I've bought a lot of these off ebay and sold them for scrap because they had passwords and I thought "how hard can it be?". I got the reader, got a hex editor but didn't know what to look for so I gave up. No ammount of searching for "remove bios password" helped since this would be "unethical" and "hacking" yet I was the one taking an L. Thank you for your video, it will help me in the future
Thank you. I'm sorry to hear you had to sell them for scrap. Such a waste of fully functional laptops just because someone left a password on it. Where the passwords are stored depends on the brand and type of laptop and maybe even the bios version, but there is always a way to remove them! Have a look at the badcaps forum as well, there are loads of people helping eachother unlocking their laptops. Which is more ethical than forcing people to scrap their computers because of a silly password in my humble opinon, because then it would end up in a scrapheap somewhere polluting nature.
Wow what a pain in the ass, what happened to the good old days when you could just use a jumper to clear the bios or remove the battery? High tech fuckery is what the future holds.
I love it 😄 a long time ago, somebody lent me their '486 computer to try out (I forget exactly why). Anyway, I found out there was a BIOS update so I offered to take care of it, the person said "ok," and I did the BIOS firmware update. The computer wouldn't boot! All of a sudden, the lender said "no problem, I was intending to sell that old PC anyway. Since you wrecked it now you'll be buying it." !!! Luckily I had a friend with a similar programmer. I pried out the BIOS chip and took it over, along with the original BIOS file. A few minutes later, we had the BIOS chip re-programmed, and I went back home & popped it back in place. Booted up, all back to normal. My lender was pretty crestfallen let me tell you when I said, "no problem, I got it working back 100% the same as it was, here's your PC back". (And today you might be able to charge a small premium for a retro '486!)
Do note that not all bios chips can be flashed this way because of the way they're implemented in the board. Some require power while some can only be written to when they're out of the board because the power ends up going into other components while the chip is in the board. 👍
Yes, good point! For this HP Probook 440 G6 it does work, but for some laptops it might be necessary to connect a battery or power supply. Or desolder the chip from the board. And for other models and maybe even other bios versions the passwords may be in another place.
@@repairchannel wouldn't an even easier solution be FOR ANY LAPTOP to just desolder the security chip and buy a new one with the default password pre-programmed? (No need to read or re-program The Old chip)
Thank you. The string "AdminPW" was a bit of a giveaway and there was a name there, which I didn't show for privacy reasons, so I figured that must be the place where the user/password data was stored with some sort of repeating sequence for each user. Then a bit of trial and error. It would be nice to disassemble these dumps, but that will take a bit more time to figure out.
I also thought I got lucky and tried that indeed, along with many other sequences of characters in that piece of the dump, but no luck, it wasn't the password unfortunately.
back then the bios was a pretty-much-ROM (early they were actual ROMs - then they were EPROMs which could be erased by long exposure to high levels of UV - end then they became our beloved EEPROMs which can be reflashed as shown here) with all settings stored in the battery-backed SRAM although SRAM doesn't need constant refreshing like system main memory DRAM it still needs a constant power to keep its contents so when you disconnected the sram "cmos battery" it contents got lost - but why it sometimes took quite some time? it's because even if main power is lost both sram and dram CAN keep thier contents for up to several minutes (there're a few fun videos here on youtube with some tests - very interesting - I recommend watching some of them) - even without additional capacitors! - so sometimes it was just easier to short the terminals of the battery holder instead of waiting for all the charge to deplete over time with the sram wiped also the information about the password are lost and the bios was accessible again why doesn't this work these days any longer? because of NV-ram - where NV is short for non-volatile I'm not sure what kind of storage it is - maybe flash - but it is some sort of storage that can hold its information over a long time without any power at all so why do modern computers still have a battery then anyway? because of the clock which requires power to keep ticking - it depends on the acutal implementation if the clock will just stop or if it will reset to some start value when the battery is pulled - but it's usually the only thing affected by disconnecting the now-no-longer-cmos/sram-battery - if removing the coincell also resets some of the uefi settings that's on purpose by its implementation as a somewhat fallback trick - but it should be taken for given
Hi, if we download the original bios maybe last one from hp and reflash the chip with the new bios will the password be remove.. so we don't need to do a manip to search and erase it the password?
You could always try that, but I think @Drottninggatan2017 has a valid point. Have a go and see if it works. Do make a backup of your original BIOS so you will be able to rewrite it and use the method in the video. And please share your findings! Also take into account that BIOS updates are not always the complete BIOS chip contents, but only parts of it.
I bought a little HP EliteDesk 800 G3 from ebay and it also was bios locked, it had probably been used as a POS device and they didn't want anyone messing with it. But I got lucky and the password was - password - . I got it on the 3rd try after admin and 123456.
I bought this one second hand on a local website with second hand laptops. When I search for "HP probook locked" on international sites where people sell their laptops, there are many of them. Best of luck if you find one!
@@repairchannel The model is VKT16X-2.Thank you so much to your video and reply that had given me some clue and lead on locating the BIOS chip. I had found a thread in badcaps forum pointed out where the BIOS chip is with picture.
@khteoh2001 Great! It looks like people are able to read the password in the BIOS data for your specific laptop. Were you able to read the BIOS from your chip and post it to the badcaps forum?
@@repairchannel The solution and tutorial posted in the forum were using software approach to dump the UEFI content. I managed to extract the content, however I do not know at which location of the dump file has the password and so far there is no solution yet for the NEC model that I've. Since I saw your video and I was thinking to try your approach of using a programmer, b'coz u did mention how to locate the password in the dump file.
@@repairchannel Heh, that sounds like a joke. I once tried disassembling a firmware on a 2k MCU, to add some small changes - and reverse-engineering the thing was a whole project that took me literal weeks to figure out. And it was great help that MCU had Harward architecture, and disassembler automatically distinguished code instructions from data. Once tried same with Z80 and it was terrible, every instruction in a pile of assembly code had to be manually marked whether it's instructions or data - I don't think it's even possible to easily reverse-engineer von Neumann architecture stuff. Anyway, that serial flash on the video got 16 megabytes of code and data, which is IMMENSE, and totally impossible for just 1 person to casually work with and figure out. So, IMO - it's either a direct tutorial for every laptop, how to disable the pass... Or a clean BIOS version(without password) that user could flash into the laptop's BIOS chip. Second option I think is most realistic, that you get an unlocked laptop of the same model, and reflash it's BIOS into the locked laptop. Everything's still kinda complicated(now you gotta get exactly the same laptop), and it also may not work if BIOS checks some unique ID from other chips and stuff(dunno if that's a thing, but could be).
@@NerdyNEET Thank you for your elaborate comment. The options you mention are definitely preferable to disassembling code! Having a BIOS of an unlocked machine compared to a BIOS of a locked machine and finding the differences is also an option. A tool called UEFIextract is able to seperate the data from the software, but you are absolutely right that it can be a huge project to figure all this out. It's still kind of fun to dig around in the contents of those BIOS chips anyway though :)
I had a password to computer once so I didn't know how to remove it so I just kind of sparked the chip literally and then somehow wiped out the password 🤯
Wow. TH-cam reminding me of my little problem. I have an HP Elitebook. I don't remember the exact model number off the top of my head, but I do know it's a "healthcare edition". It's an engineering sample that I got from a guy who was the RFID engineer. It starts, but it boots to a screen showing red letters saying to contact HP. No ability to get to bios, no ability to boot to USB. It just power cycles on and off. HP of course won't help even though I know they can.
That must be a nice laptop to revive! Your Elitebook might have a bios chip that has a different package from the one in the video (no pins, but pads) which has to be desoldered to program it. But that is do-able. Maybe you could open it up and check if you could find the bios chip. They sometimes have a little blue dot on them. It might have the brand "Winbond" written on it and the numbers 25Q128FVPQ or something similar. Worth a try, because it would be such a waste to throw it away.
@repairchannel I've had it for a while now. Since it's an engineering sample it has FGP debug ports and some of the chips are actually in removable slots. The bios chip is in a removable slot. Oh and when it starts it says "Your system is not fully configured. Please contact HP Help desk". Then it proceeds to power cycle on and off. I am not experienced at all with low level programming so I wouldn't even know where to begin.
That sounds like a very interesting piece of equipment! Do you know if it was ever able to run an operating system? Or might it be different hardware altogether to develop the wireless capabilities...
@@repairchannel It was running an OS and can still. The engineer I got it from said it was a trade show sample. He said when he was designing the RFID system for it, it was specifically for healthcare and RFID badge systems. So it's got an integrated RFID, SIM card slot, some type of proprietary HP connector on top of typical IO. He told me it worked when he booted it last before I got it so I know it will run an os. It's a fully working Engineering Sample, I just believe HP took the pre provisioned NVME out after the trade show and now, it won't run an NVME with an OS on it.
Right... So the BIOS doesn't see the drive that used to be there and now refuses to start. That's really a waste of a beautiful laptop. Quite sad that HP is not willing to provide you with a working BIOS. Still a cool machine though :)
Sir the video is great but I wanted clarity on the choice for W25Q128FV instead of W25Q128BV. I have been having trouble with an error message saying 'buffer size not equal.'
Thank you! Choosing the FV chip was just a guess and it turned out to work fine. Are you using the CH341 on an HP Probook 440 G6? Are you using asprogrammer as the software? What is written on the BIOS chip?
I've bought a lot of these off ebay and sold them for scrap because they had passwords and I thought "how hard can it be?".
I got the reader, got a hex editor but didn't know what to look for so I gave up. No ammount of searching for "remove bios password" helped since this would be "unethical" and "hacking" yet I was the one taking an L.
Thank you for your video, it will help me in the future
Thank you. I'm sorry to hear you had to sell them for scrap. Such a waste of fully functional laptops just because someone left a password on it. Where the passwords are stored depends on the brand and type of laptop and maybe even the bios version, but there is always a way to remove them! Have a look at the badcaps forum as well, there are loads of people helping eachother unlocking their laptops. Which is more ethical than forcing people to scrap their computers because of a silly password in my humble opinon, because then it would end up in a scrapheap somewhere polluting nature.
Wow what a pain in the ass, what happened to the good old days when you could just use a jumper to clear the bios or remove the battery? High tech fuckery is what the future holds.
Haha, yes, that is a better solution. And this video would have fit in one minute then :).
I love it 😄 a long time ago, somebody lent me their '486 computer to try out (I forget exactly why). Anyway, I found out there was a BIOS update so I offered to take care of it, the person said "ok," and I did the BIOS firmware update. The computer wouldn't boot! All of a sudden, the lender said "no problem, I was intending to sell that old PC anyway. Since you wrecked it now you'll be buying it."
!!!
Luckily I had a friend with a similar programmer. I pried out the BIOS chip and took it over, along with the original BIOS file. A few minutes later, we had the BIOS chip re-programmed, and I went back home & popped it back in place. Booted up, all back to normal. My lender was pretty crestfallen let me tell you when I said, "no problem, I got it working back 100% the same as it was, here's your PC back".
(And today you might be able to charge a small premium for a retro '486!)
Nice one!
Think you got a quality chip reader / cable! Thank you for this video!
Do note that not all bios chips can be flashed this way because of the way they're implemented in the board. Some require power while some can only be written to when they're out of the board because the power ends up going into other components while the chip is in the board. 👍
Yes, good point! For this HP Probook 440 G6 it does work, but for some laptops it might be necessary to connect a battery or power supply. Or desolder the chip from the board. And for other models and maybe even other bios versions the passwords may be in another place.
@repairchannel You should pin this comment so someone doesn't end up scratchin' their head when they can't get the programmer to read. 😂
@@repairchannel wouldn't an even easier solution be FOR ANY LAPTOP to just desolder the security chip and buy a new one with the default password pre-programmed? (No need to read or re-program The Old chip)
Yes, definitely. Where can we buy those chips?
@@andrewroutley bro. -_-
great video. I wonder in how many laptops (and brands) the same programmer can be used
Thanks! Quite a lot actually. If it has 8 pins, chances are in your favour you can read it with this brilliant little piece of electronics.
really likes your presentation skills
Thanks!
Very nice video, I didn't even know that cable existed. I'll be buying one today just to tinker around with in case I need to do this in the future.
Thank you! Good idea, it will come in handy one day.
Nice. Where did you get the info about zeroing a chunk after the Usercred section?
Thank you. The string "AdminPW" was a bit of a giveaway and there was a name there, which I didn't show for privacy reasons, so I figured that must be the place where the user/password data was stored with some sort of repeating sequence for each user. Then a bit of trial and error. It would be nice to disassemble these dumps, but that will take a bit more time to figure out.
Wasn't the password: AdminPW? You could see it right there on the Hex Editor
I also thought I got lucky and tried that indeed, along with many other sequences of characters in that piece of the dump, but no luck, it wasn't the password unfortunately.
@@repairchannel Oh OK
i never ever seen hex editor before , must be something new lol
Basically word for binaries :)
Wow that bios is really over engineered!
Yes, it's quite extensive isn't it.
Nice work.
Thank you!
Good stuff. Thanks
Thank you!
A long time ago we use to just remove the bios battery. Not sure if this it an out dated method now or not?
Yeah, those were the days. Unfortunately that doesn't work anymore. But we'll find other ways... Nice video about the potatoes you made!
back then the bios was a pretty-much-ROM (early they were actual ROMs - then they were EPROMs which could be erased by long exposure to high levels of UV - end then they became our beloved EEPROMs which can be reflashed as shown here) with all settings stored in the battery-backed SRAM
although SRAM doesn't need constant refreshing like system main memory DRAM it still needs a constant power to keep its contents
so when you disconnected the sram "cmos battery" it contents got lost - but why it sometimes took quite some time? it's because even if main power is lost both sram and dram CAN keep thier contents for up to several minutes (there're a few fun videos here on youtube with some tests - very interesting - I recommend watching some of them) - even without additional capacitors! - so sometimes it was just easier to short the terminals of the battery holder instead of waiting for all the charge to deplete over time
with the sram wiped also the information about the password are lost and the bios was accessible again
why doesn't this work these days any longer? because of NV-ram - where NV is short for non-volatile
I'm not sure what kind of storage it is - maybe flash - but it is some sort of storage that can hold its information over a long time without any power at all
so why do modern computers still have a battery then anyway? because of the clock which requires power to keep ticking - it depends on the acutal implementation if the clock will just stop or if it will reset to some start value when the battery is pulled - but it's usually the only thing affected by disconnecting the now-no-longer-cmos/sram-battery - if removing the coincell also resets some of the uefi settings that's on purpose by its implementation as a somewhat fallback trick - but it should be taken for given
@@cryptearth thanks. very informative.
lol if that was all it takes to bypass tpm modules then it would be a colossal waste of money.
@@Un_Pour_Tous a tpm doesn't store the bios password
How did you know about UserCred and the start/stop for zero'ing the data?
Lots of trial and error and a bit of intuition :)
Hi, if we download the original bios maybe last one from hp and reflash the chip with the new bios will the password be remove.. so we don't need to do a manip to search and erase it the password?
You need the BIOS from the laptop because it contains specific data like serial number and such.
You could always try that, but I think @Drottninggatan2017 has a valid point. Have a go and see if it works. Do make a backup of your original BIOS so you will be able to rewrite it and use the method in the video. And please share your findings! Also take into account that BIOS updates are not always the complete BIOS chip contents, but only parts of it.
@@Drottninggatan2017 Thx ^^
@@repairchannel Thx ^^
@@Drottninggatan2017 there is no need for the serial to remove the password..
You can leave the serial all zeros.
I bought a little HP EliteDesk 800 G3 from ebay and it also was bios locked, it had probably been used as a POS device and they didn't want anyone messing with it. But I got lucky and the password was - password - . I got it on the 3rd try after admin and 123456.
Haha, that's great!
The default password for most HP devices is password.
Man where can i find like this laptops
I bought this one second hand on a local website with second hand laptops. When I search for "HP probook locked" on international sites where people sell their laptops, there are many of them. Best of luck if you find one!
I have similar issue on a NEC laptop, unfortunately I can't find the BIOS chip on board. Is there any other way to clear the supervisor password ?
Could you share the model number with us and maybe a picture of the motherboard so we can have a look together?
@@repairchannel The model is VKT16X-2.Thank you so much to your video and reply that had given me some clue and lead on locating the BIOS chip. I had found a thread in badcaps forum pointed out where the BIOS chip is with picture.
@khteoh2001 Great! It looks like people are able to read the password in the BIOS data for your specific laptop. Were you able to read the BIOS from your chip and post it to the badcaps forum?
@@repairchannel The solution and tutorial posted in the forum were using software approach to dump the UEFI content. I managed to extract the content, however I do not know at which location of the dump file has the password and so far there is no solution yet for the NEC model that I've. Since I saw your video and I was thinking to try your approach of using a programmer, b'coz u did mention how to locate the password in the dump file.
Maybe you could upload your BIOS to the badcaps forum and see if anyone there is able to recover/remove the password. There must be a way...
Great!
Thank you!
How to know where exactly password is stored in the firmware? With any laptop? 🧐
Every laptop is different, so there is no 'one-fits-all' solution unfortunately. Ghidra is a start if you want to dive into this.
What is GHIDRA?
It's an open source disassembler.
@@repairchannel Heh, that sounds like a joke. I once tried disassembling a firmware on a 2k MCU, to add some small changes - and reverse-engineering the thing was a whole project that took me literal weeks to figure out. And it was great help that MCU had Harward architecture, and disassembler automatically distinguished code instructions from data. Once tried same with Z80 and it was terrible, every instruction in a pile of assembly code had to be manually marked whether it's instructions or data - I don't think it's even possible to easily reverse-engineer von Neumann architecture stuff. Anyway, that serial flash on the video got 16 megabytes of code and data, which is IMMENSE, and totally impossible for just 1 person to casually work with and figure out. So, IMO - it's either a direct tutorial for every laptop, how to disable the pass... Or a clean BIOS version(without password) that user could flash into the laptop's BIOS chip. Second option I think is most realistic, that you get an unlocked laptop of the same model, and reflash it's BIOS into the locked laptop. Everything's still kinda complicated(now you gotta get exactly the same laptop), and it also may not work if BIOS checks some unique ID from other chips and stuff(dunno if that's a thing, but could be).
@@NerdyNEET Thank you for your elaborate comment. The options you mention are definitely preferable to disassembling code! Having a BIOS of an unlocked machine compared to a BIOS of a locked machine and finding the differences is also an option. A tool called UEFIextract is able to seperate the data from the software, but you are absolutely right that it can be a huge project to figure all this out. It's still kind of fun to dig around in the contents of those BIOS chips anyway though :)
I had a password to computer once so I didn't know how to remove it so I just kind of sparked the chip literally and then somehow wiped out the password 🤯
Cool!
In a HP 260 G2 this string (UserCred), doesn´t exist. Do you know how to do it in this desktop? Thank you
Have you seen my other video where I remove the password from an HP Probook 6560b? Maybe your bios is more similar to that one.
@@repairchannel No I didn´t, but o will watch it rigth away ;)
Thank you, appreciate it. There is some discussion about your bios on the badcaps dot net forum. You might want to check that out!
Check here: h10032.www1.hp.com/ctg/Manual/c05128057 - page 82
@@yvesmaximo If the link doesn't come through in my comment, google for "Maintenance and Service Guide
HP 260 G2 Desktop Mini PC" and check page 82
Wow. TH-cam reminding me of my little problem.
I have an HP Elitebook. I don't remember the exact model number off the top of my head, but I do know it's a "healthcare edition". It's an engineering sample that I got from a guy who was the RFID engineer.
It starts, but it boots to a screen showing red letters saying to contact HP. No ability to get to bios, no ability to boot to USB. It just power cycles on and off.
HP of course won't help even though I know they can.
That must be a nice laptop to revive! Your Elitebook might have a bios chip that has a different package from the one in the video (no pins, but pads) which has to be desoldered to program it. But that is do-able. Maybe you could open it up and check if you could find the bios chip. They sometimes have a little blue dot on them. It might have the brand "Winbond" written on it and the numbers 25Q128FVPQ or something similar. Worth a try, because it would be such a waste to throw it away.
@repairchannel I've had it for a while now. Since it's an engineering sample it has FGP debug ports and some of the chips are actually in removable slots. The bios chip is in a removable slot.
Oh and when it starts it says "Your system is not fully configured. Please contact HP Help desk". Then it proceeds to power cycle on and off.
I am not experienced at all with low level programming so I wouldn't even know where to begin.
That sounds like a very interesting piece of equipment! Do you know if it was ever able to run an operating system? Or might it be different hardware altogether to develop the wireless capabilities...
@@repairchannel It was running an OS and can still. The engineer I got it from said it was a trade show sample. He said when he was designing the RFID system for it, it was specifically for healthcare and RFID badge systems. So it's got an integrated RFID, SIM card slot, some type of proprietary HP connector on top of typical IO.
He told me it worked when he booted it last before I got it so I know it will run an os. It's a fully working Engineering Sample, I just believe HP took the pre provisioned NVME out after the trade show and now, it won't run an NVME with an OS on it.
Right... So the BIOS doesn't see the drive that used to be there and now refuses to start. That's really a waste of a beautiful laptop. Quite sad that HP is not willing to provide you with a working BIOS. Still a cool machine though :)
Sir the video is great but I wanted clarity on the choice for W25Q128FV instead of W25Q128BV. I have been having trouble with an error message saying 'buffer size not equal.'
Thank you! Choosing the FV chip was just a guess and it turned out to work fine. Are you using the CH341 on an HP Probook 440 G6? Are you using asprogrammer as the software? What is written on the BIOS chip?
well done.
Thank you!
NO CS🎉
😮
I'm afraid I don't understand. What do you mean by that?
@repairchannel CheckSum CS 🤣🙏🏼
@repairchannel Did you found out something about the Admin PW.
Would be intetesting to read a factory reset version🤗🤗🍬🎀🙏🏼
@repairchannel you are kidding meeee😆 The passwotd stands there in plain sight😉✌🏼
I tried "AdminPW" among other strings in the contents of the chip, but none of those were accepted as the password by the BIOS unfortunately.