Synopsis: The mechanics of BIOS password locks present in current generation laptops are briefly outlined. Trivial mechanisms have been put in place by most vendors to bypass such passwords, rendering the protection void. A set of master password generators and hands-on instructions are given to disable BIOS passwords. When a laptop is locked with password, a checksum pwgen-samsung.exe that password is stored to a so-called FlashROM – this is a chip on the mainboard of the device which also contains the BIOS code and other settings, e.
The dramatic ‘System Disabled’ message is just scare tactics: when you remove all power from the laptop and reboot it, it will work just as before. The bypass mechanisms of other vendors work by showing a number to the user from which a master password can be derived. This password is usually a sequence of numbers generated randomly. Some vendors resort to storing the password in plain text onto the FlashROM, and instead of printing out just a checksum, an encrypted version of the password is shown. Other vendors just derive the master password from the serial number. Either way, my scripts can be used to get valid passwords.