaven37
Bios means life
My biggest win was using a grounding trick on a thinkpad t430s to get around a bios lock. There's many videos on youtube, but the gist is you carefully use a pair of metal tweezers to ground the data pin during (not before) POST. The password is seen as blank on that boot, and you can easily set and then disable the admin password. This let me enable virtualization, update the bios, and enable the express card port.
I think that cant'b be done in newer models but at least worked in your Lenovo, thanks for the reminder !
@@wendellparham5545 interesting...
I spent many years as a service tech, & I used this trick on a lot of machines to get around weird BIOS locks.
How u dell laptop
Works great on T48s but not on T51s. The Password is stored inside the CPU. So even replacing the Flash does not help. This is part oft this Intel Anti Theft.
On devices of some manufacturers like Fujitsu, you can remove the bios lock by entering three specific "passwords". Then you get a long number shown on the screen which you can enter into a calculator found on the internet. There you get a code you can enter as a password to gain access to the bios.
same in old Dells
Nec too
Nice quest tho
real life side quest
Something to try that's worked several times for me with various desktop and server motherboards, although sadly isn't an easy option for most laptops: On a lot of boards, if you replace the CPU, it will allow you one-time access to even the most locked-down BIOS, so if you have another spare CPU for your locked motherboard, remove the BIOS battery, close the CMOS jumper, then replace the CPU. Remove the CMOS jumper, replace the battery, and switch on. Some boards will take you straight to BIOS and others will give you a message to say the CPU has been changed and to press (usually) F1 to enter BIOS. Once in there, you MUST remember to change or remove the password at that point, because if you leave the original password set, it's a one-time deal until you replace the CPU again.
Swapping the amount of RAM also sometimes works.
useful tip! I've had issues with pre-crippled SFF's where they won't run with anything other than the supplied chip, every time I managed to fix it. Possibly why a lot of the "faulty/spares or repair" ones have a different CPU, someone has taken out the good working chip and substituted a potato or worse, a faulty processor.
@@conundrum2007I was gonna do that to a OptiPlex, guess I can’t?
@@dothatjustin Try it. Other option might be to send me the bad BIOS IC and I will attempt to clone it to a new one. Sometimes that is all you need, done this once before.
@@conundrum2007huh, well I’m always willing to learn more, I’m not sure what to do tho and if you wanted to try it out I can try sending it maybe ilyk
Your BIOS dump seems to be exactly 16M, which means its probably a full dump of the BIOS chip, even white space that might exist at the end of the chip. Most manufacturers don't fill their BIOS chips to the brim, mainly for BIOS updates and patches in the future. It's possible the HP and community BIOS's are complete images, just truncated to exclude the white space that would exist at the end of the chip
An erased chip is all FF's. If the BIOS is in Intel Hex format, rather than binary, it would only contain the pages of bytes that have zero's in them; thus it could contain the entire BIO's while still being a very small file.
The memory chip sizes are in the powers of two and the binary found was 9,1MB. Therefore it would not fit on a 8MB chip but does fit on a 16MB chip.
Hex IS binary, not rather than. It's just binary converted into a more people friendly way to read. All hex values are stored in, you guessed it, binary. If all bytes were FF then all bits are 1. Intel Hex just encodes/decodes in this instance is just compression. Everything is stored in binary, there is no "rather than binary"
@@shhhvcnear You know only half of what you think you know.
"Hex IS binary, not rather than."
Hex is ASCII TEXT, Binary is BINARY.
"It's just binary converted into a more people friendly way to read."
Converted, yes; which means it is NO LONGER BINARY. Hex REPRESENTS binary and it is more than "a more people friendly way to read". A server may not be able to accept binary and so the data may be CONVERTED to ASCII. ASCII Hex cannot have a '1' in the eight bit; if it did, it would be binary data and NOT hex.
"If all bytes were FF then all bits are 1."
Obviously.
"Everything is stored in binary, there is no rather than binary"
That's a half truth, which you don't understand because your knowledge of binary is very simplistic. Yes, everything is bits and is binary, but when engineers (and most computer literate people) refer to a binary file, they're referring to a file that has unformatted data or to be more specific, a non-text file. If you format a file to ASCII hex, then it is no longer considered a binary file (even though the data within is still made up of binary data). ASCII hex breaks the binary bytes into 4 bit nibbles, so each byte of the data is represented by two ASCII text bytes in hexadecimal format, neither of which have a '1' as the most significant bit.
"Intel Hex just encodes/decodes in this instance is just compression."
When you load an Intel hex file into a programmer, all data is first erased from the chip, which means all bits are '1' or FF. Each line in the Intel hex file (which is ASCII text, not binary) contains an address of where in memory to write the data, the data itself and a length of bytes to write, including a checksum. The hex fields (which are ASCII hex, not BINARY) are then converted to their binary values and used to modify the buffer that was previously filled with FF's before being programmed. It's not really just compression because it doesn't contain all the data within it. Instead, it assumes that any data that's not included within it is FF. So if you didn't fill the buffer with FF's first, then the data will be incorrect. usually the programmer will automatically fill the buffer with FF's before loading the Intel hex file. A compressed file contains all data and doesn't rely on assumptions. Intel hex format can also be used to patch an existing program (but this is likely over your head so I won't discuss it further).
In summary, Intel hex format doesn't need to write pages of FF's in any area because there already are FF's there from erasing. Since there are a lot of FF's in firmware, the intel hex file can be much smaller than the actual binary, even though there are two ASCII bytes representing each byte of the actual binary.
Agree. All chips, AFAIK, stores info in binaries. Even disc storages.
Cheers for the shout out, great video - whish I could get this much information into 10mins!
In-circuit flashing (with the clamp) is definitely possible as you've discovered, but I always de-solder the chip, as unless you have a detailed understanding of the platform, you never know what else is getting powered up by the clamp, and what else is listening on the bus. Soldering is also dangerous, but I know those risks a lot more than if the PCH is going to breakdown when an unmodded CH341a bashes 5v onto the SPI bus. It's low current sure, but I don't need to roll those dice if I flash out-of-circuit.
Ah the legend himself! And I would argue you get more info in most of your videos than I have on my entire channel. Without a doubt your videos were the inspiration to buy a hot air station and give it a go, lol.
Hi! I started watching your video. Something i love to watch because I was a computer technician and dealing with almost everything you've shown there.
> "you never know what else is getting powered up by the clamp"
In fact, most of all times it's the KBC. Which will then try to read its firmware from the same chip, and then attempt to start the motherboard or at least its always-on devices like a charging port. And hopefully everyone here knows that on SPI bus there is no mandated hardware detection of colliisions, and flash chips are "dumb" either way, so reading the chip in the same time the KBC accesses it is bad.
The ch431 doesnt have a problem with the 5 volt "issue". It is well explained and tested in this video: ua-cam.com/video/J8-Sh7DjiXw/v-deo.htmlsi=Mei2TuFyq16XZaZ3
There is another way of removing BIOS-password by using Intel ME software. Basically, it allows you to read and write BIOS chip from Windows, without soldering the chip. However, a few things need to be considered:
- It's needed to remove/change position of a jumper if you wanna flash to BIOS chip while reading from it doesn't. Some times you need to use a wire as the jumper is removed by default.
- Make sure that you have the right BIOS to flash to the chip. Otherwise you can't boot up. In that case you will need desolder the chip and use a programmer to flash BIOS to it.
Overall, while this technique could be avoid of using solder-iron, it requires some knowledge of understanding motherboard (and maybe reading schematic) and BIOS flash.
Interesting.
Doesn’t this only work on vPro systems?
Need more details
"There is another way of removing BIOS-password by using Intel ME software. Basically, it allows you to read and write BIOS chip from Windows, without soldering the chip."
If you could do that, then it means you don't need to do it because you're already past the BIOS password.
@@lizardking8388 Still good for a BIOS only password to get into the settings, not a power on password.
Setting a bios password on random computers you get your hands on sounds like the most evil plan for world domination.
UEFI attacks do this exact thing to gain control of the host before the OS level user can interfere.
Needs to be made illegal big time
Enabling BitLocker is one of mine. Mwahahahaha!
Picked up a bios locked 845 G7 from work for 20 bucks. Had to learn how to desolder and reprogram the bios, but it wasn't too difficult for me since I at least have some soldering skills and watch LOTS of board level repair videos in my free time. Threw in some ram and a drive, and I have a killer daily driver that cost under 100 bucks total.
I know you didn't cover it but one Hard Disk password exploit that worked well for me on ide/sata spinning rust drives was to power on machine with unlocked hard disk into the bios and into the security settings, hot swap the drive to the locked drive, select to lock drive and set a password, save and exit. Upon boot it will still be locked but only with the password you provided. Now you can go into bios and unlock with the password you set.
lmfao
Notice if you are running a HP ProBook/EliteBook/ZBook up to the Folio 9470m:
DO NOT JUST OVERWRITE THE BIOS WITH A DUMP THAT EXISTS ON THE INTERNET. Because when you do, the Serial Numbers and the MAC Address of the Ethernet Card gets overwritten.
What you should instead do is capture the Current BIOS, flash an unlocked one, power the PC on, flash the original locked bios while the PC is running, set a new Password and then reboot.
Otherwise you will for example get Code 43 for the Ethernet Chip because the MAC Address is incorrect, and there could be problems with Windows Activation.
I have a really old Toshiba Pentium III laptop that somebody gave me and it had a BIOS password.
It has a parallel port on the back (yes, it's that old!) but I found out researching online that you could reset the BIOS password by wiring a few pins together on the back of a D25 parallel connector and then powering on the machine with that connector plugged into the parallel port - and, yes, it did work exactly as expected.
So clearly there are a few "weird and wonderful" things out there that might allow a BIOS password to be reset.
I did this too with a Toshiba Laptop! I think it was a Satellite
@@ypesh Yes, I have just been down to my workshop and it's a Toshiba Satellite Pro 4300 Series.
I must do something with it, actually - I should install Windows 2000 on it and fire up a few old retro games, it seems to work perfectly otherwise.
I don't recall which Toshiba I got, but the BIOS password could essentially be cleared by corrupting a checksum used by CMOS to validate itself. If the validation failed CMOS would be reset clearing the password in the process.
The wild part is that this could be done from within (32 bit) Windows using the old 16bit debug hex editor that it used to ship with.
@@Electracion oh wow from within Windows? That's so cool, I had no idea 😂 I only did the parallel port dongle reset and then. I think I eventually sold it. It was such a well built solid laptop. I think I had either XP or Windows 2000 on it.
@@ypesh My 4300 series has got a WIndows XP key on its sticker but I am sure when I checked a while ago that there were Windows 2000 versions too - so I think you're correct on that.
One of my favorites is the older laptops with a password chip. If it reads 0000s from the chip it assumes no password. The trick is you short the clock and data pins right when it checks for a password, it won't see one and you can get into the BIOS. Then set a blank password, it will overwrite the stored password.
If you find that the motherboard is stealing the power from your clip programmer it might be pulling the voltage down too low. I keep a 1/2 charged Lithium Ion battery around ~3.6v to connect along with the CH341A.
The other option would be powering the board and letting it provide the power to the chip.
I do run into chips that need pulled from the board at times.
Reminds me of my original Xbox modding days, desoldering corrupted eeprom chips or bios chips, tsops, flashing them. Modding bios, corrupting them again. Good times
For many systems there's also some default passwords available that can be used to unlock a machine. Worked fine for an M93p I grabbed off Ebay for cheap.
What was it?
From experiences I have had with these Mini PCs and some whacky BIOS mods I have done in the past (going from turbo boost unlocking on Haswell to NVMe module injection), these sometimes require the power brick connected and a power cycle while - power button is kept pressed - to allow the chip to be powered and selected (floating SS line) and avoid the tedious (de)soldering task!
Another pro-tip to whom it may concern, AMI bioses sometimes are flashable without needing the (risky) HDA_SD0 pin short or the ME disable jumper on with AFUWIN v3.05.04 and the magic /GAN flag!
I wish I was on this level of technical skill
On a lot of aftermarket mobos you have options. Simple clear cmos, alternate bios, or a socketed bios chip you can just replace. I've picked up some good deals on hardware that was locked.
having a listing that says locked bios on a dual bios mobo with a hardware switch would be funny haha
Came across your videos as recommended for Proxmox and HA. I really like your style of presenting material in a very calm, friendly, easy manner. And one of the big things is you talk to the viewer as if we are on the same level and don't speak in terms most of us would not understand, the l33t speak as it were. I really appreciate that 😎👍
As a note, you bring up the BIOS flasher you purchased. I had this same problem with a thin client where the chip was borked during a bios update. I had gotten one of those units only to find out the same exact issue you had here, the chip runs at a different voltage as the flasher outputs. I tried to do the hack to make it work, but the thing over heated and never powered the chip.
Thanks for showing the description of the device (there's actually v1.7 available that I've found), but I had first looked in your description for an affiliate link, and was saddened that you had not had one for that device. It might be a good idea to add one for it for future viewers, you never know how many ppl will be using it to get the device because they came across the video 😉
This randomly appeared on my homepage and I'm so glad it did. I got a bunch of Optiplex 7070s from a school that was tossing them out, and I discovered that one of them had both a dead battery and a BIOS lock-meaning I couldn't even fix the incorrect clock until after booting up. Turns out this model does have that jumper, which is not just conveniently labeled PSWD, there are even instructions printed nearby that say "1-2: NORMAL, EMPTY: CLEAR PASSWORD". Considering how easy it would be for a kid to reboot and mess with stuff, I'm surprised it was the only one they had bothered to lock. Must have been the computer lab teacher's computer. 😄
Amazing intro! I love it! Keep it up man. Love how your channel is growing.
Thanks! I was nervous to try something different haha
I don't buy bios-locked pc, simply because I don't have the time or tools or patience to work on it just to save $20 (roughly), unless the unlock is guaranteed and is super easy. The only time this would make sense is if I'd save at least $100 by buying a bios-locked pc/motherboard and if it is worth the effort to do so, like a rare PC. But it is fascinating to watch others do it. It feels like magic.
one tip 10:10.. intel ME Management Engine needs to be Clean aka Configured to be able to boot on Others PC.. same pc works fine.
there is hp unlocker for up to 2016 then RC Unlocker for newer.
hp serials tend to be in paddings you can see w UEFiTooL
I'd recommend doing a comparison between the bins for each to see where the pin is stored, and either modify with a hex editor or remove (with blanks)
I was thinking the same thing since he had a backup of the locked version. Would come in handy if considering buying more.
Wow great video. Love the super technical details. Thank you.
@Hardware Haven You were lucky.. Sometimes just bios reflash doesn't help, for example HP laptops has protection against password reset via bios reflash, it simply doesn't work and password is still present... It is still possible, but you must use 3rd party software to patch bios that you want to use for reprograming and then wirte it into SPI chip. For example as I remember correctly, sometimes password is stored in a few places, so simply bios reflash/.CMOS reset not always works, because mainboard is able to recognize that BIOS was reflashed and was password protected... Keep that in mind that you have do more then simply bios reflash, it's not always so simple, becuase modern computers are protected against that, aspecially laptops...
Love the improved presentation of your new video!!
Keep it up!!
Thanks! I'm really trying haha
cant wait for this video to get millions of views and then have those seller increase the price of bios locked shit like how people constantly made dell optiplex builds and sellers amped the old optiplex prices to get on the wagon
Prices rises so fast)
Flashing the bios without the serial number and mac address seems not to matter that much.
I used the image dumped and cleaned by another user so it was already the correct size but missing the info mentioned above.
I was able to recover a system that was not starting before. Works to this day.
that is true. But it does matter on chromebooks. If you lose the original firmware it's a paperweight if you didn't already put good working custom firmware on it
Just found out about your channel, i am already loving it!
Very nice vid, it's also possible to solder a 8 pin chip socket in place of the bios chip, modding it into a removable bios chip
Thanks for sharing knowledge, we appreciate your work!
Over the years I’ve blown up two desktop motherboards by flashing the wrong bios in one and not using the proper OS the flashing software wanted. (I used win 10 but the loader program wanted win 7) I didn’t throw either motherboard away and I figured a solution would pop up in the future. The first dead mb was fixed by swapping the dead bios chip with another bios from a similar mb (socketed bios chip swap) and the second one was fixed with a CH341a reflash.
I would not call it blown! Its just stupid saying i blown a mother board without any components blown up i would call it bricked! Please say it right
I think this has to be the dumbest mistake to make the bios upgradable and not have a failsafe in case something goes wrong, but once again this might be just another reason to sell you more hardware.
I never upgrade the bios, especially on expensive laptops, because if something goes wrong, good luck, all you have left is a expensive piece of junk.
@@309electronics5 say it how you wish. trust me, When i flashed the wrong BIOS from being in a hurry and I needed to use the computer, it was truly "blown up" at the time (this was 20 odd years ago) I had no hope of ever fixing it at that time nor did i know if i could ever fix it. It was just by accident that I got given a similar MB with the same BIOS chip a few years later. Yes, it bricked or blown or non functional and it was just lucky that i fixed it.
@@D4no00most pcs nowadays have 2 copies of bios
@@JordanPlayz158 "most" is the perfect word to describe this. Since there is no standard, you are not guaranteed that you won't brick the device should something go wrong.
I'd like to see a comparison of the bios dump with and without the password... It would be interesting to see if it was hashed or just stored in plaintext.
If it just encrypts the BIOS, then it may not be stored at all.
True, but that should also be easy to spot - if you add an 8 character password and the entire file changes then it encrypted the whole thing. Or I should say most. Because a small piece would have to stay unencrypted to ask for the password and decrypt the rest.@@anon_y_mousse
So another way is to dump the bios, you can then pull the password hash out and throw it into something like hashcat and using a gtx3080ti crack the hash in like 2 hours
Or just generate a hash from string of text and replace the existing hash with the new one.
@@StuffJason437
If you got a bunch of equipment from the same location, knowing the password can be more helpful.
For example, the state government education department I used to work for used the same BIOS password for over a decade in all schools across hundreds of different models of computer. The password was "danish", for anyone who wants to work out what state it was (it was well known). So if anyone was buying equipment from a school, and got 5 or 6 different models, flashing one fixed bios wouldn't help but cracking the password probably would.
I bought an hp 720 plus for like 50 bucks but it came bios locked lucky for me all I had to do was move the jumper and hold the cmos button like you said. Great video probably going to use this in the future!
Just did one about a month ago. 2016/17 HP laptop. There's a built in feature. Hold Windows+B while powering on. Continue holding until it reboots (could be as long as 45 seconds), then release. Should let you into BIOS when it comes back on.
Good video man, lots of valuable information in here for people !
You could also ask the seller if they know what company the bios locked system comes from. In most of the systems I've gotten over the years the bios password was just the name of the company.
At least it wasn't 'Bob'
Firstly it was great of you to point out the flaw with the CH341A, I was in the same boat on mine as i was only flashing 1.8v chips the issue didn't both me but as it started to look like i was going to be touching 3.3v i replaced it with the new version.
Secondly i would like to expand on what you said about saving a dump of the chip.
Really you should be dumping the content of the chip 2 or 3 times before even flashing anything back then comparing the files checksums match. It takes just a slight knock on table and that clip can move slightly giving you a bad dump rather then a good dump.
I normally do 3 dumps of a chip, check and then use one as the backup, one as stock the other to mod after checking the checksum.
Ha. Nice. I actually just did this a couple of weeks ago for an old laptop manufactured in 2006. The price was too reasonable to pass up and I was up for the challenge vs. the risk to do some retro games. Lucky for me, bridging a couple of pins on the EEPROM did the trick. Like a few others who posted, it was also a Thinkpad series T42.
Lifting prom pin 1 or 8 from the motherboard will allow you to program it without desoldering. Do not ground the voltage pin as some people say, it could damage the chip and your programmer. I usually slide a piece of kapton tape under the lifted pin to make sure it doesn’t make contact again while clamped. Cheers!
Very informative, Thank you.
My Flipper Zero will take care of a BIOS lock or POP pretty quickly. I buy A LOT of "locked" computers and flip them. It's not great money, but we definitely aren't hurting for cash.
Isn't that thing wireless only? Or you can attach cables to it and use it like the programmer he showed?
@@TerminalHeatSink iirc it has usb and gpio
i own a flipper, didn't know it could be used in that way
They have application for that btw.
1 - Dump BIOS
2 - Open Bios with the nice Russian software (that don't say anything but just create another .bin file with "unlocked" in the name)
3 - Flash back the bios using the "unlocked" one.
Name of this software?
@@Unmixable404 RCUnlocker
i wrote software that does that... unfortunately it was for work... so only they can use it...
i can't give away the trade secrects ;)
The most informative video on UA-cam. That info as gold !
cool video, i always wondered about this, thank you for the explanation!
Love the content! Keep it up 👍
Thanks! Will do!
Done a reflash on a bios chip I wrote the bios to by using another board with a similar bios chip. Start pc with good bios, carefully swap to bad bios with unit powered on. Run flash program for the right version of corrupted bios. If successful then power down and replace proper bioses into proper boards and away you go.
There is also some specialized software for recovering bios passwords as well, but like you stated it really depends on the board and manufacturer implementation. I know ThinkPads of many models had to be reflashed using a programmer or serial flash cable of some description.
8:25 the problem here was that you have connected the ram and also the CMOS battery!!! to the MB. Those need to be removed so you don't have to deal with solder-disolder process.
An interesting video!👍👍I have an HP Compaq DC7800p USDT, and to do something as simple as change the boot order a password is required, it's only that one pc., though as I had another example of the same pc., and it did not require a password. I had no idea what the password could be or how to find out, so I rapidly pressed the enter key on the keyboard and that succeeded. Those computers are old and they use DDR2 ram., and the maximum is 4 gig, but I have found that with 4 gig., and an SSD., and a lightweight Linux OS., installed that they are okay for basic computing, for example, checking e-mail, browsing Ebay, watching YT., videos, doing office work etc..
Great video! I've had to re-flash a few bioses myself - I even had to dump and hex-edit one, tho that was back in the day when they were in a socket.
Why the sans font tho? Is it Droid Sans? I'd suggest for this video using the freeware font "Perfect DOS VGA 437", tho since you're a mac user, maybe use Chicago. Whatever you choose, I have to say your font made me physically recoil in horror.
On lenovo you can modify and set serial, mtm, name (on laptops kbd layout) using either Planar or Golden Key U1 tools which both are lenovos own tools. Planar is designed for thinkpad and U1 works with other lenovo computers. Both tools are used to brand the motherboard after replacement. Additionally U1 can be used to re-flash / recover corrupted bios.
tip for heatgun soldering: when you remove chips use flux and circle the heatgun around the chip. solder will melt faster.
I literally was forced to do this yesterday due to me accidentally powering down an old system. Nice vid as always!!!
I had recently purchased old RM computer for £19 that's bios locked and even had the original hard drive with the original operating system and had to replace on screen keyboard with command prompt inorder to change the administrator password to login as administrator. Fingers crossed the method for removing the bios password won't get crazy complex.
I wouldn't worry too much about the non-3v3 ch341a. Because the current source capability of the CH341a chip i forget but it's absolutely miniscule, like 2mA or something, while 3v3 supply off the regulator on the board provides the clamping voltage via EEPROM's internal ESD diodes. There is a very low likelihood to kill something.
Did you compare the binaries before and after setting the password?
Excellent job! I recently got a bios locked working HP laptop from a scrap dealer. I'll try this fix to unlock it.
8.53, you can use de board adapter connector, put a bios in the bench and connect. (do not need to solder in the adapter ) fast and practical. By the way it isnt a good policies to program in circuit, and ways do 2 or 3 dumps and conpare to confirm a good bin file.
I got a free HP Z440 from work once and it had a BIOS password on it. I quickly Googled my computer and how to clear it. It was nice all I had to do was remove the jumper and push a button, like on your HP in this video. Then put the jumper back and I can set my own password. I never liked HP, but this workstation was pretty nice and works well. I threw in a Xeon E5-2689 V4 (probably overkill), populated all RAM slots with 8GB sticks (64GB total), and put in my EVGA RTX 2070 FTW3 Ultra I had lying around. Surprisingly, the power supply is able to keep up no problem. I tested an RX 6500 XT and a GTX 970 with the Xeon E5-1620 V3 it came with and it turned out to be a pretty decent little machine for light gaming.
Could you be so kind as to compare the data dumped form both a locked and unlocked chip? If you find the locked flag and/or the password/hash, you may be able to just alter those, thereby disabling or changing the password.
I remember resetting the BIOS password for my friend's laptop using the same website you showed. It worked well. I think it was a Dell laptop. Not sure if it works all the time though, but it worked for me back then.
I once repaired an Asus ROG laptop that had failed to upgrade to windows 10. The bios was corrupted during OS install (no idea how). I was able to use a raspberry pi and a SOC clip to reprogram it. I had a similar issue with not being able to read the chip in system, but figured out I could plug in the power (without turning on the laptop), and that was enough to power the chip and dump the ROM. You might try it out next time, it could save you a ton of soldering.
What were the specs
@@BnE-sports ROG G750JH (Black Flag edition) Has a i7-4700HQ and a GTX 780M among other things.
Fantastic video. I learned a lot.
Glad to hear it!
I know that many, especially business laptops use the NVRAM of the PCH to store the passwords, some have hidden "manufacturer" modes to get the NVRAM to reset (not the same as the BIIOS CMOS, that's battery, the NVRAM is an area that's kinda like flash storage but small and used to store setting bytes and bits...)
This is like the mechanisms that AntiTheft and CompuTrace mechanisms use.
At work, we got in a job lot for the LifeCycles part of the company, most were fine but a certain model all had BIOS passwords and the settings for something meant BSODs on every reinstall of Windows, with no way to remove them.
I had to explain why it's impossible (for us at least, given limited knowledge on that specific model) by literally walking off with the manager's laptop and saying "I'm off to sell this at CEX, I can't do that with the locked ones, just like they were designed to prevent".... Of course, I walked back inside and asked if he understood why.
Doesn't happen with the chip in-situ often, but it can be done. Managed to dump a router once while the lights were doing the "we don't have enough juice to boot" dance.
Thank you so much for the video my Guy. i have been looking the name of this programming tool but no luck, now i know and im have just put it on my wishlist. Thanx a million time brother
I have noticed exact same thing with CH341a, newer model with 3.3V switch won't read chips with using clip, meanwhile unmodified CH341a works just fine with clip.
Almost all HP Desktops have this jumper got some old ones from school and could unlock all Bioses this way. It should always be possible to change some things in the Bios in case you press F10 (HP Bios button)and it asks for a password just hit enter 3 times and most of the bios will work.
Can you please make a compare of the Hex dump of the bios with and without password and then see i) which bytes to change to remove the pwd, and ii) if you can extract and decrypt the pw?
The only issue with having 5 volts instead of 3.3 would be the write part. More voltage could just change some of the data you're trying to write. It's still pretty safe to use as long as you make sure to verify your dump each time and have a differents read dumps.
Currently experiencing a similar issue when I bought a used Asus Chromebox 4 from marketplace which was super cheap only to find out it was enterprise enrolled. Had to go the CH341A route to flash Coreboot on it but found out new machines are no longer using BIOS chips with feet like in the video.
a n i m e
n
i
m
e
Most motherboards have not standardized header pins that allow me to connect striate to the bios chip. I use mostly those to get a copy of the BIOS and reprogram it. Stand alone motherboards are easy, you just flash the new bios file from the support page on the chip. Mainboards from Dell, Lenovo or you name it including a windows key are harder and a big pain. You need to preserve the windows key and serial numbers this means there is no other choice than replacing parts of the bios mostly by try and error.
If you dump the original bios, the serial number and windows key are typically stored in plain text
@@coctailrob It is mostly not easy to find those, they are not labelled with serial number or windows key.
@@Amixus that's true. But I think last time I looked , the windows key was stored in one of the padding sections (extracted using uefi tool software )
I always buy them because i am a repair master and k ow how to flash them easily with a custom or unlocked bios, even managed to install a custom os on a settoobox for tv using uart. I also know how to change a few bits in hex. But your tips help other people
If you've got the same laptop without a password but all those tools, just take a dump without a password then with a password set and then maybe with a different password set. Diff the binaries and now you'd know exactly what bytes to write to remove it from any bios chip of that same model.
I have just emailed HP customer support, for my 8760w, even though i bought the laptop second hand. I had to give the uuid and maybe some other info and they send me some bios reset file, I believe tailered to that specific uuid and also valid for a short time, only one week if I remember correctly. But it was working and I had a good experience with the customer service.
I picked up a bunch of these (prodesk and elitedesk 600/800) for cheap since they were listed for parts and bios locked. Planned to try and diagnose them for issues and learn a bit. They all powered on and I cleared the bios on each of them no problem. I popped a cheap ssd in one, loaded up linux mint and it just booted up no problem. If they are all as well behaved as this one I might not get much troubleshooting experience after all.
I guess my plan B is figuring out what to do with a bunch of mini pcs.
I have the same device but with 7th gen intel and it was already unlocked when i bought it, its really good for homeserver running multiple docker containers
A video or several on replacing BIOS chips and if possible replacing SOIC with the same in DIP version which would allow easy removal for specialty reflash with less hassle (swap in programmed chip instead of flashing it onboard) would be of interest especially to classic Thinkpad owners into alternate BIOS. Modifying BIOs is a good rabbit hole there are not near enough videos on.
What programmer do you use & from where? Great YT too!
I came across BIOS images that were the full size but with added header. So i compared with a backup from the chip and removed the header, then it uploaded fine and worked.
I got a hold of a Surface 3 that was bios locked and the system disk was bitlocked and unbootable. It took me all of an hour and 5 minutes once I had everything needed to get the bios password and repair the Windows install. Not necessarily in that order. Most of that time was burnt on the reinstall.
I'm an IT technician, and I've worked with computers since I was 12 and couple years ago I was about to swap an HD and format and do all the stuff on my mother in law's laptop and got the locked BIOS thing going on, I read the manual and in there told me to contact ASUS for the unlock, tried a bunch of times and didnt even could have any information from them because the documentation from it was missing since her nephew owned it, I was shock that I could even do nothing with the thing, the only solution that I've found in the internet and the market around here (brazil) was to replace the chip that holds the BIOS and this around here is rather expensive.
Thanks for this video. I was thinking about buying that same mini in the video and I just assumed these were all unlocked before selling. If I buy one I will ask
if the bios is unlocked. Thanks
Hi there, Can you tell me in which website you ordered your new CH341 programmer? is it support 1.6v , 1.8 , 3.3v and 5v? thnx
I've reprogrammed a lot of chromebooks to put linux on them. I didn't know that my programmer had an update though. I'm going to have to look into getting me one.
6:44 - 6:58
From what you pointed out, it looks like the user can get a full copy of their BIOS straight from the OEM or unofficial sources, which is not correct.
An oversimplified, brief explaination is that:
The BIOS UPDATE cannot restore the BIOS IMAGE, because the update is not a full bios image. It has the same size as the BIOS IMAGE, but the BIOS UPDATE is mostly filled with FF to match the BIOS IMAGE layout.
That is why many BIOS brands like Insyde, AMI and Phoenix have a check to prevent the users from bricking their computers.
The only ways to obtain a full BIOS image for your device are:
1. Contact your device OEM, which will most likely not help you at all, by saying that "they can't make a new bios for you because they don't cover that, they don't like you or the warranty expired"
2. Dump the BIOS IMAGE with a physical programmer
3. Dump the BIOS IMAGE with a digital programmer
I like your vids and I learnt some things from your channel.
Keep it up ❤❤❤❤❤❤❤
If you have an encrypted disc but don't have the key, format it.
For a bios locked laptop I had, I unplugged the bios battery. It even corrupted a hard drive I put in it with its "Return me!" lock screen on bios boot.
Many arcade boards that use PC hardware are indeed BIOS locked. Bringus Studios bought a Sega ALLS machine from Japan, and he had a headache unlocking the BIOS.
The data pins of the CH341a being at 5 volts doesn't matter. The current is so low that it's basically impossible to burn a chip.
Also, instead of desoldering the chip, sometimes just plugging the cable in to supply standby power (and thus 3.3V to the chip) is enough.
I have unlocked the bios for a couple T61 which were locked with power on password. Basically, until xx30 models (Ivy Bridge) you can simply short 2 pins on the bios chip while powering on. This will skip password control and let you enter the password change page to set it to blank. I have found a website with pictures of different mobo from many Thinkpad models, where you can find yours and identify the bios chip, but now seems to be offline. :(
In a pretty recent Asus laptop with a lost boot password, I had to short to ground the I2C data pin in the BIOS flash IC to make the laptop give me an error, and then it let me reflash it using a thumb drive with the file given from the manufacturer. Probably other domestic models, not business-grade or professional-grade, have similar ways to do the same. Cheers!
I once had to remove a BIOS password on an old DELL laptop…
The actual solution (after much Google-fu) was to fully disassemble the laptop then reassemble each PCB without the outside shell and use tweezers to short a password clear jumper at power on…easier said than done, as there were about 7 small PCBs to make the laptop complete and a bazillion screws!!! 😅
What model did you try this on
@@doityourself2save it was YEARS ago…so unfortunately I can’t remember…
It's best to only connect or disconnect the clip on the chip while the programmer is unplugged.
I also have had luck shorting out the data line on a Bios flash during the boot process that triggers the backup bios to load. That's how I got past the bios lock on a pair of ex government panasonic toughbooks. I shorted the clock to a data line as they were next to each other with a tiny probe during different points in the boot process and triggered the bios recovery. of cours this only works on systems that have a bios recovery.
I'm wondering if I'm having a similar, yet different issue. I bought 2 used motherboards (Gigabyte and MSI) with X99 chipsets to use for a NAS project. I can't get either one of them to POST. Fans may spin (barely) or lights may come on, but no POST. Could these be BIOS issues? I tried the usual clearing methods, but no dice.
love your stuff
Usually you can flash uefi by your method or there is a second method that depends on your motherboard, honestly you just have to read the manual and shortcut pins.
There is a last option running on win 10 or 11 to do it while your are in session, maybe you can bypass your "locked-pc" by using live os.
Otherwise first thing to do is to explore on the official support site to avoid things like looking for the right process with the right os or "os slightly modified by producers"
If there is no option you can run Linux on it to unlock and reset HDD then make a volume to set a new OS to repair.
Not sure if the bios password has any cooldown when entering it but if not a bruteforce to get the password and then turn it off in the bios settings