So am I totally screwed because I don't know the password? I got this Thinkpad from my neighbor and I don't care about any of the data on it at all...I just want to use it. I promised that if I couldn't figure it out that we could take it out and shoot it.
Bridged chat on:
Please support the defense of Ukraine.
Credit card, bank transfer
Bitcoin, Ethereum, Polkadot, USDT
via Unclutter App for Mac
Active forum topics
No Social Media.
All Content Locally Hosted.
Two Terabytes and Growing.
Built on Free Software.
We have complied with zero government requests for information.
there is nothing you can do, as it is not stored in VRAM (volatile). So you would have to either:
1: Get a new BIOS
2: Get the password from the neighbor
3: Get the BIOS Flashed (Which is costly)
Considering that 1, and 3 are pretty much not able to be accomplished on the laptop, you are stuck with option 2
Before my neighbor gave it to me he tried all the passwords he could remember (he got it from work) and nothing worked. Looks like I have a nice new door stop.
This thread had a few suggestions, which may or may not work for you.
Plus, there's a little more reading Here.
I've had a good deal of luck with this sort of thing, but it does require (usually) tearing the laptop down. Basically, you're going to need to find out which BIOS chip the laptop has, or which bios version you have. You can find the spec sheets for the chips via googlage, which may take a while. Find which pin you need to jump on the bios, and what you need to jump it to, and go to town. Be wary, some laptops store the password in an external flash chip (external to the bios chip, still on logic board) and THOSE are the major pains in the arse, but still not impossible. Good luck!
The first is the easiest, remove the CMOS battery that is keeping the BIOS settings.
The second involves opening the laptop and changing the jumpers on the mobo to reset the bios.
Have you tried looking through the user's manual? Clearing a BIOS password is easy on a desktop machine (usually just involves moving a jumper); I'd be surprised if they didn't leave a backdoor to clear it on the laptop. Try looking through the user's manual or Googling something like "ThinkPad [insert model number here] clear BIOS password".
pull the power cord, pull the battery and remove the cmos battery. let it sit for 10 minutes, come back put everything back and turn it on. problem solved
It's a ThinkPad. They usually have much more resiliant password schemes than that.
not realy . all PC's that ive see there is a way to reset the bios either by a jumper reset or removing the clock bettery or AKA cmos battery. some have a battery to remove and some are built in to the laptops removable main battery if the first two optione wont work you might have to dissconnect the battery pack and just let it sit in hopes the cmos or bios battery will die out and reset the bios and hope that is is a replaceable battery or a resistor that holds a charge wile the battery pack is removed.there is almost always to reset a bios. i dont know about flashing is with the password set if it will even work with a password being set.
What Jon is getting at here is that normally the password is stored in an EPROM or similar device on the motherboard, just pulling the CMOS batteries or whathaveyou isn't going to clear it.
If you can actually boot the machine, and it's just a CMOS setup password, then there's a couple of memory locations you can write to with DEBUG that'll clear most CMOS setup passwords.
The first reult after Googling "Clear ThinkPad BIOS password":
It lists two ways that might work to reset the password -- a backdoor password, and a program that can do it for you.
Google is your friend.
You know I found that one after a bit of googling. I think I may have jumped the gun (read: I was lazy) with my research. I just got the machine yesterday and am now at work and haven't really had a chance to mess with it. I just wanted to get the ball rolling right away because it seem to be quite a nice machine and I wanted to start using it. I've found a few other things too and will hopefully be able to give them a shot tonight.
Yes I know that google is my friend...sorry for being lazy. On a side note:
I love applefritter and it is my first stop for any issues I have for PC and Mac. But does anyone have any favorite forums similar to AF more dedicated to PC's? I know I could google it but I trust and respect the ideas and judgement of this community and thought I would get a recomendation.
Thanks for all the responses.
From that other thread pointed out by eeun:
Seriously, any suggestion involving yanking the CMOS battery or the like isn't going to help you. Read this page. There are several levels of "screwed" depending on which password is lost, but it sounds like in your case you're at the worst one, and on most Thinkpads it can't be fixed without physically violating the motherboard. (as detailed.)
Edit: By "several levels of Screwed", basically that means that if you can *boot* the laptop but are locked out of the BIOS there are software solutions. But if you can't boot it without entering a password at that little key prompt on most Thinkpads you have to hack the security chip.
yeah most thinkpads are that easy, unless they are those brand new ones with the smart card security. i used the same method i posted earlier with a thinkpad a few years back and it worked fine
Yeah...that's exactly how screwed I am. I saw a bunch of the software options but soon realized that I needed to be able to boot the machine...and I can't. I guess if I can scrape $45 together then I might give it a shot.
Edit: Or how about this. 26 letters in the alphabet 10 numbers 8 characters for the password (I think). Find some software that will make every permutation of letters and numbers (assuming that it's just letters and numbers) and just start bruteforcing it. If you couldn't already tell I have more time than money.
What do y'all thinkg?
Seems like Applescript could be used to whip up something that would make all the permutations and output it to a text file. Any good places to get snippets of code?
Assuming you're limiting yourself to only 36 possible characters, you're still looking at 36^8 combinations. That expands to 2.82 x 10 ^ 12 combinations.
Incidentally, using the shift key on the 26 letters brings you up to 62 characters, or 2.18 x 10 ^ 14 possibilities.
Do you intend to type them all in by hand?
Edit: I should mention that those quick numbers assume that it /is/ an 8 character password. If it could be up to an 8 character password, not absolutely 8 characters, the number...increases.
While in the bathroom actually. I figure if I just start with all lowercase letters and numbers at 8 characters and see what happens. I know this is probally a fools errand but like I said I really don't have the cash for any of the procedures that seem to work.
It's going to be a long year......a loooooooooooooooooooonnnnngggg year (or two, or three).
I think I'll start by asking my neighbor to rack his brain for any passwords that might work and/or find out if the company he worked for had some sort of strict password policy, such as requiring all employees to have passwords with 8 characters etc.
So I was thinking. I know I'm totally SOL on this whole endevor but I was brain storming with a buddy and we came up with the idea to bruteforce the password. Write some software to emulate a keyboard and have it send it's output to the parallel port or something. Then you have a ps/2 connector that is plugged into the Thinkpad. You load up all the possible permutations of letters and numbers. You also have a way for the software to hit CTL+ALT+DEL to restart it after two tries since after three you have to turn it off and back on.
What do you think? Too much?
Let's make the assumption that we're dealing with the smaller character set so that 2.82x10^12 is not an unreaonably low number. Now assume that one password could be entered a second. Sure, you could do it faster, but since you need to restart the machine after two tries it's a hopelessly optimistic estimate anyhow.
There are 3600 seconds in an hour. There are 24 hours in a day. There are 365 days in a year roughly. 3600 x 24 x 365 comes out to being 3153600 seconds per year. Just a shade over 3 million.
2.82x10^12 tries / 3153600 tries per year = 894,216 years.
If you could limit down the search space quite a bit more (Is he only unsure about the last few letters maybe? Are there letters he /knows/ he didn't use?) then it might be worth a shot, but unless you've got a few hundred millenia to waste it's not the best use of your time.
Edit: A dictionary attack might be worth it though.
So I'll start the program, and put myself in a cryo-chamber set to wake up then. I will be then be the proud owner of a nice Thinkpad t23. Or maybe have the computer hooked up to the chamber too so that if it finds the pass earlier it can bring me out suspended animation.
That's probably worth paying the nice gouging Internet man $40 to help you unlock the security chip. If it were an old Pentium 90 model then no, but...
Paying for the recovery service for a T23 recovery at $45 for the Category 2 service from http://www.ja.axxs.net/unlock/ seems like a worthy prospect, if you have a guarantee that the TP works fine otherwise. I'd guess that the TP is likey worth $200-300 if it's got decent RAM and HDD and a good optical. Check eBay of course... but I'd surely pay the fee if I couldn't find the info from other sources. (ie. offical TP service center employee who is feeling generous, etc)
Have you tryed "merlin" as the password? I think it is a backdoor IBM password IIRC.
There's an implication there at least that someone's offering the software to fix the problem for free. You still need to build and solder the interface, of course.
Yeah...I've tried the merlin pass (several times, hoping each time would be THE time that it worked). I know about the $45 option but the thing is I really don't have the cash to do it (I'm a social worker...nuff said) which is why I was comming up with all the crazy ideas to bruteforce it. And anything having to do with soldering just scares me...I've never done it before. I still haven't talked to my neighbor yet about it. I don't know. It seems to work fine otherwise but it does only have the floppy drive. I think unless I get the cash or the gumption to solder on a mobo then I'll just be stuck with a door stop that you have to plug in every three hours.
[Edit]: The link that Eudimorphodon provided (thank you by the way) seemed to hint at the fact that you could use clips to create the interface betwee the TP and the other computer to read the security chip. Now that is something more my speed.
[Edit Edit]: I just read that my TP has just the power on password and not the supervisor password. On the IBM website they sugest that I remove the battery pack and the backup then plug it in and start it up. I tried that but it didn't seem to work. Do you think that I might need to leave it unplugged sans batteries for a bit and then try it again? Not sure if there is some sort of capacitor that might need to discharge.........I have no idea.
Well I removed the battery and backup both and left them out over night and nothing. Still digging.
Don't know if you stumbled across this or not. It has links to some BIOS crackers.
Most info on that page is just a collection of all the stuff from around the web....that doesn't work.
If you know how to take it apart, then open it up and take out the CMOS battery (usually round) and unplug the laptop, remove the main battery, and let it sit for about 5 minutes or so. Put everything back in, and the password should be gone.
I took out the batteries (main plus backup) and let it sit over night. Still got the same thing with the added bonus of a "check date and time" error when it starts up. Then I was reading about some harddrive stuff and on and on so I pulled the HD. I booted it without the HD and found that it wouldn't go into BIOS or anything. A ray of hope. So I put the TP HD in another laptop and did a fresh install of Windows. Shoved it back in the TP and.....................................after POST it asked me for a password (which by the way I still don't know).
Burried but breathing....
Lets get this done. What have you tried? What operating system is on the thinkpad (Or cant you tell since you cant get past the BIOS?) What version and make BIOS is it using?
did you try this? http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID=156
or this: http://www.tech-faq.com/reset-bios-password.shtml
I use to work on ThinkPads while I worked as helpdesk at Ogilvy & Mather based in NYC - these guys are the Global Advertisers of IBM...
Now what you are asking is basically going to be answered by paying the piper to remove this password.
The problem you are attempting is something IBM has spent money to implement as a feature so that they could be used by the government to secure laptops to prevent access. Of course only those with the hardware/software and know how could break in... and that's not something most of us can do.
There is a service offered I recall investigating when someone at O&M set up a bios bootup password and forgot it... I recall after contacting IBM that they did not offer any service to recover from the laptop. Remember the newer security features also offer locking the harddrive which makes it a nice small paper weight too.
Pay the piper if you are serious about using this laptop. I don't recall who I contacted about it but they did offer a guarantee regarding being able to remove the password or it was free except needing to pay for the shipping to and back...
And I know my laptops... because a two executives there on two ocassions drove over their X20. The laptop screen was a broken glass rainbow after it happen on one of them but I was able to recover the data off the harddrive...(oh it was a Jauguar that rolled over the X20 and the other was a Taxi is Paris IIRC) I was able to rebuild a working laptop out of two X20's eventually after asking to play with them...
I digress, the security is tough. IF you hae to the know how OR can pay for it then you can use the laptop... however IF you want an old ThinkPad as a Trade I'd consider it thought the shipping if you were too far would be very prohibitive...
HTH clear up the questions... The main thing to resolve this issue though as a short cut for your is to get a replacment mother board for a broken ThinkPad of the same FRU/Model Famliy - or Pay the Piper - much cheaper paying the Piper if the cost is $45...
One of my friends, the guy who worked out how to enable safe-sleep on non-hires-powerbooks, also has a page on hacking ThinkPad passwords at http://matt.ucc.asn.au/thinkpad.html
Alright. I've tried most of the non-invasive solutions. Removing main and backup battery. The BIOS version I'm not sure of since there is nothing noting it in the POST. I got hopeful and pulled the HD slapped in another laptop, formatted it and did a clean install of XP...still nothing. I even tried booting it without the HD. It stalled and didn't even give me the POP prompt. I pretty sure that no software will do the trick since I can't get it to go past the POP prompt. I tried a boot disk (it only has a floppy drive) and that didn't work. I even had a friend who is less technically inclined stop by and he mashed on the keyboard and poked at it to no avail...although he did figure out how to turn on the LED used to light the keyboard. There have been a few more recent sugestions that y'all have made that I can't try this week as I am out of town and away from the machine.
I have thinkpad it has the same prblem but dad knows pass just wont tell
me remove the battery & there is a 2nd smaller try to remove that.:-)(-:
Did you even read the rest of this thread before bringing it back from the dead?
Please try not to revive threads more than a few weeks old unless you have something very valuable to add.
You mention that the machine doesn't prompt for the Password if there's no hard drive in there.
I had an old Compaq Armada that stored the BIOS interface, as well as the password, on an ~8MB partition at the beginning of the Hard Drive. My brother set a power-on password on it (the little bugger) and then forgot what it was. I put the drive into another laptop, removed the partitions and set them up again using FDISK and DELPART in DOS. I had to restore the BIOS GUI from the rescue disks, but that wasn't a big deal.
The point to that big ramble is that based on what I've heard, perhaps the security is on the drive itself, and not the laptop. I realize that you've already wiped the drive clean and installed a fresh install of Windows on there, but you may have just wiped the Windows partition clean, and not the entire disk.
If you're comfortable with FDISK, boot up another laptop with a Windows 98 boot floppy with the Thinkpad HD installed in that laptop. Poke around in FDISK and see what partitions are on the drive.
Conversely, you could try *another* drive in the Thinkpad to see if you get any luck with that.
It's a long shot, but ya never know...
While that is true, esp. for older MCA-based IBMs, the one in question is much newer, a T23 which can include the Embedded Security Subsystem and is also much newer than any PC laptop that stores BIOS on the HDD that I know of.
Had same problem. Had pass word but didn't seem to want to unlock system. Boot holding down F1 key go to password. Try the password you think it is, HIT THE SPACE BAR after each attempt NOT the enter key. I found out that to remove the password even if you have it, there is no indication you have the correct one untill you hit the SPACE BAR. It will then give you the option to enter a new password, just hit the SPACE BAR again. This is the only way to remove the password without a soldering iron and another chip. By the way the password for the pc I got from work was 4gadats or 4gadat
There is no way to clear the bios password using the normal remove the battery methods. The password is stored in a eeprom on the motherboard that does not rely upon battery for power. Once it is stored, it's there until you remove it or get access to it to set it as blank. Okay, what to do. Either deep six it or find "joe in Australia" on the net. Make the eeprom reader, pull the dump from the eeprom, save as a .bin file. Joe in Australia's software will be read by the bloke and then you will pay the piper to get it back. DO NOT REPLACE THE EEPROM CHIP AS IT WILL GIVE CRC ERRORS. Just an FYI, I have recovered two boards from the depths of the trash can by using the information and hardware that "joe in Australia" has provided.
Couple of things:
The next one of these I crack will not be my first.
Go easy on Joe in Australia. He is a good, honest guy and a very respected member of the Thinkpad cracking community.
Now re your Thinkpad:
If as you say you have tried battery removal without success
if as you say your Thinkpad is too early to have a supervisor password
you have a hard drive password and not a BIOS or CMOS password.
There is good news and bad news:
You can totally get around this password by hard drive replacement
you will not be able to salvage the old hard drive without the IBM master password . . . .
which sorry to tell you I do not know.
For those who might be unaware:
The IBM master password for hard drives does not, IT DOES NOT, allow you to access and read data from someone else's password-protected hard drive. If you want to compromise another person's security you need their user password. Good luck on that one. This is not something I ever have done.
If you are like me and most other breakers you could not care less about stealing another person's information. What you care about is salvaging perfectly good, but locked, hard drives. To do this you need the IBM master password. The IBM master password allows you to erase only, to format only, a user password-protected hard drive. In the process the user password is removed, along with the data it was protecting. You never get to access or read the protected data prior to its destruction.
I do not know the IBM master password. But I sure WISH I knew it. IBM holds it pretty tight since it allows them to sell a PILE of new hard drives, or at least it used to before Lenovo.
Cracking EEPROMs is not a problem. Breaking the IBM master hard drive password, now THAT'S a problem!
Can't you just downlaod the BIOS flash utility, burn it, and boot from the CD?
We have had some trouble with Acer Aspire notebooks BIOS, and Acer sent us a BOIS flash download, which the notebook booted from and the BOIS was flashed.. I'm not sure whether this will reset the password though.. Maybe you could try contacting IBM? Whether they would still offer support for that notebook is another issue.. Otherwise try contacting a notebook repair specialist..
Good luck anyways. Macintrash
I recenty used the eeprom methods above to locate and decode the password in a P4 sony vaio. I found the two eeproms on the motherboard with a multimeter (you know that certain pins will be grounded, one at v+). I then used a eeprom reader and soldered it to the eeproms. You don't even have to remove the eeprom from the motherboard, just power up the machine and read the eeprom using the programmer.
The hardest part is locating the correct eeprom and soldering to the tiny pins.
I dont know if this is the "offical" thinkpad manual but it provides a method on How to remove the power-on password.
To remove a POP that you have forgotten, do the following:
If no SVP has been set:
1. Turn off the computer.
2. Remove the battery pack.
3. Remove the backup battery.
4. Turn on the computer and wait until the POST ends. After the POST ends, the password prompt does not appear. The POP has been removed. 5. Reinstall the backup battery and the battery pack.
The manual provides detailed descriptions and diagrams on how to do this...
If this is the offical maual then surely this should work?
I believe they are trying to remove the SVP and not the POP
IBM BIOS Setup ThinkPad T23
To clear supervisor password,
To Clear IBM Security Chip.
This website might help you out? www.passwordmethod.com
i do this all the time. it costs $20.00 with shipping paid both way by the owner.