Solved

Thinkpad T410i supervisor password recovery

Posted on 2014-01-21
10
1,553 Views
Last Modified: 2014-01-30
Hi Guys,
I have a Thinkpad T410i (Win7pro) with an unknown Bios Supervisor password. The only supported route out of this situation is a motherboard replacement . . . however . . . .

http://sodoityourself.com/hacking-ibm-thinkpad-bios-password  describes a procedure to extract the contents of the EEPROM via a IC2 bus arrangement to the serial port of another PC with an ATMEL chip reader installed. Unfortunately all instances of the chip reader that I can find are infected - this has been noted else where.

Does anyone have a suitable chip reader and compatible decoder so that I can extract the supervisor password from the eeprom file dump. Maybe you have an uninfected version of the software referenced in the above link.

I have prepped the T410i with the three wired connections and have built the interconnect, just need the reader and decoder to complete this task now.

Hope someone can help . . . very frustrating to have got this far.

Thanks
0
Comment
Question by:TrevorWhite
  • 5
  • 5
10 Comments
 
LVL 32

Expert Comment

by:_
ID: 39798991
I don't know about the ATMEL chip reader, but this sounds a lot like what I did to get the hard drive unlock code from the eeprom of an original Xbox.
It also uses the SLC, SDA, and Ground wire, run through a PBC, and out to a DB-9 serial.

I don't remember which program did what, but I used PonyProg2000 and LiveInfo Beta to read and decipher it's eeprom. Maybe they will work for you.
One reads the eeprom and saves it as a *.BIN file. The other one reads the BIN file

I will see if I can find where I archived my notes and how-to's, and refresh my memory.

PonyProg2000
http://web.archive.org/web/20100207194900/http://www.lancos.com/ppwin95.html

LiveInfo Beta
http://www.logic-sunrise.com/forums/files/file/1248-liveinfo-beta-3-xbox-v16/
0
 

Author Comment

by:TrevorWhite
ID: 39799373
Hi Coral47,
Thanks for your time on this. I did try the PonyPony solution but it seemed the software was only for 32bit and only runs on Windows upto XP. The only machine I have available with a Serial port is an HP ProBook with Win 7 pro 64 bit

Your process sounds exactly the same as that I refered to - I have subsequently found that the program is not infected but is giving false positives. However I'm having other operational problems possibly related to the linkup wiring of the eeprom.

If you do find there is a Pony solution with a 64bit compile it may be of use later.

I'm liaising with the ALLService.ro guys to resolve current issues.

REgards
0
 
LVL 32

Accepted Solution

by:
_ earned 500 total points
ID: 39800031
This should be it:

PonyProg64
http://www.techcat.de/index.php?ponyprog

TVicPort driver: (needed driver?)
http://www.entechtaiwan.com/dev/port/index.shtm

links are from this page:
http://ponyprog.sourceforge.net/phorum/read.php?2,2249

not sure if this one is the same or not:
PonyProg  XP/VISTA/W7 (64-bit)
http://www.4shared.com/folder/P7KiuaHd/ponyprog_64bit.html
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 

Author Comment

by:TrevorWhite
ID: 39800087
Oh brill, that should do the job . . . . especially after I connect my wires to the correct chip !!!
Oooops would appear I have attached to BIOS SPI flash which I wrongly identified as the eeprom. I have the correct connection points (and chip) identified now so will keep you all posted.

I'll use the allservice.ro software first but will also check out the PonyPony software for future reference. Will post back.

Regards
0
 
LVL 32

Expert Comment

by:_
ID: 39800110
>> especially after I connect my wires to the correct chip

Been there, done that.    : D
0
 

Author Comment

by:TrevorWhite
ID: 39811415
Well here is the belated update . . ..
With the right chip identified I was able to extract the SVR password . . . but TCPA locked. allservice.ro has software to unlock this but had issues writing back to the eeprom. After the logic on various other pins on the eeprom (which were correct) it was decided that the eeprom was damaged in some way so it will be replaced.

Had to ship this to a lab with appropriate gear to remove and fit this (rather small) item.

It has been despatched today and I'm expecting a functioning unit with the SRV password unlocked when it gets back.

I'm not expecting to require further input here but will keep this open so that I can confirm all went well.

Regards
0
 
LVL 32

Expert Comment

by:_
ID: 39811640
Thank for the update.
Bummer about the chip, though,   : (
0
 

Author Comment

by:TrevorWhite
ID: 39822102
I've requested that this question be closed as follows:

Accepted answer: 0 points for TrevorWhite's comment #a39811415

for the following reason:

Hi
Reason was that I resolved, alternative suggestion was alternative software same process. The solution was identifying the correct chip - this led to further issues as documented. Since I'm being chased to attend to this question I have elected to close before final conclusion is confirmed. IE the item has not returned from the lap yet.

Regards
0
 

Author Comment

by:TrevorWhite
ID: 39822098
So sorry, on reading my original question - it was answered in full. I must allocate full points to Coral47. Sorry for messing up
0
 
LVL 32

Expert Comment

by:_
ID: 39822331
Thank you much.    : )
0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
hp laptop model 10 63
where is lenovo t460p sleep button? 6 35
Windows 10 Slow to recognise CD's 8 56
trying to format an ssd 7 27
In the modern office, employees tend to move around the workplace a lot more freely. Conferences, collaborative groups, flexible seating and working from home require a new level of mobility. Technology has not only changed the behavior and the expe…
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question