As drastic as it is, such passwords are good theft prevention measure.
By not allowing the system to boot without a password, even if CMOS
batteries etc are removed, theft becomes considerably less profitable.
As for brute-forcing the BIOS, this would be somewhat trivial if the
system would boot and allow you to run code on it. It, however, will
not. To brute force the password, you'd have to pull the chip and put
it in a rig that would allow you to interact with it (where you could
probably just read the string out of it). Such things are probably far
beyond cost-effective.
Unfortunately, your best bet (aside from forcing the guy to sit down and
really think *hard* about what the PW might be) is to send it back.
Sorry for the bad news.
-= Eric Lawrence =-
-----Original Message-----
From: leon [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 10, 2001 3:36 PM
To: [EMAIL PROTECTED]
Subject: ThinkPad A20 bios question
I have run into a client who has set a supervisor (or is a supervisor I
was a little confused by the description) password on the bios of a
ThinkPad A20. We have contacted IBM and they say the only way to fix
this issue is to replace the systemboard of the computer. Is this
true???? That seems super-drastic. Anyone have any better ideas or
programs that are made to specifically brute force bios (not sure if
that is possible). The bios version is 1.09 (IWET55WW) I am not sure of
the maker (award, phoenix, etc) because this is all 4th hand
information.
Anyway anyone with suggestions (not flames, I am not person who set the
bios password and did not write it down) please feel free to respond
publicly or privately.
Regards,
Leon
