Hacking IBM Thinkpad Bios Password


Blog For Free!


Archives
Home
2013 November
2013 October
2013 September
2013 July
2013 June
2013 May
2013 April
2013 March
2013 February
2013 January
2012 December
2012 November
2012 October
2012 September
2012 August
2011 June
2011 April
2011 March
2011 January
2010 December
2010 November
2010 October
2010 September
2010 August
2010 July
2010 June
2010 May
2010 April
2010 March
2010 February
2010 January
2009 December
2009 November
2009 October
2009 September
2009 August
2009 July
2009 June
2009 May
2009 April
2009 March
2009 February
2009 January
2008 December
2008 April

My Links
HP laptop battery
Sony laptop battery
nikon camera battery
Apple laptop battery
Canon camera battery
Dell laptop battery

tBlog
My Profile
Send tMail
My tFriends
My Images

Sponsored
Create a Blog!



Hacking IBM Thinkpad Bios Password
03.19.09 (3:07 am)   [edit]

Hacking IBM Thinkpad Bios Password

Lost your IBM ThinkPad Supervisor password? No problem, on this page i will show you how to recover your old password.

Although IBM claims their TP BIOS passwords are impossible to break, there is a easy and cheap way to fix this.

The stuff you need cost about 5 $ at your closest radio shack type of store. Also you need a spare PC with a serial port.

This article is based on a IBM ThinkPad T42. There are no guarantees and you might end up destroying your TP. So continue at your own risk. Other models this ought to work with are:
supervisor (SVP) password

  • 240, 240x
  • 390E, 390x
  • 570, 570E
  • 600e, 600X
  • 770Z
  • A20m, A21e, A21m, a22m, A30p, A31, A31p
  • G40, G41
  • R30, R31, R32, R40, R50, R51
  • Transnote, T20, T21, T22, T30, T40, T40p, T41, T42, T42p T60
  • X20, X21, X22, X23, X24, X30, X31, X40, X41 Thinkpad X60 battery

The supervisor (SVP) password is stored in a chip called ATMEL 24RF08.It can not be reset by disconnecting the BIOS battery or shorting any jumper. It has to be read in order to deciffer the password. For this we need some kind of hardware so read on…

Soldering the ATMEL 24RF08 Chip reader

To read this chip we need to interface with it using a secondary computer and some simple electronics. You will need to purchase this:

  • 2 x 2200 Ohm Resistors
  • 2 x C5V1 Zener diodes (For example BZX55/C5V1 )
  • Serial Port 9 pin Female

The serial port can be salvaged from any old PS2 type mouse. The zeners and resistors can be found in scrap electronics, but they are rather cheap so i would not bother. Solder them according to the image below. Leave the wires leading to SDA , SCL and GND. These will be connected to the TP later.


Here is a simplified schematic for those unfamilliar with the above symbols:

Locating the ATMEL chip

Usually the ATMEL chip is located somewhere below the touchpad. Start off by remving the keyboard and mousepad. This is done by unscrewing a couple of screws located under the TP. It is quite clearly illustrated on the bottom side of your ThinkPad.

Pull the TP keyboard up and let it rest against the screen. Pry off the touchpad part and fold it over where the keyboard used to be. Remove the WiFi card.

Under it all you should find a chip with something like this printed:

ATMEL

24RFC8

0446

Heres a closeup of the Atmel chip.

Locating the Atmel Chip

You can see the Atmel right under were the Wifi card used to sit:

Another closeup

Soldering the ThinkPad

Now this is the tricky part. You will have to solder 3 wires to the motherboard of your Thinkpad T61 battery. Two wires to the ATMEL chip and one to ground. The ground is a piece of cake, just solder it anywhere you can find ground. The mounting screw holes on the motherboard is a good place. Solder 3 wires according to the image below:

As you can see, the SCL and SDA are located right next to eachother. It can be difficult to hold them in place while soldering. I have used some tape to hold them in place. The tape can be left there to minimze the risk of pulling off the soldered wires during the next steps.

Leave these wires unconnected and make them ready by peeling off the insulation. These will be connected to the reader ciruit later on. Make sure they can not reach ground or short circuit in any way.

Preparing the spare PC

You have made the hardware to read the chip, so now you need to supply the software. There is this great sofware made by http://www.allservice.ro/ that can be found here:

http://home.ripway.com/2005-7/365678/index.htm - Select R24RF08 v2.0b - Reader for ATMEL 24RF08 (Freeware)

While you are at it, download the Supervisor Password decoder IBM Pass 2.0 Lite found here:

http://home.ripway.com/2005-7/365678/index.htm Inspiron 1520 battery

Also great software made available by http://www.allservice.ro/ .

Note:

Softpedix wrote that the download mirror has limited bandwidth. If you can’t download with the above, try these:
http://www.allservice.ro/forum/viewtopic.php?t=61 – Programmer
http://www.allservice.ro/forum/viewtopic.php?t=56 – IBMpass Lite

Install the software.

Connect the ATMEL chip reader to the spare PC.

Fire up a command promt(Start->run type cmd) and navigate to the folder where you installed R24RF08 v2.0b. Type in (don’t hit Enter):

r24rf08 dump.bin

Dumping the password

  1. Turn on your ThinkPad with all the wiring you just soldered.
  2. Press F1 during the startup to enter the BIOS.
  3. Wait untill all activity stops, blinking HDD leds and such.
  4. Connect the ATMEL Chip reader. GND first then the SDA and SCL.
  5. Now go to your spare PC and Hit enter on the command prompt.

Now there should be a file created in the same folder with the name dump.bin. Disconnect all the wiring off your TP and assemble it back together. This test cant fit for latitude D410 battery.

Decoding the Supervisor Password

On your Spare PC start the program IBM Pass 2.0 Lite. Load the file you just created (dump.bin). Navigate with the scroll list to the memory address of 0×330. Tada! It should look something like this:

The article is from: Sodoityourself.com



 
Your Name:


Your Comment:


Laptop battery laptop battery