Thinkpad T410i supervisor password recovery

Posted on 2014-01-21
Medium Priority
Last Modified: 2014-01-30
Hi Guys,
I have a Thinkpad T410i (Win7pro) with an unknown Bios Supervisor password. The only supported route out of this situation is a motherboard replacement . . . however . . . .

http://sodoityourself.com/hacking-ibm-thinkpad-bios-password  describes a procedure to extract the contents of the EEPROM via a IC2 bus arrangement to the serial port of another PC with an ATMEL chip reader installed. Unfortunately all instances of the chip reader that I can find are infected - this has been noted else where.

Does anyone have a suitable chip reader and compatible decoder so that I can extract the supervisor password from the eeprom file dump. Maybe you have an uninfected version of the software referenced in the above link.

I have prepped the T410i with the three wired connections and have built the interconnect, just need the reader and decoder to complete this task now.

Hope someone can help . . . very frustrating to have got this far.

Question by:TrevorWhite
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
LVL 32

Expert Comment

ID: 39798991
I don't know about the ATMEL chip reader, but this sounds a lot like what I did to get the hard drive unlock code from the eeprom of an original Xbox.
It also uses the SLC, SDA, and Ground wire, run through a PBC, and out to a DB-9 serial.

I don't remember which program did what, but I used PonyProg2000 and LiveInfo Beta to read and decipher it's eeprom. Maybe they will work for you.
One reads the eeprom and saves it as a *.BIN file. The other one reads the BIN file

I will see if I can find where I archived my notes and how-to's, and refresh my memory.


LiveInfo Beta

Author Comment

ID: 39799373
Hi Coral47,
Thanks for your time on this. I did try the PonyPony solution but it seemed the software was only for 32bit and only runs on Windows upto XP. The only machine I have available with a Serial port is an HP ProBook with Win 7 pro 64 bit

Your process sounds exactly the same as that I refered to - I have subsequently found that the program is not infected but is giving false positives. However I'm having other operational problems possibly related to the linkup wiring of the eeprom.

If you do find there is a Pony solution with a 64bit compile it may be of use later.

I'm liaising with the ALLService.ro guys to resolve current issues.

LVL 32

Accepted Solution

_ earned 2000 total points
ID: 39800031
This should be it:


TVicPort driver: (needed driver?)

links are from this page:

not sure if this one is the same or not:
PonyProg  XP/VISTA/W7 (64-bit)
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.


Author Comment

ID: 39800087
Oh brill, that should do the job . . . . especially after I connect my wires to the correct chip !!!
Oooops would appear I have attached to BIOS SPI flash which I wrongly identified as the eeprom. I have the correct connection points (and chip) identified now so will keep you all posted.

I'll use the allservice.ro software first but will also check out the PonyPony software for future reference. Will post back.

LVL 32

Expert Comment

ID: 39800110
>> especially after I connect my wires to the correct chip

Been there, done that.    : D

Author Comment

ID: 39811415
Well here is the belated update . . ..
With the right chip identified I was able to extract the SVR password . . . but TCPA locked. allservice.ro has software to unlock this but had issues writing back to the eeprom. After the logic on various other pins on the eeprom (which were correct) it was decided that the eeprom was damaged in some way so it will be replaced.

Had to ship this to a lab with appropriate gear to remove and fit this (rather small) item.

It has been despatched today and I'm expecting a functioning unit with the SRV password unlocked when it gets back.

I'm not expecting to require further input here but will keep this open so that I can confirm all went well.

LVL 32

Expert Comment

ID: 39811640
Thank for the update.
Bummer about the chip, though,   : (

Author Comment

ID: 39822102
I've requested that this question be closed as follows:

Accepted answer: 0 points for TrevorWhite's comment #a39811415

for the following reason:

Reason was that I resolved, alternative suggestion was alternative software same process. The solution was identifying the correct chip - this led to further issues as documented. Since I'm being chased to attend to this question I have elected to close before final conclusion is confirmed. IE the item has not returned from the lap yet.


Author Comment

ID: 39822098
So sorry, on reading my original question - it was answered in full. I must allocate full points to Coral47. Sorry for messing up
LVL 32

Expert Comment

ID: 39822331
Thank you much.    : )

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
New style of hardware planning for Microsoft Exchange server.
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question