mailing list archives
Re: Toshiba NoteBooks BIOS Password Backdoor - Password Cracker
From: nick () VIRUS-L DEMON CO UK (Nick FitzGerald)
Date: Sat, 26 Feb 2000 12:38:33 +1200
If you can boot, it is possible to get a password with the same checksum
and enter the Bios. The checksum value is stored in Cmos. If you create a
recovery disk, this value is stored after the word "KEY" in the 1 first
sector (sector 0 is boot sector).
Maybe you missed Oscar's point? His description explains how to
break *power-on* security on a Tosh notebook. If you can boot it
from a floppy, all bets are off...
It appears Toshiba has been practising "security through obscurity"
as in the past we were always told that the only way to recover from
a lost/corrupted power-on password was to send the machine to Toshiba
(*not* a Toshiba authorized service centre, to a genuine Toshiba
service centre). Seems they were not splitting the cases and doing
some extra magical internal hardware twiddling after all, but simply
sitting on a stock of "magic disks".
Of course, if anyone was "depending" on power-on passwords to protect
their Tosh (or any other) notebook, they were slightly delusional to
start with, as described in the usual dicta regarding attackers
having physical access to a machine...
To crack Toshiba password (Award, AMI and some others models), you can
try CmosPwd (Dos/Win9x, WinNT, Linux versions) avaible at
*If* you have boot access, this is a very handy little util! (If
you don't have boot access, a screw-driver and a good memory for
mainboard layouts and jumper positions helps...)
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854