--- In A-1-Computer_Tech@yahoogroups.com, "CV" <[EMAIL PROTECTED]> wrote: > > Hello again everyone! I have a problem (again). My co-worker at work > gave me her old IBM thinkpad 600. She said she had it a long time. But > she did not remember the password to get into it! i tried what she > thought the password was it did not work. It boots up and then has the > little "lock" icon requiring a password. Can anyone PLEASE PLEASE > help me to get past the password and get into the OS? Is there a > generic password? Why the heck does IBM do this? It makes it > impossible if you were to lose or forget the password. > > Can anyone PLEASE HELP! > > Thank you and God Bless! > Cindy > Firstly, why have you got to post the message to a number of groups? If you need to do so, you should cross post in such a way that people know that you have done so? Yesterday someone on the CHAD Group got upset because they found out that they had responded to a message already answered on A1- Computer Tech Group. People, understandably, get upset when they find out their efforts have been wasted. As for why the heck did IBM follow similar standards to other portable computer manufacturers, for security purposes. Doh, if I had a thinkpad stolen I wouldn't want the felon to be able to use it, or to be easily able to access the Hard Disk in an other machine. I have researched your problem on your internet, and found (a) People that say you cant crack the password, (b) a person that he will for a fee, plus you will have to pay in addition for repairs to the machine, (c) the option that you have costly maintenance work carried and have the chip replaced and the Hard Disk or finally (d) that you can actually change the supervisors pasword etc if you have another computer and the technical ability to so. A......Those that say you can't (or shouldn't) overcome forgotten passwords: From the list's FAQ: http://zurich.ai.mit.edu/hypermail/thinkpad/2003-10/0015.html
#15) Can you help me remove the BIOS/HDD password from this ThinkPad that I just bought/inherited/found/was given/stole/other? Short answer: No. Long answer: Cracking passwords is a highly charged subject over which reasonable people disagree. Threads discussing it can be found starting at: <http://zurich.ai.mit.edu/hypermail/thinkpad/2002-02/1093.html> and <http://zurich.ai.mit.edu/hypermail/thinkpad/2002-02/1130.html> B...........Pay for the password and repairs This site is dedicated to ThinkPad (TP) owners who find themselves locked out for whatever reason, they don't know the Power On Password or Supervisor Password or Hard Disk Password or encounter a BAD CRC1 or CRC2 ERROR displayed on their TP. TP owners will have subsequently discovered, to their absolute amazement, that the manufacturer of their beloved TP offers no economically viable solution. The manufacturer does not have a policy to help genuine legitimate owners out of this predicament without paying, in some cases more than the TP is worth, to replace for no sane or logical reason their perfect and fully functional System Board! How much does password recovery cost Cost depends on which model ThinkPad you have USD $30 for these 'Category 1' models; 370C, 380Z, 380XD, 560Z, 600, 760EL, 760LD, 770 series, 770E, 770ED USD $45 for these 'Category 2' models; 240, 240X, 390E, 390X, 570, 600e, 600X, 770Z, A20m, A21e, A21m, A22e, A22m, A30, A30p, A31, A31p, G40, G41, R30, R31, R32, R40, R51, T20, T21, T22, T23, T30, T40, T40p, T41, T41p, T42, T42p, TransNote, X20, X21, X22, X23, X24, X30, X31, X40, X41. I am currently developing password recovery solutions for ThinkPad models T43, T43p, R52, T60, T60p and Z60, I will add them to the list when the work is completed, until then please do NOT purchase a password recovery for these models. ---------------------------------------------------------------------- ---------- What else will I need to buy You will need to buy the parts to build the interface, the parts for the interface are NOT included in your purchase price. I do NOT sell the parts for the interface, you can easily source these parts locally or on the net, costs of the parts for the interface varies from USD $25 to USD $50 depending on where you buy them. You will also need; a fine tipped Soldering Iron and solder. a small Philips head screw driver What do I receive after payment Following receipt of payment, detailed illustrated step by step instructions will be sent by email to your PayPal registered email address to enable you to successfully use my Password Recovery and CRC Repair procedures. You will also receive a 'Certificate Number' always quote your 'Certificate Number' in any subsequent email. http://www.ja.axxs.net/unlock/ C...............Recovery through servicicing and replacement of the main board and Hard Drive: Forgotten Supervisor password A forgotten Supervisor password will prevent access to the ThinkPad BIOS setup utility. To regain access, the system will need to be serviced to have the system board and hard drive replaced. Proof of purchase is required, and this repair is not covered under the warranty. Hard drive password There are two Hard drive passwords: a user Hard drive password for the user and a master Hard drive password for the system administrator. The administrator can use the master password to get access to the hard drive even if a user has changed the user Hard drive password. The following is the icon that comes up in the upper left corner if a Hard disk password is set: Normal Operation There are two modes for the Hard drive password: user only and master + user. The master + user mode requires two Hard drive passwords; the system administrator enters both in the same operation and provides the user Hard drive password to the system user. If either master + user or user only are set, a the password prompt will appear during the boot process either the master or the user Hard drive password will need to be entered before the operating system can be booted. Forgotten Hard drive password If the user's Hard drive password has been forgotten, check whether a master Hard drive password has been set. If it has, it can be used for access to the hard drive. If no master Hard drive password is available, or if the administrator forgets the master Hard drive password, then the hard drive must be replaced. This replacement process is not covered under the warranty. Power-on password A Power-on password protects the system from being powered on by an unauthorized person. The following is the icon that comes up in the upper left corner if a Power-on password is set: Normal Operation When the Power-on password has been set, a prompt will appear during the system start up, and the Power-on password must be entered before an operating system can be booted. Forgotten Power-on password If the Power-on password is forgotten and the Supervisor password is known, simply go into the ThinkPad BIOS setup utility and reset the Power-on password, otherwise try the following: Turn off the computer. Remove the battery pack. Remove the backup battery. Turn on the computer and wait until the POST ends. After the POST ends, the password prompt does not appear. The POP has been removed. Reinstall the backup battery and the battery pack. Note: Some ThinkPad systems have the ability to reset the Power-on passwords in the ThinkPad BIOS setup utility if a Supervisor password has been set. http://www-307.ibm.com/pc/support/site.wss/document.do? sitestyle=ibm&lndocid=MIGR-59377 D........................Recovery by building an interface and using another computer Recovering BIOS passwords Password recovery procedure for IBM ThinkPads using R24RF08 and IBMpass 1. Introduction. As you probably know, IBM ThinkPad uses a small eeprom (ATMEL 24RF08) to store different OEM issues like serial number, UUID, etc. The supervisor password (SVP) is stored also into this little chip. So, anybody should figure that he needs to read the eeprom in order to find the password string. The first problem is that 24RF08 is not an ordinary eeprom. The second is that the password is written in a special scan code. To read properly you need a software (and an interface) specially designed for this eeprom. This software is R24RF08 (eeprom reader) and IBMpass (password revealer) available at www.allservice.ro . Diagrams are included in the reader kit 2. Locating the eeprom. Soldering. No need to unsolder the 24RF08 eeprom, just solder 3 wires to SDA, SCL and GND pins of the eeprom. There are two eeprom layouts (see interface schematics described bellow), orresponding to 8 pin or 14 pin eeproms. Locate the eeprom first according to your model (E.g. T20-23 and T30 have the eeprom underneath TP, and can be accessed by removing the RAM modules cover, no need to dismantle the laptop.) and solder the wires using a soldering iron with a fine tip. Also, you can use 0.15 -0.20 mm enamel coated wires or similar small diameter insulated wires. These wires will be connected later to the interface. Tip: You can use clips to connect the wires or you can solder on the PCB traces leading to the eeprom pins. Once again, be careful and double, triple check the soldering if necessary till you are positively sure you have done the right job. 3. Choose and build the interface. Since version 2.0, R24RF08 and W24RF08(eeprom writer) are compatible with a wide range of eeprom programmers. By default, both programs set the COM port signals to use direct logic level to access I2C bus. We provide here 2 schematics that are relevant for direct logic signals and for inverse logic signals (simple-i2cprog.pdf and driven- i2cprog.pdf). Also, depending of the interface you build, you can invert the logics for SDA-In, SDA-Out, and SCL COM port signals by some command line parameters described later in this document. a) The file simple-i2cprog.pdf contains the schematic diagram of a simple interface (known as SIPROG)based on 2 zeners and 2 resistors. This is a classic, easy to build circuit and works with soldered or unsoldered eeproms. The purpose of the 2 zeners is to convert RS232 levels (+/- 5V) to TTL levels, needed by the eeprom. It uses direct logic signals to I2C eeprom and is powered by the COM port. However, this interface works with in-system eeproms but is dependant on COM port current and eeprom bus impedance. R24RF08 works natively with this circuit, no need to change the lines signals with command line parameters. This circuit works pretty well with almost all ThinkPads series. b) The second interface is described in driven-i2cprog.pdf. The circuit uses MAX 232 as a RS232 to TTL driver and its main purpose is to work with soldered eeproms. The advantage of MAX232 is the TTL outputs that are more reliable and more powerful when work with soldered, in-system eeproms (dependency free from the COM port current). Due of the internal inverters of MAX232 the interface responds to an inverse signal logic level. R24RF08 needs /x, /d, /i switches to be specified in the command line. What these switches mean: /x - invert serial clock, also known as SCL; /d - invert serial data output, also known as SDA-Out; /i - invert serial data input, also known as SDA-In. All those can be used in any combination to meet any interface specification. 4. How is it working: Prepare your technician PC by connecting the interface to the COM1 port (don't connect the wires to eeprom yet). Turn on the ThinkPad and press F1 to enter BIOS Setup. When you are prompted for the password and there's no other activity like HDD access or so, connect the wires (GND first!, SDA, SCL) to the corresponding wires from the interface (attached before to COM1) and execute R24RF08: -for SI-PROG interface (as described in 3.a above): r24rf08.exe <filename.ext>. where filename.ext is the file where eeprom content will be stored. Example: r24rf08 mytp.bin -for MAX232 driven I2C interface (as described in 3.b above): r24rf08.exe <filename.ext> /x /d /i. where /x /d /i are command line parameters (switches) for this kind of interface. Example: r24rf08 mytp2.bin /x /d /i Use exactly the instructed switches to avoid possible damages to your eeprom data! The file should be created in the same folder. Finally, disconnect the wires (GND last!) and turn off the ThinkPad by pressing on/off switch. 5. Reveal the password. Now, you have the .bin file but you need to dump in scan code to retrieve the password. IBMpass 2.0 Lite is a free tool that will do the job. Just open the eeprom dump you've created before and search for 0x330, 0x340 lines. The password is located on 0x338 (and 0x340 depending on model) in scan code. For 24C01 eeproms the password is located at 0x38, 0x40. If the password won't work for the very first time then your eeprom may use newer IBM scancodes. In this case switch to alternate scan codes to find it. For those who want quick answers the recommended version is IBMpass 1.1. Usage for IBMpass 1.1 (command line only): ibmpass mytp.bin use "/a" switch to see in alternate scan code if needed: ibmpass mytp.bin /a For some old models like 570 or 770Z you need to execute the eeprom patcher first. This will reset the read protection on the password offset. To do that just execute patcher.exe before the reading operation, without rebooting the laptop: -for SI-PROG: patcher.exe , then immediately r24rf08.exe <filename.ext> -for Driven-I2C (Max232) you must insert the switches: patcher.exe /x /d /i, then immediately r24rf08.exe <filename.ext> /x /d /i W24RF08, the writer version, has included the complete APP reset operation you don't need to use patcher. Remember, use 3 wires from the interface and 3 wires from eeprom! Connect them after your ThinkPad is powered and disconnect them right after you read the content, before you switch off the laptop. [edit]External Sources R24RF08 & IBMpass author's webpage. IBM Support - Lost or forgotten password Full Service of all Thinkpad models including free password recovery http://www.thinkwiki.org/wiki/Maintenance I hope the above helps, whether its cost effective to mess about with elderly computers - and/or to spend money on them - only you will know. Would be far better if your colleague could remember the passwords. Paris If you have any questions or problems with any aspect of this site, please feel free to contact me directly [EMAIL PROTECTED] Please do not post personal issues directly to the group. To unsubscribe from this list, send an email to [EMAIL PROTECTED] Thank you for using A-1 Computer Tech Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/A-1-Computer_Tech/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/