Cracking BIOS Passwords Part 1

A question posed in the comments for the last article on cracking OS password, was regarding the security of a laptop whena BIOS password is entered.

First I should note that setting a BIOS password is a security best practice, however it is one that is rarely practiced. Even IT administrators do not set the BIOS passwords on their network systems due to time constraints to do so, or not feeling it is needed. The average consumer does not set a BIOS password primarily out of ignorance, this is not to say it is an excuse, but the average laptop thief will usually not have to deal with BIOS passwords.

However, even if a BIOS password is used, it is easily cracked in most cases. Locking a user out of a system completely in cases where they forget their password is not something manufacturers like to deal with, as such many have backdoors setup to circumvent the password. If this fails there are also ways to reset most common BIOS such as AMI, Award, Dell, IBM and Phoenix, from simple shortcut tricks to resetting the CMOS.

For Part 1 we will start with backdoor passwords implemented by the manufacturers themselves:

Manufacturer’s Backdoor

Using a manufacturer’s backdoor password to access the BIOS, there are lists of these available online of many of these, many such as Toshiba can be circumvented by just holding down the shift key on boot. Here are a list of common backdoor passwords from a few of the major manufacturers:

  • Phoenix : BIOS, CMOS, phoenix, and PHOENIX.
    • AMI: A.M.I., AAAMMMIII, AMI?SW , AMI_SW, BIOS, CONDO, HEWITT RAND, LKWPETER, MI, and PASSWORD.
    • Award:one backdoor BIOS password is eight spaces. Others include 01322222, 589589, 589721, 595595, 598598 , ALFAROME, ALLY, ALLy, aLLY, aLLy, aPAf, award, AWARD PW, AWARD SW, AWARD?SW, AWARD_PW, AWARD_SW, AWKWARD, awkward, BIOSTAR, CONCAT, CONDO, Condo, condo, d8on, djonet, HLT, J256, J262, j262, j322, j332, J64, KDD, LKWPETER, Lkwpeter, PINT, pint, SER, SKY_FOX, SYXZ, syxz, TTPTHA, ZAAAADA, ZAAADA, ZBAAACA, and ZJAAADC.
    • Several other major manufacturers only have one…making it a bit easier for the laptop thief on the go:
      Manufacturer BIOS Password
      VOBIS & IBM merlin
      Dell Dell
      Biostar Biostar
      Compaq Compaq
      Enox xo11nE
      Epox central
      Freetech Posterie
      IWill iwill
      Jetway spooml
      Packard Bell bell9
      QDI QDI
      Siemens SKY_FOX
      SOYO SY_MB
      TMC BIGO
      Toshiba Toshiba

    About this entry

    You’re currently reading “Cracking BIOS Passwords Part 1,” an entry on Laptop Theft

    Published:
    09.07.08 / 11pm
    Category:
    Hacks