Something to try that's worked several times for me with various desktop and server motherboards, although sadly isn't an easy option for most laptops: On a lot of boards, if you replace the CPU, it will allow you one-time access to even the most locked-down BIOS, so if you have another spare CPU for your locked motherboard, remove the BIOS battery, close the CMOS jumper, then replace the CPU. Remove the CMOS jumper, replace the battery, and switch on. Some boards will take you straight to BIOS and others will give you a message to say the CPU has been changed and to press (usually) F1 to enter BIOS. Once in there, you MUST remember to change or remove the password at that point, because if you leave the original password set, it's a one-time deal until you replace the CPU again.
useful tip! I've had issues with pre-crippled SFF's where they won't run with anything other than the supplied chip, every time I managed to fix it. Possibly why a lot of the "faulty/spares or repair" ones have a different CPU, someone has taken out the good working chip and substituted a potato or worse, a faulty processor.
@@dothatjustin Try it. Other option might be to send me the bad BIOS IC and I will attempt to clone it to a new one. Sometimes that is all you need, done this once before.
My biggest win was using a grounding trick on a thinkpad t430s to get around a bios lock. There's many videos on youtube, but the gist is you carefully use a pair of metal tweezers to ground the data pin during (not before) POST. The password is seen as blank on that boot, and you can easily set and then disable the admin password. This let me enable virtualization, update the bios, and enable the express card port.
Works great on T48s but not on T51s. The Password is stored inside the CPU. So even replacing the Flash does not help. This is part oft this Intel Anti Theft.
Your BIOS dump seems to be exactly 16M, which means its probably a full dump of the BIOS chip, even white space that might exist at the end of the chip. Most manufacturers don't fill their BIOS chips to the brim, mainly for BIOS updates and patches in the future. It's possible the HP and community BIOS's are complete images, just truncated to exclude the white space that would exist at the end of the chip
An erased chip is all FF's. If the BIOS is in Intel Hex format, rather than binary, it would only contain the pages of bytes that have zero's in them; thus it could contain the entire BIO's while still being a very small file.
Hex IS binary, not rather than. It's just binary converted into a more people friendly way to read. All hex values are stored in, you guessed it, binary. If all bytes were FF then all bits are 1. Intel Hex just encodes/decodes in this instance is just compression. Everything is stored in binary, there is no "rather than binary"
@@shhhvcnear You know only half of what you think you know. "Hex IS binary, not rather than." Hex is ASCII TEXT, Binary is BINARY. "It's just binary converted into a more people friendly way to read." Converted, yes; which means it is NO LONGER BINARY. Hex REPRESENTS binary and it is more than "a more people friendly way to read". A server may not be able to accept binary and so the data may be CONVERTED to ASCII. ASCII Hex cannot have a '1' in the eight bit; if it did, it would be binary data and NOT hex. "If all bytes were FF then all bits are 1." Obviously. "Everything is stored in binary, there is no rather than binary" That's a half truth, which you don't understand because your knowledge of binary is very simplistic. Yes, everything is bits and is binary, but when engineers (and most computer literate people) refer to a binary file, they're referring to a file that has unformatted data or to be more specific, a non-text file. If you format a file to ASCII hex, then it is no longer considered a binary file (even though the data within is still made up of binary data). ASCII hex breaks the binary bytes into 4 bit nibbles, so each byte of the data is represented by two ASCII text bytes in hexadecimal format, neither of which have a '1' as the most significant bit. "Intel Hex just encodes/decodes in this instance is just compression." When you load an Intel hex file into a programmer, all data is first erased from the chip, which means all bits are '1' or FF. Each line in the Intel hex file (which is ASCII text, not binary) contains an address of where in memory to write the data, the data itself and a length of bytes to write, including a checksum. The hex fields (which are ASCII hex, not BINARY) are then converted to their binary values and used to modify the buffer that was previously filled with FF's before being programmed. It's not really just compression because it doesn't contain all the data within it. Instead, it assumes that any data that's not included within it is FF. So if you didn't fill the buffer with FF's first, then the data will be incorrect. usually the programmer will automatically fill the buffer with FF's before loading the Intel hex file. A compressed file contains all data and doesn't rely on assumptions. Intel hex format can also be used to patch an existing program (but this is likely over your head so I won't discuss it further). In summary, Intel hex format doesn't need to write pages of FF's in any area because there already are FF's there from erasing. Since there are a lot of FF's in firmware, the intel hex file can be much smaller than the actual binary, even though there are two ASCII bytes representing each byte of the actual binary.
I used to have a defective RAM bar, if you insert it into the computer, the data loaded into the initial addresses will be corrupted by the BIOS in an attempt to restore it loads the default settings and the password disappears it was very convenient
On devices of some manufacturers like Fujitsu, you can remove the bios lock by entering three specific "passwords". Then you get a long number shown on the screen which you can enter into a calculator found on the internet. There you get a code you can enter as a password to gain access to the bios.
There is another way of removing BIOS-password by using Intel ME software. Basically, it allows you to read and write BIOS chip from Windows, without soldering the chip. However, a few things need to be considered: - It's needed to remove/change position of a jumper if you wanna flash to BIOS chip while reading from it doesn't. Some times you need to use a wire as the jumper is removed by default. - Make sure that you have the right BIOS to flash to the chip. Otherwise you can't boot up. In that case you will need desolder the chip and use a programmer to flash BIOS to it. Overall, while this technique could be avoid of using solder-iron, it requires some knowledge of understanding motherboard (and maybe reading schematic) and BIOS flash.
"There is another way of removing BIOS-password by using Intel ME software. Basically, it allows you to read and write BIOS chip from Windows, without soldering the chip." If you could do that, then it means you don't need to do it because you're already past the BIOS password.
Cheers for the shout out, great video - whish I could get this much information into 10mins! In-circuit flashing (with the clamp) is definitely possible as you've discovered, but I always de-solder the chip, as unless you have a detailed understanding of the platform, you never know what else is getting powered up by the clamp, and what else is listening on the bus. Soldering is also dangerous, but I know those risks a lot more than if the PCH is going to breakdown when an unmodded CH341a bashes 5v onto the SPI bus. It's low current sure, but I don't need to roll those dice if I flash out-of-circuit.
Ah the legend himself! And I would argue you get more info in most of your videos than I have on my entire channel. Without a doubt your videos were the inspiration to buy a hot air station and give it a go, lol.
Hi! I started watching your video. Something i love to watch because I was a computer technician and dealing with almost everything you've shown there.
> "you never know what else is getting powered up by the clamp" In fact, most of all times it's the KBC. Which will then try to read its firmware from the same chip, and then attempt to start the motherboard or at least its always-on devices like a charging port. And hopefully everyone here knows that on SPI bus there is no mandated hardware detection of colliisions, and flash chips are "dumb" either way, so reading the chip in the same time the KBC accesses it is bad.
The ch431 doesnt have a problem with the 5 volt "issue". It is well explained and tested in this video: ua-cam.com/video/J8-Sh7DjiXw/v-deo.htmlsi=Mei2TuFyq16XZaZ3
Notice if you are running a HP ProBook/EliteBook/ZBook up to the Folio 9470m: DO NOT JUST OVERWRITE THE BIOS WITH A DUMP THAT EXISTS ON THE INTERNET. Because when you do, the Serial Numbers and the MAC Address of the Ethernet Card gets overwritten. What you should instead do is capture the Current BIOS, flash an unlocked one, power the PC on, flash the original locked bios while the PC is running, set a new Password and then reboot. Otherwise you will for example get Code 43 for the Ethernet Chip because the MAC Address is incorrect, and there could be problems with Windows Activation.
Question: You say "flash the original locked bios while the PC is running", would that be while running BIOS setup? You flash unlocked BIOS, enter BIOS setup, and flash original BIOS while still in BIOS setup?
Picked up a bios locked 845 G7 from work for 20 bucks. Had to learn how to desolder and reprogram the bios, but it wasn't too difficult for me since I at least have some soldering skills and watch LOTS of board level repair videos in my free time. Threw in some ram and a drive, and I have a killer daily driver that cost under 100 bucks total.
@@patsfan4life I do laptop refurbishing as my job, but we don't typically do board level repairs. Since all the tools to do the job was cheap I figured it was a good chance to learn since I had a supply of parts to pull from
I have the same model except g8 So have to desolder the chip. Great, time to invest in a rework station and a sacrifice to the motherboard Gods so they will provide a bios to program into the chip.
One of my favorites is the older laptops with a password chip. If it reads 0000s from the chip it assumes no password. The trick is you short the clock and data pins right when it checks for a password, it won't see one and you can get into the BIOS. Then set a blank password, it will overwrite the stored password. If you find that the motherboard is stealing the power from your clip programmer it might be pulling the voltage down too low. I keep a 1/2 charged Lithium Ion battery around ~3.6v to connect along with the CH341A. The other option would be powering the board and letting it provide the power to the chip. I do run into chips that need pulled from the board at times.
I know you didn't cover it but one Hard Disk password exploit that worked well for me on ide/sata spinning rust drives was to power on machine with unlocked hard disk into the bios and into the security settings, hot swap the drive to the locked drive, select to lock drive and set a password, save and exit. Upon boot it will still be locked but only with the password you provided. Now you can go into bios and unlock with the password you set.
For many systems there's also some default passwords available that can be used to unlock a machine. Worked fine for an M93p I grabbed off Ebay for cheap.
From experiences I have had with these Mini PCs and some whacky BIOS mods I have done in the past (going from turbo boost unlocking on Haswell to NVMe module injection), these sometimes require the power brick connected and a power cycle while - power button is kept pressed - to allow the chip to be powered and selected (floating SS line) and avoid the tedious (de)soldering task! Another pro-tip to whom it may concern, AMI bioses sometimes are flashable without needing the (risky) HDA_SD0 pin short or the ME disable jumper on with AFUWIN v3.05.04 and the magic /GAN flag!
I don't buy bios-locked pc, simply because I don't have the time or tools or patience to work on it just to save $20 (roughly), unless the unlock is guaranteed and is super easy. The only time this would make sense is if I'd save at least $100 by buying a bios-locked pc/motherboard and if it is worth the effort to do so, like a rare PC. But it is fascinating to watch others do it. It feels like magic.
This randomly appeared on my homepage and I'm so glad it did. I got a bunch of Optiplex 7070s from a school that was tossing them out, and I discovered that one of them had both a dead battery and a BIOS lock-meaning I couldn't even fix the incorrect clock until after booting up. Turns out this model does have that jumper, which is not just conveniently labeled PSWD, there are even instructions printed nearby that say "1-2: NORMAL, EMPTY: CLEAR PASSWORD". Considering how easy it would be for a kid to reboot and mess with stuff, I'm surprised it was the only one they had bothered to lock. Must have been the computer lab teacher's computer. 😄
On a lot of aftermarket mobos you have options. Simple clear cmos, alternate bios, or a socketed bios chip you can just replace. I've picked up some good deals on hardware that was locked.
Flashing the bios without the serial number and mac address seems not to matter that much. I used the image dumped and cleaned by another user so it was already the correct size but missing the info mentioned above. I was able to recover a system that was not starting before. Works to this day.
that is true. But it does matter on chromebooks. If you lose the original firmware it's a paperweight if you didn't already put good working custom firmware on it
@Hardware Haven You were lucky.. Sometimes just bios reflash doesn't help, for example HP laptops has protection against password reset via bios reflash, it simply doesn't work and password is still present... It is still possible, but you must use 3rd party software to patch bios that you want to use for reprograming and then wirte it into SPI chip. For example as I remember correctly, sometimes password is stored in a few places, so simply bios reflash/.CMOS reset not always works, because mainboard is able to recognize that BIOS was reflashed and was password protected... Keep that in mind that you have do more then simply bios reflash, it's not always so simple, becuase modern computers are protected against that, aspecially laptops...
Over the years I’ve blown up two desktop motherboards by flashing the wrong bios in one and not using the proper OS the flashing software wanted. (I used win 10 but the loader program wanted win 7) I didn’t throw either motherboard away and I figured a solution would pop up in the future. The first dead mb was fixed by swapping the dead bios chip with another bios from a similar mb (socketed bios chip swap) and the second one was fixed with a CH341a reflash.
I think this has to be the dumbest mistake to make the bios upgradable and not have a failsafe in case something goes wrong, but once again this might be just another reason to sell you more hardware. I never upgrade the bios, especially on expensive laptops, because if something goes wrong, good luck, all you have left is a expensive piece of junk.
@@309electronics5 say it how you wish. trust me, When i flashed the wrong BIOS from being in a hurry and I needed to use the computer, it was truly "blown up" at the time (this was 20 odd years ago) I had no hope of ever fixing it at that time nor did i know if i could ever fix it. It was just by accident that I got given a similar MB with the same BIOS chip a few years later. Yes, it bricked or blown or non functional and it was just lucky that i fixed it.
@@JordanPlayz158 "most" is the perfect word to describe this. Since there is no standard, you are not guaranteed that you won't brick the device should something go wrong.
Just did one about a month ago. 2016/17 HP laptop. There's a built in feature. Hold Windows+B while powering on. Continue holding until it reboots (could be as long as 45 seconds), then release. Should let you into BIOS when it comes back on.
one tip 10:10.. intel ME Management Engine needs to be Clean aka Configured to be able to boot on Others PC.. same pc works fine. there is hp unlocker for up to 2016 then RC Unlocker for newer. hp serials tend to be in paddings you can see w UEFiTooL
I'd like to see a comparison of the bios dump with and without the password... It would be interesting to see if it was hashed or just stored in plaintext.
True, but that should also be easy to spot - if you add an 8 character password and the entire file changes then it encrypted the whole thing. Or I should say most. Because a small piece would have to stay unencrypted to ask for the password and decrypt the rest.@@anon_y_mousse
I got a free HP Z440 from work once and it had a BIOS password on it. I quickly Googled my computer and how to clear it. It was nice all I had to do was remove the jumper and push a button, like on your HP in this video. Then put the jumper back and I can set my own password. I never liked HP, but this workstation was pretty nice and works well. I threw in a Xeon E5-2689 V4 (probably overkill), populated all RAM slots with 8GB sticks (64GB total), and put in my EVGA RTX 2070 FTW3 Ultra I had lying around. Surprisingly, the power supply is able to keep up no problem. I tested an RX 6500 XT and a GTX 970 with the Xeon E5-1620 V3 it came with and it turned out to be a pretty decent little machine for light gaming.
You could also ask the seller if they know what company the bios locked system comes from. In most of the systems I've gotten over the years the bios password was just the name of the company.
They have application for that btw. 1 - Dump BIOS 2 - Open Bios with the nice Russian software (that don't say anything but just create another .bin file with "unlocked" in the name) 3 - Flash back the bios using the "unlocked" one.
I once repaired an Asus ROG laptop that had failed to upgrade to windows 10. The bios was corrupted during OS install (no idea how). I was able to use a raspberry pi and a SOC clip to reprogram it. I had a similar issue with not being able to read the chip in system, but figured out I could plug in the power (without turning on the laptop), and that was enough to power the chip and dump the ROM. You might try it out next time, it could save you a ton of soldering.
cant wait for this video to get millions of views and then have those seller increase the price of bios locked shit like how people constantly made dell optiplex builds and sellers amped the old optiplex prices to get on the wagon
8:25 the problem here was that you have connected the ram and also the CMOS battery!!! to the MB. Those need to be removed so you don't have to deal with solder-disolder process.
I had recently purchased old RM computer for £19 that's bios locked and even had the original hard drive with the original operating system and had to replace on screen keyboard with command prompt inorder to change the administrator password to login as administrator. Fingers crossed the method for removing the bios password won't get crazy complex.
Lifting prom pin 1 or 8 from the motherboard will allow you to program it without desoldering. Do not ground the voltage pin as some people say, it could damage the chip and your programmer. I usually slide a piece of kapton tape under the lifted pin to make sure it doesn’t make contact again while clamped. Cheers!
I bought an hp 720 plus for like 50 bucks but it came bios locked lucky for me all I had to do was move the jumper and hold the cmos button like you said. Great video probably going to use this in the future!
Most motherboards have not standardized header pins that allow me to connect striate to the bios chip. I use mostly those to get a copy of the BIOS and reprogram it. Stand alone motherboards are easy, you just flash the new bios file from the support page on the chip. Mainboards from Dell, Lenovo or you name it including a windows key are harder and a big pain. You need to preserve the windows key and serial numbers this means there is no other choice than replacing parts of the bios mostly by try and error.
So another way is to dump the bios, you can then pull the password hash out and throw it into something like hashcat and using a gtx3080ti crack the hash in like 2 hours
@@StuffJason437 If you got a bunch of equipment from the same location, knowing the password can be more helpful. For example, the state government education department I used to work for used the same BIOS password for over a decade in all schools across hundreds of different models of computer. The password was "danish", for anyone who wants to work out what state it was (it was well known). So if anyone was buying equipment from a school, and got 5 or 6 different models, flashing one fixed bios wouldn't help but cracking the password probably would.
On lenovo you can modify and set serial, mtm, name (on laptops kbd layout) using either Planar or Golden Key U1 tools which both are lenovos own tools. Planar is designed for thinkpad and U1 works with other lenovo computers. Both tools are used to brand the motherboard after replacement. Additionally U1 can be used to re-flash / recover corrupted bios.
Firstly it was great of you to point out the flaw with the CH341A, I was in the same boat on mine as i was only flashing 1.8v chips the issue didn't both me but as it started to look like i was going to be touching 3.3v i replaced it with the new version. Secondly i would like to expand on what you said about saving a dump of the chip. Really you should be dumping the content of the chip 2 or 3 times before even flashing anything back then comparing the files checksums match. It takes just a slight knock on table and that clip can move slightly giving you a bad dump rather then a good dump. I normally do 3 dumps of a chip, check and then use one as the backup, one as stock the other to mod after checking the checksum.
My Flipper Zero will take care of a BIOS lock or POP pretty quickly. I buy A LOT of "locked" computers and flip them. It's not great money, but we definitely aren't hurting for cash.
Currently experiencing a similar issue when I bought a used Asus Chromebox 4 from marketplace which was super cheap only to find out it was enterprise enrolled. Had to go the CH341A route to flash Coreboot on it but found out new machines are no longer using BIOS chips with feet like in the video.
If you've got the same laptop without a password but all those tools, just take a dump without a password then with a password set and then maybe with a different password set. Diff the binaries and now you'd know exactly what bytes to write to remove it from any bios chip of that same model.
Done a reflash on a bios chip I wrote the bios to by using another board with a similar bios chip. Start pc with good bios, carefully swap to bad bios with unit powered on. Run flash program for the right version of corrupted bios. If successful then power down and replace proper bioses into proper boards and away you go. There is also some specialized software for recovering bios passwords as well, but like you stated it really depends on the board and manufacturer implementation. I know ThinkPads of many models had to be reflashed using a programmer or serial flash cable of some description.
Could you be so kind as to compare the data dumped form both a locked and unlocked chip? If you find the locked flag and/or the password/hash, you may be able to just alter those, thereby disabling or changing the password.
I have noticed exact same thing with CH341a, newer model with 3.3V switch won't read chips with using clip, meanwhile unmodified CH341a works just fine with clip.
Can you please make a compare of the Hex dump of the bios with and without password and then see i) which bytes to change to remove the pwd, and ii) if you can extract and decrypt the pw?
8.53, you can use de board adapter connector, put a bios in the bench and connect. (do not need to solder in the adapter ) fast and practical. By the way it isnt a good policies to program in circuit, and ways do 2 or 3 dumps and conpare to confirm a good bin file.
Ha. Nice. I actually just did this a couple of weeks ago for an old laptop manufactured in 2006. The price was too reasonable to pass up and I was up for the challenge vs. the risk to do some retro games. Lucky for me, bridging a couple of pins on the EEPROM did the trick. Like a few others who posted, it was also a Thinkpad series T42.
Why weren't you able to use that clamp to read the BIOS after it had been de-soldered from the motherboard? What necessitated soldering the chip to the adaptor board?
I have an EliteDesk 800 G3 that I bought new and had connected to my TV. worked great, but as it wouldn't run Windows 11, I switched to my Dell Optiplex which is newer and more powerful. I then forced the EliteDesk to update to Windows 11 and it was reasonably acceptable, but now decided to turn it into a pfSense router... But, setting the boot to either CD-ROM or to USB, it tells me the Selected boot image did not authenticate. I've tried recreating the boot image, but suspect something else is causing the issue and neither the DVD that I burned the ISO to or the USB will work. It will fail and revert back to the M.2... I'll do some more searching, but was wondering if your messing with the EliteDesk 800, you might have some magic HP bomb that could be used...
Came across your videos as recommended for Proxmox and HA. I really like your style of presenting material in a very calm, friendly, easy manner. And one of the big things is you talk to the viewer as if we are on the same level and don't speak in terms most of us would not understand, the l33t speak as it were. I really appreciate that 😎👍 As a note, you bring up the BIOS flasher you purchased. I had this same problem with a thin client where the chip was borked during a bios update. I had gotten one of those units only to find out the same exact issue you had here, the chip runs at a different voltage as the flasher outputs. I tried to do the hack to make it work, but the thing over heated and never powered the chip. Thanks for showing the description of the device (there's actually v1.7 available that I've found), but I had first looked in your description for an affiliate link, and was saddened that you had not had one for that device. It might be a good idea to add one for it for future viewers, you never know how many ppl will be using it to get the device because they came across the video 😉
The data pins of the CH341a being at 5 volts doesn't matter. The current is so low that it's basically impossible to burn a chip. Also, instead of desoldering the chip, sometimes just plugging the cable in to supply standby power (and thus 3.3V to the chip) is enough.
I'm an IT technician, and I've worked with computers since I was 12 and couple years ago I was about to swap an HD and format and do all the stuff on my mother in law's laptop and got the locked BIOS thing going on, I read the manual and in there told me to contact ASUS for the unlock, tried a bunch of times and didnt even could have any information from them because the documentation from it was missing since her nephew owned it, I was shock that I could even do nothing with the thing, the only solution that I've found in the internet and the market around here (brazil) was to replace the chip that holds the BIOS and this around here is rather expensive.
6:44 - 6:58 From what you pointed out, it looks like the user can get a full copy of their BIOS straight from the OEM or unofficial sources, which is not correct. An oversimplified, brief explaination is that: The BIOS UPDATE cannot restore the BIOS IMAGE, because the update is not a full bios image. It has the same size as the BIOS IMAGE, but the BIOS UPDATE is mostly filled with FF to match the BIOS IMAGE layout. That is why many BIOS brands like Insyde, AMI and Phoenix have a check to prevent the users from bricking their computers. The only ways to obtain a full BIOS image for your device are: 1. Contact your device OEM, which will most likely not help you at all, by saying that "they can't make a new bios for you because they don't cover that, they don't like you or the warranty expired" 2. Dump the BIOS IMAGE with a physical programmer 3. Dump the BIOS IMAGE with a digital programmer I like your vids and I learnt some things from your channel. Keep it up ❤❤❤❤❤❤❤
If the owner of a device puts a bios password on it that can't be bypassed by the unlawful owner afterwards, that is a product which "questions the concept of ownership". Hugh Jefferies taught me that! So remember, *_it's our computer comrade_*
You dont need to solder it to the board, just clamp it directly (make sure all pins are connected) and then read it. I'd rather put least amount stress/destructive approach to a single single specimen.
I got a hold of a Surface 3 that was bios locked and the system disk was bitlocked and unbootable. It took me all of an hour and 5 minutes once I had everything needed to get the bios password and repair the Windows install. Not necessarily in that order. Most of that time was burnt on the reinstall.
I remember resetting the BIOS password for my friend's laptop using the same website you showed. It worked well. I think it was a Dell laptop. Not sure if it works all the time though, but it worked for me back then.
I have unlocked the bios for a couple T61 which were locked with power on password. Basically, until xx30 models (Ivy Bridge) you can simply short 2 pins on the bios chip while powering on. This will skip password control and let you enter the password change page to set it to blank. I have found a website with pictures of different mobo from many Thinkpad models, where you can find yours and identify the bios chip, but now seems to be offline. :(
The only issue with having 5 volts instead of 3.3 would be the write part. More voltage could just change some of the data you're trying to write. It's still pretty safe to use as long as you make sure to verify your dump each time and have a differents read dumps.
Most BIOSes need to be desoldered. It is, however, pretty easy to do, and I would people attempting this to get board schematics. Desktops are often more easy, these days they can be flashed without the system being physically on. I also noted that password unlock bios website show up, which works for about 80% of older machines - given that it gives you a code to work with. I spend a weekend unlocking about 60 laptops that I bought from eBay. I say about, because there were some in such bad shape that they could be resold, but the job let did not mention it. To me, it is a nice side hustle and I can offer the laptops cheap to the buyers. I do not sell on eBay any more, the fees are too prohibitive.
Almost all HP Desktops have this jumper got some old ones from school and could unlock all Bioses this way. It should always be possible to change some things in the Bios in case you press F10 (HP Bios button)and it asks for a password just hit enter 3 times and most of the bios will work.
I wouldn't worry too much about the non-3v3 ch341a. Because the current source capability of the CH341a chip i forget but it's absolutely miniscule, like 2mA or something, while 3v3 supply off the regulator on the board provides the clamping voltage via EEPROM's internal ESD diodes. There is a very low likelihood to kill something.
why would the windows registration key be put in the bios? wouldnt it make moire sense to put the registration key in the registry? unless these was oem custom order pcs or turnkey pcs that ran things like cash registers and atms. you could have gotten the ch341 program faster if you ordered from ebay and selected united states or amazon and select shipped by amazon. yes that would be more expensive but well worth it. before you flash the bios chip did you try looking through the binary to see if you could find the password you set? you may want to try that because since pc makers dont expect you to desolder the bios chip and dump it they may not make any attempt to encrypt the password. combined with that bios passwords are not intended to be impenetrable like other encryptions it would be fairly easy to crack.
The thing that bothers me is the Apple Activation Lock. If activated and don't know the user or user information, then you can't use the device or in my case can't use 2nd hand. I did contact Apple and they wanted proof that you bought it originally "NEW" with receipt, not ebay resale receipt. So Apple told me unless you are the original owner that they cannot unlock it. So they do have the ability to unlock it if you bought it new and shown your receipt. I even asked can you contact the original owner and email them to untie the device from there account and they said they have no way to contact them. But then how would Apple know who's device it is if given the serial number tied to the email. Apple just told me I can use it for parts or "We have plenty of new devices you can purchase on our site". And the Apple Activation Lock is not in the bios but tied to the Apples cloud service. There hardware is DRM.
I can say last time I tried to contact HP to remove a bios password on a company laptop they refused, even under warranty they will not remove a bios password. This was on a laptop so no jumper to reset and removing bios battery didn't work either.
I'm afraid this video might drive prices up for bios-locked pcs 😢 If you're not happy with that programmer, give the XGecu T48 a try (or its bigger brother). It works with everything.
I came across BIOS images that were the full size but with added header. So i compared with a backup from the chip and removed the header, then it uploaded fine and worked.
Not all bios locks are proofed against upgrades to the bios via a windows app. LENOVO ones may be bypassed where genuine upgrades are available. During the upgrade tge settings are reset to factory default. This I found on the miix 720 tablets used in schools.
Personally, I noticed that a lot of times when a bios gets corrupt a bios password that doesn't exist gets set and it happened to an old lenovo ideapad laptop of mine, I swear I never set a password on it, I don't really care because the settings are right and the boot selector works
I bought a PC Laptop at a decent price at Costco, and found it was an S mode machine.Took me 3 months to to exit S mode as my phone number was already used on another machine for my parents, and then I forgot the Microsoft account credentials used to exit S mode to add Zoom to the machine. With forgotten credentials, could not use my phone number to open another Micorsoft account, so yea, locked out of the new machine. Could not use the free one year subscription to Office 360, so yes, it was a box with a working web browser I don't use, and a free card game. Finally a walkthrough video was found on how to exit S mode without a MS account. This worked, so the computer is now working for me. S Mode is a really locked down machine.
I always buy them because i am a repair master and k ow how to flash them easily with a custom or unlocked bios, even managed to install a custom os on a settoobox for tv using uart. I also know how to change a few bits in hex. But your tips help other people
I have a 805 G6 mini with bios password, I've looked and looked cant seem to find a fix for it...ugh!!! HP will not budge on it...unless you know creditals on owner. Anyone have any ideas??
An interesting video!👍👍I have an HP Compaq DC7800p USDT, and to do something as simple as change the boot order a password is required, it's only that one pc., though as I had another example of the same pc., and it did not require a password. I had no idea what the password could be or how to find out, so I rapidly pressed the enter key on the keyboard and that succeeded. Those computers are old and they use DDR2 ram., and the maximum is 4 gig, but I have found that with 4 gig., and an SSD., and a lightweight Linux OS., installed that they are okay for basic computing, for example, checking e-mail, browsing Ebay, watching YT., videos, doing office work etc..
If you have an encrypted disc but don't have the key, format it. For a bios locked laptop I had, I unplugged the bios battery. It even corrupted a hard drive I put in it with its "Return me!" lock screen on bios boot.
Bought a BIOS locked Dell from a company that was liquidating. They were supplied the computer from a vendor, so I called the vendor to see if they could help me unlock it, and they were complete D*CKS about it. "you just bought yourself a paper weight". A few moments after that phone call, I found the jumper on the board that resets the BIOS, and was good to go.
I've reprogrammed a lot of chromebooks to put linux on them. I didn't know that my programmer had an update though. I'm going to have to look into getting me one.
Many arcade boards that use PC hardware are indeed BIOS locked. Bringus Studios bought a Sega ALLS machine from Japan, and he had a headache unlocking the BIOS.
What we need is a way to get around the lock on school Chromebooks as they're essentially e-waste if the schools don't want them back and they've flooded eBay, Craigslist, and marketplace. Received one in a large trade last trade myself, the school didn't want it back, yet wouldn't unlock it, so it's stuck with a lock to the school's domain and no way to bypass it with reinstalling chromeos, removing cmos, etc.
i have an hp prebuild the only thing the bios lets you do is choose what you want to boot from and etc i need to change my ram speed and it isnt possible as the advanced settings are locked is there a way to somehow bypass it? if anyone know please let me know
I also have had luck shorting out the data line on a Bios flash during the boot process that triggers the backup bios to load. That's how I got past the bios lock on a pair of ex government panasonic toughbooks. I shorted the clock to a data line as they were next to each other with a tiny probe during different points in the boot process and triggered the bios recovery. of cours this only works on systems that have a bios recovery.
If you're planning to install windows and BIOS setting disabled booting from USB, you can take the storage out and install Windows using WinNTSetup from another computer. Reinstall the storage and continue on the BIOS-locked device. I've been doing this for many customer. It's faster than getting the chip replaced. Clear password jumper is easy and most of the time it worked. If it doesn't, yeet out computer disk.
I once had to remove a BIOS password on an old DELL laptop… The actual solution (after much Google-fu) was to fully disassemble the laptop then reassemble each PCB without the outside shell and use tweezers to short a password clear jumper at power on…easier said than done, as there were about 7 small PCBs to make the laptop complete and a bazillion screws!!! 😅
Something to try that's worked several times for me with various desktop and server motherboards, although sadly isn't an easy option for most laptops: On a lot of boards, if you replace the CPU, it will allow you one-time access to even the most locked-down BIOS, so if you have another spare CPU for your locked motherboard, remove the BIOS battery, close the CMOS jumper, then replace the CPU. Remove the CMOS jumper, replace the battery, and switch on. Some boards will take you straight to BIOS and others will give you a message to say the CPU has been changed and to press (usually) F1 to enter BIOS. Once in there, you MUST remember to change or remove the password at that point, because if you leave the original password set, it's a one-time deal until you replace the CPU again.
Swapping the amount of RAM also sometimes works.
useful tip! I've had issues with pre-crippled SFF's where they won't run with anything other than the supplied chip, every time I managed to fix it. Possibly why a lot of the "faulty/spares or repair" ones have a different CPU, someone has taken out the good working chip and substituted a potato or worse, a faulty processor.
@@conundrum2007I was gonna do that to a OptiPlex, guess I can’t?
@@dothatjustin Try it. Other option might be to send me the bad BIOS IC and I will attempt to clone it to a new one. Sometimes that is all you need, done this once before.
@@conundrum2007huh, well I’m always willing to learn more, I’m not sure what to do tho and if you wanted to try it out I can try sending it maybe ilyk
My biggest win was using a grounding trick on a thinkpad t430s to get around a bios lock. There's many videos on youtube, but the gist is you carefully use a pair of metal tweezers to ground the data pin during (not before) POST. The password is seen as blank on that boot, and you can easily set and then disable the admin password. This let me enable virtualization, update the bios, and enable the express card port.
I think that cant'b be done in newer models but at least worked in your Lenovo, thanks for the reminder !
@@wendellparham5545 interesting...
I spent many years as a service tech, & I used this trick on a lot of machines to get around weird BIOS locks.
How u dell laptop
Works great on T48s but not on T51s. The Password is stored inside the CPU. So even replacing the Flash does not help. This is part oft this Intel Anti Theft.
Your BIOS dump seems to be exactly 16M, which means its probably a full dump of the BIOS chip, even white space that might exist at the end of the chip. Most manufacturers don't fill their BIOS chips to the brim, mainly for BIOS updates and patches in the future. It's possible the HP and community BIOS's are complete images, just truncated to exclude the white space that would exist at the end of the chip
An erased chip is all FF's. If the BIOS is in Intel Hex format, rather than binary, it would only contain the pages of bytes that have zero's in them; thus it could contain the entire BIO's while still being a very small file.
The memory chip sizes are in the powers of two and the binary found was 9,1MB. Therefore it would not fit on a 8MB chip but does fit on a 16MB chip.
Hex IS binary, not rather than. It's just binary converted into a more people friendly way to read. All hex values are stored in, you guessed it, binary. If all bytes were FF then all bits are 1. Intel Hex just encodes/decodes in this instance is just compression. Everything is stored in binary, there is no "rather than binary"
@@shhhvcnear You know only half of what you think you know.
"Hex IS binary, not rather than."
Hex is ASCII TEXT, Binary is BINARY.
"It's just binary converted into a more people friendly way to read."
Converted, yes; which means it is NO LONGER BINARY. Hex REPRESENTS binary and it is more than "a more people friendly way to read". A server may not be able to accept binary and so the data may be CONVERTED to ASCII. ASCII Hex cannot have a '1' in the eight bit; if it did, it would be binary data and NOT hex.
"If all bytes were FF then all bits are 1."
Obviously.
"Everything is stored in binary, there is no rather than binary"
That's a half truth, which you don't understand because your knowledge of binary is very simplistic. Yes, everything is bits and is binary, but when engineers (and most computer literate people) refer to a binary file, they're referring to a file that has unformatted data or to be more specific, a non-text file. If you format a file to ASCII hex, then it is no longer considered a binary file (even though the data within is still made up of binary data). ASCII hex breaks the binary bytes into 4 bit nibbles, so each byte of the data is represented by two ASCII text bytes in hexadecimal format, neither of which have a '1' as the most significant bit.
"Intel Hex just encodes/decodes in this instance is just compression."
When you load an Intel hex file into a programmer, all data is first erased from the chip, which means all bits are '1' or FF. Each line in the Intel hex file (which is ASCII text, not binary) contains an address of where in memory to write the data, the data itself and a length of bytes to write, including a checksum. The hex fields (which are ASCII hex, not BINARY) are then converted to their binary values and used to modify the buffer that was previously filled with FF's before being programmed. It's not really just compression because it doesn't contain all the data within it. Instead, it assumes that any data that's not included within it is FF. So if you didn't fill the buffer with FF's first, then the data will be incorrect. usually the programmer will automatically fill the buffer with FF's before loading the Intel hex file. A compressed file contains all data and doesn't rely on assumptions. Intel hex format can also be used to patch an existing program (but this is likely over your head so I won't discuss it further).
In summary, Intel hex format doesn't need to write pages of FF's in any area because there already are FF's there from erasing. Since there are a lot of FF's in firmware, the intel hex file can be much smaller than the actual binary, even though there are two ASCII bytes representing each byte of the actual binary.
Agree. All chips, AFAIK, stores info in binaries. Even disc storages.
I used to have a defective RAM bar, if you insert it into the computer, the data loaded into the initial addresses will be corrupted by the BIOS in an attempt to restore it loads the default settings and the password disappears it was very convenient
Ooo! I can probably make one of those.
@@conundrum2007 if you make one that works et me know how much you can sell me one for
On devices of some manufacturers like Fujitsu, you can remove the bios lock by entering three specific "passwords". Then you get a long number shown on the screen which you can enter into a calculator found on the internet. There you get a code you can enter as a password to gain access to the bios.
same in old Dells
Nec too
Nice quest tho
real life side quest
There is another way of removing BIOS-password by using Intel ME software. Basically, it allows you to read and write BIOS chip from Windows, without soldering the chip. However, a few things need to be considered:
- It's needed to remove/change position of a jumper if you wanna flash to BIOS chip while reading from it doesn't. Some times you need to use a wire as the jumper is removed by default.
- Make sure that you have the right BIOS to flash to the chip. Otherwise you can't boot up. In that case you will need desolder the chip and use a programmer to flash BIOS to it.
Overall, while this technique could be avoid of using solder-iron, it requires some knowledge of understanding motherboard (and maybe reading schematic) and BIOS flash.
Interesting.
Doesn’t this only work on vPro systems?
Need more details
"There is another way of removing BIOS-password by using Intel ME software. Basically, it allows you to read and write BIOS chip from Windows, without soldering the chip."
If you could do that, then it means you don't need to do it because you're already past the BIOS password.
@@lizardking8388 Still good for a BIOS only password to get into the settings, not a power on password.
Cheers for the shout out, great video - whish I could get this much information into 10mins!
In-circuit flashing (with the clamp) is definitely possible as you've discovered, but I always de-solder the chip, as unless you have a detailed understanding of the platform, you never know what else is getting powered up by the clamp, and what else is listening on the bus. Soldering is also dangerous, but I know those risks a lot more than if the PCH is going to breakdown when an unmodded CH341a bashes 5v onto the SPI bus. It's low current sure, but I don't need to roll those dice if I flash out-of-circuit.
Ah the legend himself! And I would argue you get more info in most of your videos than I have on my entire channel. Without a doubt your videos were the inspiration to buy a hot air station and give it a go, lol.
Hi! I started watching your video. Something i love to watch because I was a computer technician and dealing with almost everything you've shown there.
> "you never know what else is getting powered up by the clamp"
In fact, most of all times it's the KBC. Which will then try to read its firmware from the same chip, and then attempt to start the motherboard or at least its always-on devices like a charging port. And hopefully everyone here knows that on SPI bus there is no mandated hardware detection of colliisions, and flash chips are "dumb" either way, so reading the chip in the same time the KBC accesses it is bad.
The ch431 doesnt have a problem with the 5 volt "issue". It is well explained and tested in this video: ua-cam.com/video/J8-Sh7DjiXw/v-deo.htmlsi=Mei2TuFyq16XZaZ3
BIOS said: 37 times
🗿
Two more likes and we'll get this comment to 37, too.
Whoops lol
@@HardwareHaven37
Bios means life
Notice if you are running a HP ProBook/EliteBook/ZBook up to the Folio 9470m:
DO NOT JUST OVERWRITE THE BIOS WITH A DUMP THAT EXISTS ON THE INTERNET. Because when you do, the Serial Numbers and the MAC Address of the Ethernet Card gets overwritten.
What you should instead do is capture the Current BIOS, flash an unlocked one, power the PC on, flash the original locked bios while the PC is running, set a new Password and then reboot.
Otherwise you will for example get Code 43 for the Ethernet Chip because the MAC Address is incorrect, and there could be problems with Windows Activation.
Question: You say "flash the original locked bios while the PC is running", would that be while running BIOS setup?
You flash unlocked BIOS, enter BIOS setup, and flash original BIOS while still in BIOS setup?
Picked up a bios locked 845 G7 from work for 20 bucks. Had to learn how to desolder and reprogram the bios, but it wasn't too difficult for me since I at least have some soldering skills and watch LOTS of board level repair videos in my free time. Threw in some ram and a drive, and I have a killer daily driver that cost under 100 bucks total.
That's a lot of work for someone who doesn't rebuild laptops regularly
@@patsfan4life I do laptop refurbishing as my job, but we don't typically do board level repairs. Since all the tools to do the job was cheap I figured it was a good chance to learn since I had a supply of parts to pull from
I have the same model except g8
So have to desolder the chip. Great, time to invest in a rework station and a sacrifice to the motherboard Gods so they will provide a bios to program into the chip.
One of my favorites is the older laptops with a password chip. If it reads 0000s from the chip it assumes no password. The trick is you short the clock and data pins right when it checks for a password, it won't see one and you can get into the BIOS. Then set a blank password, it will overwrite the stored password.
If you find that the motherboard is stealing the power from your clip programmer it might be pulling the voltage down too low. I keep a 1/2 charged Lithium Ion battery around ~3.6v to connect along with the CH341A.
The other option would be powering the board and letting it provide the power to the chip.
I do run into chips that need pulled from the board at times.
I know you didn't cover it but one Hard Disk password exploit that worked well for me on ide/sata spinning rust drives was to power on machine with unlocked hard disk into the bios and into the security settings, hot swap the drive to the locked drive, select to lock drive and set a password, save and exit. Upon boot it will still be locked but only with the password you provided. Now you can go into bios and unlock with the password you set.
lmfao
For many systems there's also some default passwords available that can be used to unlock a machine. Worked fine for an M93p I grabbed off Ebay for cheap.
What was it?
Setting a bios password on random computers you get your hands on sounds like the most evil plan for world domination.
UEFI attacks do this exact thing to gain control of the host before the OS level user can interfere.
Needs to be made illegal big time
Enabling BitLocker is one of mine. Mwahahahaha!
@@conundrum2007 *reinstalls windows*
From experiences I have had with these Mini PCs and some whacky BIOS mods I have done in the past (going from turbo boost unlocking on Haswell to NVMe module injection), these sometimes require the power brick connected and a power cycle while - power button is kept pressed - to allow the chip to be powered and selected (floating SS line) and avoid the tedious (de)soldering task!
Another pro-tip to whom it may concern, AMI bioses sometimes are flashable without needing the (risky) HDA_SD0 pin short or the ME disable jumper on with AFUWIN v3.05.04 and the magic /GAN flag!
I wish I was on this level of technical skill
I don't buy bios-locked pc, simply because I don't have the time or tools or patience to work on it just to save $20 (roughly), unless the unlock is guaranteed and is super easy. The only time this would make sense is if I'd save at least $100 by buying a bios-locked pc/motherboard and if it is worth the effort to do so, like a rare PC. But it is fascinating to watch others do it. It feels like magic.
This randomly appeared on my homepage and I'm so glad it did. I got a bunch of Optiplex 7070s from a school that was tossing them out, and I discovered that one of them had both a dead battery and a BIOS lock-meaning I couldn't even fix the incorrect clock until after booting up. Turns out this model does have that jumper, which is not just conveniently labeled PSWD, there are even instructions printed nearby that say "1-2: NORMAL, EMPTY: CLEAR PASSWORD". Considering how easy it would be for a kid to reboot and mess with stuff, I'm surprised it was the only one they had bothered to lock. Must have been the computer lab teacher's computer. 😄
On a lot of aftermarket mobos you have options. Simple clear cmos, alternate bios, or a socketed bios chip you can just replace. I've picked up some good deals on hardware that was locked.
having a listing that says locked bios on a dual bios mobo with a hardware switch would be funny haha
Flashing the bios without the serial number and mac address seems not to matter that much.
I used the image dumped and cleaned by another user so it was already the correct size but missing the info mentioned above.
I was able to recover a system that was not starting before. Works to this day.
that is true. But it does matter on chromebooks. If you lose the original firmware it's a paperweight if you didn't already put good working custom firmware on it
@Hardware Haven You were lucky.. Sometimes just bios reflash doesn't help, for example HP laptops has protection against password reset via bios reflash, it simply doesn't work and password is still present... It is still possible, but you must use 3rd party software to patch bios that you want to use for reprograming and then wirte it into SPI chip. For example as I remember correctly, sometimes password is stored in a few places, so simply bios reflash/.CMOS reset not always works, because mainboard is able to recognize that BIOS was reflashed and was password protected... Keep that in mind that you have do more then simply bios reflash, it's not always so simple, becuase modern computers are protected against that, aspecially laptops...
Over the years I’ve blown up two desktop motherboards by flashing the wrong bios in one and not using the proper OS the flashing software wanted. (I used win 10 but the loader program wanted win 7) I didn’t throw either motherboard away and I figured a solution would pop up in the future. The first dead mb was fixed by swapping the dead bios chip with another bios from a similar mb (socketed bios chip swap) and the second one was fixed with a CH341a reflash.
I would not call it blown! Its just stupid saying i blown a mother board without any components blown up i would call it bricked! Please say it right
I think this has to be the dumbest mistake to make the bios upgradable and not have a failsafe in case something goes wrong, but once again this might be just another reason to sell you more hardware.
I never upgrade the bios, especially on expensive laptops, because if something goes wrong, good luck, all you have left is a expensive piece of junk.
@@309electronics5 say it how you wish. trust me, When i flashed the wrong BIOS from being in a hurry and I needed to use the computer, it was truly "blown up" at the time (this was 20 odd years ago) I had no hope of ever fixing it at that time nor did i know if i could ever fix it. It was just by accident that I got given a similar MB with the same BIOS chip a few years later. Yes, it bricked or blown or non functional and it was just lucky that i fixed it.
@@D4no00most pcs nowadays have 2 copies of bios
@@JordanPlayz158 "most" is the perfect word to describe this. Since there is no standard, you are not guaranteed that you won't brick the device should something go wrong.
Just did one about a month ago. 2016/17 HP laptop. There's a built in feature. Hold Windows+B while powering on. Continue holding until it reboots (could be as long as 45 seconds), then release. Should let you into BIOS when it comes back on.
one tip 10:10.. intel ME Management Engine needs to be Clean aka Configured to be able to boot on Others PC.. same pc works fine.
there is hp unlocker for up to 2016 then RC Unlocker for newer.
hp serials tend to be in paddings you can see w UEFiTooL
Amazing intro! I love it! Keep it up man. Love how your channel is growing.
Thanks! I was nervous to try something different haha
I'd like to see a comparison of the bios dump with and without the password... It would be interesting to see if it was hashed or just stored in plaintext.
If it just encrypts the BIOS, then it may not be stored at all.
True, but that should also be easy to spot - if you add an 8 character password and the entire file changes then it encrypted the whole thing. Or I should say most. Because a small piece would have to stay unencrypted to ask for the password and decrypt the rest.@@anon_y_mousse
I'd recommend doing a comparison between the bins for each to see where the pin is stored, and either modify with a hex editor or remove (with blanks)
I was thinking the same thing since he had a backup of the locked version. Would come in handy if considering buying more.
I got a free HP Z440 from work once and it had a BIOS password on it. I quickly Googled my computer and how to clear it. It was nice all I had to do was remove the jumper and push a button, like on your HP in this video. Then put the jumper back and I can set my own password. I never liked HP, but this workstation was pretty nice and works well. I threw in a Xeon E5-2689 V4 (probably overkill), populated all RAM slots with 8GB sticks (64GB total), and put in my EVGA RTX 2070 FTW3 Ultra I had lying around. Surprisingly, the power supply is able to keep up no problem. I tested an RX 6500 XT and a GTX 970 with the Xeon E5-1620 V3 it came with and it turned out to be a pretty decent little machine for light gaming.
Yeah, hp z i think has 400 watts and the g towers models have 320 watts
You could also ask the seller if they know what company the bios locked system comes from. In most of the systems I've gotten over the years the bios password was just the name of the company.
At least it wasn't 'Bob'
They have application for that btw.
1 - Dump BIOS
2 - Open Bios with the nice Russian software (that don't say anything but just create another .bin file with "unlocked" in the name)
3 - Flash back the bios using the "unlocked" one.
Name of this software?
@@Unmixable404 RCUnlocker
i wrote software that does that... unfortunately it was for work... so only they can use it...
i can't give away the trade secrects ;)
hi @@HotNoob
@@HotNoobn you help me to remove password of bios
thanks for the shout out! appreciate it, made Our Son very happy, He is a big fan 🙂
I once repaired an Asus ROG laptop that had failed to upgrade to windows 10. The bios was corrupted during OS install (no idea how). I was able to use a raspberry pi and a SOC clip to reprogram it. I had a similar issue with not being able to read the chip in system, but figured out I could plug in the power (without turning on the laptop), and that was enough to power the chip and dump the ROM. You might try it out next time, it could save you a ton of soldering.
What were the specs
@@BnE-sports ROG G750JH (Black Flag edition) Has a i7-4700HQ and a GTX 780M among other things.
cant wait for this video to get millions of views and then have those seller increase the price of bios locked shit like how people constantly made dell optiplex builds and sellers amped the old optiplex prices to get on the wagon
Prices rises so fast)
8:25 the problem here was that you have connected the ram and also the CMOS battery!!! to the MB. Those need to be removed so you don't have to deal with solder-disolder process.
I had recently purchased old RM computer for £19 that's bios locked and even had the original hard drive with the original operating system and had to replace on screen keyboard with command prompt inorder to change the administrator password to login as administrator. Fingers crossed the method for removing the bios password won't get crazy complex.
Lifting prom pin 1 or 8 from the motherboard will allow you to program it without desoldering. Do not ground the voltage pin as some people say, it could damage the chip and your programmer. I usually slide a piece of kapton tape under the lifted pin to make sure it doesn’t make contact again while clamped. Cheers!
I bought an hp 720 plus for like 50 bucks but it came bios locked lucky for me all I had to do was move the jumper and hold the cmos button like you said. Great video probably going to use this in the future!
Most motherboards have not standardized header pins that allow me to connect striate to the bios chip. I use mostly those to get a copy of the BIOS and reprogram it. Stand alone motherboards are easy, you just flash the new bios file from the support page on the chip. Mainboards from Dell, Lenovo or you name it including a windows key are harder and a big pain. You need to preserve the windows key and serial numbers this means there is no other choice than replacing parts of the bios mostly by try and error.
If you dump the original bios, the serial number and windows key are typically stored in plain text
@@coctailrob It is mostly not easy to find those, they are not labelled with serial number or windows key.
@@Amixus that's true. But I think last time I looked , the windows key was stored in one of the padding sections (extracted using uefi tool software )
So another way is to dump the bios, you can then pull the password hash out and throw it into something like hashcat and using a gtx3080ti crack the hash in like 2 hours
Or just generate a hash from string of text and replace the existing hash with the new one.
@@StuffJason437
If you got a bunch of equipment from the same location, knowing the password can be more helpful.
For example, the state government education department I used to work for used the same BIOS password for over a decade in all schools across hundreds of different models of computer. The password was "danish", for anyone who wants to work out what state it was (it was well known). So if anyone was buying equipment from a school, and got 5 or 6 different models, flashing one fixed bios wouldn't help but cracking the password probably would.
On lenovo you can modify and set serial, mtm, name (on laptops kbd layout) using either Planar or Golden Key U1 tools which both are lenovos own tools. Planar is designed for thinkpad and U1 works with other lenovo computers. Both tools are used to brand the motherboard after replacement. Additionally U1 can be used to re-flash / recover corrupted bios.
Firstly it was great of you to point out the flaw with the CH341A, I was in the same boat on mine as i was only flashing 1.8v chips the issue didn't both me but as it started to look like i was going to be touching 3.3v i replaced it with the new version.
Secondly i would like to expand on what you said about saving a dump of the chip.
Really you should be dumping the content of the chip 2 or 3 times before even flashing anything back then comparing the files checksums match. It takes just a slight knock on table and that clip can move slightly giving you a bad dump rather then a good dump.
I normally do 3 dumps of a chip, check and then use one as the backup, one as stock the other to mod after checking the checksum.
My Flipper Zero will take care of a BIOS lock or POP pretty quickly. I buy A LOT of "locked" computers and flip them. It's not great money, but we definitely aren't hurting for cash.
Isn't that thing wireless only? Or you can attach cables to it and use it like the programmer he showed?
@@TerminalHeatSink iirc it has usb and gpio
i own a flipper, didn't know it could be used in that way
Currently experiencing a similar issue when I bought a used Asus Chromebox 4 from marketplace which was super cheap only to find out it was enterprise enrolled. Had to go the CH341A route to flash Coreboot on it but found out new machines are no longer using BIOS chips with feet like in the video.
a n i m e
n
i
m
e
If you've got the same laptop without a password but all those tools, just take a dump without a password then with a password set and then maybe with a different password set. Diff the binaries and now you'd know exactly what bytes to write to remove it from any bios chip of that same model.
Did you compare the binaries before and after setting the password?
Done a reflash on a bios chip I wrote the bios to by using another board with a similar bios chip. Start pc with good bios, carefully swap to bad bios with unit powered on. Run flash program for the right version of corrupted bios. If successful then power down and replace proper bioses into proper boards and away you go.
There is also some specialized software for recovering bios passwords as well, but like you stated it really depends on the board and manufacturer implementation. I know ThinkPads of many models had to be reflashed using a programmer or serial flash cable of some description.
Could you be so kind as to compare the data dumped form both a locked and unlocked chip? If you find the locked flag and/or the password/hash, you may be able to just alter those, thereby disabling or changing the password.
I have noticed exact same thing with CH341a, newer model with 3.3V switch won't read chips with using clip, meanwhile unmodified CH341a works just fine with clip.
Can you please make a compare of the Hex dump of the bios with and without password and then see i) which bytes to change to remove the pwd, and ii) if you can extract and decrypt the pw?
8.53, you can use de board adapter connector, put a bios in the bench and connect. (do not need to solder in the adapter ) fast and practical. By the way it isnt a good policies to program in circuit, and ways do 2 or 3 dumps and conpare to confirm a good bin file.
Ha. Nice. I actually just did this a couple of weeks ago for an old laptop manufactured in 2006. The price was too reasonable to pass up and I was up for the challenge vs. the risk to do some retro games. Lucky for me, bridging a couple of pins on the EEPROM did the trick. Like a few others who posted, it was also a Thinkpad series T42.
Why weren't you able to use that clamp to read the BIOS after it had been de-soldered from the motherboard? What necessitated soldering the chip to the adaptor board?
I have an EliteDesk 800 G3 that I bought new and had connected to my TV. worked great, but as it wouldn't run Windows 11, I switched to my Dell Optiplex which is newer and more powerful.
I then forced the EliteDesk to update to Windows 11 and it was reasonably acceptable, but now decided to turn it into a pfSense router...
But, setting the boot to either CD-ROM or to USB, it tells me the Selected boot image did not authenticate.
I've tried recreating the boot image, but suspect something else is causing the issue and neither the DVD that I burned the ISO to or the USB will work.
It will fail and revert back to the M.2...
I'll do some more searching, but was wondering if your messing with the EliteDesk 800, you might have some magic HP bomb that could be used...
Came across your videos as recommended for Proxmox and HA. I really like your style of presenting material in a very calm, friendly, easy manner. And one of the big things is you talk to the viewer as if we are on the same level and don't speak in terms most of us would not understand, the l33t speak as it were. I really appreciate that 😎👍
As a note, you bring up the BIOS flasher you purchased. I had this same problem with a thin client where the chip was borked during a bios update. I had gotten one of those units only to find out the same exact issue you had here, the chip runs at a different voltage as the flasher outputs. I tried to do the hack to make it work, but the thing over heated and never powered the chip.
Thanks for showing the description of the device (there's actually v1.7 available that I've found), but I had first looked in your description for an affiliate link, and was saddened that you had not had one for that device. It might be a good idea to add one for it for future viewers, you never know how many ppl will be using it to get the device because they came across the video 😉
The data pins of the CH341a being at 5 volts doesn't matter. The current is so low that it's basically impossible to burn a chip.
Also, instead of desoldering the chip, sometimes just plugging the cable in to supply standby power (and thus 3.3V to the chip) is enough.
I'm an IT technician, and I've worked with computers since I was 12 and couple years ago I was about to swap an HD and format and do all the stuff on my mother in law's laptop and got the locked BIOS thing going on, I read the manual and in there told me to contact ASUS for the unlock, tried a bunch of times and didnt even could have any information from them because the documentation from it was missing since her nephew owned it, I was shock that I could even do nothing with the thing, the only solution that I've found in the internet and the market around here (brazil) was to replace the chip that holds the BIOS and this around here is rather expensive.
6:44 - 6:58
From what you pointed out, it looks like the user can get a full copy of their BIOS straight from the OEM or unofficial sources, which is not correct.
An oversimplified, brief explaination is that:
The BIOS UPDATE cannot restore the BIOS IMAGE, because the update is not a full bios image. It has the same size as the BIOS IMAGE, but the BIOS UPDATE is mostly filled with FF to match the BIOS IMAGE layout.
That is why many BIOS brands like Insyde, AMI and Phoenix have a check to prevent the users from bricking their computers.
The only ways to obtain a full BIOS image for your device are:
1. Contact your device OEM, which will most likely not help you at all, by saying that "they can't make a new bios for you because they don't cover that, they don't like you or the warranty expired"
2. Dump the BIOS IMAGE with a physical programmer
3. Dump the BIOS IMAGE with a digital programmer
I like your vids and I learnt some things from your channel.
Keep it up ❤❤❤❤❤❤❤
If the owner of a device puts a bios password on it that can't be bypassed by the unlawful owner afterwards, that is a product which "questions the concept of ownership". Hugh Jefferies taught me that! So remember, *_it's our computer comrade_*
You dont need to solder it to the board, just clamp it directly (make sure all pins are connected) and then read it. I'd rather put least amount stress/destructive approach to a single single specimen.
I got a hold of a Surface 3 that was bios locked and the system disk was bitlocked and unbootable. It took me all of an hour and 5 minutes once I had everything needed to get the bios password and repair the Windows install. Not necessarily in that order. Most of that time was burnt on the reinstall.
I remember resetting the BIOS password for my friend's laptop using the same website you showed. It worked well. I think it was a Dell laptop. Not sure if it works all the time though, but it worked for me back then.
I have unlocked the bios for a couple T61 which were locked with power on password. Basically, until xx30 models (Ivy Bridge) you can simply short 2 pins on the bios chip while powering on. This will skip password control and let you enter the password change page to set it to blank. I have found a website with pictures of different mobo from many Thinkpad models, where you can find yours and identify the bios chip, but now seems to be offline. :(
Very nice vid, it's also possible to solder a 8 pin chip socket in place of the bios chip, modding it into a removable bios chip
The only issue with having 5 volts instead of 3.3 would be the write part. More voltage could just change some of the data you're trying to write. It's still pretty safe to use as long as you make sure to verify your dump each time and have a differents read dumps.
Most BIOSes need to be desoldered. It is, however, pretty easy to do, and I would people attempting this to get board schematics. Desktops are often more easy, these days they can be flashed without the system being physically on. I also noted that password unlock bios website show up, which works for about 80% of older machines - given that it gives you a code to work with. I spend a weekend unlocking about 60 laptops that I bought from eBay. I say about, because there were some in such bad shape that they could be resold, but the job let did not mention it. To me, it is a nice side hustle and I can offer the laptops cheap to the buyers. I do not sell on eBay any more, the fees are too prohibitive.
Almost all HP Desktops have this jumper got some old ones from school and could unlock all Bioses this way. It should always be possible to change some things in the Bios in case you press F10 (HP Bios button)and it asks for a password just hit enter 3 times and most of the bios will work.
I literally was forced to do this yesterday due to me accidentally powering down an old system. Nice vid as always!!!
I wouldn't worry too much about the non-3v3 ch341a. Because the current source capability of the CH341a chip i forget but it's absolutely miniscule, like 2mA or something, while 3v3 supply off the regulator on the board provides the clamping voltage via EEPROM's internal ESD diodes. There is a very low likelihood to kill something.
Just found out about your channel, i am already loving it!
Wow great video. Love the super technical details. Thank you.
It's best to only connect or disconnect the clip on the chip while the programmer is unplugged.
why would the windows registration key be put in the bios?
wouldnt it make moire sense to put the registration key in the registry?
unless these was oem custom order pcs or turnkey pcs that ran things like cash registers and atms.
you could have gotten the ch341 program faster if you ordered from ebay and selected united states or amazon and select shipped by amazon.
yes that would be more expensive but well worth it.
before you flash the bios chip did you try looking through the binary to see if you could find the password you set?
you may want to try that because since pc makers dont expect you to desolder the bios chip and dump it they may not make any attempt to encrypt the password.
combined with that bios passwords are not intended to be impenetrable like other encryptions it would be fairly easy to crack.
If the password is stored at all. They could just take the simple method of encrypting the whole BIOS.
@@anon_y_mousse only other reason to encrypt the bios is if there is proprietary software in the bios.
@@ejonesss They might well decide to do it because they're dicks. You never know.
The thing that bothers me is the Apple Activation Lock. If activated and don't know the user or user information, then you can't use the device or in my case can't use 2nd hand. I did contact Apple and they wanted proof that you bought it originally "NEW" with receipt, not ebay resale receipt. So Apple told me unless you are the original owner that they cannot unlock it. So they do have the ability to unlock it if you bought it new and shown your receipt. I even asked can you contact the original owner and email them to untie the device from there account and they said they have no way to contact them. But then how would Apple know who's device it is if given the serial number tied to the email. Apple just told me I can use it for parts or "We have plenty of new devices you can purchase on our site". And the Apple Activation Lock is not in the bios but tied to the Apples cloud service. There hardware is DRM.
Love the improved presentation of your new video!!
Keep it up!!
Thanks! I'm really trying haha
I can say last time I tried to contact HP to remove a bios password on a company laptop they refused, even under warranty they will not remove a bios password. This was on a laptop so no jumper to reset and removing bios battery didn't work either.
Not sure if the bios password has any cooldown when entering it but if not a bruteforce to get the password and then turn it off in the bios settings
What's that clothes peg thing at 6:18? You don't have to desolder the BIOS chip?
@8 ah...
@8:40 yeah, no...
tip for heatgun soldering: when you remove chips use flux and circle the heatgun around the chip. solder will melt faster.
I'm afraid this video might drive prices up for bios-locked pcs 😢
If you're not happy with that programmer, give the XGecu T48 a try (or its bigger brother). It works with everything.
Already did)))
what about the ch341a
I came across BIOS images that were the full size but with added header. So i compared with a backup from the chip and removed the header, then it uploaded fine and worked.
been doin' it for years ^^ though for programmer, Tryna get a TL866+ or a T56 , those are way more stable and better to work with ^^
Not all bios locks are proofed against upgrades to the bios via a windows app. LENOVO ones may be bypassed where genuine upgrades are available. During the upgrade tge settings are reset to factory default. This I found on the miix 720 tablets used in schools.
Personally, I noticed that a lot of times when a bios gets corrupt a bios password that doesn't exist gets set and it happened to an old lenovo ideapad laptop of mine, I swear I never set a password on it, I don't really care because the settings are right and the boot selector works
I bought a PC Laptop at a decent price at Costco, and found it was an S mode machine.Took me 3 months to to exit S mode as my phone number was already used on another machine for my parents, and then I forgot the Microsoft account credentials used to exit S mode to add Zoom to the machine. With forgotten credentials, could not use my phone number to open another Micorsoft account, so yea, locked out of the new machine. Could not use the free one year subscription to Office 360, so yes, it was a box with a working web browser I don't use, and a free card game. Finally a walkthrough video was found on how to exit S mode without a MS account. This worked, so the computer is now working for me. S Mode is a really locked down machine.
I always buy them because i am a repair master and k ow how to flash them easily with a custom or unlocked bios, even managed to install a custom os on a settoobox for tv using uart. I also know how to change a few bits in hex. But your tips help other people
I have a 805 G6 mini with bios password, I've looked and looked cant seem to find a fix for it...ugh!!! HP will not budge on it...unless you know creditals on owner. Anyone have any ideas??
An interesting video!👍👍I have an HP Compaq DC7800p USDT, and to do something as simple as change the boot order a password is required, it's only that one pc., though as I had another example of the same pc., and it did not require a password. I had no idea what the password could be or how to find out, so I rapidly pressed the enter key on the keyboard and that succeeded. Those computers are old and they use DDR2 ram., and the maximum is 4 gig, but I have found that with 4 gig., and an SSD., and a lightweight Linux OS., installed that they are okay for basic computing, for example, checking e-mail, browsing Ebay, watching YT., videos, doing office work etc..
Will bitlocker detect changes in BIOS and block harddrive from "automatically unlocking on this machine"?
If you have an encrypted disc but don't have the key, format it.
For a bios locked laptop I had, I unplugged the bios battery. It even corrupted a hard drive I put in it with its "Return me!" lock screen on bios boot.
Bought a BIOS locked Dell from a company that was liquidating. They were supplied the computer from a vendor, so I called the vendor to see if they could help me unlock it, and they were complete D*CKS about it. "you just bought yourself a paper weight". A few moments after that phone call, I found the jumper on the board that resets the BIOS, and was good to go.
I've reprogrammed a lot of chromebooks to put linux on them. I didn't know that my programmer had an update though. I'm going to have to look into getting me one.
Many arcade boards that use PC hardware are indeed BIOS locked. Bringus Studios bought a Sega ALLS machine from Japan, and he had a headache unlocking the BIOS.
those hp have two bios chip, did you tried to flash bios that has mebx password set? i have bunch of them and regular bios reset do not help
that 5 volt is not a problem, search about it and you find out, Sorin explained about in his channel.
What we need is a way to get around the lock on school Chromebooks as they're essentially e-waste if the schools don't want them back and they've flooded eBay, Craigslist, and marketplace. Received one in a large trade last trade myself, the school didn't want it back, yet wouldn't unlock it, so it's stuck with a lock to the school's domain and no way to bypass it with reinstalling chromeos, removing cmos, etc.
i have an hp prebuild the only thing the bios lets you do is choose what you want to boot from and etc i need to change my ram speed and it isnt possible as the advanced settings are locked is there a way to somehow bypass it? if anyone know please let me know
Is bios lock thing is only on hp and leveno pcs????
I also have had luck shorting out the data line on a Bios flash during the boot process that triggers the backup bios to load. That's how I got past the bios lock on a pair of ex government panasonic toughbooks. I shorted the clock to a data line as they were next to each other with a tiny probe during different points in the boot process and triggered the bios recovery. of cours this only works on systems that have a bios recovery.
If you're planning to install windows and BIOS setting disabled booting from USB, you can take the storage out and install Windows using WinNTSetup from another computer. Reinstall the storage and continue on the BIOS-locked device.
I've been doing this for many customer. It's faster than getting the chip replaced. Clear password jumper is easy and most of the time it worked. If it doesn't, yeet out computer disk.
I once had to remove a BIOS password on an old DELL laptop…
The actual solution (after much Google-fu) was to fully disassemble the laptop then reassemble each PCB without the outside shell and use tweezers to short a password clear jumper at power on…easier said than done, as there were about 7 small PCBs to make the laptop complete and a bazillion screws!!! 😅
What model did you try this on
@@doityourself2save it was YEARS ago…so unfortunately I can’t remember…
The most informative video on UA-cam. That info as gold !