BIOS password bugs?

Message

tonyfantao · #1 Post by **tonyfantao** » Tue Oct 18, 2005 8:38 pm

Hi, I just got a thinkpad T42 recently, I set my supervisor password, but when the system reoot, it keeps saying the wrong password, and I am pretty sure I have enter the right one, the other thing I observed is that I can still log in using the power on password, but the passowrd I entered is not case sensitive at all, which means I can get passed the power-on using either capital or small letter as long as the password is correct, is this seems to be normal? to me, it seems like maybe the keyboard has the problem with capital letter at the time of power on, because I have tested under the windows xp with no problem with keyboard. BTW the password I used consists of combination of small and capital letters as well, can someone help pls? thanks.

AIX · #2 Post by **AIX** » Wed Oct 19, 2005 3:33 am

I think supervisor password length is limited to 7 characters; maybe you tried entering a >7 characters password. Try enter only the first 7 characters and see if it works.

DaniWurf · #3 Post by **DaniWurf** » Wed Oct 19, 2005 5:21 am

Maybe you unknowingly (by mistake) enabled caps lock when you set the the password???

nwguru · #4 Post by **nwguru** » Thu Oct 20, 2005 12:43 am

The Thinkpad doesn't know there is a difference between upper and lower case characters in the password. The CapsLock has no effect on the password.

The stored pasword is the scancodes for the keys pressed, not the ASCII equivalent.

The suggestion to only use the first SEVEN (7) characters is correct as the system will let you enter more characters when you set the password but it truncates them at the end of 7. When you log in with more than 7 characters, the strings don't match.

If that doesn't work, then start guessing because you somehow typed something different TWICE.

Your only other options are to get the password recovered or replace the system board.

The T42 uses TWO security chips (YAY TCPA (not)) and changing the one that gets tested by the BIOS will not resolve the issue anymore. Now, the TCPA tests each to be sure BOTH passwords (and UUIDs) match or you get a Security Tamper error.

Good Luck!

Rose · #5 Post by **Rose** » Thu Oct 20, 2005 5:07 pm

regarding the boot and supervisor bios password. Is there any way around it and/or reset/blank it?

Im asking since my T41p got stolen. Because of that i have this advert on swedens biggest trade-site where i opt for buying back my T41p if it is the correct one, since it should be useless to anyone else.

Then this guy contats me, talks alot of rubbish, but claims that resetting bios is no problem if disconnecting the backup clock battery for a couple of weeks.

Possible or not?

rssb · #6 Post by **rssb** » Thu Oct 20, 2005 5:35 pm

rose, if the tcpa chip was enabled then what he is talking is nonsense, it is almost impossible to clear the password by removing the battery.

The eeprom which holds the password can go on for upto 10 years without battery !!

If you enabled the passphrase then the password is not even stored in the eeprom, so unless he desolder the eeprom, tcpa chip and puts in new blank ones, it is useless.

If the tcpa chip was not enabled and you have only less than 8 character password then it is possible to read the eeprom via external readers and scan for the password location and then he can login via password and disable or change it.

nwguru · #7 Post by **nwguru** » Thu Oct 20, 2005 6:37 pm

The STANDARD IBM Password scheme is fairly worthless as anyone can build one of the multitude of readers that are available on many sites. With the right reader, the Supervisor Passsword is easily recovered and then used to unlock the Thinkpad. If the HD Password is the same as the Supervisor, then the entire Thinkpad will be useable again.

This is a strong suggestion to always set the HD password to a different password than the Supervisor.

As far as unlocking the Thinkpad by removing the CMOS or backup battery, that is an Old Wives Tale and an absolute waste of time. Unless the Security Chip is read and the scan codes recovered, the Thinkpad will remain locked.

ntsif · #8 Post by **ntsif** » Fri Nov 18, 2005 5:58 pm

From personal experience I wouldn't suggest to anybody use password.
I do repaire IBM Thinkpad all the time. And Bios password can be reset in 10-15 min. Recovering old one takes about 25. For HDD - about 30min.
Most of the time the first person who got hit with password problem - original owner: they just forget it or use 7+ etc.

pae77 · #9 Post by **pae77** » Sat Nov 19, 2005 5:31 pm

The password has utility in at least keeping your TP secure from causual snooping and if the TP is stolen, at least you will have some extra time to change or report some important things (like credit card or other account numbers you might have recorded on your machine) if necessary before the TP or HD password is cracked. For additional security, I personally keep various passwords (not the TP passwords but various internet site passwords) recorded on my machine in a code that only I can understand, so even if someone gained unauthorized access, they still wouldn't be able to find sufficient information on my TP to access things like online accounts.