un buen tutorial para este tipo de casos
fuente:
http://sodoityourself.com/hacking-ibm-thinkpad-bios-password/
This article is based on a IBM ThinkPad T42. There are no guarantees and you might end up destroying your TP. So continue at your own risk. Other models this ought to work with are:
Soldering the ATMEL 24RF08 Chip reader
To read this chip we need to interface with it using a secondary computer and some simple electronics. You will need to purchase this:
Here is a simplified schematic for those unfamilliar with the above symbols:
Locating the ATMEL chip
Usually the ATMEL chip is located somewhere below the touchpad. Start off by remving the keyboard and mousepad. This is done by unscrewing a couple of screws located under the TP. It is quite clearly illustrated on the bottom side of your ThinkPad.
Pull the TP keyboard up and let it rest against the screen. Pry off the touchpad part and fold it over where the keyboard used to be. Remove the WiFi card.
Under it all you should find a chip with something like this printed:
ATMEL
24RFC8
0446
Heres a closeup of the Atmel chip. Click to enlarge.
You can see the Atmel right under were the Wifi card used to sit:
Soldering the ThinkPad
Now this is the tricky part. You will have to solder 3 wires to the motherboard of your TP. Two wires to the ATMEL chip and one to ground. The ground is a piece of cake, just solder it anywhere you can find ground. The mounting screw holes on the motherboard is a good place. Solder 3 wires according to the image below:
As you can see, the SCL and SDA are located right next to eachother. It can be difficult to hold them in place while soldering. I have used some tape to hold them in place. The tape can be left there to minimze the risk of pulling off the soldered wires during the next steps.
Leave these wires unconnected and make them ready by peeling off the insulation. These will be connected to the reader ciruit later on. Make sure they can not reach ground or short circuit in any way.
Preparing the spare PC
You have made the hardware to read the chip, so now you need to supply the software. There is this great sofware made by http://www.allservice.ro/ that can be found here:
http://home.ripway.com/2005-7/365678/index.htm - Select R24RF08 v2.0b - Reader for ATMEL 24RF08 (Freeware)
While you are at it, download the Supervisor Password decoder IBM Pass 2.0 Lite found here:
http://home.ripway.com/2005-7/365678/index.htm
Also great software made available by http://www.allservice.ro/ .
Note:
Softpedix wrote that the download mirror has limited bandwidth. If you can’t download with the above, try these:
http://www.allservice.ro/forum/viewtopic.php?t=61 – Programmer
http://www.allservice.ro/forum/viewtopic.php?t=56 – IBMpass Lite
Install the software.
Connect the ATMEL chip reader to the spare PC.
Fire up a command promt(Start->run type cmd) and navigate to the folder where you installed R24RF08 v2.0b. Type in (don’t hit Enter):
r24rf08 dump.bin
Dumping the password
Decoding the Supervisor Password
On your Spare PC start the program IBM Pass 2.0 Lite. Load the file you just created (dump.bin). Navigate with the scroll list to the memory address of 0×330. Tada! It should look something like this:
fuente:
http://sodoityourself.com/hacking-ibm-thinkpad-bios-password/
This article is based on a IBM ThinkPad T42. There are no guarantees and you might end up destroying your TP. So continue at your own risk. Other models this ought to work with are:
- 240, 240x
- 390E, 390x
- 570, 570E
- 600e, 600X
- 770Z
- A20m, A21e, A21m, a22m, A30p, A31, A31p
- G40, G41
- R30, R31, R32, R40, R50, R51
- Transnote, T20, T21, T22, T30, T40, T40p, T41, T42, T42p
- X20, X21, X22, X23, X24, X30, X31, X40, X41
Soldering the ATMEL 24RF08 Chip reader
To read this chip we need to interface with it using a secondary computer and some simple electronics. You will need to purchase this:
- 2 x 2200 Ohm Resistors
- 2 x C5V1 Zener diodes (For example BZX55/C5V1 )
- Serial Port 9 pin Female
Here is a simplified schematic for those unfamilliar with the above symbols:
Usually the ATMEL chip is located somewhere below the touchpad. Start off by remving the keyboard and mousepad. This is done by unscrewing a couple of screws located under the TP. It is quite clearly illustrated on the bottom side of your ThinkPad.
Pull the TP keyboard up and let it rest against the screen. Pry off the touchpad part and fold it over where the keyboard used to be. Remove the WiFi card.
Under it all you should find a chip with something like this printed:
ATMEL
24RFC8
0446
Heres a closeup of the Atmel chip. Click to enlarge.
You can see the Atmel right under were the Wifi card used to sit:
Soldering the ThinkPad
Now this is the tricky part. You will have to solder 3 wires to the motherboard of your TP. Two wires to the ATMEL chip and one to ground. The ground is a piece of cake, just solder it anywhere you can find ground. The mounting screw holes on the motherboard is a good place. Solder 3 wires according to the image below:
As you can see, the SCL and SDA are located right next to eachother. It can be difficult to hold them in place while soldering. I have used some tape to hold them in place. The tape can be left there to minimze the risk of pulling off the soldered wires during the next steps.
Leave these wires unconnected and make them ready by peeling off the insulation. These will be connected to the reader ciruit later on. Make sure they can not reach ground or short circuit in any way.
Preparing the spare PC
You have made the hardware to read the chip, so now you need to supply the software. There is this great sofware made by http://www.allservice.ro/ that can be found here:
http://home.ripway.com/2005-7/365678/index.htm - Select R24RF08 v2.0b - Reader for ATMEL 24RF08 (Freeware)
While you are at it, download the Supervisor Password decoder IBM Pass 2.0 Lite found here:
http://home.ripway.com/2005-7/365678/index.htm
Also great software made available by http://www.allservice.ro/ .
Note:
Softpedix wrote that the download mirror has limited bandwidth. If you can’t download with the above, try these:
http://www.allservice.ro/forum/viewtopic.php?t=61 – Programmer
http://www.allservice.ro/forum/viewtopic.php?t=56 – IBMpass Lite
Install the software.
Connect the ATMEL chip reader to the spare PC.
Fire up a command promt(Start->run type cmd) and navigate to the folder where you installed R24RF08 v2.0b. Type in (don’t hit Enter):
r24rf08 dump.bin
Dumping the password
- Turn on your ThinkPad with all the wiring you just soldered.
- Press F1 during the startup to enter the BIOS.
- Wait untill all activity stops, blinking HDD leds and such.
- Connect the ATMEL Chip reader. GND first then the SDA and SCL.
- Now go to your spare PC and Hit enter on the command prompt.
Decoding the Supervisor Password
On your Spare PC start the program IBM Pass 2.0 Lite. Load the file you just created (dump.bin). Navigate with the scroll list to the memory address of 0×330. Tada! It should look something like this:
