Trying to get into the BIOS

[mike]

Greetings to all,

Once again stumped by a 'puter problem, as usual my hopes turn to SER
as my prospects starts looking rather hopeless.

Does anybody out there have some clues for getting into a password-
protected BIOS
On a 5 or 6 year old Jetway motherboard? Background follows:

I found it at the scrapyard a while back, and recently scored a
processor for it,
only to find that it's set up to boot from hard drive only. I can't
get in to change the
boot order since the BIOS is set to have a password.

It won't boot from a floppy, nor a cd, but will boot from a hard drive
that has DOS on
it, and also one that has Ubuntu on it, as well as the one that came
with it, which is
a 40 Gb drive that has, I think, Mandrake on it.

All I get when I boot with the 40 Gb one is a login prompt, but, not
having any login
info or passwords I can't really get any where by booting with it;
but, I can kind of
poke around in it's file-system if I boot with the drive that has
Ubuntu set as the
primary master.

I think it may be pretty well secured by IT pros, as it came in a
rack-mount enclosure with BarracudaNetworks logo and markings, and was
formerly used
as a spam firewall or some-such thing.

The main reason I'm hoping to turn it into a working system is it has
SATA onboard, and it's a step up in processing power (AMD 64) from the
P4- and AMD Athlon- boxes that are presently my 'daily drivers'.

In searching the web I've managed to secure the motherboard manual and
the latest
drivers and a BIOS update for it, but when I try to flash the bios
(it's Award bios
and I'm using the flash program from the Jetway site) it looks like
it's working until
the end, when it gives a message "flash rom is write-protected, make
sure all jumpers
is set to proper" or some such slightly mangled English, and I've
followed the
manual's instructions on clearing the cmos and I find no other jumpers
that deal with
write-protection. I also tried removing the battery for several days
and jumpering
where the battery contacts are, but I guess there must be some non-
volatile memory
somewhere that is defeating my efforts.

I've emailed Jetway a couple weeks ago, so far no response. I haven't
tried BarracudaNetworks, other than to poke around on their site, but
technical info there seems mostly about selling systems and not how
the systems work (except for IT speak, which I'm not very conversant
in).

It has the bios contained in a PLCC-32 package which fits into a
socket. I found some
pin-out info on the Winbond site:

http://www.winbond.com/hq/enu/ProductAndSales/ProductLines/FlashMemory/ParallelFlash/APNote.htm

APPnote 21 has a table, but not much in the way of instructions.

Sorry to be so long-winded, I've tried a couple other things but the
one I'd most like to learn more about
I ran into in a few different places, where from a Dos prompt you go
into DEBUG and supposedly change the values in some register that will
make the bios lose the password requirement - so far it hasn't worked,
don't know if I'm following the instructions correctly or not.

TIA for any info,

Mike

 

[Geo]

On Mon, 18 Apr 2011 08:06:30 -0700 (PDT), mike
<mlightner@survivormail.com> wrote:

<snip>

(it's Award bios

What version?
CmosPwd says it works for Award 4.5x/4.6x/6.0 - also look at their
readme for some backdoor passwords to try.

 

[Geo]

On Mon, 18 Apr 2011 09:36:58 -0700 (PDT), mike
<mlightner@survivormail.com> wrote:

6.0, I think - when I run it from DOS, cmospwd says something about be
sure
to use the numerical keypad, but I haven't yet figured out what or
when to do that...
Sorry - no idea.

as for the back door passwords, I've tried alot of 'em, but not all of
them
Have you tried this one for Jetway spooml

If removing the cmos battery did not work, the other place with
non-volatile memory is the RTC (clock) chip. Some of them have
internal battery so a momentary short is required across a couple of
pins to wipe the memory.
The is a table on this page giving the pin numbers for 3 common RTCs:-
http://www.tech-faq.com/reset-bios-password.html

 

[Geo]

On Mon, 18 Apr 2011 18:48:50 +0100, Geo <hw9j-s5hw@dea.spamcon.org>
wrote:

Muddled stuff - sorry that did not come out as I intended - it is
unlikely you have an external battery /and/ an RTC+CMOS with an
internal one - best ignore the post.

 

[Mike Tomlinson]

In article <e0900b0a-d06f-4d77-87bd-aada32faf18b@gu8g2000vbb.googlegroup
s.com>, mike <mlightner@survivormail.com> writes

I ran into in a few different places, where from a Dos prompt you go
into DEBUG and supposedly change the values in some register that will
make the bios lose the password requirement - so far it hasn't worked,
don't know if I'm following the instructions correctly or not.

boot DOS
run debug. '-' is the debug prompt, you don't type this.

- o 70 10
- o 71 0
- q

that's "oh, seventy, ten / oh, seventy-one, zero"

reboot.

with a bit of luck, password will be gone.

--
(\__/)
(='.'=)
(")_(")

 

[mike]

On Apr 18, 12:00 pm, Geo <hw9j-s...@dea.spamcon.org> wrote:

On Mon, 18 Apr 2011 08:06:30 -0700 (PDT), mike

mlight...@survivormail.com> wrote:

snip

(it's Award bios

What version?
CmosPwd says it works for Award 4.5x/4.6x/6.0 - also look at their
readme for some backdoor passwords to try.

6.0, I think - when I run it from DOS, cmospwd says something about be
sure
to use the numerical keypad, but I haven't yet figured out what or
when to do that...
as for the back door passwords, I've tried alot of 'em, but not all of
them in their
possible forms WRT caps, underscores, spaces, etc...But, I do still
wonder about
the keypad thing, and the numbers listed for version 6.0, I'll try a
few things next I
spend some time with it.

Thanks,
Mike

 

[mike]

On Apr 18, 1:48 pm, Geo <hw9j-s...@dea.spamcon.org> wrote:

On Mon, 18 Apr 2011 09:36:58 -0700 (PDT), mike


Have you tried this one for Jetway       spooml

Yep, tried it, and I'll probably try it again a few more times before

its over

If removing the cmos battery did not work, the other place with
non-volatile memory is the RTC (clock) chip. Some of them have
internal battery so a momentary short is required across a couple of
pins to wipe the memory.
The is a table on this page giving the pin numbers for 3 common RTCs:

http://www.tech-faq.com/reset-bios-password.html

I'll have a look at that, thanks.

 

[mike]

On Apr 18, 2:10 pm, Mike Tomlinson <m...@jasper.org.uk> wrote:

In article <e0900b0a-d06f-4d77-87bd-aada32faf...@gu8g2000vbb.googlegroup
s.com>, mike <mlight...@survivormail.com> writes

I ran into in a few different places, where from a Dos prompt you go
into DEBUG and supposedly change the values in some register that will
make the bios lose the password requirement - so far it hasn't worked,
don't know if I'm following the instructions correctly or not.

boot DOS
run debug.  '-' is the debug prompt, you don't type this.

- o 70 10
- o 71 0
- q

that's "oh, seventy, ten / oh, seventy-one, zero"

reboot.

with a bit of luck, password will be gone.

--
(\__/)  
(='.'=)
(")_(")

All right, thanks! I'll give that a try probably this evening.

 

[who where]

On Mon, 18 Apr 2011 12:54:58 -0700 (PDT), mike
<mlightner@survivormail.com> wrote:

On Apr 18, 2:10 pm, Mike Tomlinson <m...@jasper.org.uk> wrote:
In article <e0900b0a-d06f-4d77-87bd-aada32faf...@gu8g2000vbb.googlegroup
s.com>, mike <mlight...@survivormail.com> writes

I ran into in a few different places, where from a Dos prompt you go
into DEBUG and supposedly change the values in some register that will
make the bios lose the password requirement - so far it hasn't worked,
don't know if I'm following the instructions correctly or not.

boot DOS
run debug.  '-' is the debug prompt, you don't type this.

- o 70 10
- o 71 0
- q

that's "oh, seventy, ten / oh, seventy-one, zero"

reboot.

with a bit of luck, password will be gone.

--
(\__/)  
(='.'=)
(")_(")

All right, thanks! I'll give that a try probably this evening.

Failing that, locate a copy of KILLCMOS, a small utility that writes
to cmos RAM and *causes* a checksum error there. The result is that
on a subsequent bootup you will be directed to setup (without
requiring a pswd) where you can clear the pswd requirement.

 

[mike]

who where wrote:

On Mon, 18 Apr 2011 12:54:58 -0700 (PDT), mike
mlightner@survivormail.com> wrote:

On Apr 18, 2:10�pm, Mike Tomlinson <m...@jasper.org.uk> wrote:> >> reboot.

with a bit of luck, password will be gone.

Guess my luck is lacking, I tried entering a few different values in
DEBUG as found here and there, to no effect so far...

--
(\__/) ďż˝
(='.'=)
(")_(")



Failing that, locate a copy of KILLCMOS, a small utility that writes
to cmos RAM and *causes* a checksum error there. The result is that
on a subsequent bootup you will be directed to setup (without
requiring a pswd) where you can clear the pswd requirement.\

All right, I got a copy of it, will try that later today.
Thanks

 

[William Sommerwerck]

This made me curious: In my experience with BIOS the
system will run through a list of boot devices to try to boot.
Is it common to set a system up to rely on one device only?

Not that I know of. The BIOS usually lets you select the order. I set mine
to CD, floppy, HD.

 

[Geoffrey S. Mendelson]

mike wrote:

All right, I got a copy of it, will try that later today.
Thanks

Walking in late, and not having a clue as to what computer you are talking
about, desktop PC's since 1990 have batteries to keep the CMOS RAM intact.
There was a brief flirtation with clock chips with batteries built in, some
which also had the CMOS RAM on them, but they are long obsolete.

Modern ones use lithium coin cells in little holders. PC/AT computers and
most 386/486 ones used external batteries which pluged into the motherboard
and the later 386/486 had NICAD batteries (all of which must of leaked and
died 10 years ago).

If it has a lithim coin cell, the easiest thing to do is to remove it and
wait an hour. You can also find a "clear CMOS" jumper on the motherboard,
you set it, turn on the power, wait until BIOS text appears on the screen, turn
off power and remove the jumper.

If it's a laptop, you can often find a clear CMOS jumper hidden inside or
take out the battery and let it sit overnight. Modern laptops use capacitors
to hold the CMOS settings for a few hours with no battery.

Some of the BIOSes have "backdoor" passwords in them, you should google the
exact model of your laptop/desktop motherboard for more information.

You can also google BIOS password, or BIOS backdoor.

Geoff.

--
Geoffrey S. Mendelson N3OWJ/4X1GM
Those who cannot remember the past are condemned to misquote it.

 

[David Nebenzahl]

On 4/19/2011 10:59 AM Geoffrey S. Mendelson spake thus:

mike wrote:

If you read the first post in the thread that info will be revealed
to you.

It's long since rolled off my system.

Is *everything* in Israel as piss-poor as you say it is? Retention time
of 2 days? Sheesh ...


--
The current state of literacy in our advanced civilization:

yo
wassup
nuttin
wan2 hang
k
where
here
k
l8tr
by

- from Usenet (what's *that*?)

 

On Tue, 19 Apr 2011 09:57:49 -0700 (PDT), spamtrap1888
<spamtrap1888@gmail.com> wrote:

On Apr 18, 8:06 am, mike <mlight...@survivormail.com> wrote:
Greetings  to all,

...
I found it at the scrapyard a while back, and recently scored a
processor for it,
only to find that it's set up to boot from hard drive only.  I can't
get in to change the
boot order since the BIOS is set to have a password.

It won't boot from a floppy, nor a cd, but will boot from a hard drive
that has DOS on
it, and also one that has Ubuntu on it, as well as the one that came
with it, which is
a 40 Gb drive that has, I think, Mandrake on it.

...

I think it may be pretty well secured by IT pros, as it came in a
rack-mount enclosure with BarracudaNetworks logo and markings, and was
formerly used
as a spam firewall or some-such thing.

This made me curious: In my experience with BIOS the system will run
through a list of boot devices to try to boot. Is it common to set a
system up to rely on one device only?
Current BIOS will generate a list of boot devices; it is possible to

remove devices from the list. Given the application - Firewall -
restricting the eligible boot devices to the hard drive is an
elementary precaution.

PlainBill

 

[spamtrap1888]

On Apr 18, 8:06 am, mike <mlight...@survivormail.com> wrote:

Greetings  to all,

....
I found it at the scrapyard a while back, and recently scored a
processor for it,
only to find that it's set up to boot from hard drive only.  I can't
get in to change the
boot order since the BIOS is set to have a password.

It won't boot from a floppy, nor a cd, but will boot from a hard drive
that has DOS on
it, and also one that has Ubuntu on it, as well as the one that came
with it, which is
a 40 Gb drive that has, I think, Mandrake on it.

....

I think it may be pretty well secured by IT pros, as it came in a
rack-mount enclosure with BarracudaNetworks logo and markings, and was
formerly used
as a spam firewall or some-such thing.

This made me curious: In my experience with BIOS the system will run
through a list of boot devices to try to boot. Is it common to set a
system up to rely on one device only?

 

[Geoffrey S. Mendelson]

spamtrap1888 wrote:

This made me curious: In my experience with BIOS the system will run
through a list of boot devices to try to boot. Is it common to set a
system up to rely on one device only?

The "Press F8 for a boot menu" option did not appear until around 2002, and
as late as 2005 some BIOSes did not have it.

Before then, you could set the boot order and whether to try other devices
in the BIOS.

It was probably an office computer and was set to prevent people from booting
CD/DVD's and floppies.

Geoff.

--
Geoffrey S. Mendelson N3OWJ/4X1GM
Those who cannot remember the past are condemned to misquote it.

 

[mike]

On Apr 19, 11:34 am, "Geoffrey S. Mendelson" <g...@mendelson.com>
wrote:

mike wrote:
All right, I got a copy of it, will try that later today.
Thanks

Walking in late, and not having a clue as to what computer you are talking
about,

If you read the first post in the thread that info will be revealed to
you.

desktop PC's since 1990 have batteries to keep the CMOS RAM intact.

There was a brief flirtation with clock chips with batteries built in, some
which also had the CMOS RAM on them, but they are long obsolete.

Modern ones use lithium coin cells in little holders. PC/AT computers and
most 386/486 ones used external batteries which pluged into the motherboard
and the later 386/486 had NICAD batteries (all of which must of leaked and
died 10 years ago).

If it has a lithim coin cell, the easiest thing to do is to remove it and
wait an hour. You can also find a "clear CMOS" jumper on the motherboard,
you set it, turn on the power, wait until BIOS text appears on the screen, turn
off power and remove the jumper.

If it's a laptop, you can often find a clear CMOS jumper hidden inside or
take out the battery and let it sit overnight. Modern laptops use capacitors
to hold the CMOS settings for a few hours with no battery.

Some of the BIOSes have "backdoor" passwords in them, you should google the
exact model of your laptop/desktop motherboard for more information.

You can also google BIOS password, or BIOS backdoor.

I usually DAGS first these days, don't want to look like an idiot,
don't ya know

Geoff.

--
Geoffrey S. Mendelson N3OWJ/4X1GM
Those who cannot remember the past are condemned to misquote it.

 

[Geoffrey S. Mendelson]

mike wrote:

If you read the first post in the thread that info will be revealed to
you.

It's long since rolled off my system.

Geoff.

--
Geoffrey S. Mendelson N3OWJ/4X1GM
Those who cannot remember the past are condemned to misquote it.

 

[Geoffrey S. Mendelson]

David Nebenzahl wrote:

Is *everything* in Israel as piss-poor as you say it is? Retention time
of 2 days? Sheesh ...

Cut me a break. It's a private news feed sent to a private system. I set
it up over 10 years ago when I had a dial up and 2g hard drive and it has
worked fine for me ever since.

I'm sure there are plenty of news servers out there (or out here) with much
longer retention and many more groups, but I've never had a need to change.

I probably should up the retention, but since I'm the only one who uses it,
and USENET is full of crap, I don't see much of a reason. By two days, almost
every posting on every group has befallen Godwin's Law or Mendelson's corollary
(change calling someone a NAZI in Godwin's to reference to the Wikipedia).

Geoff.


--
Geoffrey S. Mendelson N3OWJ/4X1GM
Those who cannot remember the past are condemned to misquote it.

 

[mike]

Geoffrey S. Mendelson wrote:

mike wrote:
If you read the first post in the thread that info will be revealed to
you.

It's long since rolled off my system.

Oh, now I see - quoting from 1st post:

"Does anybody out there have some clues for getting into a password-
protected BIOS
On a 5 or 6 year old Jetway motherboard? Background follows:

I found it at the scrapyard a while back, and recently scored a
processor for it,
only to find that it's set up to boot from hard drive only. I can't
get in to change the
boot order since the BIOS is set to have a password.

It won't boot from a floppy, nor a cd, but will boot from a hard drive
that has DOS on
it, and also one that has Ubuntu on it, as well as the one that came
with it, which is
a 40 Gb drive that has, I think, Mandrake on it.

All I get when I boot with the 40 Gb one is a login prompt, but, not
having any login
info or passwords I can't really get any where by booting with it;
but, I can kind of
poke around in it's file-system if I boot with the drive that has
Ubuntu set as the
primary master.

I think it may be pretty well secured by IT pros, as it came in a
rack-mount enclosure with BarracudaNetworks logo and markings, and was
formerly used
as a spam firewall or some-such thing. "

"In searching the web I've managed to secure the motherboard manual
and
the latest
drivers and a BIOS update for it, but when I try to flash the bios
(it's Award bios
and I'm using the flash program from the Jetway site) it looks like
it's working until
the end, when it gives a message "flash rom is write-protected, make
sure all jumpers
is set to proper" or some such slightly mangled English, and I've
followed the
manual's instructions on clearing the cmos and I find no other jumpers
that deal with
write-protection. I also tried removing the battery for several days
and jumpering
where the battery contacts are, but I guess there must be some non-
volatile memory
somewhere that is defeating my efforts.

I've emailed Jetway a couple weeks ago, so far no response. I haven't
tried BarracudaNetworks, other than to poke around on their site, but
technical info there seems mostly about selling systems and not how
the systems work (except for IT speak, which I'm not very conversant
in).

It has the bios contained in a PLCC-32 package which fits into a
socket. I found some
pin-out info on the Winbond site:

http://www.winbond.com/hq/enu/ProductAndSales/ProductLines/FlashMemor...

APPnote 21 has a table, but not much in the way of instructions.

Sorry to be so long-winded, I've tried a couple other things but the
one I'd most like to learn more about
I ran into in a few different places, where from a Dos prompt you go
into DEBUG and supposedly change the values in some register that will
make the bios lose the password requirement - so far it hasn't worked,
don't know if I'm following the instructions correctly or not.

TIA for any info,

Mike "

So, at this point I've still yet to try KILLCMOS , still trying to
figure out what's with the values assigned to different flavors of
BIOS as listed in the program Cmospwd.exe

Anyway, thanks for your thoughts,
Mike

Geoff.

--
Geoffrey S. Mendelson N3OWJ/4X1GM
Those who cannot remember the past are condemned to misquote it.