• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1926
  • Last Modified:

Thinkpad T410i supervisor password recovery

Hi Guys,
I have a Thinkpad T410i (Win7pro) with an unknown Bios Supervisor password. The only supported route out of this situation is a motherboard replacement . . . however . . . .

http://sodoityourself.com/hacking-ibm-thinkpad-bios-password  describes a procedure to extract the contents of the EEPROM via a IC2 bus arrangement to the serial port of another PC with an ATMEL chip reader installed. Unfortunately all instances of the chip reader that I can find are infected - this has been noted else where.

Does anyone have a suitable chip reader and compatible decoder so that I can extract the supervisor password from the eeprom file dump. Maybe you have an uninfected version of the software referenced in the above link.

I have prepped the T410i with the three wired connections and have built the interconnect, just need the reader and decoder to complete this task now.

Hope someone can help . . . very frustrating to have got this far.

Thanks
0
TrevorWhite
Asked:
TrevorWhite
  • 5
  • 5
1 Solution
 
_Commented:
I don't know about the ATMEL chip reader, but this sounds a lot like what I did to get the hard drive unlock code from the eeprom of an original Xbox.
It also uses the SLC, SDA, and Ground wire, run through a PBC, and out to a DB-9 serial.

I don't remember which program did what, but I used PonyProg2000 and LiveInfo Beta to read and decipher it's eeprom. Maybe they will work for you.
One reads the eeprom and saves it as a *.BIN file. The other one reads the BIN file

I will see if I can find where I archived my notes and how-to's, and refresh my memory.

PonyProg2000
http://web.archive.org/web/20100207194900/http://www.lancos.com/ppwin95.html

LiveInfo Beta
http://www.logic-sunrise.com/forums/files/file/1248-liveinfo-beta-3-xbox-v16/
0
 
TrevorWhiteAuthor Commented:
Hi Coral47,
Thanks for your time on this. I did try the PonyPony solution but it seemed the software was only for 32bit and only runs on Windows upto XP. The only machine I have available with a Serial port is an HP ProBook with Win 7 pro 64 bit

Your process sounds exactly the same as that I refered to - I have subsequently found that the program is not infected but is giving false positives. However I'm having other operational problems possibly related to the linkup wiring of the eeprom.

If you do find there is a Pony solution with a 64bit compile it may be of use later.

I'm liaising with the ALLService.ro guys to resolve current issues.

REgards
0
 
_Commented:
This should be it:

PonyProg64
http://www.techcat.de/index.php?ponyprog

TVicPort driver: (needed driver?)
http://www.entechtaiwan.com/dev/port/index.shtm

links are from this page:
http://ponyprog.sourceforge.net/phorum/read.php?2,2249

not sure if this one is the same or not:
PonyProg  XP/VISTA/W7 (64-bit)
http://www.4shared.com/folder/P7KiuaHd/ponyprog_64bit.html
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
TrevorWhiteAuthor Commented:
Oh brill, that should do the job . . . . especially after I connect my wires to the correct chip !!!
Oooops would appear I have attached to BIOS SPI flash which I wrongly identified as the eeprom. I have the correct connection points (and chip) identified now so will keep you all posted.

I'll use the allservice.ro software first but will also check out the PonyPony software for future reference. Will post back.

Regards
0
 
_Commented:
>> especially after I connect my wires to the correct chip

Been there, done that.    : D
0
 
TrevorWhiteAuthor Commented:
Well here is the belated update . . ..
With the right chip identified I was able to extract the SVR password . . . but TCPA locked. allservice.ro has software to unlock this but had issues writing back to the eeprom. After the logic on various other pins on the eeprom (which were correct) it was decided that the eeprom was damaged in some way so it will be replaced.

Had to ship this to a lab with appropriate gear to remove and fit this (rather small) item.

It has been despatched today and I'm expecting a functioning unit with the SRV password unlocked when it gets back.

I'm not expecting to require further input here but will keep this open so that I can confirm all went well.

Regards
0
 
_Commented:
Thank for the update.
Bummer about the chip, though,   : (
0
 
TrevorWhiteAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for TrevorWhite's comment #a39811415

for the following reason:

Hi
Reason was that I resolved, alternative suggestion was alternative software same process. The solution was identifying the correct chip - this led to further issues as documented. Since I'm being chased to attend to this question I have elected to close before final conclusion is confirmed. IE the item has not returned from the lap yet.

Regards
0
 
TrevorWhiteAuthor Commented:
So sorry, on reading my original question - it was answered in full. I must allocate full points to Coral47. Sorry for messing up
0
 
_Commented:
Thank you much.    : )
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now