

Hillhacks – Hacking and Making in the Himalayas - skbohra123
http://makezine.com/2014/08/08/hillhacks-hacking-and-making-in-the-himalayas/

======
srean

       The next step was to figure out how to crack off the
       security password so that the machines could be usable.
       This basically meant figuring out the supervisor
       password to get into the BIOS and removing the 
       protections. I should mention here that since I owned
       these machines, this is all perfectly legal. There are
       some standard tricks to getting into the BIOS such as
       removing power to the CMOS (battery backed SRAM) to
       clear the settings or certain maintenance key combos
       that act as a universal reset. Unfortunately these
       didn't work. Lenovo actually has a dedicated EEPROM
       which retains its settings even after power is removed
       and stores the supervisor password and other info in
       encrypted form.
    
       After trying out various techniques, I found one that
       worked. For this particular laptop, you had to open it
       up and expose the motherboard. After that, it required
       removing a modem board to get to the security EEPROM.
       Once the EEPROM was exposed, there was a technique where
       you had to turn on the PC, hit the ThinkVantage button
       to go into BIOS, and then immediately short the I2C pins
       (SDA and SCL) on the EEPROM with tweezers. This would
       cause the security software to crash and allow access
       into the BIOS.
    

That was an interesting account, faced with a similar proposition I wouldnt
know where to begin or what is safe. In fact I have a compaq laptop whose hard
disk's firmware promptly auto-generated a random passwd and locked it up !
Apparently its a known bug. If you havent set up a hard disk password before
the bug kicks in, you are pretty hosed, unless manage to pull off tricks such
as these.

~~~
general_failure
[http://hillhacks.in/blog/2014/07-29-hillhacks.workshop.tools...](http://hillhacks.in/blog/2014/07-29-hillhacks.workshop.tools/index)
for anyone interested in a complete read

------
skbohra123
Link to the website is here[0]. This certainly looks like an awesome event to
attend.

[0] [http://hillhacks.in/](http://hillhacks.in/)

