BIOS bypassing, yet again

Well, not so long ago I had to bypass a BIOS password on a government computer. Some google wizardness quickly revealed a lot of laptops actually have some kind of admin/master password which can reverse engineered or brute forced, any way you want. I already told you about the http://bios-pw.org/ website which could help you for a great deal. If not, maybe Dogbert’s Blog is something for you. He has some nice tools for you to download, including the source code. Great job man!

Advertisements

Dell E4300 BIOS hacking

I just got my hands on a 2nd hand Dell Latitude E4300 laptop previously owned by the Belgian Ministry of Justice. The computer has a functional Windows license on it, however the computer is currently configured in a Administrative Domain so any normal users that could possible log into this machine is not allowed to install any software. Furthermore, since I didn’t have any user credentials I was forced to find a way to bypass the AD user login. Linux  gives us some possibilities, however since the BIOS is locked by a administrative password I was not able to select or change any other boot device aside of the hard drive. One solution is to unscrew the hard drive and install it into another computer where you do have the boot options available. However, bypassing the BIOS admin password is not so hard either on these machines and requires just some googling…

To get into the administrative password protected BIOS, first press f12 during system boot to get into the E4300 BIOS. You’ll notice the unlock button at the bottom. Press it and you’ll be asked for the admin password. You can however obtain the master password from the following website: http://bios-pw.org/, enter your serial number (might look like this: 1234567-2A7B), and use the password that is given by “Dell by serial number”. So in the BIOS, press the unlock button, next enter the password and press ctrl + enter and now you should get into the unlocked BIOS. One remark here: the password should be entered on a QWERTY keyboard, for AZERTY keyboards you’ll have to convert your password to a QWERTY string. So, if for example you get the following response from the BIOS-PS.ORG website: “Dell by serial number: hTfn7Xz3yWqg8”, then you should enter “hTfnèXw”yZag!” on a Belgian AZERTY keyboard. So the trick here is to enter numbers without using the shift button as you’re used to, switch “q” with “a”, “z” with “w”, and “m” with “,”.

Now, make yourself a LINUX life boot cd, mount the windows drive and save whatever data you wanted to safe. Good luck!