Sep 29, 2017 Check the BIOS version and see if an update option is available — some newer motherboards let you update the UEFI straight from the BIOS menu. If so, run the update, let it finish and then let. The bios password is a protective measure that can stop someone from using your computer or changing some of the most sensitive parts of the computer. It's quite a genius safety feature. But what if you just HAVE to hack your friend's computer? Well, then read on. There is one proven way to bypass the bios password: By removing the hard drive.
![]()
Jul 18, 2020 • Filed to: Windows Computer Solutions • Proven solutions
ROM BIOS or commonly known as BIOS is an integral part of a computer. Whenever we turn on the computer, initially it shows the memory capacity, also suddenly the light of the NUM lock glows, and there is a beep sound at the end, after which we see the familiar Windows Logo. For a computer geek, this is normal behavior that a computer exhibits after it is turned on, however the same cannot be said about others who are not much familiar with computer hardware, and might be using it to accomplish the daily tasks. They might keep on wondering, what exactly happens when the computer is turned on. Here come the role and importance of the BIOS. It is a chip located on the system board or motherboard of a computer. It holds all the information about the hardware of the computer. Suppose you have added a new hard drive to your computer to enhance the space, and that hard drive is not getting detected in BIOS.
Will you be able to use that drive once you login to Windows? The answer is No, BIOS has to detect the hard drive first, since it holds all the information related to hardware settings, and then it will be detected by the operating system.BIOS hold all the information related to hardware settings, system date, and time. It is also responsible to initiate POST which is a self-check done on the system by itself.
Part 1: How to crack BIOS password
There are some annoying scenarios where you want to change some settings in BIOS and you find that it is not taking the password. You might get a screen like this.
This also might be a scenario where you have bought the computer for someone else and the seller didn’t share the BIOS password. Also possible that someone else uses the same computer and has set a different password in BIOS. We keep on trying with our best-guessed passwords. But, after certain tries also it didn’t work, then do what? If I cannot enter BIOS that means I don’ be able to make any changes in settings.
In that case, we have to break the BIOS password. There are different ways to crack the BIOS password. Some steps are given below :
Step 1 The first option will be to change the Password Jumper Settings on the BIOS. There is a specific jumper on the motherboard which is meant for this. However, it is advisable to read the product manual first before trying this step, because the position of the Jumper will differ from one motherboard to another.
Step 2 To perform this one has to turn off the computer, make sure the power cable is out of the wall outlet. Unscrew the screws located on the Side Panel of the CPU.
Step 3 Once, you do that, identify the location of the BIOS jumper on the motherboard by checking in product documentation and reset the same.
The jumper might be labeled as CLEARCMOS or JCMOS1. However, the best will be to always refer to the product documentation.
Step 4 Once this is done, restart the computer and check whether the password is cleared or not. Now once the password is cleared, turn off the computer once again, and put back the jumper to its original position.
If the first method doesn’t work, you might try the backdoor entry. In the case of desktop, this has to be accomplished by checking the CMOS jumper.
For laptop users :
For laptop users, the process will be entirely different, since they have to use a backdoor password entry option. Enter the wrong password thrice on the screen, which will show an error like this.
Make a note of the code which is displayed. And then find a BIOS password cracker tool like this site: http://bios-pw.org/ Enter the displayed code and then the password will be generated in a few minutes.
Part 2: How to bypass BIOS password
Another situation similar to the scenarios we discussed above can be solved by bypassing the BIOS password. The methods which can be used here are similar to the methods used in previous scenarios. In addition to that, we can use these two methods as well:
Method: Overloading the keyboard buffer
This method is specific to some of the old system boards, and the newer systems might not be able to implement this. This is done by booting the system without mouse or keyboard, or in certain BIOS architectures, it might work by hitting the ESC key in quick succession.
Part 3: How to reset BIOS password
If you have tried to crack the BIOS password and it is not working for you, you can reset the BIOS password perhaps.
Method 1: Remove CMOS battery
Step 1: Locate the CMOS battery.
A CMOS battery will be of the flattened round shape. CMOS is an integral part of System board BIOS, and all the motherboards will have a CMOS battery. It is very easy to identify on the motherboard since it will be round, flattened, and coin-shaped. It stores the BIOS settings which include basic hardware settings, date, time, and other system information. To remove the CMOS battery, firstly the system has to be turned off, and also make sure that power cable is disconnected.
Step 2: Remove and put back the battery
Once the system is completely turned off remove the CMOS Battery. Wait for 15-20 minutes. Put back the CMOS battery and turn on the system.
Step 3: Reset password
After step 2 is done you can bypass the BIOS password and can log in to your computer successfully. Note that you can add a new password again from BIOS. If you forget the password again then continue steps 1 and 2 to reset the password.
Method 2: Run command from MS-Dos prompt
This method is working only if you can access the installed Operating System. Once we login to our desktop we have to run the MS-Dos program and execute the following commands in the same order as it is shown here:
debug, o 70 2E, o 71 FF, quit
This command resets the BIOS settings which include the BIOS password as well. This process is accomplished by using the Debug tool from MS-Dos.
Method 3: Use Third-Party Software
Today there are lots of third-party software available, which can reset BIOS passwords but access to the Operating System is necessary. Some of the popular BIOS password cracking software is used like CmosPwd and Kioskea
Method 4: Use Backdoor BIOS password
Backdoor BIOS password is a set of passwords, which are master passwords provided by BIOS Vendor. These passwords are generic, and they are specific to manufacturers. In other words, all the manufacturers maintain a set of master passwords that can be used irrespective of whatever password the user has set. These passwords are not very hard to get by and can be easily accessed from the manufacturer’s website.
Computer Data Recovery
The Mission
There has been much controversy on removing the firmware lock on a MBP, MBA, or similar Mac’s. The MBA is a bit more complicated without a specialty tool to interface with a header on the board. We use to have to remove the board, scratch back traces, and solder directly to them which can be seen in EX-1.1. This is just short of replacing the entire chip, which is what we are all trying to avoid right? I also have a project I have been forking on called the iFLRT (Firmware Lock Removal Tool) that can be found HERE. Donate what you can to keep my development process alive, every little red cent helps.
First you need to understand what the firmware lock is and how removing it will affect you. Then maybe you will be able to decide if this procedure is for you. In most cases a MBP has been purchased from a third party who may have stolen it or simply forgotten to remove their iCloud account. In this case the symptoms would be a four digit pin lock when the OS loads. When you try to do a re-install you are met with a lock screen shown in EX-1. This is the result of the Mac being most definitely locked from the cloud. There are two options from this point which are explained below.
EX-1EX-1.1
NOTE: If you have a 2010 model MBP or earlier all you have to do is change the amount of RAM in your MBP and clear the PRAM. This is all you have to do to get past OS lock. But you will still have a firmware lock as far as I know as in many cases this has happened. There have been occasions where the firmware lock has also been removed but I cannot contest to any exact models. Remember to set the Mac up like new and register the Mac with a new iCloud account to avoid any future lock-downs.
Option A: You can assume that a firmware lock was never set and brute force the firmware lock with a HID device such as a Teensy. This operation can take quite a while because it has to go through 10,000 iterations of possible pass-phrases in the worst case scenario. This will ONLY work if it was set by the iCloud!
Option B: You can assume that a firmware lock was indeed implicated when the MBP was set up and that the brute force method will not work. This can save you time but requires you to have a SPI programmer at hand such as the Bus Pirate or in this case a Raspberry Pi.
In A Nutshell
I won’t waste time on the brute force method as I believe it isn't relevant in most cases. I will focus on the process of flashing the EFI chip that is usually easily accessible by removing the Macs’s back-plate, either by a small 15X2 header, 17X2 header, or the 8 pin SOIC chip itself. You can see an image of the SOIC8 chip in EX-2 and the header in EX-2.1. The process is simple but requires a bit of knowledge in micro controllers. I will use the easiest and cheapest route that I know. The process goes briefly like this:
EX-2EX-2.1
Step 1 – Buy a SPI programmer such as the Raspberry Pi and a clip to interface with the chip. You can find the Pi on eBay, doesn't matter what model and you can find the Pomona SOIC8 clip there as well, usually with the female-to-female wires included. If you have a MBA then you can contact me about purchasing a clip for the header.
Step 2 - Read the chip three times and verify MD5 check-sum to ensure you have a good backup if things go wrong.
Step 3 – Make a copy of the dump and open it in a hex editor. I use Notepad ++.
Step 4 - Search for “$SVS” in the dump and you should find 2 instances. The first instance is what you will need to clear out making sure to keep the file length the same. It is safe to replace it with an empty value such as “ÿ”. The string including the $SVS should be replaced, you can copy and paste a portion of the string below if needed. each 'ÿ' is 2 bits and 8 bits make a byte So keep that in mind when you replace the string. The file size has to be exactly the same size as the chip or it will return an error.
This is an example of what to replace in a hex editor.
Step 4.1 – Get a clean dump that is not firmware locked from the community making sure you use the correct EMC and processor architecture. Make absolutely sure it is the same size as your original dump which is usually 2, 4, or 8 MB. If you go this route then you will need to replace the serial of the donated dump with your own serial in order to not register over their Mac. You can do this my simply searching for 'override-version' and on that same line there will be an 11 to 12 digit serial number that you will replace with your own. I also have a repository found HERE which you can use to search for your EMC number and I may have a clean dump.
Step 5 – Hook your programmer up to the chip, erase the chip, write the new dump and verify it.
Step 6 – Remove the clip and turn your Mac over to turn it on and test. You will immediately use the hot-keys to get to single user mode to test.
Step 7 – If you do not get to SU mode or the Mac does not boot right you will need to erase the chip and write the old dump back to it. You then can exhaust other options.
Step 7.1 – If you do get to SU mode turn the Mac back off and use the hot-keys to clear the PRAM. This will get rid of the 4 digit lock at OS load. Or you can simply re-install at this point. Remember to register the Mac to a new iCloud account to avoid future lock downs.
NOTE: Here are a few things worth mentioning..
That is the entire process in a nutshell. Now I will explain how you can do this in as much detail as possible. The first thing that you will need to do is pick up your entire inventory before you begin. After that lay everything out and do some testing. Make sure your chip is supported having the datasheet and any diagrams available. I also suggest after you get the clip connected to all the wires you check for continuity from the clips pins to the end of the F-F wires on each pin.
Down And Dirty
NOTE:Read this guide in its entirety before you attempt to do anything to your Mac; Read it twice if you have to. I would also like to take this time to tell you that I am not responsible for any damages to your personal property or your physical/mental wellness if the guide is used. There is no guarantee, implied or expressed, in this procedure. You are following this guide knowingly and accept that damaging your property may be the outcome. Although I do not for see that being the case as I have tested this method many times. With that being said, let’s get started.
This is the list of things you will need in order to successfully and easily fix your MBP:
Now, I am going to assume that you at least have some experience in Linux and basic troubleshooting skills. You will run into problems and they are not all going to be the same as everyone else’s problems. So critical thinking is also required although I have not added it to the list. When you have your Raspberry Pi all set up and Raspian is booted up you will need to set it up for the first time. if you have already set it up go to the terminal and type:
sudo raspi-config
While in this configuration screen make sure to turn SPI on under Advanced. You may also turn on SSH if needed.
Mac Bios Password Hack Download
Then you will need to do an update by typing:
sudo apt-get update
Followed by an upgrade:
sudo apt-get upgrade
Optionally doing a distrobution upgrade:
sudo apt-get dist-upgrade
Now we have to install a few libraries that Flashrom relies on:
sudo apt-get install pciutils
sudo apt-get install libftdi-dev
sudo apt-get install libusb-dev
sudo apt-get install libpci-dev
Then you need to download the latest flashrom version:
sudo git clone https://github.com/stefanct/flashrom.git
It will be downloaded into a folder called 'flashrom' so change directory into the folder:
cd flashrom
And make it:
sudo make
Then install it:
sudo make install
Now we need to modify the blacklist by commenting out the SPI entry if it exists:
Sudo nano /etc/modprobe.d/raspi-blacklist.conf
You will need to put “#” in front of the line that reads blacklist spi-bcm2708 effectively commenting it from the configuration file. If there is nothing in the file don't worry about it, that means SPI is not blacklisted. You can then save by hitting CTL+X, Y, and ENTER. You will then need to hook the wires up to the Pi and to the clip according to the diagrams below and your chip's datasheet. In MOST cases it will be just like what you see below.
The actual pinout for most 25 series chips depicted above is as follows for those of you who need a more definitive answer:
Connect the wires on the clip to the Raspberry Pi making sure it is turned off following the diagram above. Csr racing mac os x hack. The GPIO pin that is closest to the corner of the Raspberry Pi is pin 2, keep that in mind or read the manual. After you are all connected you will place the clip on the chip snugly and turn the Pi on. Go to your working directory and run the following commands using some discretion.
**Start of the Flashrom process**
Get to the help page:
sudo flashrom --help
List the supported chips:
sudo flashrom –L
Read the flash chip by using the below command three times:
sudo flashrom –r ~/efi/read1.bin -V -p linux_spi:dev=/dev/spidev0.0
Access router with mac address. Erase the chip after you have verified all three reads have a matching MD5 hash:
sudo flashrom -E -V -p linux_spi:dev=/dev/spidev0.0
Using the methods explained above either modify or get a clean dump making sure it is the same size as the original ROM and write it to the chip:
sudo flashrom -w ~/efi/new.bin -V -p linux_spi:dev=/dev/spidev0.0
Hack Macbook Pro Password
Verify the chips contents with the file that you just wrote to ensure its integrity:
sudo flashrom -v ~/efi/bnew.bin -V -p linux_spi:dev=/dev/spidev0.0
If you have not run into any problems you will have a freshly flashed chip. If you did run into issue, use the forum here to start a thread and we will help you troubleshoot your error messages. The reason I always use the –V command is to ensure a verbose output. At this point shut your Pi down and then remove the clip. You will then replace your power supply to the Mac and then turn it on using hot-keys to try and get to SU mode. If you get to SU mode you will shut back down and use the hot-keys to clear PRAM and reinstall setting the Mac up as a new machine. Make sure to register it with a newly created or existing iCloud account to prevent further incidents. If you did not get to SU mode you will need to erase your chip and try again.
That’s it folks, this is the long awaited guide that has more than enough information to get you through the process. It is specifically designed to save you money in the recovery of your Mac and to seamlessly work through any prior issues you may have had using Flashrom with a windows PC. If this guide has helped you please think about the years of work I have spent making this possible for you and donate to my iFLRT project to make it even easier for others. Or you can donate to me by using the slider on the edge of the left hand side of the page to donate to my personal PayPal account. Good luck to you all and Happy Hunting…
View the discussion thread.
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |