Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo
- - - - -

Resetting the BIOS Supervisor Password With Debug Command


  • Please log in to reply
4 replies to this topic

#1 FreeBooter

FreeBooter

  • Members
  • 3,137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Turkey - Adana
  • Local time:09:17 AM

Posted 13 June 2016 - 01:28 AM

Resetting the BIOS Supervisor Password With Debug Command

To access the BIOS setup when the machine fails to operate, occasionally a drastic move is required. In older computers with battery-backed RAM, removal of the battery and short circuiting the battery input terminals for a while did the job; in some more modern machines this move only resets the real-time clock (RTC). Some motherboards offer a CMOS-reset jumper or a reset button. In yet other cases, the EEPROM chip has to be desoldered and the data in it manually edited using a programmer. Sometimes it is enough to ground the CLK or DTA line of the I²C (Inter-Integrated Circuit) bus of the EEPROM at the right moment during boot, this requires some precise soldering on SMD parts.
If the machine lets one boot but does not want to let the user into the BIOS setup utility, because of the BIOS supervisor password one possible recovery is to deliberately "damage" the CMOS checksum by doing direct port writes using DOS debug.exe command-line tool, corrupting some bytes of the checksum-protected area of the CMOS RAM; at the next boot, the CMOS typically resets its setting to factory defaults.

 


Useful information!
Supervisor Password: This password prevents access to BIOS setup utility for preventing changing BIOS settings in the future.

User Password: The user password is also called a system password because it controls access to the entire system. If the user password is set, the password prompt is displayed before the computer boots up.

 

The Debug command can be executed from booted Windows Command Prompt or from  FreeDOS .

1. Install FreeDOS on a USB flash drive using Rufus or UNetbootin.
2. Download the debug.exe tool and save it to the root of your USB flash drive.
3. Boot up the computer with your USB flash drive and type the following commands: (take note that the second and third commands start with the letter O and not the number zero.)
 

debug
o 70 2E
o 71 FF
quit

4. Restart your computer with Ctrl + Alt + Del and you should encounter an error message like “CMOS checksum error” which is normal. You can now access the CMOS setup without entering a password.



Command Prompt
Within Windows Command Prompt type the following commands: (take note that the second and third commands start with the letter O and not the number zero.)
 

debug
-o 70 10
-o 71 aa
-q

1MbQb4o.png

That will write to CMOS (Offset 10h) with the value 0AAh.
Restart your computer. You can now access the CMOS setup without entering a password.


Warning! Please read this first.
Debug command can damage your computer and make it non bootable i will not be held responsible for any damage cause to your computer.


Edited by FreeBooter, 13 June 2016 - 01:37 AM.

Posted Image


BC AdBot (Login to Remove)

 


#2 JohnC_21

JohnC_21

  • Members
  • 24,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:17 AM

Posted 13 June 2016 - 07:10 AM

If the commands are similar to what cmospwd does to erase the cmos then this will brick a laptop that stores the password in an eeprom. Most desktops will let you reset the password with a jumper. I would not use these commands on any modern laptop.

 

 
EEPROM on laptops

On laptops, the password is usually stored in an eeprom on the motherboard and not in the cmos. You need an eeprom programmer/eeprom reader (electronic device) to retrieve the password. If you erase the cmos (ie. cmospwd /k) and if the password is really stored in an eeprom, you won't be able to boot anymore.

You can get/buy eeprom programmer in electronic shops or labs, you need another PC to use it. You can desolder the eeprom with hot air or you can try to "clip" the eeprom. With the eeprom programmer, backup your eeprom and run cmospwd /d /l eeprom_backup. If you don't see the password, you can try to fill the eeprom with zero or FF, don't forget the reset the cmos.

 



#3 FreeBooter

FreeBooter
  • Topic Starter

  • Members
  • 3,137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Turkey - Adana
  • Local time:09:17 AM

Posted 13 June 2016 - 07:43 AM

The BIOS password are store in ROM BIOS or chipset but setting for password store with CMOS ROM so resetting the CMOS ROM will reset setting for BIOS Supervisor Password. Debug command is not similar as cmospwd writes zero to BIOS ROM which does brick PC Debug command deliberately damages the CMOS checksum by doing direct port writes that will write to CMOS (Offset 10h) with the value 0AAh  corrupting some bytes of the checksum-protected area of the CMOS RAM; at the next boot, the CMOS typically resets its setting to factory defaults. You can try this command with Virtual machines.


Edited by FreeBooter, 13 June 2016 - 07:48 AM.

Posted Image


#4 JohnC_21

JohnC_21

  • Members
  • 24,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:17 AM

Posted 13 June 2016 - 08:07 AM

The BIOS password are store in ROM BIOS or chipset but setting for password store with CMOS ROM so resetting the CMOS ROM will reset setting for BIOS Supervisor Password. Debug command is not similar as cmospwd writes zero to BIOS ROM which does brick PC Debug command deliberately damages the CMOS checksum by doing direct port writes that will write to CMOS (Offset 10h) with the value 0AAh  corrupting some bytes of the checksum-protected area of the CMOS RAM; at the next boot, the CMOS typically resets its setting to factory defaults. You can try this command with Virtual machines.

Thank you for the clarification.



#5 FreeBooter

FreeBooter
  • Topic Starter

  • Members
  • 3,137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Turkey - Adana
  • Local time:09:17 AM

Posted 13 June 2016 - 08:29 AM

 

The BIOS password are store in ROM BIOS or chipset but setting for password store with CMOS ROM so resetting the CMOS ROM will reset setting for BIOS Supervisor Password. Debug command is not similar as cmospwd writes zero to BIOS ROM which does brick PC Debug command deliberately damages the CMOS checksum by doing direct port writes that will write to CMOS (Offset 10h) with the value 0AAh  corrupting some bytes of the checksum-protected area of the CMOS RAM; at the next boot, the CMOS typically resets its setting to factory defaults. You can try this command with Virtual machines.

Thank you for the clarification.

 

You are very welcome.


Posted Image





2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users