Quick How-To: Hack Bios Passwords on your Computer | Hacked: Hacking Finance

Fun Hacks

Quick How-To: Hack Bios Passwords on your Computer

Posted on .

Quick How-To: Hack Bios Passwords on your Computer


This article was posted on Tuesday, 23:50, UTC.

hack bios password errorWhether you forget your password or the used laptop you bought online shipped with a locked BIOS, hacking the password is easy enough. If physical access is unlimited, the process is similar to replacing a watch battery. If taking apart your machine is outside your comfort zone or otherwise infeasible there is a software option.

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

Most laptop vendors store a checksum of your password in the machine’s FlashROM – a chip that resides on your computer’s motherboard. When an incorrect password is entered three times a ‘System Disabled” message with what appears to be an error code. This counterfeit error code is actually a salted checksum of the BIOS password. Each BIOS vendor has their own salt but the process of cracking the password is basically the same and takes less than 100 lines of Python.

Security Blogger Dogbert provides a library of scripts that hack BIOS passwords for a majority of laptop vendors. Anyone running them will need Python 2.6 or can run packaged Window’s binaries. The scripts are basically brute force dictionary attacks that compute a hash using the vendor’s master salt or serial number. The computed hash is compared to the checksum you received after passing incorrect passwords to your motherboard’s BIOS. When a match is found it is printed to the console.

hack bios password code

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

Some vendors have taken it upon themselves to step up their security. Certain model FSI laptops will withhold the checksum until three separate passwords are entered – i.e. “Show The Password” or “@skD*63 [email protected] $Ml1a23”. Other vendors require key presses (F2/F12) or combinations entered at the correct time.

Also read Steam Hacked, Accounts Compromised, People Blaming Valve

Hacking the BIOS password can give an attacker low-level access to the machine. For example, once in the BIOS they could change the boot order to prefer a USB drive. From there they can boot an operating system and access the machine’s hard drive as if it were an external drive. They could run analytic tools on the files, search for passwords or personal information, even make a copy of the entire contents of the disk and transfer it to a private lab for further analysis.

Images from Henrique Pinto, Dogbert

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.

Feedback or Requests?

Alex Gorale

Alex Gorale

Big? Little? It's all Endian

  • user

    AUTHOR Burnt Eloi

    Posted on 8:59 pm August 12, 2015.

    whatever happened to the good ol days of pulling the BIOS battery or shorting to ground, lol

  • View Comments (1) ...
    The team:
    Dmitriy Lavrov
    Dmitriy Lavrov is a professional trader, technical analyst and money manager with 10 years of trading experience. He covers Forex, Commodities and Cryptocurrencies. He is among the top 10 most Read More
    Jonas Borchgrevink
    Jonas Borchgrevink is the founder of Hacked.com and CryptoCoinsNews.com. He is a serial entrepreneur, trader and investor. He shares his own personal journey on Hacked.com. // -- Discuss and ask Read More
    Mate Csar
    Trader and financial analyst, with 10 years of experience in the field. An expert in technical analysis and risk management, but also an avid practitioner of value investment and passive Read More
    Mati Greenspan
    Senior Market Analyst at Etoro.com. // -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- // Important: Never invest Read More
    Rakesh Upadhyay
    Rakesh Upadhyay is a Technical Analyst and Portfolio Consultant for The Summit Group. He has more than a decade of experience as a private trader. His philosophy is to use Read More
    Pamela Meropiali
    Account Manager
    Pamela Meropiali is responsible for users on Hacked.com. // -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- // Read More
    Joseph Young
    Joseph Young is a finance and tech journalist & analyst based in Hong Kong. He has worked with leading media and news agencies in the technology and finance industries, offering Read More
    It is common knowledge among professional IT security personnel that…