- Posts: 19
- Thank you received: 2
Forum Login
Bios password HP Folio 1020 G1, Where to look?
Rendering Error in layout Widget/Social: Call to a member function exists() on null. Please enable debug mode for more information.
8 years 7 months ago - 8 years 7 months ago #1266 by Bigwezel
Bios password HP Folio 1020 G1, Where to look? was created by Bigwezel
Hello fellow hackers,
I'm getting a lot of admin password locked hp laptops.
Normally i order a new bios chip and solder these on board and they work fine.
I just got a HP Folio 1020 G1. This is a new model that just came out so there are no bios chips out there.
Can any1 tell me where to look in the bin file to find the admin password or what area to clear out?
Hope someone can help me!
In the attachments u can find the main .bin file and the ec .bin file backups.
The main file is over 10 MB, so i cannot upload it to this thread, u can find it here: www.filedropper.com/hpelitebookfolio1020g1main
I'm getting a lot of admin password locked hp laptops.
Normally i order a new bios chip and solder these on board and they work fine.
I just got a HP Folio 1020 G1. This is a new model that just came out so there are no bios chips out there.
Can any1 tell me where to look in the bin file to find the admin password or what area to clear out?
Hope someone can help me!
In the attachments u can find the main .bin file and the ec .bin file backups.
The main file is over 10 MB, so i cannot upload it to this thread, u can find it here: www.filedropper.com/hpelitebookfolio1020g1main
Last edit: 8 years 7 months ago by Bigwezel.
Please Log in or Create an account to join the conversation.
- rileystudent
-
- Offline
- Moderator
-
Less More
- Posts: 33
- Thank you received: 5
8 years 7 months ago #1279 by rileystudent
Replied by rileystudent on topic Bios password HP Folio 1020 G1, Where to look?
Hmm i have not tried a bios flash on a Core M board before but if you can get your hands another 1020 G1 you can read the bios from that and compare it with the one for the locked laptop
Please Log in or Create an account to join the conversation.
- token.paul
-
- Offline
- Moderator
-
Less More
- Posts: 160
- Karma: 20
- Thank you received: 62
8 years 7 months ago #1281 by token.paul
Replied by token.paul on topic Bios password HP Folio 1020 G1, Where to look?
I can't find any EFI related records... No UUID's or volumes or any others signatures. It looks like a library of execution codes. It may be without an EFI of course. If you can do any changes in bios then probably we can find an area of changes. Also this notebook may have a second flash chip for settings storage.
Please Log in or Create an account to join the conversation.
- token.paul
-
- Offline
- Moderator
-
Less More
- Posts: 160
- Karma: 20
- Thank you received: 62
8 years 7 months ago #1283 by token.paul
Replied by token.paul on topic Bios password HP Folio 1020 G1, Where to look?
Use this tool
github.com/LongSoft/UEFITool to explore a BIOS. You can find pre-compiled version here:
github.com/LongSoft/UEFITool/releases/tag/0.21.1.1
Bios password may be located in one of small segments with Freeform subtype
Bios password may be located in one of small segments with Freeform subtype
Please Log in or Create an account to join the conversation.
8 years 7 months ago #1285 by zenelli
Replied by zenelli on topic Bios password HP Folio 1020 G1, Where to look?
I removed password from dump,
try it and let me know if it helped.
www.mediafire.com/download/gz97o4f32rgdr34/HP_elitebook_folio_1020_no_password.rar
try it and let me know if it helped.
www.mediafire.com/download/gz97o4f32rgdr34/HP_elitebook_folio_1020_no_password.rar
The following user(s) said Thank You: mahmoodjavan
Please Log in or Create an account to join the conversation.
- token.paul
-
- Offline
- Moderator
-
Less More
- Posts: 160
- Karma: 20
- Thank you received: 62
8 years 7 months ago #1287 by token.paul
Replied by token.paul on topic Bios password HP Folio 1020 G1, Where to look?
Zenelli, I am sorry but your file is 16.8 mbytes long. Original dump was 2.1 mbytes only... I think it does not fits to the chip. How you got it?
Please Log in or Create an account to join the conversation.
- rileystudent
-
- Offline
- Moderator
-
Less More
- Posts: 33
- Thank you received: 5
8 years 7 months ago #1288 by rileystudent
Replied by rileystudent on topic Bios password HP Folio 1020 G1, Where to look?
Hey bigwezel could you do me a favor and post a picture of the board. I might soon be working on a 2015 macbook with the same core M CPU and trying to get as much info on them as possible before i dig into it. Also please point out the location of the bios chip on your board. Thanks!!
Please Log in or Create an account to join the conversation.
8 years 7 months ago #1292 by zenelli
It's the main bin file who bigwezel posted, its 16mb.
the ec file i did not touch.
what i know is the password stored in the bios dump and not the ec dump for hp
Replied by zenelli on topic Bios password HP Folio 1020 G1, Where to look?
token.paul wrote: Zenelli, I am sorry but your file is 16.8 mbytes long. Original dump was 2.1 mbytes only... I think it does not fits to the chip. How you got it?
It's the main bin file who bigwezel posted, its 16mb.
the ec file i did not touch.
what i know is the password stored in the bios dump and not the ec dump for hp
Please Log in or Create an account to join the conversation.
- token.paul
-
- Offline
- Moderator
-
Less More
- Posts: 160
- Karma: 20
- Thank you received: 62
8 years 7 months ago #1296 by token.paul
Replied by token.paul on topic Bios password HP Folio 1020 G1, Where to look?
Oh... I don't downloaded it.
It has very familiar data
At quick look I guess that password is located at offset 0x6543E4. It is EFI variable, record length = 0xAF, with name "HP_BiosUser00BIOS Administrator". We can try to change one byte at offset 0x6543E6 from 0x7F to 0x7D. It will set this variable as deleted and it will not be loaded to the memory.
It has very familiar data
At quick look I guess that password is located at offset 0x6543E4. It is EFI variable, record length = 0xAF, with name "HP_BiosUser00BIOS Administrator". We can try to change one byte at offset 0x6543E6 from 0x7F to 0x7D. It will set this variable as deleted and it will not be loaded to the memory. Please Log in or Create an account to join the conversation.
8 years 7 months ago #1322 by Bigwezel
Replied by Bigwezel on topic Bios password HP Folio 1020 G1, Where to look?
Sorry for not responding for a while.
I managed to clear the admin password by shorting out pin 7 and 8. This was a method that worked on older HP laptops, but i figure it also work on the newer models.
I now have a Lenovo T450 with a supervisor password. These are a little more hard to figure out. The lenovo uses a technique that it decrypt the password needed to enter the bios when its on and requesting the password. If you dump the bios when it's not on there is no area for supervisor password. Do you guys know how to figure out a way around the supervisor password?
Thanks for the help already!
I managed to clear the admin password by shorting out pin 7 and 8. This was a method that worked on older HP laptops, but i figure it also work on the newer models.
I now have a Lenovo T450 with a supervisor password. These are a little more hard to figure out. The lenovo uses a technique that it decrypt the password needed to enter the bios when its on and requesting the password. If you dump the bios when it's not on there is no area for supervisor password. Do you guys know how to figure out a way around the supervisor password?
Thanks for the help already!
Please Log in or Create an account to join the conversation.
- token.paul
-
- Offline
- Moderator
-
Less More
- Posts: 160
- Karma: 20
- Thank you received: 62
8 years 7 months ago #1339 by token.paul
Replied by token.paul on topic Bios password HP Folio 1020 G1, Where to look?
Pin 7 and 8 on what you shorted? On flash chip?I managed to clear the admin password by shorting out pin 7 and 8. This was a method that worked on older HP laptops, but i figure it also work on the newer models.
Please Log in or Create an account to join the conversation.
8 years 7 months ago #1348 by zenelli
Replied by zenelli on topic Bios password HP Folio 1020 G1, Where to look?
I think it shorted legs 7 to 8 from the bios chip when starting up the laptop
Shorting 2 pins from eeprom chip works also for lenovo thinkpad laptops, removes bios password.
Maybe works also for Macbooks?
Shorting 2 pins from eeprom chip works also for lenovo thinkpad laptops, removes bios password.
Maybe works also for Macbooks?
Please Log in or Create an account to join the conversation.
8 years 7 months ago #1355 by thaGH05T
If I helped you, buy me a beer!!! Happy Hunting...
Replied by thaGH05T on topic Bios password HP Folio 1020 G1, Where to look?
Shorting a chip is not a good idea when you do not know what it does. It can pop a fuse. Also if a fuse was popped to protect it then there is no going back. I tried shorting pins on a mac before with no luck but please if you are not afraid to lose it try and short them out. I would have to know what chip he was playing with but I bet he shorted the vcc and reset pins.
Can you please give us the chip ID BigWezel?
As far as this Lenovo goes I will have to have more information about it as well, so get to researching boys. I think it has an encryption chip that's in circuit which is great, but bad news for you. It will take a lot of playing.
Can you please give us the chip ID BigWezel?
As far as this Lenovo goes I will have to have more information about it as well, so get to researching boys. I think it has an encryption chip that's in circuit which is great, but bad news for you. It will take a lot of playing.
If I helped you, buy me a beer!!! Happy Hunting...
Please Log in or Create an account to join the conversation.
Moderators: token.paul
Who's Online
We have 551 guests and no members online
N00BZ
- ljamal
- ljamal74
- mikeg2atest
- ducchinhbui
- anjarezt
Cookies
EU e-Privacy Directive
This website uses cookies to manage authentication, navigation, and other functions. By using our website, you agree that we can place these types of cookies on your device.
You have declined cookies. This decision can be reversed.
You have allowed cookies to be placed on your computer. This decision can be reversed.