Searching \ for '[OT] IBM Laptop password' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: www.piclist.com/techref/index.htm?key=ibm+laptop+password
Search entire site for: 'IBM Laptop password'.

Exact match. Not showing close matches.
PICList Thread
'[OT] IBM Laptop password'
2007\02\20@040731 by Tamas Rudnai

face picon face
Hi Everyone,

I have a T42p model, and a year ago I set a supervisor password that I could
not remember for. I know what you think, I was stupid. Right, so I would
like to get rid of it. If I enter to the setup in user mode I can see that
the IBM security chip is disabled, so I was just wondering if there is any
way to unlock it without replacing the security chip? If not is that
possible for that model to just replacing the chip and if yes where can I
buy one?

Thanks
Tamas

2007\02\20@104534 by Tamas Rudnai

face picon face
To answering to my question.

Finally I found the proper answer: little soldering and a magic descrambler
tool - hmm, I hope I will not ruin my laptop :-)

sodoityourself.com/hacking-ibm-thinkpad-bios-password/
http://www.passwordmethod.com/index1.php
http://www.allservice.ro/forum/viewtopic.php?t=52

Tamas



On 2/20/07, Tamas Rudnai <spam_OUTtamas.rudnaiTakeThisOuTspamgmail.com> wrote:
{Quote hidden}

--
unPIC -- The PIC Disassembler
http://unpic.sourceforge.net

2007\02\20@104952 by Cris Wilson

flavicon
face
At 04:07 AM 2/20/2007, you wrote:
>Hi Everyone,
>
>I have a T42p model, and a year ago I set a supervisor password that I could
>not remember for. I know what you think, I was stupid. Right, so I would
>like to get rid of it. If I enter to the setup in user mode I can see that
>the IBM security chip is disabled, so I was just wondering if there is any
>way to unlock it without replacing the security chip? If not is that
>possible for that model to just replacing the chip and if yes where can I
>buy one?

The security chip in question is an Atmel 24RF08.
Replacing the chip would be a pain and I'm not sure that the laptop would
start up at all if you did so - there is more in that security chip than just
your password.

To retrieve your password you will have to build an interface to the chip,
read the chip's contents to another computer, and then retrieve your password
from the contents. Luckily the password is unencrypted on the chip and it is
stored at memory address 0×330.

There are two types on interfaces you can build to connect with the chip.
You can use a radio transmission interface or you can hardwire to the chip.

Hardwiring to the chip costs about $7 (US) in
parts to build the interface which
is a couple of resistors and diodes. The downside is that you have to make 2
solder connections to the motherboard (Silver conductive epoxy will work
instead of solder if you have it on hand). There are pretty good details on
how to build the interface, read the chip, and recovery the password at
sodoityourself.com/hacking-ibm-thinkpad-bios-password/
I used that interface on about 10 laptops successfully before going to the RF
interface.

The radio transmission interface costs about $300 (US) in parts to build. It
took me about 2 weeks to get all the parts for it and another week to debug
it with a laptop that I knew the password on. This solution is great when you
have to reset a lot of laptops, but the RF interface picks up noise unless you
hold it in exactly the right place. I can't find the webpage that tells you how
to build the circuit at the moment (it's on
Atmel's site) and I haven't taken the
time to document the one I built -  I'll get to it one day.

One last note, IBM's bios update utility is known to scramble the supervisor
password and in some cases it will turn on the supervisor password when it
wasn't on before. IBM won't admit the problem, but I have about 50 laptops that
I had to hack into after a bios update. One out
of 300 laptops is a fluke - 50 out
out of 300 is a problem.

Good luck.

_____________________________________________________________
Cris Wilson
Information Resource Consultant
College of Architecture, Arts, and Humanities
Clemson University
.....crisKILLspamspam@spam@clemson.edu
To report problems email: aah_computersspamKILLspamclemson.edu




                               

2007\02\20@112101 by Tamas Rudnai

face picon face
Thanks very much for the detailed description, Cris.

I think I need only a wiering and hopefully I would not need it anymore. I
am afraid of doing this as if I do the smallest mistake the whole laptop is
in a mess. But what can I do? Probably that RF chip is less dangerous but
for 300 quid...

The scrambling you have mentioned occurs only if you do not have
administrator password set or it locks your BIOS even if you have one? Not
sure if I have done the upgrade, but it might be the case as I've tried
every possible password combinations I could remember using in the last
couple of years.

Thanks
Tamas




On 2/20/07, Cris Wilson <.....crisKILLspamspam.....clemson.edu> wrote:
{Quote hidden}

>

2007\02\20@115038 by Cris Wilson

flavicon
face
Those two connections to the motherboard are can be tedious if you've
never done SMT work before. I used wire wrap wire that I had pre-tinned
when I made the connections and it worked fine. The conductive epoxy
works well if you have something to the hold the wire for you until it dries.
And it never hurts to practice on some piece of scrap junk before you try
it on a mobo.

The scrambling can happen whether you have an administrator password
or not.

At 11:20 AM 2/20/2007, you wrote:
{Quote hidden}

> > --

2007\02\20@120346 by Tamas Rudnai

face picon face
I have done quite a few SOT23-6 (10F202) soldering using a 1mm tip iron.
That one is smaller than that Atmel chip so I suppose I will have no problem
on soldering a wire to that.

Thanks again,
Tamas


On 2/20/07, Cris Wilson <spamBeGonecrisspamBeGonespamclemson.edu> wrote:
{Quote hidden}

>

2007\02\21@225503 by Cris Wilson

flavicon
face

> In message <EraseME1110.130.127.59.162.1172089154.squirrelspamwm.clemson.edu>,> > Cris Wilson <RemoveMEcrisEraseMEspamEraseMEclemson.edu> writes
>>The "IBM security chip" is not the chip that controls the laptop
>> password.
> Errmm, it is. Atmel 24RF08 on Tamas's machine. Easy to read and the
> password is stored as keyboard scan codes.

On the IBM T42 the administrator bios password is stored in an Atmel 24rf08.
The "IBM security chip" is a National chip - there is one on the motherboard
and there is one on the ibm travelstar harddrive board

>>The "IBM security chip" encrypts the hard drive so that it will only
>>work with that laptop's unique machine ID.
> No. At least not on the t42P or any consumer IBM machine I've worked on
> so far. The security chip (it can be fitted to IBM desktops as well) is
> non volatile password/serial number storage and can be configured as an
> RFID tracking tag in the full implementation (just needs an optional
> antenna installing)

OK, if you want to get technical, the security chips store the
encryption keys and security certificates. The two chips have to
agree with each other or the hard drive won't even spin up. I had
to fix one last week that an idiot spilt a cup of coffee into.

>>You can short the security chip on the hard drive board and then get
>>access to it again.
> Umm, again, not true. The lock password for hard drives is stored on the
> platters in a non user accessible area, it can be defeated in a couple
> of ways but 'You can short the security chip' is bunkum.

You have to short the chip so that the drive will spin up and then
you can use a stardard track/sector reader to pull the encryption
key from the drive. You must then set the encryption key on another
computer to the key you just pulled. You can then insert and use the
drive.

> There is no
> security chip on any hard drive I've ever seen

Well, take a look at an IBM Travelstar Model IC25n030atda04-0

--
Cris Wilson
Information Resource Consultant
College of Architecture, Arts, and Humanities
Clemson University
RemoveMEcrisspam_OUTspamKILLspamclemson.edu
Report problems to: RemoveMEaah_computersTakeThisOuTspamspamclemson.edu


More... (looser matching)
- Last day of these posts
- In 2007 , 2008 only
- Today
- New search...