Cmospwd
Cmospwd
CmosPwd
Christophe GRENIER
[email protected]
http://www.cgsecurity.org
=========================================================================
CmosPwd is a cmos/bios password recovery tool.
CmosPwd is under GNU Public License. You can freely distribute it.
It can be compiled under Dos, Windows, Linux, FreeBSD and NetBSD.
Platforms
- Dos-Windows version
Well, ... it works!
- Linux && BSD version
Users can work on cmos backup but they need root priviledge to
use ioperm function to have full access to cmos.
- Windows NT, 2000, XP, 2003
To work on cmos memory, ioperm need to be installed and running.
ioperm gives direct port I/O access for specified ports to user-mode process
(ring 3) using Ke386SetIoAccessMap and Ke386IoSetAccessProcess kernel functions.
1- You need administrator priviledges to install this driver
"ioperm.exe -i"
2- Start the service if needed with "net start ioperm"
3- Run "Cmospwd_win.exe"
---------------------------------------------------
---------------------------------------------------
¦ Typical Usage for DOS and all Windows users ¦
---------------------------------------------------
---------------------------------------------------
1) Identify your BIOS manufacturer (usually displayed at boot-up)
2) Start in DOS, or start a DOS session in Windows 95/98/ME.
For Windows NT or Windows 2000 boot from a DOS or Windows 95/98 boot
disk (you can find boot disks at www.AnswersThatWork.com), and run
CMOSPWD from your boot floppy (or another floppy).
3) C: [Enter]
cd \CMOSPWD [Enter]
4) Type CMOSPWD at the DOS prompt and press Enter.
5) CMOSPWD will display a list of possibilities. Use the possibilities
itemised against your BIOS manufacturer.
Remember :
a) For AWARD BIOSes, use the Numeric Keypad (with NumLock ON).
b) AWARD 4.50PG BIOS always accepts "AWARD_SW", or "d8on",
or "589589".
c) Old Phoenix BIOSes will accept "phoenix".
6) If the standard method does not work, then try to kill
the CMOS password with CMOSPWD /K (and press Enter),
and then see if you can get into the CMOS without a password.
If you can, you successfully "killed" the old CMOS password.
DO NOT KILL THE CMOS ON LAPTOPS!
---------------------------------------------------
---------------------------------------------------
|General Usage (List of commands) |
---------------------------------------------------
---------------------------------------------------
cmospwd [/d]
cmospwd [/d] /[rlw] cmos_backup_file restore/load/write
cmospwd /k kill cmos
cmospwd /m[01]* execute selected module
/d to dump cmos in ascii and scan code
/m0010011 to execute module 3,6 and 7
Keyboard:
/kfr French AZERTY
/kde German QWERTY
default is US QWERTY
---------------------------------------------------
---------------------------------------------------
|Laptops |
---------------------------------------------------
---------------------------------------------------
Thanks to
- Philippe Garcia-Suarez (AMI Zenith, IBM Thinkpad)
- Mark Miller (AMI WinBIOS)
- Ian Sharpe (Award 4.51PG)
- Darren Evans (Phoenix 4 release 6)
- Teun van de Berg (bug report for "cmospwd /w")
- Giovanni (IO access under NT)
- Robert Rafai (Dell Latitude)
- Guillaume Letessier (Toshiba)
- hackvenger (Phoenix 4.0 realase 6.0)
- "P. MADRE" (Award 4.51PG)
- SerbianHacker/Sasha Miloshevic (IBM ThinkPad 770)
- Michael (Siemens Nixdorf PCD-4ND, Phoenix 1.03)
- w0rm (Phoenix a486 1.03)
- Olaf Freyer (Phoenix 4.05 rev 1.02.943, Phoenix 4.06 rev 1.13.1107)
- Peter "Bluefish" Magnusson, author of !BIOS
- Tjiq (User password of AMI WinBIOS)
- Jedi (Award 4.51PG)
- Michel Creppy from Le Software Man
- YOGESH M (Award 4.51PG)
- Quattrocchi Stefano (Compaq DeskPro)
- Pencho Penchev (Award Medallion 6.0)
- Ernst Oudhof, bug correction for MODE_RESTORE_FORCE
- Lewis Hadley (Award 6.0 Medallion)
- Philippe Biondi (another AMI BIOS)
- Tompa Lorand-Mihaly (AMI Bios ver. 1.08 AN 1994 and Award 6)
- Jose Velasquez Villegas (ThinkPad 560x)
- bre786 (IBM ThinkPad T20)
- Ai-Nung Wang (Award 6)
- Zoulou Yankee (Compaq Deskpro)
- Markus Birth (Sony Vaio)
- Einar Karttunen (NetBSD support)
and to all the guys, who provided information about cmos and reported bugs.
If you have problems or questions about cmospwd,
please mail me.
Christophe GRENIER
[email protected]
http://www.cgsecurity.org