Lab-Project 8: Breaking a BIOS Password

What You Need for This Project

 VMware Workstation or VMware Player.
 Warning: About half the students that try cannot do this project because the VMs close instantly
and they cannot capture the images. I have not been able to find any pattern--some machines do
that and others do not. If it happens to you, you can either try using a different machine or
capture a video of the action. You can then either turn in the video, or capture stills from the
video.
Assigning a BIOS Password
1. Open a virtual machine (VM), but don't start it. It doesn't matter what OS is installed on the
VM. If you don't have a VM handy, just create a new one.
2. From the VMware Workstation menu bar, click VM, Power, "Power ON to BIOS". If that
menu item is not there, you may have an old version of VMware, or VMware Player. You can
probably still do the project by starting the machine, clicking quickly in it, and pressing F2 to
open the BIOS. If the machine
boots up too quickly for you to
get into the BIOS, power the
virtual machine down, find
its .vmx file, and add this line to
the end of it:
bios.bootdelay = 5000
Complete instructions for the
process are here:
http://www.howtogeek.com/
howto/16876/how-to-increase-
the-vmware-boot-screen-delay/
3. When the "PhoenixBIOS Setup Utility" screen appears, click in the VM to capture the
keyboard. Then use the keyboard arrow keys to select the Security menu. Press Enter to "Set
Supervisor Password".
4. Enter a BIOS password of 12345678 in both boxes, as shown to the right on this page. Use the
Enter key to move from one box to the other.
5. After entering the password in both fields, press Enter. A "Setup Notice" box appears saying
"Changes have been saved.". Press Enter again.
6. Your BIOS screen should now
show that the "Supervisor
Password" is "Set", as shown to
the right on this page.
7. Press F10 and then Enter to save
changes.
8. When the VM restarts, from the VMware Workstation menu bar, click VM, Power, "Power
Off"
Entering the Wrong Password Three Times
9. From the VMware Workstation menu bar, click VM, Power, "Power ON to BIOS".
 10. A blue box asks you to "Enter Password". Enter something wrong, like X, and press Enter.
Repeat the process three times.
11. A "System Disabled" box appears, as shown to the right on this page, with a code number
visible.
Saving a Screen Image
12. Make sure your screen shows the "System Disabled" box, with the code number visible.
13. Press Ctrl+Alt to release the keyboard from the VM. Press the PrntScrn key to save the screen
image. Open Paint and paste in the image. Save it as Lab-Proj 8a from YOUR NAME.
Downloading the BIOS Keygen
14. Open a Web browser and go to dogber1.blogspot.com/2009/05/table-of-reverse-engineered-
bios.html
15. In the "Phoenix (generic)
line, download the
"Windows binary" link
(or Lab-Proj.08_pwgen-5dec.zip from the instructor).
16. On your desktop, right-click the pwgen-5dec.zip and click "Extract All…". Click Extract.
Using the Keygen
17. A box pops up showing a
pwgen-5dec.exe file. Double-
click that file. If a warning box
pops up, click Run.
18. A command prompt window
opens. Click in that box and
enter the number from your
"System Disabled" message.
19. It finds a series of passwords.
Notice that the passwords you get
are not the same ones I got, and
don't include the password is not
the one you entered--but it will
probably still
work.

Saving a Screen Image

20. Make sure your screen shows the "Generic Phoenix BIOS" line, with a generated password
visible that is different from the example above.
21. Press Ctrl+Alt to release the keyboard from the VM. Press the PrntScrn key to save the screen
image. Open Paint and paste in the image. Save it as Lab-Proj 8b from YOUR NAME.
Testing the Generated Password
22. Press Ctrl+Alt to release the keyboard from the VM.
23. From the VMware Workstation menu bar, click VM, Power, "Power Off". Click "Power
off".
24. From the VMware Workstation menu bar, click VM, Power, "Power On to BIOS".
 25. A blue box asks you to "Enter Password". Enter the password from the "Generic Phoenix
BIOS" line in the keygen--when I did it, it was fqhrzg
26. If the password works, you will see the BIOS open. If it fails, run the keygen again. Every
time you run it, it finds different passwords, and they don't all work. But it worked for me two
out of three times.
Setting a Boot Password
27. In the Security menu, press the down-arrow to select the "Password on boot" item. Press
Enter to select it. A blue box pops
up. Press the down-arrow key to
highlight Enabled and press
Enter.
28. Your BIOS screen should now
show that the "Password on boot"
is "Enabled", as shown to the right
on this page.
29. Press F10 and then Enter to save changes.
Entering the Wrong Password Three Times
30. A blue box asks you to "Enter Password". Enter something
wrong, like X, and press Enter. Repeat the process three times.
31. A "System Disabled" box appears, as
shown to the right on this page, but this
time the code number is 00000.
Saving a Screen Image
32. Make sure your screen shows the "System Disabled" box, with a number of 00000.
33. Press Ctrl+Alt to release the keyboard from the VM. Press the PrntScrn key to save the screen
image. Open Paint and paste in the image. Save it as Lab-Proj 8c from YOUR NAME.
Using the Keygen
34. Run the keygen and enter the code of 00000. It generates a password.
Testing the Generated Password
35. Press Ctrl+Alt to release the keyboard from the VM.
36. From the VMware Workstation menu bar, click VM, Power, "Power Off". Click "Power
off".
37. From the VMware Workstation menu bar, click VM, Power, "Power On ".
38. A blue box asks you to "Enter Password". Enter the password from the "Generic Phoenix
BIOS" line in the keygen. It won't work--obviously 00000 is not the real code. This keygen
works for BIOS passwords, but not for boot passwords.
Clearing the Passwords
39. Press Ctrl+Alt to release the keyboard from the VM.
40. From the VMware Workstation menu bar, click VM, Power, "Power Off". Click "Power
off".
41. From the VMware Workstation menu bar, click VM, Power, "Power On to BIOS".
42. A blue box asks you to "Enter Password". Enter the password you chose originally: 12345678
43. Use the arrow keys to get to the Security page. Highlight "Password on Boot" and press
Enter. Use the arrow keys to highlight Disabled and press Enter.
44. In the Security menu, set the "Password on boot" to Disabled.
45. Use the arrow keys to highlight "Set Supervisor Password" and press Enter.
46. In the blue "Set Supervisor Password" box, enter 12345678 in the first line. Press Enter four
times.
47. Your BIOS screen should now show that both
passwords are Clear, as shown to the right on this
page.
48. Press F10 and then Enter to save changes.
Turning in your Project
49. Email the JPEG images to the instructor as attachments to a single email message. Send it to:
[email protected] with a subject line of Lab-Proj 8 From Your Name, replacing Your Name
with your own first and last name. Send a Cc to yourself.