Menu
Logo

Thin Clients : Tools 


 

 


 

 


 

 


Disable BIOS password

This is a simple tool that removes the prompt for a password from a thin client where the BIOS is password protected.

Caveats:

  1. You must be able to boot Linux (or some kind of operating system) on the target hardware.
  2. This is written for a Phoenix Award BIOS. It almost certainly won't work for other makes of BIOS.

The code below clears the flag in the BIOS data (stored in the battery-backed CMOS RAM) that indicates that a password is set. The detail is described here. The binary was compiled on a Tiny Core system.

/*-------------------------------------------------------------
 *						clrpwd.c
 *-------------------------------------------------------------
 *
 * Program to disable the BIOS password in systems with a
 * Phoenix Award BIOS.
 *
 *	Author:  David Parkinson
 *	Date:    14th October 2012
 *	Version: 1.0
 *
 *-------------------------------------------------------*/

#include <stdio.h>

main( int argc, char **argv )
{
	FILE *nvram;
	unsigned char buf[34];
	int n, csum;

	/* We use the Linux /dev/nvram device rather than go direct.
	 * Open it and read in the bit of interest					*/

	nvram = fopen( "/dev/nvram", "r+" );
 	if( !nvram ) {
		printf( "Cannot open /dev/nvram - you need to be root!\n" );
		return( -1 );
	}
	n = fread( buf, 1, 34, nvram );		/* Read in the bytes */
	if( n != 34 ) {
		printf( "Read error: read %d bytes, not 34\n", n );
		return( -2 );
	}	

	/* For a sanity check let's check the checksum */
	for( n=csum=0; n<32; ++n )
		csum+=buf[n];
	if( (csum&0xFFFF) != ((buf[32]<<8) + buf[33]) ) {
		printf( "Checksum is wrong.  Calculated 0x%04X, found 0x%02X%02X\n",
			csum, buf[32], buf[33] );
		return( -3 );
	}

	/* Check the current setting */
	if( !(buf[3] & 0x2) ) {
		printf( "Password is already disabled\n" );
		return( 0 );
	}

	/* Make the modifications. Clear bit 1 and update the checksum */

	buf[3] &= 0xFD;
	csum -= 2;
	buf[32] = (csum>>8) & 0xFF;
	buf[33] = csum & 0xFF;

	/* Write out the new values */

	fseek( nvram, 0, SEEK_SET );
	n = fwrite( buf, 1, 34, nvram );
	if( n != 34 ) {
		printf( "Error writing new values to CMOS\n" );
		return( -4 );
	}
	printf( "CMOS updated, password removed\n" );
	return( 0 );
}

Download

Source Code.

Binary.

 


Any comments? email me.    Last update October 2012