Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Toshiba NoteBooks BIOS Password Backdoor - Password Cracker
From: nick () VIRUS-L DEMON CO UK (Nick FitzGerald)
Date: Sat, 26 Feb 2000 12:38:33 +1200

If you can boot, it is possible to get a password with the same checksum
and enter the Bios. The checksum value is stored in Cmos. If you create a
recovery disk, this value is stored after the word "KEY" in the 1 first
sector (sector 0 is boot sector).

Maybe you missed Oscar's point?  His description explains how to
break *power-on* security on a Tosh notebook.  If you can boot it
from a floppy, all bets are off...

It appears Toshiba has been practising "security through obscurity"
as in the past we were always told that the only way to recover from
a lost/corrupted power-on password was to send the machine to Toshiba
(*not* a Toshiba authorized service centre, to a genuine Toshiba
service centre).  Seems they were not splitting the cases and doing
some extra magical internal hardware twiddling after all, but simply
sitting on a stock of "magic disks".

Of course, if anyone was "depending" on power-on passwords to protect
their Tosh (or any other) notebook, they were slightly delusional to
start with, as described in the usual dicta regarding attackers
having physical access to a machine...

To crack Toshiba password (Award, AMI and some others models), you can
try CmosPwd (Dos/Win9x, WinNT, Linux versions) avaible at

*If* you have boot access, this is a very handy little util!  (If
you don't have boot access, a screw-driver and a good memory for
mainboard layouts and jumper positions helps...)

Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]