Home Sign Up! Explore Community Submit Bypass BIOS Boot or OS Login to "most" any computer with console access by erckgillis on June 15, 2007 Table of Contents intro: Bypass BIOS Boot or OS Login to "most" any computer with console access step 1: Console Access this is essential to browse files step 2: Windows ISO Boot disc(s) step 3: Live CD distributions to choose from (list) step 4: Browse any files NTFS FAT file systems (folders) step 5: Protection ? step 6: BIOS Backdoors 10 Related Instructables 11 Advertisements 11 Customized Instructable T-shirts 11 Comments 11 http://www.instructables.com/id/Bypass-BIOS-Boot-or-OS-Login-to-%22most%22-any-compute/ intro: Bypass BIOS Boot or OS Login to "most" any computer with console access ANY system where you have access to it's console will give you an opportunity to where you can login and see files, run your own browser or copy files By modifying the BIOS or "Flash'ing" new BIOS you can override both BIOS protected passwords and reboot from other devices or peripherials Reboot with any OS you choose and browse NTFS (via http://www.ntfs-linux.com/) or FAT files on their 'secured' hard drive Internet Cafe', Public Library and Schools with "locked" PC's are usually accessible If you can MODIFY the BIOS to boot from USB, CD or DVD Insert your USB Boot image (ISO) How See my instructables Beginners Background: The BIOS (Basic Input-Output System) is a small piece of code 'burned' into a EPROM/CMOS (Erasable Programmable Read Only Memory) This is the hard coded instructions to "boot" your PC Even "locking" the BIOS is no longer safe as "Flash" programs can 'reprogram' most any BIOS Shorts or restes can 'fry' and many sites offer replacements/swaps File systems: Computers all have files File systems are the way data is encoded on the hard drive It's not encrypted nor protected except for EFS or secured shadowed and hidden file systems using triple DES and PGP Steps: Press F2 or F10 as the reboot prompt asks Modify as below the "Boot order" Insert a CD/DVD or USB boot drive and your in! (see instructables for ISo images or USB thumb drive) Image Notes Boot a DSL linux image from USB http://www.instructables.com/id/Bypass-BIOS-Boot-or-OS-Login-to-%22most%22-any-compute/ step 1: Console Access this is essential to browse files Windows Computers are designed to not allow remote access Firewalls, port stealthing and all the fancy software secures you from outside and network attacks No one protects their consoles or laptops nowadays Do you have access to a schools computer, library or Internet Cafe' ? Then you can load and boot many OS and see files on their HDD Once the BIOS (bypass BIOS passwords on page 6) is set to boot from other media (USB/CD/DVD) you can load you OWN OS and login forget Windows security load your OWN OS! Load a small Linux or other OS, fast and easy from USB or CD/DVD (see Live CD or use my instructables) ///post your ideas///! COLLABORATE ! Specific PXE or GRUB boots and small USB drives can boot most any OS you choose Image Notes Boot a DSL linux image from USB Image Notes Samba or other tools allow access to NTFS, FAT and UNIX file systems (http://www.ntfs-linux.com/) http://www.instructables.com/id/Bypass-BIOS-Boot-or-OS-Login-to-%22most%22-any-compute/ step 2: Windows ISO Boot disc(s) Free ISO Image Downloads: These are the ISO boot disk images available from AllBootDisks Download the ISO image you need, and if you need assistance creating a bootable CD from this image, visit the how-to page Everyone's seen Windows boot screens ugh think of ALL THE YEARS wasted watch DOS & Windows Boot! ERCK DOS4.01_bootdisk.iso DOS5.0_bootdisk.iso DOS6.0_bootdisk.iso DOS6.21_bootdisk.iso DOS6.22_bootdisk.iso Win95a_bootdisk.iso Win95b_bootdisk.iso Win98SE_bootdisk.iso Win98SEnoram_bootdisk.iso Win98_bootdisk.iso Win98noram_bootdisk.iso WinMe_bootdisk.iso WinMenoram_bootdisk.iso ISO's are well documented already step 3: Live CD distributions to choose from (list) Live CD Distributions by # votes (alphabetical) #Votes Name ISO Size (Mb Min Max) & Primary Function 3Anoppix 712 712 Desktop ABC Linux 579 579 Desktop Adios 700 700 Education AdvanceCD 16 16 Gaming AL-AMLUG Live CD 512 512 Desktop AliXe 370 370 Desktop AmaroK Live 289 289 Home Entertainment Ankur 418 418 Desktop Anonym.OS 575 575 Secure Desktop ANTEMIUM 620 620 Desktop Arabbix 550 550 Desktop Archie 325 325 Desktop Arudius 212 212 Security Auditor security collection 538 538 Security Augustux 700 700 Desktop Aurox Live 698 698 Desktop avast! BART CD 155 155 Rescue, Windows Antivirus basilisk 650 650 Desktop BDI-Live 138 138 CNC Metalworking BEERnix 409 409 Desktop BeleniX 637 637 Desktop BerliOS MiniCD 182 182 Desktop bioknoppix 681 681 Bioinformatics, Education Blin Linux 36 160 Desktop Bootable Cluster CD 188 188 Clustering BOSS Live CD 646 646 Security BrutalWareII 117 117 Security Burnix 690 690 Clustering ByzantineOS 43 43 Home Entertainment Caster 545 545 Media Production C� tix 717 717 Desktop CDlinux 18 18 Rescue CDMEDICPACSWEB 195 587 Medical CHAOS 8 Clustering CHRONOMIUM 68 68 Windows Antivirus ClusterKnoppix 600 600 Clustering Conectiva Linux Live CD 252 400 Desktop Cool Linux CD 632 632 Desktop Crash Recovery Kit for Linux 80 80 Rescue Danix 683 683 Desktop http://www.instructables.com/id/Bypass-BIOS-Boot-or-OS-Login-to-%22most%22-any-compute/ Dappix 700 700 Desktop DeadCD 92 92 Desktop, Rescue DemoLinux 650 650 Desktop DeMuDi Live 575 575 Media Production DevelopGo 695 695 Development Devil-Linux 88 88 Firewall, Server distccKNOPPIX 38 38 Clustering Dizinha 154 154 Desktop DNALinux 329 329 Bioinformatics ECGL 706 706 Development Echelon Linux 240 240 System Administration eduKnoppix 700 700 Education EduMorphix 643 643 Education ELE 61 61 Secure Desktop eLearnix 90 90 Education elpicx 690 1382 Education Emergency CD 174 174 Rescue eMoviX 10 10 Home Entertainment eZ publish LiveCD 487 487 Server FCCU GNU/Linux Forensic Boot CD 519 563 Forensics ffsearch-LiveCD 194 194 Server FIRE 579 579 Forensics fiubbix 670 670 Desktop, Education Flash Linux 362 362 Desktop FlashMob ISO 63 63 Clustering Flonix 187 187 Desktop floppyfw 2 Firewall Formilux 38 160 Server Freeduc 699 699 Desktop, Education, GIS FuguIta 623 623 Desktop GamesGo 698 698 Gaming Gentoox 543 543 Desktop GeoMorphix 672 672 GIS Ging 164 164 Desktop GIS-Knoppix 700 700 GIS GISIX 635 635 GIS GisMorphix 567 567 GIS GNOME LiveCD 629 629 Desktop gnome2live 430 430 Desktop gNOX 242 242 Desktop GNU/Linux Kinneret 623 623 Education GParted LiveCD 52 52 System Administration GPUL 534 534 Education grml 49 696 OS Replacement, Rescue, Security Guadalinex 592 700 Desktop Hakin9 Live 625 625 Security Hax Desktop 611 611 Desktop Helix 701 701 Forensics Hikarunix 182 182 Gaming IndLinux Hindi 532 532 Desktop jollix 506 506 Gaming, Home Entertainment Julex 216 216 Desktop JUX 695 695 Education Kaboot 87 349 Desktop, Rescue, Science Kalango 396 396 Desktop KANOTIX CPX-MINI 230 230 Desktop, OS Replacement Kazit 633 633 Desktop KibZiLLa 288 288 Desktop Klax 382 382 Desktop Knoppel 648 648 Desktop Knoppix 3.3 NY/NYLUG edition 702 702 Desktop Knoppix en espa�±ol 651 651 Desktop Knoppix for Kids 699 699 Desktop, Education Knoppix Japanese Edition 681 681 Desktop KNOPPIX-BV1AL 685 685 Desktop KNOPPIX-EXTON 665 665 Desktop Knoppix64 600 720 Desktop, Development KnoppixQuake 130 130 Server KnoSciences 661 661 Education Komodo Linux 695 695 Desktop Kororaa 695 695 Desktop, OS Replacement KursLinux 696 696 Education Kurumin 187 187 Desktop LAMPPIX 157 207 Server Legnoppix 380 380 Robotics LFS boot-cd 240 240 OS Replacement, Rescue LFS LiveCD 106 351 Desktop LG3D LiveCD 606 606 Desktop LinspireLive! 659 659 Desktop Linux Live-CD Router 83 83 Firewall Linux Magazine miniCD 185 185 Desktop, Rescue Linux-EduCD 653 653 Education Linuxcare Bootable Toolbox 47 47 Rescue http://www.instructables.com/id/Bypass-BIOS-Boot-or-OS-Login-to-%22most%22-any-compute/ LinuxConsole 58 532 Gaming Lisp Resource Kit 612 612 Development, Education LiveOIO 615 615 Medical LiveZope 697 697 Development, Education LNX-BBC 48 48 Desktop, Rescue Local Area Security Linux 185 210 Desktop, Security Lonix 149 149 Rescue LUC3M 700 700 Desktop Mediainlinux 691 694 Media Production mGSTEP Live CD 88 88 Desktop MiniKazit 180 180 Desktop, OS Replacement MiniKnoppix 198 198 Rescue MIOLUX 678 678 Desktop Mono Live 702 702 Development Monoppix 429 429 Development Morphix-NLP 448 448 Science MoviX 27 42 Home Entertainment MoviX2 49 49 Home Entertainment muLinux 68 68 Desktop Myah OS 374 374 Desktop NetMAX DeskTOP 697 697 Desktop, OS Replacement Network Security Toolkit 262 262 Security NeWBIE 641 641 Desktop NIOde 550 550 Development NordisKnoppix 699 699 Desktop OnebaseGo 671 671 Desktop, OS Replacement OpenGroupware Knoppix CD 546 546 Server OpenVistA VivA 560 560 Medical Operator 570 570 Security Oralux 528 528 Desktop, Desktop PaiPix 1720 1720 Science Pardus Live CD 688 688 Desktop Parsix 697 697 Desktop Parted Magic 31 31 System Administration PCG-C1VN Live CD 457 457 Desktop Penguin Sleuth Bootable CD 689 689 Forensics Pentoo 482 482 Security Phrealon 34 34 System Administration Pilot Linux 66 66 System Administration PLAC 48 48 Forensics, Rescue PLD Live CD 519 519 Desktop PLD RescueCD 51 51 Rescue PLoP Linux 40 40 Rescue PlumpOS 51 51 Clustering Pollix 695 695 Development Public IP ZoneCD 271 271 Firewall PXES 13 13 Thin Client Pyro Live CD 622 622 Robotics QiLinux 657 682 Desktop Quantian 691 1961 GIS, Science Repairlix 11 11 Rescue RIP 25 Rescue ROCK Linux 411 458 Desktop Rxlinux 10 10 Server Salvare 18 18 Rescue Santa Fe Desktop Linux 614 614 Desktop SchilliX 411 411 OS Replacement SciLix 480 480 Desktop, Education, Scientific SENTINIX 213 213 Security Sentry Firewall CD 288 288 Firewall Shabdix 680 680 Education Shinux 99 155 Desktop Skolelinux 662 662 Desktop, Education SlackPen 322 322 Security Slackware (Disc 2) 657 657 OS Replacement slavix 624 624 Desktop SLAX Frodo Edition 47 47 Diagnostics Slix 693 693 Desktop Slo-Tech Linux livecd 700 700 Desktop SNAPPIX 553 553 Development Sn�¸frix 695 695 Education SoL-diag 35 546 Diagnostics, Rescue Stanix Professional 660 660 Desktop StarCD 530 530 GIS StreamBOX-LiveCD 698 698 Media Production StudioGo 692 692 Home Entertainment, Media Production Sulix 700 700 Desktop SuperRescue 701 701 Rescue TeaM-TL 700 1320 Desktop The Backpack Programmer's LiveCD 684 684 Development TheOpenCD 596 596 Desktop Thinstation 9 Thin Client Tilix 705 705 Desktop http://www.instructables.com/id/Bypass-BIOS-Boot-or-OS-Login-to-%22most%22-any-compute/ Timo's Rescue CD 55 55 Rescue TiNA Knoppix 644 644 Science tlf-morphix 404 404 Hobby tomsrtbt 3 Rescue Toothpix 717 717 Medical TPM Security Server 294 294 Forensics, Security Trinity Rescue Kit 50 50 Rescue Trinux 19 19 Security UHU-Linux Live CD 633 633 Desktop uOS 261 261 OS Replacement UserLinux 456 456 Desktop VigyaanCD 647 647 Bioinformatics, Education Virtual Linux 628 628 Desktop WarLinux 53 53 Security Wolvix 452 452 Desktop WOMP! 13 30 Home Entertainment X-Evian 633 633 Media Production XAMPPonCD 88 88 Development Xebian 269 269 Desktop Xen Demo CD 720 720 Server Xfld 650 650 Desktop XNUXER 697 697 Desktop XoL 700 700 Desktop XORP Live CD 132 132 Firewall Zaurus Development Version of DemoLinux 650 650 Development aquamorph 382 382 Desktop ATMission 530 530 Desktop, Server cdlinux.pl 205 634 Desktop Clusterix 275 275 Clustering Freeduc-games 645 645 Gaming Freepia 36 36 Home Entertainment Frenzy 200 200 Rescue, Security Gnoppix 659 659 Desktop GNUstep live CD 420 420 Desktop Kate OS LIVE 681 681 Desktop knopILS 629 629 Desktop Knoppix-MiB 650 650 Desktop, Secure Desktop KnoppiXMAME 120 120 Gaming KnoppMyth 469 469 Home Entertainment Lin4Astro 595 595 Astronomy LiveBSD 654 654 Desktop, OS Replacement loonix-live 495 495 Desktop Luit Linux 50 74 Desktop Mandriva One 674 674 Desktop MitraX 50 50 Desktop Musix GNU+Linux 700 700 Media Production NavynOs 384 384 Security NetBoz 53 143 Firewall Overclockix 655 700 Desktop, Diagnostics, Rescue ParallelKnoppix 550 550 Clustering Phaeronix 676 676 Desktop, OS Replacement PHLAK 471 471 Security Plan-B 658 658 Forensics, Rescue, Security Sabayon 697 3477 Desktop stresslinux 51 51 Diagnostics STUX 255 650 Desktop Symphony OS 568 568 Desktop, OS Replacement T2 @Live 546 546 Desktop Tao Live 675 675 Desktop Whoppix 687 687 Security Windows PE 0 Rescue Zen Linux 307 564 Desktop, OS Replacement austrumi 50 50 Desktop BackTrack 625 625 Security Baltix 703 703 Desktop Benix Kanotix 189 189 Desktop Berry Linux 425 425 Desktop GeeXboX 5 Home Entertainment Kurumin Games 708 708 Gaming Morphix 203 648 Desktop, Gaming redWall Firewall 148 154 Firewall SLAX Popcorn Edition 104 104 Desktop SLYNUX 730 730 Desktop, OS Replacement VectorLinux 264 264 Desktop, OS Replacement Feather Linux 63 63 Desktop GoboLinux 634 634 Desktop Kaella 700 700 Desktop, Education KCPenTrix 401 401 Security Knoppix STD 497 497 Security LinuxDefender Live! 515 515 Rescue, Windows Antivirus Mutagenix 99 549 Desktop, Diagnostics, OS Replacement, Rescue SLAMPP 285 285 Server FreeBSD LiveCD 413 413 OS Replacement, Rescue http://www.instructables.com/id/Bypass-BIOS-Boot-or-OS-Login-to-%22most%22-any-compute/ GamesKnoppix 683 683 Gaming Kubuntu 572 619 Desktop m0n0wall 5 Firewall BeatrIX Linux 167 167 Desktop GoblinX Mini Edition 149 149 Desktop INSERT 49 49 Rescue, Security LLGP 695 695 Gaming Suse Live-Eval 1446 1451 Desktop SystemRescueCD 92 104 Rescue Elive 200 700 Desktop SLAX KillBill Edition 188 188 Desktop Ultimate Boot CD 121 186 Diagnostics, Rescue WHAX 574 574 Security 10 dyne:bolic 444 444 Clustering, Desktop, Media Production 15 FreeSBIE 596 596 Desktop, OS Replacement 15 Gentoo 50 1815 OS Replacement, Rescue 22 Puppy Linux 60 60 Desktop 23 Ubuntu 699 3553 Desktop, Os Replacement 34 MEPIS 693 693 Desktop, OS Replacement 38 Damn Small Linux 48 48 Desktop, OS Replacement 39 GoblinX 302 302 Desktop, OS Replacement 46 Knoppix 700 700 Desktop, OS Replacement 47 NimbleX 200 200 Desktop 83 PCLinuxOS 299 685 Desktop, OS Replacement 199 Kanotix 503 719 Desktop, OS Replacement 222 SLAX 41 202 Desktop, OS Replacement Currently displaying 315 LiveCD/DVDs Key: Primary Functions: Desktops: provides a working GUI desktop environment with a collection of desktop programs, such as browsers and text editors Many also include utilities for other purposes, such as home entertainment, but are only listed here because the additional functions are not their primary focus OS Replacement: provides an option to transfer the cd to the hard drive, or to install an OS in a different form Education: provides a collection of educational programs, or was created to be used in the educational field Rescue: provides tools needed for data recovery Clustering: provides tools for making clusters Security: contains network security tools Home Entertainment: geared towards playing video and audio Gaming: video games! Medical: contains medical programs Diagnostics: contains utilities for testing hardware Firewalls: distributions created to be used as firewalls Forensics: distributions containing forensic tools Servers: distributions used for various server functions ISO Size: The ISO size and ISO max size refer to distributions which have different size images of the current release Sizes over 700MB may require overburning to be put onto a CD, or be a LiveDVD ISO Many LiveCDs can also be copied onto and booted from USB drives Architectures x86: AMD and Intel computers, could include optimizations from the 386 to the Pentium IV to the Athlon XP x86-64: Computers with chips that use the AMD64 64-bit extensions, known in the Intel camp as EM64T These chips include the Athlon64, Opteron, Pentium 600 series, Pentium D, Core Duo, and modern Xeons PPC: PowerPC chips, including the Apple G3, G4, and G5 (in 32-bit mode), possibly other IBM Power chips PPC64: PowerPC 64-bit chips, including the Apple G5, possibly other IBM Power chips Eden: LiveCDs specifically made for the VIA Eden platform Because these are based on the x86 instruction set, x86 LiveCDs may work too Xbox: Made for the XBox, may require software or hardware mods to run IA-64: Itanium and Itanium2 platforms Sparc64: SUN Sparc 64-bit platform Alpha: Alpha platform, once made by DEC, then Compaq, and now being phased out by HP Mips: Some SGI platforms HPPA: Also known as PA-RISC, made by HP, also being phased out http://www.livecdlist.com http://www.instructables.com/id/Bypass-BIOS-Boot-or-OS-Login-to-%22most%22-any-compute/ step 4: Browse any files NTFS FAT file systems (folders) logon browse files from YOUR OS to their HDD (read only)? Now mount and go see any files, run or copy files and see all folders and directories, no hidden, no protected and most any compression or encryption (EFS) can be recovered and copied only the best DES or PGP files systems will prevent visual inspection step 5: Protection ? Only way is to triple encrypt (PGP or DES3) your raw data on HDD then upon discard perform a "clean" 23x rewrite "0" zeros and "1" ones then 23x write "1" ones then 23x "0" zeros Then burn and chip (~1mm) the platters entire surface and submerge in nitric then sulfuric acids DOD and NSA can read data off intact platters via electron scanning or Electron tunneling microscopes but not after the 23x triple re-writes and surface scour as the newer magnetic particles leave zero residual changes in the sub-medium Most of the data can never be read .don't think so ? most crooks and bad guys are not that well educated, that's how we catch you http://www.instructables.com/id/Bypass-BIOS-Boot-or-OS-Login-to-%22most%22-any-compute/ step 6: BIOS Backdoors Bybassing BIOS Solutions: BIOS passwords secure different levels of system access Lowest level is access control for power management functions, next for BIOS access (BIOS password) and highest level is for PC access (Administrator password) BIOS password is stored in a non-erasable part of the CMOS ('BIOS memory') On desktop PC's this CMOS is buffered by an onboard battery Depending on your mainboard layout you'll see a seperate battery or won't see it as it will be integrated in a multifunction chip housing battery, real time clock (RTC) and other components (usually a small black brick on the mainboard) Keeping that in mind different ways of removing the password are possible Remove password with some kind of software This works only if you have access to your PC and can run software (meaning no Administrator password is set) CMOSpwd www.cgsecurity.org/index.html?cmospwd.html Remove password by manually invalidating CMOS content When CMOS RAM loses power, a bit is set to indicate this, which should cause the BIOS to detect that the CMOS RAM is invalid and will normally result in the loading of default values The same results can be obtained by using a simple DEBUG script to invalidate CMOS RAM This may be much more convenient than shorting pins on a chip in cases where it is possible to boot to a DOS prompt to run DEBUG.Here is a DEBUG script to invalidate CMOS RAM This should work on all AT / ATX motherboards (some systems not have CMOS RAM) Boot from floppy with DOS or USb thumb drive A:\>DEBUG - o 70 2E - o 71 FF - q (Quits to DOS) Remove password using common master passwords Please be aware that most BIOS releases lock your PC completely after entering wrong passwords ! American Megatrends BIOS AMI, A.M.I, AMI_SW, aammii, AMI!SW, AMI.KEY, ami.key, AMI~, AMIAMI, AMIDECOD, AMIPSWD, amipswd, AMISETUP, BIOSPASS Award BIOS ?award, awkward, award, award_?, award.sw, award sw, AWARD_SW, AWARD SW, admin, alfarome, aLLy, aPAf, BIOS, biosstar, biostar, CONTACT, condo, CONDO, g6PJ, h6BB, HELGA-S, HLT, j09F, j64, j262, j256, j322, lkw peter, lkwpeter, LKWPETER, PASSWORD, SER, setup, SKY_FOX, SWITCHES_SW, Sxyz, SZYX, t0ch20x, t0ch88, TTPTHA, TzqF, wodj, zbaaaca, 1322222, 256256 Phoenix phoenix SystemSoft PnP BIOS system manufacturer preset ones VOBIS & IBM: merlin Dell: Dell Biostar: Biostar Compaq: Compaq Enox: xo11nE Epox: central Freetech: Posterie IWill: iwill Jetway: spooml Packard Bell: bell9 QDI: QDI Siemens: SKY_FOX TMC: BIGO Toshiba: Toshiba Remove password on certain PC's and notebooks IBM PC's and notebooks Toshiba notebooks HP notebooks Remove password using Clear CMOS jumper on your mainboard Please refer to your manual to locate this jumper Clearing CMOS will erase all passwords set but all your user defined settings like harddisk type, RAM timings etc, too You'll have to set these values again after clearing CMOS Remove password by clearing CMOS due to disconnected power CMOS content is buffered by an onboard battery If you disconnect this power supply your CMOS clears automatically as the content can't be refreshed due to the missing power This works easily if you see the onboard battery Remove the battery for at least minutes an insert it again in it's socket Remove password by clearing CMOS within RTC chip Depending on the RTC chip used on your mainboard you can reset CMOS content by connecting two pins on the RTC chip A paperclip bent into a U shape is a good tool for this For all the following activities your PC has to be powered off Chips & Technologies P82C206 This is usually a square PLCC chip, sometimes soldered onto the motherboard, sometimes in a socket CMOS RAM on this chip is cleared by shorting together pins 12 (GND) and 32 (5.0V) or pins 74 (GND) and 75 (5.0V) for a few seconds Pins 12 and 32 are the first and last pins on the bottom edge of the chip, pins 74 and 75 are the corner pins on the upper left corner http://www.instructables.com/id/Bypass-BIOS-Boot-or-OS-Login-to-%22most%22-any-compute/ OPTi F82C206 This is a small rectangular PLCC chip usually soldered onto the board CMOS RAM is cleared on this chip by shorting together pins and 26 on bottom edge of chip for a few seconds Pin is third pin from left side and pin 26 5th pin from right side, both on bottom edge Dallas DS1287 and benchmarq bp3287MT CMOS RAM can't be cleared Instead you can replace RTC chip with a new one You can even use an updated version (DS1287A or bq3287AMT) which support CMOS clearing Dallas DS1287A and benchmarq bq3287AMT This battery should last up to 10 years Any motherboard using these chips should not have an additional battery CMOS RAM can be cleared on the DS1287A and bq3287AMT by shorting pins 12 (GND) and 21 (RAM Clear) Pins are labeled to 24 running counter clockwise starting left of bottom edge Pin 12 is first pin from right side on bottom edge and Pin 21 is third pin from left side on top edge Motorola MC146818AP or compatible This is a rectangular 24-pin DIP chip, usually in a socket Compatible chips are made by several manufacturers including Hitachi (HD146818AP) and Samsung (KS82C6818A) The number on the chip should end in 6818 Although this chip is pin-compatible with the Dallas 1287/1287A, there is no built-in battery This means that CMOS RAM can be cleared on this chip by just removing it from the socket for a few seconds and replacing it Dallas DS12885S and benchmarq bq3258S CMOS RAM is cleared on this chip by shorting pins 12 (GND) and 20 Even shorting pin 12 (GND) and 24 (5.0V) will help Pins are labeled to 24 running counter clockwise starting left of bottom edge Pin 12 is first pin from right side on bottom edge and Pin 21 is third pin from left side on top edge Pin 24 is first pin from left on top edge Additional BIOS passwords and hints can be found here: http://www.11a.nu/ibios.htm Related Instructables Change Vista's User Logon Screen by TK Customize your computer! by alfonso Customize & Tweak Windows XP(Updated 7/3/08) by computergeek Custom Windows UI by neardood Log into anyones computer from ANYWHEREGREAT PRANK by JECHO How to make the Ctrl+Alt+Delete screen show up @ logon by THE_GEEK2007 Hack the Start Button! (video) by alfonso Hacking Windows XP Passwords for real! by Popcornfilms Advertisements Customized Instructable T-shirts Comments 50 comments Add Comment brandegor says: view all 53 comments Jun 29, 2008 5:27 PM REPLY OMG If only I understood this I bought a Gateway 2000 laptop with Phoenix BIOS, and the danged thing has a BIOS password I cannot for the life of me get past No way to get into setup I even bought a floppy drive for it and tried a couple of "swear to god" password cracking software things It will not boot from CD or floppy None of the backdoor passwords work First question - if you blow your first three tries and get locked out, does that mean "forever, or just until you power down and wait for awhile? Since it's a laptop, I've been told that the password is stored in EEPROM, and there's no way around that without expenses I can't afford I mean the dang thing isn't even worth it in the long run, but it's one of those challenges that is just driving me absolutely nuts Plus, I'm a 50-year-old noob, so I'm a little left in the dark Gateway and Phoenix appear to be especially protective of their secrets Should I just give up on the thing, or is anyone out there smart and kind enough to help me through this and be able to cry "victory"? http://www.instructables.com/id/Bypass-BIOS-Boot-or-OS-Login-to-%22most%22-any-compute/ Elementix says: Sep 1, 2008 9:08 AM REPLY try these, they might be able to bring that thing back to life Then turn it into something cool like a myth box or a nas/media server or something: http://www.i-hacked.com/content/view/36/68/ http://www.pwcrack.com/bios.shtml IVT says: Jul 21, 2008 8:02 AM REPLY Hi, in your case, check if the motherboard of your laptop has a way to reset cmos chip Generally all motherboards have jumper pins for that Shorting (connecting) the pins (the computer should be off while doing this) resets the bios settings wiping out the password also If there are no cmos reset jumpers etc try this (this may not work but anyway will not harm your computer): Disconnect the laptop from power Remove its batteries too Then search for the circular pill shaped little battery on the motherboard of your laptop This battery backs up the cmos circuitry in case of complete power loss and it is the "magic" behind the bios clock also Remove the battery carefully Wait 20 minutes Then put the battery back Pack your laptop and test if the bios has finally an amnesia :) hinge says: Aug 23, 2008 9:09 PM REPLY A simple question-what if you can't access BIOS while booting?What if any key from F1 thru F12 doesn't work? Derinsleep says: Jul 2, 2008 12:34 PM REPLY boot xp on xp XP(pun intended) brandegor says: Jul 3, 2008 7:28 AM REPLY Okay, I admit I'm dumb and I don't get it Derinsleep says: Jul 3, 2008 10:31 AM REPLY you knowxp is a emoticon just like XD Derinsleep says: Jul 3, 2008 8:14 AM REPLY you knowxp is a emoticon just like XD collard41 says: Apr 26, 2008 11:49 AM REPLY here is my pitch erchgillis, I am at school, they have BIOS passwords I have a system I not want to fondles any of the stuff I also not have access to the motherboard I cannot access the command prompt (have tried all ways), cannot run bat or exe files there are macs here they use network startup I can access cd burning capabilities, usb drives and installation of them I can use Remote desktop connection to get onto the network I can get to some of the network folders can run task manager but cannot run 'new task' or the 'run' function when I make a new shortcut on the desktop I can type in cmd when I try to run it is says I cannot system runs on windows I would like to find out the admin password or all passwords in the school bikedude880 says: Mar 1, 2008 7:49 PM REPLY Dude, just no if I may, I'm gonna start pointing out issues with your info "I have internet access from your PC's, yes? Then I can download what I need, regedit the Windows Registry and enable any features or leave behind trojans, keyloggers and backdoors for use later or via 'net." First off, even if you have internet access, any smart admin will not allow you to access regedit (very simple to disable in XP) Disable the loading of ANY programs except the ones specified BIOS passwords help, but are not as secure Regarding accessing files on a disk, full disk encryption with AES-128 will easily keep an average user or hacker out Yes, there is a method of dumping the key from RAM, but if you disable booting from USB and/or CD (not including floppy drives as they are becoming irrelevant), then you won't have an issue even if someone steals it Can't forget basic antivirus, good luck loading your malicious code all of what I said applies strictly to the PC world (Windows/Linux/BSD/generic x86), however, Mac OS X (10.3-10.4 tested) and Linux have a couple minor exploits (single user, AppleSetupDone) that are simple in nature that can be used to gain admin (or in some cases root user) spymaster2222 says: Mar 5, 2008 6:01 AM REPLY I have a Dell Optiplex 745 with a smartcard reader keyboard I want to get into BIOS to access the machine to create a media center computer It needs a card which I don't have HELP PLEASE! http://www.instructables.com/id/Bypass-BIOS-Boot-or-OS-Login-to-%22most%22-any-compute/ erckgillis says: Mar 1, 2008 9:12 PM REPLY As you point out many means exist for both securing and accessing PC's/Mac's Seen or used SQL injection? Latest exploits patched? Any "Good" admin can keep out the average user and hacker wannbe If YOU were the user and had to get on the system of a school, public or 'open' WiFi network how hard would it be? Even a proper secure network, given unlimited time or effort how long would it take? Are you saying you can secure a Windows PC from Any intrusion indefinitely? OK let's see offer a Prize $$$ stick it on the 'net and give use public access to the CPU/disc/motherboard see? No way to secure everything I pop the drive and scan from another PC and I have mainframe/supercomputer access to crack 128B brute force in three weeks given CPU bandwidth I pop the EPROMS and sub my own, I can add a bootable SATA or IDE drive and load my DSL or Knoppix with my other tools and read your raw disc in hex thru NFS/FAT or any file systems you use As I state given access to the SYSTEM no PC is secure Given secure PC's poor admin/security and the level of effort to maintain such secure systems is beyond most facilities capabilities Even those I've seen people walk away from DoD secure facilities any stay logged in while they go the the printer, or type passwords into hidden USB keyloggers If I get you admin password that easy what can you do? I'm then you! Did you check every keyboard, USB or PS2 port on your PC, Docking station or USB hub? DO you check it everyday before you login? Did you see my Packet capture (sniffer) on the Network? Do you login to every remote system with SSH? No? If you used RDP or FTP or any Domain Admin rights now I to alright let's be careful out there denny577 says: Feb 18, 2008 4:38 AM REPLY I have a specific problem, I'm at school, so no chance to physically reset the pw, I don't have admin pw so can't use CmosPwd either, backdoor pws don't work, the BIOS here is PhoenixBIOS And when I try to boot from my USB flash drive it asks for the BIOS pw as well, and the pcs here dont have floppy drives :D Any suggestions? erckgillis says: Feb 18, 2008 11:42 AM REPLY Depends what you're trying to well, can you read from the usb? copy or upload programs? Download from web? Send me PM and we'll discuss Istarian says: Feb 2, 2008 5:36 AM REPLY Everybody knows or should know that no computer is uncrackable The thing is that to get into those hard drives using a physical alteration (like say a controller board replacement) is really hard and takes someone who is very skilled with a soldering iron and a fair bit of luck to not destroy the drive Therefore they are reasonably safe I suspect that most hackers don't have access to a supercomputer to decrypt the passwords ( especially since supercomputers are usually well protected against hackers Using linux might work, but only if the drive does not implement some kind of linux security as well Besides in reality there are probably easier ways to get the information you one stores on a hard drive ~Istarian erckgillis says: Feb 4, 2008 7:16 AM REPLY Ah so true that is the core issue here SOMEONE who has the willingness, time and resources can DEFEAT any system however secure yes some password cracks and brute force have been run for over months with success And yes I have access to Both Massively Parallel and Distribute Computing resources Poo on the controller theory For repair and replacement most drives have quick connectors and replaceable controllers So OEM's encode the "codes" decrypt the drive that is locked and secure at the controller level with data on the drive and encoded with serial numbers or codes from the controller, so swapping boards don't help, however these can be read from the drive if you remove the platters Other Locks use the controllers firmware, so a reflash removes your passwords Some even have codes embedded in ROM so a solder job or a new controller can remove these passwords as well No sure? Well plenty of data recovery companies run full businesses reading locak, destroyed or damaged drives did you ERASE that disc? No matter you can STILL READ the data to some extent even if is freshly overwritten with 0's or 1's Scanning and tunnelling Electron microscopes can detect the direction of not just the polarized materials but the 'substrate' below and determine what previous datd was stored i.e or E http://www.instructables.com/id/Bypass-BIOS-Boot-or-OS-Login-to-%22most%22-any-compute/ neil.satra says: Jan 11, 2008 11:14 AM REPLY I actually tried that in school once, to run Damn Small Linux off a pen drive, and hence override the admin rites and restrictions, and also to get the admin password but i havent ever used linux, and couldnt understand how to access the files on the windows partition i figured that you had to mount a partition, but i didnt know which one to mount, and then how to navigate to the file Can anyone help explain how to access files on a different OS partition when running DSL (damn small linux) bhunter736 says: Feb 3, 2008 7:31 AM REPLY Hi, Linux uses numbers for drives as you probably noticed hda1 is usually C in Windows You can mount them all and look around The drive with a folder called Documents and Settings is usually a good hint as to where user files will be Think of mounting like turning on or off the drive for use, you wont hurt it turning it on and just looking or reading files There are actually technical reasons drives are mounted and unmounted, but not to answer the question you asked Also, I like Slax Download it at www.slax.org They are between releases, but if you scroll half way down the screen, just past the videos, you can log to the old site http://slax.hosting4p.com/ and download one there Kill Bill version is awsome and if you are a Windows user, very easy to use and navigate This is the version that finally made me a Linux convert I found DSL Linux awkward as a Linux newbie, but Slax, wow! I find that in the circles I travel, usually you have access to the box and the CD drive So I have also found that older BIOS dont allow boot to USB Easy solution, use Slax live CD! Many machines are set to boot to floppy then CD and last Hard Drive, so often you wont have to promt the BIOS for an optional boot order The standard version of Slax fits on one of those small 8cm CDs which fit more easily in a wallet or pocket! : ) mrmath says: Jun 22, 2007 12:31 PM REPLY I work for IBM Global Technology Services They provide us with IBM/Lenovo laptops Our security policy states we must have a power on password set in our bios You can't get to the bios to change to boot to another device (USB) without first knowing the power on password If you could get to the bios to change the boot order, you couldn't boot to any device without knowing the power on password Our security policy also requires we have a hard drive password This password is asked for at power up If you don't know it, you can't get to the hard drive That means that even if you could power it up, and boot it from USB, you couldn't mount the drive if you don't know the hard drive password There is no way around this I know this because when we return our old computers, and we forget to remove these hard drives, they call us to get them If we don't remember them, the laptop and the hard drive are toast Even as the company that manufactures the machine (back when IBM did that), we couldn't remove the power on or hard drive passwords So, while your method will work on a machine not protected with a power on password or a hard drive password, it will NOT work on every machine 7Stacks says: Jan 2, 2008 3:37 PM REPLY This is true Those IBM/Lenovo laptops are very secure in that aspect And you get one shot at HDD password and then it locks you up and kicks you out of BIOS setup bharathkishore says: Dec 8, 2007 3:36 AM REPLY I'd like to know where the hard-drive password is stored Coz if it's not stored in the hard drive, we can only replace that part of it and then pry the data out of it This is completely theoretical I'd like to try it out if i knew micronxd says: Oct 30, 2007 10:44 PM REPLY almost every mobo has a circuit that, when closed, will return the BIOS to factory settings That would take care of the BIOS factory problem, but i'm curious how this HD password works technically there are still ways of reading a HD's data no matter what But yea this method is pretty much useless unless the computer doesn't have a BIOS password, or unless you have access to the MoBo (which is most situations lol) erckgillis says: Oct 31, 2007 6:03 PM REPLY HD data is encrypted with a hash and written to the platters Removal of the drive renders it unreadable and even a removal of the platters just produces jumbled characters A 64 bit hash can be decrypted by a supercomputer in 15 days, a 128 bith hash in 13 months and a double DES2 in 19.5 years However if you use the same controller and reset the BIOS and firmware to match it will easily spew ASCII data on demand Ed vaiden says: Aug 21, 2007 7:38 PM REPLY The methods to password protect hard drives are crackable my friend, even if your IT doesnt know it A laptop can be cracked open to clear cmos just as a desktop can for the bios pass If someone steals a laptop from you guys they can be in it in hours, and have all your little lanman hashes in brute-force cracking Linux will be the OS used to have your data The guy in a nearby cubicle that started yesterday will watch you type all your passwords Then he'll steal your laptop, and he'll have full access to your data That guy didnt last long did he? He already quit http://www.instructables.com/id/Bypass-BIOS-Boot-or-OS-Login-to-%22most%22-any-compute/ erckgillis says: Aug 22, 2007 4:32 AM REPLY I know they don't BELIVE ME we it every day If I take your "encrypted" platters, dump your controls firware update and flash the eproms on a new card the I HAVE PASSWORDS for then I got your harddrive all your data and in some cases access to EVERYPLACE you have ever logged onto oh my E Taotaoba says: Jun 22, 2007 12:49 PM REPLY If the passwords are stored in CMOS, then remove the battery will I don't know if the manufacturers store passwords in flash memory If so, then maybe re-flash it will Definitely it will not as easy as this instructable shows I don't know about hard disk password mrmath says: Jun 22, 2007 12:53 PM REPLY I can't speak for other manufactures, or give you the technical details of how IBM/Lenovo it (because I don't know not because I'm not allowed), but I can say that if the power on password is set on an IBM/Lenovo laptop, and you don't know it, it will not power up, and you can't any flashing, or battery removal to get rid of the password Like I said, even as the manufacturer of the machine, IBM/Lenovo can't it erckgillis says: Jun 22, 2007 12:16 PM REPLY I work for HP, we hack your old laptops all time time: Power-on BIOS passwords hack: 1) IBM - Press BOTH mouse keys repeatedly during power up 2) "Backdoor" BIOS passwords ( from IBM Manuals) try 'merlin' or see http://www.uktsupport.co.uk/reference/biosp.htm 3) Remove BIOS battery backup drain and rest 4) Attach floppy and "Flash" BIOS to new version without passwords Harddrive Power On passwords 1) Read HDD in Hex editor and a "Ghost" copy to non-password HDD 2) Remove IDE/SATA or SCSI controller from HDD Use a non-locked controller 3) Perform forensic binary transfer to HDD without lock HW enabled Easy cheesy it weekly don't be fooled that no-one can get your data if I get the platters your toast E laxamar says: Jun 30, 2007 1:18 PM REPLY Without getting you in trouble with your work, is there a way you can share with us how to reset a BIOS password on a tc4400? I really don't want to send it in Thanks adamazing says: Jun 29, 2007 6:24 AM REPLY You work for HP eh? :o) I have an Omnibook 900 eBay bargain that has a locked BIOS and windows 2000 with a password on it, how can I reset that then? Serious question All I've found are places that want to charge £90* for a replacement BIOS chip I've tried HP tech-support who asked me for photo-id/a signed declaration that I own the laptop/receipt/proof of address/sworn affidavit that I will hand-over my first born etc that I've sent, but not heard anything else : / I've read that with the serial number HP can tell me the "master" BIOS password for the laptop Is that true? The only other option at the moment that I can see is to get a laptop->IDE cable and use dd to copy a disc-image onto the hard drive I've already tried using a LNX BBC LiveCD but the external CD drive is obviously not set up as a boot device in the BIOS *This is a £30 donor laptop for (Yet Another) digital photo-frame mod so I'm loathe to spend £90 for someone with a PIC programmer to flip a bit on the BIOS chip ikem says: May 21, 2008 5:33 PM REPLY Windows 2000 and XP has the same way to handle users and passwords To reset a Windows XP password there is a Mini-Linux: Offline NT Password & Registry Editor http://home.eunet.no/~pnordahl/ntpasswd/ http://www.instructables.com/id/Bypass-BIOS-Boot-or-OS-Login-to-%22most%22-any-compute/ 7Stacks says: Jan 2, 2008 3:50 PM REPLY Here's the torrent download link for a bootable image file that will remove your Windows admin passwords You'll need Azureus or something to read the torrent Burn the iso file as an image onto cdr and boot off it Works on 2000 & XP haven't tried it on any other versions http://www.isohunt.com/download/16593302/windows+password+reset mrmath says: Jun 22, 2007 12:55 PM REPLY You mean "you're toast", and yes, if you get my platters, and have the exact same hard drive, and can get the platters from one of them to the other, I'm toast erckgillis says: Jun 22, 2007 12:31 PM REPLY Power on passwords are stored on the hard drive and read at power on from the hard drives controller (IDE/SCSI or SATA) I replace your controller with one not enabled for hardware power-on and tada! No passwords Only issue is the controller 'remembers' all bad sectors and "spared" cylinders so my "NEW" controller will often try to read or spare out valid or invalid sectors and cylinders so a HEX or Binary copy to a drive with a 'clean' controller and new HDD works best Then I browse the old data Way cool is tto "swap" someones drive in a laptop when they are not aware Use a dead one then take your time to recover all the sensitive data in theory oops mrmath says: Jun 22, 2007 1:11 PM REPLY This is not the case on IBM/Lenovo laptops I have two hard drives in my machine When I got the new one, it was larger than the original one, so I yanked that one, and put in the new one Still came up with the power on password If it were stored in the hard drive, it wouldn't have come up Don't know how many times I have to say it Even as the manufacturer, IBM/Lenovo can not remove power on or hard disk passwords erckgillis says: Jun 22, 2007 12:56 PM REPLY dude wrong sorry BIOS Passwords: These are on the EPROM CMOS not the HDD and is backed up by a small NiMH battery Remove that and it forgets BIOS passwords Or use master passwd and reset via jumper on motherboard Harddrive passwords: I DO IT AT WORK send me your harddrive! I'll send back your password(s) You admit you know not how it's done IBM no longer make these drives you say? If it's NOT on your harddrive it would be USLESS as I put it in another PC and I see your data duh The HDD passwd is on the ALT Bootstrap sector and read by the controller replace that and it "forgets" Only encryption works PGP or DES E erckgillis says: Jun 22, 2007 1:28 PM (removed by community request) ningo says: Jun 22, 2007 4:14 PM REPLY On most laptops the bios is on an EEPROM, but this isn't backed up by battery; EEPROMs are non-volatile, and so will keep the password without power But I agree about the part that the passwords are easy to remove; if the bios is reading the data from an EEPROM, then there is nothing to stop someone building a simple reader circuit , soldering to appropriate pins on the EEPROM and stripping the data off; the password is almost always weakly encrypted, and can then be extracted Look at allservice.ro to see what I mean Regarding the instructable itself, what are you aiming to show, and who are you writing it for?There seems to be very little actual instructing going on-most people who are not already aware of what you are writing about would probably struggle to boot Windows XP/Knoppix off a USB flash drive, or mess about with a console in either Windows or linux Even if the purpose of the instructable was to warn people to encrypt their data, you should this by showing them explicitly step by step how easy it is recover their data Otherwise write it on a blog, or wiki Pictures I think that pictures that add little more than colour to the page is plenty-10 is a little OTT Not one of the pictures above is explicitly referred to in the text, nor demonstrates substancially what is going on in the text And last comment please take the time to proof read your work for typos and spelling/grammar errors; this only takes a few minutes or so http://www.instructables.com/id/Bypass-BIOS-Boot-or-OS-Login-to-%22most%22-any-compute/ erckgillis says: Jun 22, 2007 4:12 PM (removed by community request) ningo says: Jun 22, 2007 5:49 PM REPLY Hi, the main point I was making about the instructable is that having read it, I wasn't sure just what you were trying to show me Are you trying to show people how to boot their own OS on a public PC, or show people how to retrieve data/how easily data may be recovered? Just a little restructuring would fix this For instance, the intro needs to be separate from the discussion on the BIOS,which deserves its own section.The BIOS section needs more information i.e common keys to enter bios, the fact that not all BIOSes support booting from USB flash drives, and some boards are notoriously flakey in their support for booting from usb flash drives and need all other boot devices disabling, legacy usb support toggling etc Neither this instructable nor your instructable on USB Knoppix address these issues;these are not specifics, but rather giving enough information for the discussion to be useful Also worth pointing out is that none of the Windows ISOs listed will read an NTFS partition as is Also, is this written for beginners, or people with a moderate computing background?Whilst you might think "duh easy dude", people that also share that point of view even need this instructable?Most of the useful technical discussion for such people has occured in the replies after the actual instructable For instance, I highly doubt that anyone that required the link to the mount command could feasibly use the link given to use it without consulting other sources The pictures comment was perhaps a little unfair but without referring to the pictures or labelling them, they are little more than eye candy, and I still think those on step and are unnecessary erckgillis says: Aug 22, 2007 4:21 AM REPLY Then write something better vaiden says: Aug 21, 2007 7:28 PM REPLY The diskless system is the way to go for the cafe, erckgillis is right, your security has got to be tight Plus if you have wireless, then you can be had from the outside You could reimage hard drives all day, but that doesnt stop your cafe from getting denial of service attacks from the outside once a hacker has sent the right stuff from your pc inside to his pc outside Youll never trace it either, and business will suffer from downtime Spoofed IP is easy as well as MAC address, and he could nail you from another cafe thats not as secure, and it looks like they are knocking out competetion Keyboard, mouse, and monitor are the only tools needed to wreak havoc, lol If I am running a virtual machine at a location that your internet access does not block, then I can go anywhere, and come in from the backdoor because you have at least one port open for web access, probably 80 Tunnel can be created on that port and you'd think the traffic was coming from inside your LAN if thats what your firewall will allow Running windows on a machine is an open door no matter how much security you think you have erckgillis says: Dec 9, 2007 8:32 PM REPLY ahhhhh a fellow who knows 'bout time E erckgillis says: Aug 22, 2007 4:28 AM REPLY The noobs sleep well at night in ignorance Educate the masses and they pick on you spelling, typoys and picture formatting ALT2600 cares not about ningo, instructables nor your Website or internet business Vaiden show that ANYONE who has somthing of real value now can have it take or personal information stolen and sold Some places pay good money for intact list of valid customer from competitors, or mass mailing for spam and adware Even snailmail What is it worth for me to NOT expose your internet cafe, coffee shop or websites customers name & address and credit card numbers Just DON'T put this stuff on a computer! Old school use hardcopy and lock it in the safe then don't watch Oceans Eleven, Twelve or Thirteen lol E erckgillis says: Jun 30, 2007 12:53 AM REPLY Added step to complete bypass BIOS or Boot Security Ed rojo says: Jun 23, 2007 2:24 PM REPLY We run an Internet Cafe and our boxes are in the back room with the server, all the user has access to is monitor, keyboard and mouse It keeps it secure What is the point of needing to access files they don't want you to have http://www.instructables.com/id/Bypass-BIOS-Boot-or-OS-Login-to-%22most%22-any-compute/ erckgillis says: Jun 23, 2007 7:17 PM REPLY Good physical security, you use KVM over IP? However at an internet cafe YOU GIVE ME a login so all bets are off I can already get to files if left unsecured I have internet access from your PC's, yes? Then I can download what I need, regedit the Windows Registery and enable any features or leave behind trojans, keyloggers and backdoors for use later or via 'net Stay away from USB and be sure to lock BIOS and disable other ports Keep an eye on the caples and connectors as theives leave keyboard loggers and dongles with keystroke recordings they can leave and recover later Any KVM over IP should use VLAN's & VPN, SSH and SNMPv3 for security Best security is a "admin locked" VMware Browser virtual appliance and after each user Stop and restart the appliance and use a non-persistant disc image as well as a locked CD-Image Reverse must also be blocked I can download VMWare player for free pull a ISO or VM appliance and boot any OS with admin rights on TOP of your Cafe's PC os Lock all these options of face liability when your customers snoop or spoof my private accounts and you show negligence E adamazing says: Jun 29, 2007 6:11 AM REPLY I won't comment on physical security, but if I were running an internet cafe the trojans and registry entries you could leave behind wouldn't last longer than half a day at most I'd install once on one machine, fully patch, lock down everything tighter than a drum, then image the hard-drive Re-imaging the machine should then take less than 15-30 mins Even in windows you can lock it down so that a user can't run arbitrary executables can't you? And there is NO way a user should have access to the damn registry anyway Your suggestion of running everything from VMWare is a good one, but I'm not sure I understand this: "Reverse must also be blocked I can download VMWare player for free pull a ISO or VM appliance and boot any OS with admin rights on TOP of your Cafe's PC os " Ignoring, for now, the fact that no-one should have the ability to download and run any old executable file: how can a virtual machine running on top of the OS have more access than it is given by the operating system Are you saying that a simple user account on windows can run VMWare and have admin access to the full physical machine? If this is the case, then windows is more broken than I thought Of course, everything is made harder because more and more people expect to be able to plug in their USB keys/USB connected digital cameras and be able to write CDRs etc (Personal experience when travelling, we'd stop at one of these places periodically to dump pictures to a CD/USB key) rojo says: Jun 25, 2007 5:23 PM REPLY Thank You for the advice, It seems a losing battle to keep someone out :( sedition says: Jun 22, 2007 12:58 PM REPLY You could simply remove/replace the CMOS battery or change the jumper on the mother board to clear the BIOS power-on password Of course, all of this assumes that you have access to the internals of the machine As a side note, not all computers have filesystems Some machines are just workstations that boot from and utilize filesystems stored on a server, and in which case, this would be preempted view all 53 comments http://www.instructables.com/id/Bypass-BIOS-Boot-or-OS-Login-to-%22most%22-any-compute/ ... AMIPSWD, amipswd, AMISETUP, BIOSPASS Award BIOS ?award, awkward, award, award_?, award.sw, award sw, AWARD_SW, AWARD SW, admin, alfarome, aLLy, aPAf, BIOS, biosstar, biostar, CONTACT, condo, CONDO ,... management functions, next for BIOS access (BIOS password) and highest level is for PC access (Administrator password) BIOS password is stored in a non-erasable part of the CMOS ( ''BIOS memory'') On desktop... catch you http://www.instructables.com/id/Bypass -BIOS- Boot-or-OS-Login-to-%22most%22-any-compute/ step 6: BIOS Backdoors Bybassing BIOS Solutions: BIOS passwords secure different levels of system