Bỏ qua BIOS khởi động hoặc Đăng nhập hệ điều hành để bất kỳ máy tính nào nhất ... với giao diện điều khiển truy cập doc
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (454.99 KB, 18 trang )
Home Sign Up! Explore Community Submit
Bypass BIOS Boot or OS Login to "most" any computer ... with console
access
by erckgillis on June 15, 2007
Table of Contents
intro: Bypass BIOS Boot or OS Login to "most" any computer ... with console access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2
step 1: Console Access...this is essential to browse files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3
step 2: Windows ISO Boot disc(s)... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4
step 3: Live CD distributions to choose from (list) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4
step 4: Browse any files...NTFS FAT file systems (folders) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9
step 5: Protection ? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9
step 6: BIOS Backdoors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Related Instructables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Advertisements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Customized Instructable T-shirts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Comments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
/>
intro: Bypass BIOS Boot or OS Login to "most" any computer ... with console access
ANY system where you have access to it's console will give you an opportunity to where you can login and see files, run your own browser or copy files. By modifying the
BIOS or "Flash'ing" new BIOS you can override both BIOS protected passwords and reboot from other devices or peripherials...Reboot with any OS you choose and
browse NTFS (via or FAT files on their 'secured' hard drive.
Internet Cafe', Public Library and Schools with "locked" PC's are usually accessible...
If you can MODIFY the BIOS to boot from USB, CD or DVD.
Insert your USB Boot image (ISO). How...See my instructables...
Beginners Background:
The BIOS (Basic Input-Output System) is a small piece of code 'burned' into a EPROM/CMOS (Erasable Programmable Read Only Memory). This is the hard coded
instructions to "boot" your PC.
Even "locking" the BIOS is no longer safe as "Flash" programs can 'reprogram' most any BIOS. Shorts or restes can 'fry' and many sites offer replacements/swaps.
File systems:
Computers all have files. File systems are the way data is encoded on the hard drive. It's not encrypted nor protected except for EFS or secured shadowed and hidden
file systems using triple DES and PGP.
Steps:
Press F2 or F10 as the reboot prompt asks.
Modify as below the "Boot order"
Insert a CD/DVD or USB boot drive and your in!
(see instructables for ISo images or USB thumb drive)
Image Notes
1. Boot a DSL linux image from USB...
/>
step 1: Console Access...this is essential to browse files
Windows Computers are designed to not allow remote access. Firewalls, port stealthing and all the fancy software secures you from outside and network attacks.
No one protects their consoles or laptops nowadays.
Do you have access to a schools computer, library or Internet Cafe' ?
Then you can load and boot many OS and see files on their HDD.
Once the BIOS (bypass BIOS passwords on page 6) is set to boot from other media (USB/CD/DVD) you can load you OWN OS and login.
forget Windows security...load your OWN OS!
Load a small Linux or other OS, fast and easy from USB or CD/DVD (see Live CD or use my instructables)
///post your ideas///! COLLABORATE !
Specific PXE or GRUB boots and small USB drives can boot most any OS you choose.
Image Notes
1. Boot a DSL linux image from USB...
Image Notes
1. Samba or other tools allow access to NTFS, FAT and UNIX file systems...
( />
/>
step 2: Windows ISO Boot disc(s)...
Free ISO Image Downloads:
These are the ISO boot disk images available from AllBootDisks.
Download the ISO image you need, and if you need assistance creating a bootable CD from this image, visit the how-to page.
Everyone's seen Windows boot screens...ugh think of ALL THE YEARS wasted watch DOS & Windows Boot!
ERCK
DOS4.01_bootdisk.iso
DOS5.0_bootdisk.iso
DOS6.0_bootdisk.iso
DOS6.21_bootdisk.iso
DOS6.22_bootdisk.iso
Win95a_bootdisk.iso
Win95b_bootdisk.iso
Win98SE_bootdisk.iso
Win98SEnoram_bootdisk.iso
Win98_bootdisk.iso
Win98noram_bootdisk.iso
WinMe_bootdisk.iso
WinMenoram_bootdisk.iso
ISO's are well documented already....
step 3: Live CD distributions to choose from (list)
Live CD Distributions by # votes (alphabetical)
#Votes Name ISO Size (Mb Min Max) & Primary Function
0 3Anoppix 712 712 Desktop
0 ABC Linux 579 579 Desktop
0 Adios 700 700 Education
0 AdvanceCD 16 16 Gaming
0 AL-AMLUG Live CD 512 512 Desktop
0 AliXe 370 370 Desktop
0 AmaroK Live 289 289 Home Entertainment
0 Ankur 418 418 Desktop
0 Anonym.OS 575 575 Secure Desktop
0 ANTEMIUM 620 620 Desktop
0 Arabbix 550 550 Desktop
0 Archie 325 325 Desktop
0 Arudius 212 212 Security
0 Auditor security collection 538 538 Security
0 Augustux 700 700 Desktop
0 Aurox Live 698 698 Desktop
0 avast! BART CD 155 155 Rescue, Windows Antivirus
0 basilisk 650 650 Desktop
0 BDI-Live 138 138 CNC Metalworking
0 BEERnix 409 409 Desktop
0 BeleniX 637 637 Desktop
0 BerliOS MiniCD 182 182 Desktop
0 bioknoppix 681 681 Bioinformatics, Education
0 Blin Linux 36 160 Desktop
0 Bootable Cluster CD 188 188 Clustering
0 BOSS Live CD 646 646 Security
0 BrutalWareII 117 117 Security
0 Burnix 690 690 Clustering
0 ByzantineOS 43 43 Home Entertainment
0 Caster 545 545 Media Production
0 C� tix 717 717 Desktop
0 CDlinux 18 18 Rescue
0 CDMEDICPACSWEB 195 587 Medical
0 CHAOS 8 8 Clustering
0 CHRONOMIUM 68 68 Windows Antivirus
0 ClusterKnoppix 600 600 Clustering
0 Conectiva Linux Live CD 252 400 Desktop
0 Cool Linux CD 632 632 Desktop
0 Crash Recovery Kit for Linux 80 80 Rescue
0 Danix 683 683 Desktop
/>
0 Dappix 700 700 Desktop
0 DeadCD 92 92 Desktop, Rescue
0 DemoLinux 650 650 Desktop
0 DeMuDi Live 575 575 Media Production
0 DevelopGo 695 695 Development
0 Devil-Linux 88 88 Firewall, Server
0 distccKNOPPIX 38 38 Clustering
0 Dizinha 154 154 Desktop
0 DNALinux 329 329 Bioinformatics
0 ECGL 706 706 Development
0 Echelon Linux 240 240 System Administration
0 eduKnoppix 700 700 Education
0 EduMorphix 643 643 Education
0 ELE 61 61 Secure Desktop
0 eLearnix 90 90 Education
0 elpicx 690 1382 Education
0 Emergency CD 174 174 Rescue
0 eMoviX 10 10 Home Entertainment
0 eZ publish LiveCD 487 487 Server
0 FCCU GNU/Linux Forensic Boot CD 519 563 Forensics
0 ffsearch-LiveCD 194 194 Server
0 FIRE 579 579 Forensics
0 fiubbix 670 670 Desktop, Education
0 Flash Linux 362 362 Desktop
0 FlashMob ISO 63 63 Clustering
0 Flonix 187 187 Desktop
0 floppyfw 2 2 Firewall
0 Formilux 38 160 Server
0 Freeduc 699 699 Desktop, Education, GIS
0 FuguIta 623 623 Desktop
0 GamesGo 698 698 Gaming
0 Gentoox 543 543 Desktop
0 GeoMorphix 672 672 GIS
0 Ging 164 164 Desktop
0 GIS-Knoppix 700 700 GIS
0 GISIX 635 635 GIS
0 GisMorphix 567 567 GIS
0 GNOME LiveCD 629 629 Desktop
0 gnome2live 430 430 Desktop
0 gNOX 242 242 Desktop
0 GNU/Linux Kinneret 623 623 Education
0 GParted LiveCD 52 52 System Administration
0 GPUL 534 534 Education
0 grml 49 696 OS Replacement, Rescue, Security
0 Guadalinex 592 700 Desktop
0 Hakin9 Live 625 625 Security
0 Hax Desktop 611 611 Desktop
0 Helix 701 701 Forensics
0 Hikarunix 182 182 Gaming
0 IndLinux Hindi 532 532 Desktop
0 jollix 506 506 Gaming, Home Entertainment
0 Julex 216 216 Desktop
0 JUX 695 695 Education
0 Kaboot 87 349 Desktop, Rescue, Science
0 Kalango 396 396 Desktop
0 KANOTIX CPX-MINI 230 230 Desktop, OS Replacement
0 Kazit 633 633 Desktop
0 KibZiLLa 288 288 Desktop
0 Klax 382 382 Desktop
0 Knoppel 648 648 Desktop
0 Knoppix 3.3 NY/NYLUG edition 702 702 Desktop
0 Knoppix en espa�±ol 651 651 Desktop
0 Knoppix for Kids 699 699 Desktop, Education
0 Knoppix Japanese Edition 681 681 Desktop
0 KNOPPIX-BV1AL 685 685 Desktop
0 KNOPPIX-EXTON 665 665 Desktop
0 Knoppix64 600 720 Desktop, Development
0 KnoppixQuake 130 130 Server
0 KnoSciences 661 661 Education
0 Komodo Linux 695 695 Desktop
0 Kororaa 695 695 Desktop, OS Replacement
0 KursLinux 696 696 Education
0 Kurumin 187 187 Desktop
0 LAMPPIX 157 207 Server
0 Legnoppix 380 380 Robotics
0 LFS boot-cd 240 240 OS Replacement, Rescue
0 LFS LiveCD 106 351 Desktop
0 LG3D LiveCD 606 606 Desktop
0 LinspireLive! 659 659 Desktop
0 Linux Live-CD Router 83 83 Firewall
0 Linux Magazine miniCD 185 185 Desktop, Rescue
0 Linux-EduCD 653 653 Education
0 Linuxcare Bootable Toolbox 47 47 Rescue
/>
0 LinuxConsole 58 532 Gaming
0 Lisp Resource Kit 612 612 Development, Education
0 LiveOIO 615 615 Medical
0 LiveZope 697 697 Development, Education
0 LNX-BBC 48 48 Desktop, Rescue
0 Local Area Security Linux 185 210 Desktop, Security
0 Lonix 149 149 Rescue
0 LUC3M 700 700 Desktop
0 Mediainlinux 691 694 Media Production
0 mGSTEP Live CD 88 88 Desktop
0 MiniKazit 180 180 Desktop, OS Replacement
0 MiniKnoppix 198 198 Rescue
0 MIOLUX 678 678 Desktop
0 Mono Live 702 702 Development
0 Monoppix 429 429 Development
0 Morphix-NLP 448 448 Science
0 MoviX 27 42 Home Entertainment
0 MoviX2 49 49 Home Entertainment
0 muLinux 68 68 Desktop
0 Myah OS 374 374 Desktop
0 NetMAX DeskTOP 697 697 Desktop, OS Replacement
0 Network Security Toolkit 262 262 Security
0 NeWBIE 641 641 Desktop
0 NIOde 550 550 Development
0 NordisKnoppix 699 699 Desktop
0 OnebaseGo 671 671 Desktop, OS Replacement
0 OpenGroupware Knoppix CD 546 546 Server
0 OpenVistA VivA 560 560 Medical
0 Operator 570 570 Security
0 Oralux 528 528 Desktop, Desktop
0 PaiPix 1720 1720 Science
0 Pardus Live CD 688 688 Desktop
0 Parsix 697 697 Desktop
0 Parted Magic 31 31 System Administration
0 PCG-C1VN Live CD 457 457 Desktop
0 Penguin Sleuth Bootable CD 689 689 Forensics
0 Pentoo 482 482 Security
0 Phrealon 34 34 System Administration
0 Pilot Linux 66 66 System Administration
0 PLAC 48 48 Forensics, Rescue
0 PLD Live CD 519 519 Desktop
0 PLD RescueCD 51 51 Rescue
0 PLoP Linux 40 40 Rescue
0 PlumpOS 51 51 Clustering
0 Pollix 695 695 Development
0 Public IP ZoneCD 271 271 Firewall
0 PXES 13 13 Thin Client
0 Pyro Live CD 622 622 Robotics
0 QiLinux 657 682 Desktop
0 Quantian 691 1961 GIS, Science
0 Repairlix 11 11 Rescue
0 RIP 9 25 Rescue
0 ROCK Linux 411 458 Desktop
0 Rxlinux 10 10 Server
0 Salvare 18 18 Rescue
0 Santa Fe Desktop Linux 614 614 Desktop
0 SchilliX 411 411 OS Replacement
0 SciLix 480 480 Desktop, Education, Scientific
0 SENTINIX 213 213 Security
0 Sentry Firewall CD 288 288 Firewall
0 Shabdix 680 680 Education
0 Shinux 99 155 Desktop
0 Skolelinux 662 662 Desktop, Education
0 SlackPen 322 322 Security
0 Slackware (Disc 2) 657 657 OS Replacement
0 slavix 624 624 Desktop
0 SLAX Frodo Edition 47 47 Diagnostics
0 Slix 693 693 Desktop
0 Slo-Tech Linux livecd 700 700 Desktop
0 SNAPPIX 553 553 Development
0 Sn�¸frix 695 695 Education
0 SoL-diag 35 546 Diagnostics, Rescue
0 Stanix Professional 660 660 Desktop
0 StarCD 530 530 GIS
0 StreamBOX-LiveCD 698 698 Media Production
0 StudioGo 692 692 Home Entertainment, Media Production
0 Sulix 700 700 Desktop
0 SuperRescue 701 701 Rescue
0 TeaM-TL 700 1320 Desktop
0 The Backpack Programmer's LiveCD 684 684 Development
0 TheOpenCD 596 596 Desktop
0 Thinstation 9 9 Thin Client
0 Tilix 705 705 Desktop
/>
0 Timo's Rescue CD 55 55 Rescue
0 TiNA Knoppix 644 644 Science
0 tlf-morphix 404 404 Hobby
0 tomsrtbt 3 3 Rescue
0 Toothpix 717 717 Medical
0 TPM Security Server 294 294 Forensics, Security
0 Trinity Rescue Kit 50 50 Rescue
0 Trinux 19 19 Security
0 UHU-Linux Live CD 633 633 Desktop
0 uOS 261 261 OS Replacement
0 UserLinux 456 456 Desktop
0 VigyaanCD 647 647 Bioinformatics, Education
0 Virtual Linux 628 628 Desktop
0 WarLinux 53 53 Security
0 Wolvix 452 452 Desktop
0 WOMP! 13 30 Home Entertainment
0 X-Evian 633 633 Media Production
0 XAMPPonCD 88 88 Development
0 Xebian 269 269 Desktop
0 Xen Demo CD 720 720 Server
0 Xfld 650 650 Desktop
0 XNUXER 697 697 Desktop
0 XoL 700 700 Desktop
0 XORP Live CD 132 132 Firewall
0 Zaurus Development Version of DemoLinux 650 650 Development
1 aquamorph 382 382 Desktop
1 ATMission 530 530 Desktop, Server
1 cdlinux.pl 205 634 Desktop
1 Clusterix 275 275 Clustering
1 Freeduc-games 645 645 Gaming
1 Freepia 36 36 Home Entertainment
1 Frenzy 200 200 Rescue, Security
1 Gnoppix 659 659 Desktop
1 GNUstep live CD 420 420 Desktop
1 Kate OS LIVE 681 681 Desktop
1 knopILS 629 629 Desktop
1 Knoppix-MiB 650 650 Desktop, Secure Desktop
1 KnoppiXMAME 120 120 Gaming
1 KnoppMyth 469 469 Home Entertainment
1 Lin4Astro 595 595 Astronomy
1 LiveBSD 654 654 Desktop, OS Replacement
1 loonix-live 495 495 Desktop
1 Luit Linux 50 74 Desktop
1 Mandriva One 674 674 Desktop
1 MitraX 50 50 Desktop
1 Musix GNU+Linux 700 700 Media Production
1 NavynOs 384 384 Security
1 NetBoz 53 143 Firewall
1 Overclockix 655 700 Desktop, Diagnostics, Rescue
1 ParallelKnoppix 550 550 Clustering
1 Phaeronix 676 676 Desktop, OS Replacement
1 PHLAK 471 471 Security
1 Plan-B 658 658 Forensics, Rescue, Security
1 Sabayon 697 3477 Desktop
1 stresslinux 51 51 Diagnostics
1 STUX 255 650 Desktop
1 Symphony OS 568 568 Desktop, OS Replacement
1 T2 @Live 546 546 Desktop
1 Tao Live 675 675 Desktop
1 Whoppix 687 687 Security
1 Windows PE 0 0 Rescue
1 Zen Linux 307 564 Desktop, OS Replacement
2 austrumi 50 50 Desktop
2 BackTrack 625 625 Security
2 Baltix 703 703 Desktop
2 Benix Kanotix 189 189 Desktop
2 Berry Linux 425 425 Desktop
2 GeeXboX 5 5 Home Entertainment
2 Kurumin Games 708 708 Gaming
2 Morphix 203 648 Desktop, Gaming
2 redWall Firewall 148 154 Firewall
2 SLAX Popcorn Edition 104 104 Desktop
2 SLYNUX 730 730 Desktop, OS Replacement
2 VectorLinux 264 264 Desktop, OS Replacement
3 Feather Linux 63 63 Desktop
3 GoboLinux 634 634 Desktop
3 Kaella 700 700 Desktop, Education
3 KCPenTrix 401 401 Security
3 Knoppix STD 497 497 Security
3 LinuxDefender Live! 515 515 Rescue, Windows Antivirus
3 Mutagenix 99 549 Desktop, Diagnostics, OS Replacement, Rescue
3 SLAMPP 285 285 Server
4 FreeBSD LiveCD 413 413 OS Replacement, Rescue
/>
4 GamesKnoppix 683 683 Gaming
4 Kubuntu 572 619 Desktop
4 m0n0wall 5 5 Firewall
5 BeatrIX Linux 167 167 Desktop
5 GoblinX Mini Edition 149 149 Desktop
5 INSERT 49 49 Rescue, Security
5 LLGP 695 695 Gaming
6 Suse Live-Eval 1446 1451 Desktop
6 SystemRescueCD 92 104 Rescue
7 Elive 200 700 Desktop
7 SLAX KillBill Edition 188 188 Desktop
8 Ultimate Boot CD 121 186 Diagnostics, Rescue
9 WHAX 574 574 Security
10 dyne:bolic 444 444 Clustering, Desktop, Media Production
15 FreeSBIE 596 596 Desktop, OS Replacement
15 Gentoo 50 1815 OS Replacement, Rescue
22 Puppy Linux 60 60 Desktop
23 Ubuntu 699 3553 Desktop, Os Replacement
34 MEPIS 693 693 Desktop, OS Replacement
38 Damn Small Linux 48 48 Desktop, OS Replacement
39 GoblinX 302 302 Desktop, OS Replacement
46 Knoppix 700 700 Desktop, OS Replacement
47 NimbleX 200 200 Desktop
83 PCLinuxOS 299 685 Desktop, OS Replacement
199 Kanotix 503 719 Desktop, OS Replacement
222 SLAX 41 202 Desktop, OS Replacement
Currently displaying 315 LiveCD/DVDs
Key:
Primary Functions:
Desktops: provides a working GUI desktop environment with a collection of desktop programs, such as browsers and text editors. Many also include utilities for other
purposes, such as home entertainment, but are only listed here because the additional functions are not their primary focus.
OS Replacement: provides an option to transfer the cd to the hard drive, or to install an OS in a different form
Education: provides a collection of educational programs, or was created to be used in the educational field
Rescue: provides tools needed for data recovery
Clustering: provides tools for making clusters
Security: contains network security tools
Home Entertainment: geared towards playing video and audio
Gaming: video games!
Medical: contains medical programs
Diagnostics: contains utilities for testing hardware
Firewalls: distributions created to be used as firewalls
Forensics: distributions containing forensic tools
Servers: distributions used for various server functions
ISO Size:
The ISO min size and ISO max size refer to distributions which have different size images of the current release. Sizes over 700MB may require overburning to be put
onto a CD, or be a LiveDVD ISO. Many LiveCDs can also be copied onto and booted from USB drives.
Architectures
x86: AMD and Intel computers, could include optimizations from the 386 to the Pentium IV to the Athlon XP
x86-64: Computers with chips that use the AMD64 64-bit extensions, known in the Intel camp as EM64T. These chips include the Athlon64, Opteron, Pentium 4 600
series, Pentium D, Core 2 Duo, and modern Xeons
PPC: PowerPC chips, including the Apple G3, G4, and G5 (in 32-bit mode), possibly other IBM Power chips
PPC64: PowerPC 64-bit chips, including the Apple G5, possibly other IBM Power chips
Eden: LiveCDs specifically made for the VIA Eden platform. Because these are based on the x86 instruction set, x86 LiveCDs may work too.
Xbox: Made for the XBox, may require software or hardware mods to run
IA-64: Itanium and Itanium2 platforms
Sparc64: SUN Sparc 64-bit platform
Alpha: Alpha platform, once made by DEC, then Compaq, and now being phased out by HP
Mips: Some SGI platforms
HPPA: Also known as PA-RISC, made by HP, also being phased out
/>
step 4: Browse any files...NTFS FAT file systems (folders)
logon...browse files....from YOUR OS to their HDD (read only)?
Now mount and go see any files, run or copy files and see all folders and directories, no hidden, no protected and most any compression or encryption (EFS) can be
recovered and copied.
only the best DES or PGP files systems will prevent visual inspection.
step 5: Protection ?
Only way is to triple encrypt (PGP or DES3) your raw data on HDD then upon discard perform a "clean" 23x rewrite "0" zeros and "1" ones then 23x write "1" ones then
23x "0" zeros...
Then burn and chip (~1mm) the platters entire surface and submerge in nitric then sulfuric acids.
DOD and NSA can read data off intact platters via electron scanning or Electron tunneling microscopes but not after the 23x triple re-writes and surface scour as the
newer magnetic particles leave zero residual changes in the sub-medium.
Most of the data can never be read.
...don't think so...?
most crooks and bad guys are not that well educated, that's how we catch you...
/>
step 6: BIOS Backdoors
Bybassing BIOS Solutions:
1. BIOS passwords secure different levels of system access. Lowest level is access control for power management functions, next for BIOS access (BIOS password) and
highest level is for PC access (Administrator password).
2. BIOS password is stored in a non-erasable part of the CMOS ('BIOS memory'). On desktop PC's this CMOS is buffered by an onboard battery. Depending on your
mainboard layout you'll see a seperate battery or won't see it as it will be integrated in a multifunction chip housing battery, real time clock (RTC) and other components
(usually a small black brick on the mainboard).
Keeping that in mind different ways of removing the password are possible.
Remove password with some kind of software
This works only if you have access to your PC and can run software (meaning no Administrator password is set).
CMOSpwd www.cgsecurity.org/index.html?cmospwd.html
Remove password by manually invalidating CMOS content
When CMOS RAM loses power, a bit is set to indicate this, which should cause the BIOS to detect that the CMOS RAM is invalid and will normally result in the loading of
default values. The same results can be obtained by using a simple DEBUG script to invalidate CMOS RAM. This may be much more convenient than shorting pins on a
chip in cases where it is possible to boot to a DOS prompt to run DEBUG.Here is a DEBUG script to invalidate CMOS RAM.
This should work on all AT / ATX motherboards (some systems do not have CMOS RAM)
Boot from floppy with DOS or USb thumb drive.
A:\>DEBUG
- o 70 2E
- o 71 FF
- q (Quits to DOS)
Remove password using common master passwords
Please be aware that most BIOS releases lock your PC completely after entering 3 wrong passwords !
American Megatrends BIOS
AMI, A.M.I, AMI_SW, aammii, AMI!SW, AMI.KEY, ami.key, AMI~, AMIAMI, AMIDECOD, AMIPSWD, amipswd, AMISETUP, BIOSPASS
Award BIOS
?award, awkward, award, award_?, award.sw, award sw, AWARD_SW, AWARD SW, admin, alfarome, aLLy, aPAf, BIOS, biosstar, biostar, CONTACT, condo, CONDO,
g6PJ, h6BB, HELGA-S, HLT, j09F, j64, j262, j256, j322, lkw peter, lkwpeter, LKWPETER, PASSWORD, SER, setup, SKY_FOX, SWITCHES_SW, Sxyz, SZYX, t0ch20x,
t0ch88, TTPTHA, TzqF, wodj, zbaaaca, 1322222, 256256
Phoenix
phoenix
SystemSoft PnP BIOS
system
manufacturer preset ones
VOBIS & IBM: merlin
Dell: Dell
Biostar: Biostar
Compaq: Compaq
Enox: xo11nE
Epox: central
Freetech: Posterie
IWill: iwill
Jetway: spooml
Packard Bell: bell9
QDI: QDI
Siemens: SKY_FOX
TMC: BIGO
Toshiba: Toshiba
Remove password on certain PC's and notebooks
IBM PC's and notebooks
Toshiba notebooks
HP notebooks
Remove password using Clear CMOS jumper on your mainboard
Please refer to your manual to locate this jumper. Clearing CMOS will erase all passwords set but all your user defined settings like harddisk type, RAM timings etc, too.
You'll have to set these values again after clearing CMOS.
Remove password by clearing CMOS due to disconnected power
CMOS content is buffered by an onboard battery. If you disconnect this power supply your CMOS clears automatically as the content can't be refreshed due to the
missing power. This works easily if you see the onboard battery. Remove the battery for at least 5 minutes an insert it again in it's socket.
Remove password by clearing CMOS within RTC chip
Depending on the RTC chip used on your mainboard you can reset CMOS content by connecting two pins on the RTC chip. A paperclip bent into a U shape is a good
tool for this. For all the following activities your PC has to be powered off.
Chips & Technologies P82C206
This is usually a square PLCC chip, sometimes soldered onto the motherboard, sometimes in a socket. CMOS RAM on this chip is cleared by shorting together pins 12
(GND) and 32 (5.0V) or pins 74 (GND) and 75 (5.0V) for a few seconds.
Pins 12 and 32 are the first and last pins on the bottom edge of the chip, pins 74 and 75 are the 2 corner pins on the upper left corner.
/>
OPTi F82C206
This is a small rectangular PLCC chip usually soldered onto the board. CMOS RAM is cleared on this chip by shorting together pins 3 and 26 on bottom edge of chip for a
few seconds.
Pin 3 is third pin from left side and pin 26 5th pin from right side, both on bottom edge.
Dallas DS1287 and benchmarq bp3287MT
CMOS RAM can't be cleared. Instead you can replace RTC chip with a new one. You can even use an updated version (DS1287A or bq3287AMT) which support CMOS
clearing.
Dallas DS1287A and benchmarq bq3287AMT
This battery should last up to 10 years. Any motherboard using these chips should not have an additional battery. CMOS RAM can be cleared on the DS1287A and
bq3287AMT by shorting pins 12 (GND) and 21 (RAM Clear).
Pins are labeled 1 to 24 running counter clockwise starting left of bottom edge. Pin 12 is first pin from right side on bottom edge and Pin 21 is third pin from left side on
top edge.
Motorola MC146818AP or compatible
This is a rectangular 24-pin DIP chip, usually in a socket. Compatible chips are made by several manufacturers including Hitachi (HD146818AP) and Samsung
(KS82C6818A). The number on the chip should end in 6818. Although this chip is pin-compatible with the Dallas 1287/1287A, there is no built-in battery. This means that
CMOS RAM can be cleared on this chip by just removing it from the socket for a few seconds and replacing it.
Dallas DS12885S and benchmarq bq3258S
CMOS RAM is cleared on this chip by shorting pins 12 (GND) and 20. Even shorting pin 12 (GND) and 24 (5.0V) will help.
Pins are labeled 1 to 24 running counter clockwise starting left of bottom edge. Pin 12 is first pin from right side on bottom edge and Pin 21 is third pin from left side on
top edge. Pin 24 is first pin from left on top edge.
Additional BIOS passwords and hints can be found here:
/>
Related Instructables
Change Vista's
User Logon
Screen by TK
Customize your
computer! by
alfonso
Customize &
Tweak Windows
XP(Updated
7/3/08) by
computergeek
Custom
Windows UI by
neardood
Log into
anyones
computer from
ANYWHEREGREAT PRANK
by JECHO
How to make
the
Ctrl+Alt+Delete
screen show up
@ logon by
THE_GEEK2007
Hack the Start
Button! (video)
by alfonso
Hacking
Windows XP
Passwords. for
real! by
Popcornfilms
Advertisements
Customized Instructable T-shirts
Comments
50 comments Add Comment
brandegor says:
view all 53 comments
Jun 29, 2008. 5:27 PM REPLY
OMG. If only I understood this. I bought a Gateway 2000 laptop with Phoenix BIOS, and the danged thing has a BIOS password I cannot for the life of me
get past. No way to get into setup. I even bought a floppy drive for it and tried a couple of "swear to god" password cracking software things. It will not boot
from CD or floppy. None of the backdoor passwords work. First question - if you blow your first three tries and get locked out, does that mean "forever, or just
until you power down and wait for awhile? Since it's a laptop, I've been told that the password is stored in EEPROM, and there's no way around that without
expenses I can't afford. I mean the dang thing isn't even worth it in the long run, but it's one of those challenges that is just driving me absolutely nuts. Plus,
I'm a 50-year-old noob, so I'm a little left in the dark. Gateway and Phoenix appear to be especially protective of their secrets. Should I just give up on the
thing, or is anyone out there smart and kind enough to help me through this and be able to cry "victory"?
/>
Elementix says:
Sep 1, 2008. 9:08 AM REPLY
try these, they might be able to bring that thing back to life. Then turn it into something cool like a myth box or a nas/media server or something:
/> />
IVT says:
Jul 21, 2008. 8:02 AM REPLY
Hi, in your case, check if the motherboard of your laptop has a way to reset cmos chip. Generally all motherboards have jumper pins for that. Shorting
(connecting) the pins (the computer should be off while doing this) resets the bios settings wiping out the password also. If there are no cmos reset
jumpers etc try this (this may not work but anyway will not harm your computer): Disconnect the laptop from power. Remove its batteries too. Then
search for the circular pill shaped little battery on the motherboard of your laptop. This battery backs up the cmos circuitry in case of complete power loss
and it is the "magic" behind the bios clock also. Remove the battery carefully. Wait 20 minutes. Then put the battery back. Pack your laptop and test if the
bios has finally an amnesia... :)
hinge says:
Aug 23, 2008. 9:09 PM REPLY
A simple question-what if you can't access BIOS while booting?What if any key from F1 thru F12 doesn't work?
Derinsleep says:
Jul 2, 2008. 12:34 PM REPLY
boot xp on xp
XP(pun intended)
brandegor says:
Jul 3, 2008. 7:28 AM REPLY
Okay, I admit ... I'm dumb and I don't get it.
Derinsleep says:
Jul 3, 2008. 10:31 AM REPLY
you knowxp is a emoticon just like XD
Derinsleep says:
Jul 3, 2008. 8:14 AM REPLY
you knowxp is a emoticon just like XD
collard41 says:
Apr 26, 2008. 11:49 AM REPLY
here is my pitch erchgillis,
I am at school, they have BIOS passwords. I have a system. I do not want to fondles any of the stuff. I also do not have access to the motherboard. I cannot
access the command prompt (have tried all ways), cannot run .bat or .exe files.
there are macs here. they use network startup. I can access cd burning capabilities, usb drives and installation of them. I can use Remote desktop
connection to get onto the network. I can get to some of the network folders.
can run task manager but cannot run 'new task' or the 'run' function. when I make a new shortcut on the desktop I can type in cmd . when I try to run it is
says I cannot.
system runs on windows
I would like to find out the admin password or all passwords in the school
bikedude880 says:
Mar 1, 2008. 7:49 PM REPLY
Dude, just no... if I may, I'm gonna start pointing out issues with your info.
"I have internet access from your PC's, yes? Then I can download what I need, regedit the Windows Registry and enable any features or leave behind
trojans, keyloggers and backdoors for use later or via 'net."
First off, even if you have internet access, any smart admin will not allow you to access regedit (very simple to disable in XP). Disable the loading of ANY
programs except the ones specified. BIOS passwords help, but are not as secure.
Regarding accessing files on a disk, full disk encryption with AES-128 will easily keep an average user or hacker out. Yes, there is a method of dumping the
key from RAM, but if you disable booting from USB and/or CD (not including floppy drives as they are becoming irrelevant), then you won't have an issue
even if someone steals it.
Can't forget basic antivirus, good luck loading your malicious code... all of what I said applies strictly to the PC world (Windows/Linux/BSD/generic x86),
however, Mac OS X (10.3-10.4 tested) and Linux have a couple minor exploits (single user, .AppleSetupDone) that are simple in nature that can be used to
gain admin (or in some cases root user).
spymaster2222 says:
Mar 5, 2008. 6:01 AM REPLY
I have a Dell Optiplex 745 with a smartcard reader keyboard. I want to get into BIOS to access the machine to create a media center computer. It needs
a card which I don't have. HELP PLEASE!
/>
erckgillis says:
Mar 1, 2008. 9:12 PM REPLY
As you point out many means exist for both securing and accessing PC's/Mac's. Seen or used SQL injection? Latest exploits patched?
Any "Good" admin can keep out the average user and hacker wannbe. If YOU were the user and had to get on the system of a school, public or 'open'
WiFi network...how hard would it be?
Even a proper secure network, given unlimited time or effort how long would it take? Are you saying you can secure a Windows PC from Any intrusion
...indefinitely?
OK let's see...offer a Prize $$$ stick it on the 'net and give use public access to the CPU/disc/motherboard....
see?
No way to secure everything...
I pop the drive and scan from another PC and I have mainframe/supercomputer access to crack 128B brute force in three weeks given CPU bandwidth.
I pop the EPROMS and sub my own, I can add a bootable SATA or IDE drive and load my DSL or Knoppix with my other tools and read your raw disc in
hex thru NFS/FAT or any file systems you use.
As I state given access to the SYSTEM no PC is secure. Given secure PC's poor admin/security and the level of effort to maintain such secure systems
is beyond most facilities capabilities.
Even those I've seen people walk away from DoD secure facilities any stay logged in while they go the the printer, or type passwords into hidden USB
keyloggers.
If I get you admin password that easy ...what can you do? I'm then you!
Did you check every keyboard, USB or PS2 port on your PC, Docking station or USB hub? DO you check it everyday before you login?
Did you see my Packet capture (sniffer) on the Network? Do you login to every remote system with SSH? No? If you used RDP or FTP or any Domain
Admin rights...now I do to...
...alright let's be careful out there
denny577 says:
Feb 18, 2008. 4:38 AM REPLY
I have a specific problem, I'm at school, so no chance to physically reset the pw, I don't have admin pw so can't use CmosPwd either, backdoor pws don't
work, the BIOS here is PhoenixBIOS. And when I try to boot from my USB flash drive it asks for the BIOS pw as well, and the pcs here dont have floppy
drives. :D
Any suggestions?
erckgillis says:
Feb 18, 2008. 11:42 AM REPLY
Depends what you're trying to do...well, can you read from the usb? copy or upload programs? Download from web?
Send me PM and we'll discuss...
Istarian says:
Feb 2, 2008. 5:36 AM REPLY
Everybody knows or should know that no computer is uncrackable. The thing is that to get into those hard drives using a physical alteration (like say a
controller board replacement) is really hard and takes someone who is very skilled with a soldering iron and a fair bit of luck to not destroy the drive.
Therefore they are reasonably safe. I suspect that most hackers don't have access to a supercomputer to decrypt the passwords ( especially since
supercomputers are usually well protected against hackers. Using linux might work, but only if the drive does not implement some kind of linux security as
well. Besides in reality there are probably easier ways to get the information you one stores on a hard drive. ~Istarian
erckgillis says:
Feb 4, 2008. 7:16 AM REPLY
Ah so true....that is the core issue here. SOMEONE who has the willingness, time and resources can DEFEAT any system however secure.
yes some password cracks and brute force have been run for over 4 months with success. And yes I do have access to Both Massively Parallel and
Distribute Computing resources.
Poo on the controller theory. For repair and replacement most drives have quick connectors and replaceable controllers. So OEM's encode the "codes"
do decrypt the drive that is locked and secure at the controller level with data on the drive and encoded with serial numbers or codes from the controller,
so swapping boards don't help, however these can be read from the drive if you remove the platters. Other Locks use the controllers firmware, so a reflash removes your passwords. Some even have codes embedded in ROM so a solder job or a new controller can remove these passwords as well.
No sure? Well plenty of data recovery companies run full businesses reading locak, destroyed or damaged drives...did you ERASE that disc? No matter
you can STILL READ the data to some extent even if is freshly overwritten with 0's or 1's....
Scanning and tunnelling Electron microscopes can detect the direction of not just the polarized materials but the 'substrate' below and determine what
previous datd was stored...i.e. 0 or 1.
E
/>
neil.satra says:
Jan 11, 2008. 11:14 AM REPLY
I actually tried that in school once, to run Damn Small Linux off a pen drive, and hence override the admin rites and restrictions, and also to get the admin
password. but i havent ever used linux, and couldnt understand how to access the files on the windows partition. i figured that you had to mount a partition,
but i didnt know which one to mount, and then how to navigate to the file.
Can anyone help explain how to access files on a different OS partition when running DSL (damn small linux)
bhunter736 says:
Feb 3, 2008. 7:31 AM REPLY
Hi, Linux uses numbers for drives as you probably noticed. hda1 is usually C in Windows. You can mount them all and look around. The drive with a
folder called Documents and Settings is usually a good hint as to where user files will be. Think of mounting like turning on or off the drive for use, you
wont hurt it turning it on and just looking or reading files. There are actually technical reasons drives are mounted and unmounted, but not to answer the
question you asked.
Also, I like Slax. Download it at www.slax.org. They are between releases, but if you scroll half way down the screen, just past the videos, you can log to
the old site and download one there. Kill Bill version is awsome and if you are a Windows user, very easy to use and navigate.
This is the version that finally made me a Linux convert. I found DSL Linux awkward as a Linux newbie, but Slax, wow!
I find that in the circles I travel, usually you have access to the box and the CD drive. So I have also found that older BIOS dont allow boot to USB. Easy
solution, use Slax live CD! Many machines are set to boot to floppy then CD and last Hard Drive, so often you wont have to promt the BIOS for an
optional boot order.
The standard version of Slax fits on one of those small 8cm CDs which fit more easily in a wallet or pocket! : )
mrmath says:
Jun 22, 2007. 12:31 PM REPLY
I work for IBM Global Technology Services. They provide us with IBM/Lenovo laptops. Our security policy states we must have a power on password set in
our bios. You can't get to the bios to change to boot to another device (USB) without first knowing the power on password. If you could get to the bios to
change the boot order, you couldn't boot to any device without knowing the power on password.
Our security policy also requires we have a hard drive password. This password is asked for at power up. If you don't know it, you can't get to the hard drive.
That means that even if you could power it up, and boot it from USB, you couldn't mount the drive if you don't know the hard drive password.
There is no way around this. I know this because when we return our old computers, and we forget to remove these hard drives, they call us to get them. If
we don't remember them, the laptop and the hard drive are toast. Even as the company that manufactures the machine (back when IBM did that), we
couldn't remove the power on or hard drive passwords.
So, while your method will work on a machine not protected with a power on password or a hard drive password, it will NOT work on every machine.
7Stacks says:
Jan 2, 2008. 3:37 PM REPLY
This is true. Those IBM/Lenovo laptops are very secure in that aspect. And you get one shot at HDD password and then it locks you up and kicks you out
of BIOS setup.
bharathkishore says:
Dec 8, 2007. 3:36 AM REPLY
I'd like to know where the hard-drive password is stored. Coz if it's not stored in the hard drive, we can only replace that part of it and then pry the data
out of it. This is completely theoretical... I'd like to try it out if i knew....
micronxd says:
Oct 30, 2007. 10:44 PM REPLY
almost every mobo has a circuit that, when closed, will return the BIOS to factory settings. That would take care of the BIOS factory problem, but i'm
curious how this HD password works... technically there are still ways of reading a HD's data no matter what...
But yea... this method is pretty much useless unless the computer doesn't have a BIOS password, or unless you have access to the MoBo (which is
most situations lol)
erckgillis says:
Oct 31, 2007. 6:03 PM REPLY
HD data is encrypted with a hash and written to the platters. Removal of the drive renders it unreadable and even a removal of the platters just
produces jumbled characters. A 64 bit hash can be decrypted by a supercomputer in 15 days, a 128 bith hash in 13 months and a double DES2 in
19.5 years...
However if you use the same controller and reset the BIOS and firmware to match it will easily spew ASCII data on demand...
Ed
vaiden says:
Aug 21, 2007. 7:38 PM REPLY
The methods to password protect hard drives are crackable my friend, even if your IT doesnt know it. A laptop can be cracked open to clear cmos just as
a desktop can for the bios pass. If someone steals a laptop from you guys they can be in it in hours, and have all your little lanman hashes in brute-force
cracking. Linux will be the OS used to have your data. The guy in a nearby cubicle that started yesterday will watch you type all your passwords. Then
he'll steal your laptop, and he'll have full access to your data. That guy didnt last long did he? He already quit.
/>
erckgillis says:
Aug 22, 2007. 4:32 AM REPLY
I know... they don't BELIVE ME...
we do it every day.
If I take your "encrypted" platters, dump your controls firware update and flash the eproms on a new card the I HAVE PASSWORDS for then I got
your harddrive...all your data and in some cases access to EVERYPLACE you have ever logged onto.
oh my...
E
Taotaoba says:
Jun 22, 2007. 12:49 PM REPLY
If the passwords are stored in CMOS, then remove the battery will do. I don't know if the manufacturers store passwords in flash memory. If so, then
maybe re-flash it will do. Definitely it will not as easy as this instructable shows.
I don't know about hard disk password.
mrmath says:
Jun 22, 2007. 12:53 PM REPLY
I can't speak for other manufactures, or give you the technical details of how IBM/Lenovo do it (because I don't know--not because I'm not allowed),
but I can say that if the power on password is set on an IBM/Lenovo laptop, and you don't know it, it will not power up, and you can't do any flashing,
or battery removal to get rid of the password. Like I said, even as the manufacturer of the machine, IBM/Lenovo can't do it.
erckgillis says:
Jun 22, 2007. 12:16 PM REPLY
I work for HP, we hack your old laptops all time time:
Power-on BIOS passwords hack:
1) IBM - Press BOTH mouse keys repeatedly during power up.
2) "Backdoor" BIOS passwords ( from IBM Manuals) try 'merlin' or see />3) Remove BIOS battery backup...drain and rest
4) Attach floppy and "Flash" BIOS to new version without passwords...
Harddrive Power On passwords.
1) Read HDD in Hex editor and do a "Ghost" copy to non-password HDD
2) Remove IDE/SATA or SCSI controller from HDD. Use a non-locked controller
3) Perform forensic binary transfer to HDD without lock HW enabled.
Easy cheesy...do it weekly...
don't be fooled that no-one can get your data...if I get the platters your toast...
E
laxamar says:
Jun 30, 2007. 1:18 PM REPLY
Without getting you in trouble with your work, is there a way you can share with us how to reset a BIOS password on a tc4400? I really don't want to
send it in ...
Thanks
adamazing says:
Jun 29, 2007. 6:24 AM REPLY
You work for HP eh? :o)
I have an Omnibook 900 eBay bargain that has a locked BIOS and windows 2000 with a password on it, how can I reset that then? Serious question.
All I've found are places that want to charge £90* for a replacement BIOS chip. I've tried HP tech-support who asked me for photo-id/a signed
declaration that I own the laptop/receipt/proof of address/sworn affidavit that I will hand-over my first born etc that I've sent, but not heard anything
else : /
I've read that with the serial number HP can tell me the "master" BIOS password for the laptop. Is that true?
The only other option at the moment that I can see is to get a laptop->IDE cable and use dd to copy a disc-image onto the hard drive. I've already
tried using a LNX BBC LiveCD but the external CD drive is obviously not set up as a boot device in the BIOS.
*This is a £30 donor laptop for (Yet Another) digital photo-frame mod so I'm loathe to spend £90 for someone with a PIC programmer to flip a bit
on the BIOS chip.
ikem says:
May 21, 2008. 5:33 PM REPLY
Windows 2000 and XP has the same way to handle users and passwords. To reset a Windows XP password there is a Mini-Linux:
Offline NT Password & Registry Editor
/>
/>
7Stacks says:
Jan 2, 2008. 3:50 PM REPLY
Here's the torrent download link for a bootable image file that will remove your Windows admin passwords. You'll need Azureus or something to
read the torrent. Burn the iso file as an image onto cdr and boot off it. Works on 2000 & XP.. haven't tried it on any other versions.
/>
mrmath says:
Jun 22, 2007. 12:55 PM REPLY
You mean "you're toast", and yes, if you get my platters, and have the exact same hard drive, and can get the platters from one of them to the other,
I'm toast.
erckgillis says:
Jun 22, 2007. 12:31 PM REPLY
Power on passwords are stored on the hard drive and read at power on from the hard drives controller (IDE/SCSI or SATA). I replace your
controller with one not enabled for hardware power-on and tada! No passwords.
Only issue is the controller 'remembers' all bad sectors and "spared" cylinders...so my "NEW" controller will often try to read or spare out valid or
invalid sectors and cylinders...so a HEX or Binary copy to a drive with a 'clean' controller and new HDD works best...
Then I browse the old data.
Way cool is tto "swap" someones drive in a laptop when they are not aware...Use a dead one...
then take your time to recover all the sensitive data...in theory...
oops....
mrmath says:
Jun 22, 2007. 1:11 PM REPLY
This is not the case on IBM/Lenovo laptops. I have two hard drives in my machine. When I got the new one, it was larger than the original
one, so I yanked that one, and put in the new one. Still came up with the power on password. If it were stored in the hard drive, it wouldn't
have come up.
Don't know how many times I have to say it. Even as the manufacturer, IBM/Lenovo can not remove power on or hard disk passwords.
erckgillis says:
Jun 22, 2007. 12:56 PM REPLY
dude wrong...sorry...
BIOS Passwords:
These are on the EPROM CMOS not the HDD and is backed up by a small NiMH battery. Remove that and it forgets BIOS passwords. Or
use master passwd and reset via jumper on motherboard.
Harddrive passwords:
I DO IT AT WORK...send me your harddrive! I'll send back your password(s).
You admit you know not how it's done. IBM no longer make these drives you say?
If it's NOT on your harddrive it would be USLESS as I put it in another PC and I see your data...duh
The HDD passwd is on the ALT Bootstrap sector and read by the controller...replace that and it "forgets".
Only encryption works...PGP or DES...
E
erckgillis says:
Jun 22, 2007. 1:28 PM
(removed by community request)
ningo says:
Jun 22, 2007. 4:14 PM REPLY
On most laptops the bios is on an EEPROM, but this isn't backed up by battery; EEPROMs are non-volatile, and so will keep the
password without power. But I agree about the part that the passwords are easy to remove; if the bios is reading the data from an
EEPROM, then there is nothing to stop someone building a simple reader circuit , soldering to appropriate pins on the EEPROM
and stripping the data off; the password is almost always weakly encrypted, and can then be extracted.
Look at allservice.ro to see what I mean.
Regarding the instructable itself, what are you aiming to show, and who are you writing it for?There seems to be very little actual
instructing going on-most people who are not already aware of what you are writing about would probably struggle to boot
Windows XP/Knoppix off a USB flash drive, or mess about with a console in either Windows or linux. Even if the purpose of the
instructable was to warn people to encrypt their data, you should do this by showing them explicitly step by step how easy it is
recover their data. Otherwise write it on a blog, or wiki.
Pictures...I think that 2 pictures that add little more than colour to the page is plenty-10 is a little OTT. Not one of the pictures
above is explicitly referred to in the text, nor demonstrates substancially what is going on in the text.
And last comment...please take the time to proof read your work for typos and spelling/grammar errors; this only takes a few
minutes or so.
/>
erckgillis says:
Jun 22, 2007. 4:12 PM
(removed by community request)
ningo says:
Jun 22, 2007. 5:49 PM REPLY
Hi,
the main point I was making about the instructable is that having read it, I wasn't sure just what you were trying to show
me. Are you trying to show people how to boot their own OS on a public PC, or show people how to retrieve data/how
easily data may be recovered? Just a little restructuring would fix this. For instance, the intro needs to be separate from the
discussion on the BIOS,which deserves its own section.The BIOS section needs more information i.e. common keys to
enter bios, the fact that not all BIOSes support booting from USB flash drives, and some boards are notoriously flakey in
their support for booting from usb flash drives and need all other boot devices disabling, legacy usb support toggling etc.
Neither this instructable nor your instructable on USB Knoppix address these issues;these are not specifics, but rather
giving enough information for the discussion to be useful.
Also worth pointing out is that none of the Windows ISOs listed will read an NTFS partition as is.
Also, is this written for beginners, or people with a moderate computing background?Whilst you might think "duh easy
dude", do people that also share that point of view even need this instructable?Most of the useful technical discussion for
such people has occured in the replies after the actual instructable. For instance, I highly doubt that anyone that required
the link to the mount command could feasibly use the link given to use it without consulting other sources.
The pictures comment was perhaps a little unfair...but without referring to the pictures or labelling them, they are little more
than eye candy, and I still think those on step 2 and 3 are unnecessary.
erckgillis says:
Aug 22, 2007. 4:21 AM REPLY
Then write something better...
vaiden says:
Aug 21, 2007. 7:28 PM REPLY
The diskless system is the way to go for the cafe, erckgillis is right, your security has got to be tight. Plus if you have wireless, then you can be had from the
outside. You could reimage hard drives all day, but that doesnt stop your cafe from getting denial of service attacks from the outside once a hacker has sent
the right stuff from your pc inside to his pc outside. Youll never trace it either, and business will suffer from downtime. Spoofed IP is easy as well as MAC
address, and he could nail you from another cafe thats not as secure, and it looks like they are knocking out competetion. Keyboard, mouse, and monitor are
the only tools needed to wreak havoc, lol. If I am running a virtual machine at a location that your internet access does not block, then I can go anywhere,
and come in from the backdoor because you have at least one port open for web access, probably 80. Tunnel can be created on that port and you'd think the
traffic was coming from inside your LAN if thats what your firewall will allow. Running windows on a machine is an open door no matter how much security
you think you have.
erckgillis says:
Dec 9, 2007. 8:32 PM REPLY
ahhhhh... a fellow who knows....
'bout time
E
erckgillis says:
Aug 22, 2007. 4:28 AM REPLY
The noobs sleep well at night in ignorance...
Educate the masses and they pick on you spelling, typoys and picture formatting.
ALT2600 cares not about ningo, instructables nor your Website or internet business.
Vaiden show that ANYONE who has somthing of real value now can have it take or personal information stolen and sold.
Some places pay good money for intact list of valid customer from competitors, or mass mailing for spam and adware. Even snailmail.
What is it worth for me to NOT expose your internet cafe, coffee shop or websites customers name & address and credit card numbers...
Just DON'T put this stuff on a computer!
Old school...use hardcopy and lock it in the safe. then don't watch Oceans Eleven, Twelve or Thirteen...lol
E
erckgillis says:
Jun 30, 2007. 12:53 AM REPLY
Added step to complete bypass BIOS or Boot Security.
Ed
rojo says:
Jun 23, 2007. 2:24 PM REPLY
We run an Internet Cafe and our boxes are in the back room with the server, all the user has access to is monitor, keyboard and mouse. It keeps it secure.
What is the point of needing to access files they don't want you to have.
/>
erckgillis says:
Jun 23, 2007. 7:17 PM REPLY
Good physical security, do you use KVM over IP?
However at an internet cafe YOU GIVE ME a login...so all bets are off. I can already get to files if left unsecured.
I have internet access from your PC's, yes? Then I can download what I need, regedit the Windows Registery and enable any features or leave behind
trojans, keyloggers and backdoors for use later or via 'net.
Stay away from USB and be sure to lock BIOS and disable other ports. Keep an eye on the caples and connectors as theives leave keyboard loggers
and dongles with keystroke recordings they can leave and recover later.
Any KVM over IP should use VLAN's & VPN, SSH and SNMPv3 for security...
Best security is a "admin locked" VMware Browser virtual appliance and after each user. Stop and restart the appliance and use a non-persistant disc
image as well as a locked CD-Image.
Reverse must also be blocked I can download VMWare player for free pull a ISO or VM appliance and boot any OS with admin rights on TOP of your
Cafe's PC os...
Lock all these options...of face liability when your customers snoop or spoof my private accounts and you show negligence.
E
adamazing says:
Jun 29, 2007. 6:11 AM REPLY
I won't comment on physical security, but if I were running an internet cafe the trojans and registry entries you could leave behind wouldn't last longer
than half a day at most.
I'd install once on one machine, fully patch, lock down everything tighter than a drum, then image the hard-drive. Re-imaging the machine should
then take less than 15-30 mins.
Even in windows you can lock it down so that a user can't run arbitrary executables can't you? And there is NO way a user should have access to the
damn registry anyway.
Your suggestion of running everything from VMWare is a good one, but I'm not sure I understand this:
"Reverse must also be blocked I can download VMWare player for free pull a ISO or VM appliance and boot any OS with admin rights on TOP of
your Cafe's PC os..."
Ignoring, for now, the fact that no-one should have the ability to download and run any old executable file: how can a virtual machine running on top
of the OS have more access than it is given by the operating system. Are you saying that a simple user account on windows can run VMWare and
have admin access to the full physical machine? If this is the case, then windows is more broken than I thought...
Of course, everything is made harder because more and more people expect to be able to plug in their USB keys/USB connected digital cameras
and be able to write CDRs etc. (Personal experience when travelling, we'd stop at one of these places periodically to dump pictures to a CD/USB
key)
rojo says:
Jun 25, 2007. 5:23 PM REPLY
Thank You for the advice, It seems a losing battle to keep someone out :(
sedition says:
Jun 22, 2007. 12:58 PM REPLY
You could simply remove/replace the CMOS battery or change the jumper on the mother board to clear the BIOS power-on password. Of course, all of this
assumes that you have access to the internals of the machine. As a side note, not all computers have filesystems. Some machines are just workstations that
boot from and utilize filesystems stored on a server, and in which case, this would be preempted.
view all 53 comments
/>
