Introduction to BIOS Passwords
The best method to reset a BIOS password depends on what BIOS the computer has. Common BIOS's include AMI, Award, IBM and Phoenix. Numerous other BIOS's do exist, but these are the most common.
Some BIOS's allow you to require a password be entered before the system will boot. Some BIOS's allow you to require a password to be entered before the BIOS setup may be accessed.
The general categories of solutions to reset a BIOS password are:
Using a Backdoor BIOS Password
Resetting the BIOS Password using Software
Resetting the BIOS Password using Hardware
Vendor Specific Solutions for resetting the BIOS Password
Using a Backdoor BIOS Password
Some BIOS manufacturers implement a backdoor password. The backdoor password is a BIOS password that works, no matter what the user sets the BIOS password to. These passwords are typically used for testing and maintenance. Manufacturers typically change the backdoor BIOS passwords from time to time.
AMI Backdoor BIOS Passwords
Reported AMI backdoor BIOS passwords include A.M.I., AAAMMMIII, AMI?SW , AMI_SW, BIOS, CONDO, HEWITT RAND, LKWPETER, MI, and PASSWORD.
Award Backdoor BIOS Passwords
One reported Award backdoor BIOS password is eight spaces. Other reported Award backdoor BIOS passwords include 01322222, 589589, 589721, 595595, 598598 , ALFAROME, ALLY, ALLy, aLLY, aLLy, aPAf, award, AWARD PW, AWARD SW, AWARD?SW, AWARD_PW, AWARD_SW, AWKWARD, awkward, BIOSTAR, CONCAT, CONDO, Condo, condo, d8on, djonet, HLT, J256, J262, j262, j322, j332, J64, KDD, LKWPETER, Lkwpeter, PINT, pint, SER, SKY_FOX, SYXZ, syxz, TTPTHA, ZAAAADA, ZAAADA, ZBAAACA, and ZJAAADC.
Phoenix Backdoor BIOS Passwords
Reported Phoenix BIOS backdoor passwords include BIOS, CMOS, phoenix, and PHOENIX.
Backdoor BIOS Passwords from Other Manufacturers
Reported BIOS backdoor passwords for other manufacturers include:
Manufacturer BIOS Password
VOBIS & IBM merlin
Dell Dell
Biostar Biostar
Compaq Compaq
Enox xo11nE
Epox central
Freetech Posterie
IWill iwill
Jetway spooml
Packard Bell bell9
QDI QDI
Siemens SKY_FOX
SOYO SY_MB
TMC BIGO
Toshiba Toshiba
Remember that what you see listed may not be the actual backdoor BIOS password, this BIOS password may simply have the same checksum as the real backdoor BIOS password. For Award BIOS, this checksum is stored at F000:EC60.
Resetting the BIOS Password using Software
Every system must store the BIOS password information somewhere. If you are able to access the machine after it has been booted successfully, you may be able to view the BIOS password. You must know the memory address where the BIOS password is stored, and the format in which the BIOS password is stored. Or, you must have a program that knows these things.
You can write your own program to read the BIOS password from the CMOS memory on a PC by writing the address of the byte of CMOS memory that you wish to read in port 0x370, and then reading the contents of port 0x371.
!BIOS will recover the BIOS password for most common BIOS versions, including IBM, American Megatrends Inc, Award and Phoenix.
CmosPwd will recover the BIOS password for the following BIOS versions:
ACER/IBM BIOS
AMI BIOS
AMI WinBIOS 2.5
Award 4.5x/4.6x/6.0
Compaq (1992)
Compaq (New version)
IBM (PS/2, Activa, Thinkpad)
Packard Bell
Phoenix 1.00.09.AC0 (1994), a486 1.03, 1.04, 1.10 A03, 4.05 rev 1.02.943, 4.06 rev 1.13.1107
Phoenix 4 release 6 (User)
Gateway Solo - Phoenix 4.0 release 6
Toshiba
Zenith AMI
Resetting the BIOS Password using Hardware
If you cannot access the machine after if has been powered up, it is still possible to get past the BIOS password. The BIOS password is stored in CMOS memory that is maintained while the PC is powered off by a small battery, which is attached to the motherboard. If you remove this battery, all CMOS information (including the BIOS password) will be lost. You will need to re-enter the correct CMOS setup information to use the machine. The machines owner or user will most likely be alarmed when it is discovered that the BIOS password has been deleted.
On some motherboards, the battery is soldered to the motherboard, making it difficult to remove. If this is the case, you have another alternative. Somewhere on the motherboard you should find a jumper that will clear the BIOS password. If you have the motherboard documentation, you will know where that jumper is. If not, the jumper may be labeled on the motherboard. If you are not fortunate enough for either of these to be the case, you may be able to guess which jumper is the correct jumper. This jumper is usually standing alone near the battery. If you cannot locate this jumper, you might short both of the points where the battery connects to the motherboard.
If all else fails, you may have to clear the BIOS password by resetting the RTC (Real Time Clock) IC (Integrated Circuit) on your motherboard.
Many RTC's require an external battery. If your RTC is one of this type, you can clear the BIOS password just by unsocketing the RTC and reseating it.
RTC's which require external batteries include:
Dallas Semiconductor DS12885S
TI benchmarq bq3258S
Motorola MC146818AP
Hitachi HD146818AP
Samsung KS82C6818A
Most RTC chips with integrated batteries can be reset to clear the BIOS password by shorting two pins together for a few seconds.
You will see more than one option for some chips due to testing by various people in the field. Remember to remove power from the system before shorting these pins.
RTC Chip Pins
Dallas DS1287A
TI benchmarq bp3287AMT 3 (N.C.) and 21 (NC/RCL)
Chips & Technologies P82C206 12 (GND) and 32 (5V)
-or-
74 (GND) and 75 (5V)
OPTi F82C206 3 and 26
Dallas Semiconductor DS12887A 3 (N.C.) and 21 (RCLR)
You should be able to discover how to reset the BIOS password stored in most RTC (Real Time Clock) chips by reading the manufacturers data sheet for that RTC. Some RTC's, like the Dallas DS1287 and TI benchmarq bq3287mt cannot be cleared. The solution to resetting the BIOS password on systems with those RTC's is to purchase a replacement RTC chip. How inconvenient!
Vendor Specific Solutions for Resetting the BIOS Password
Resetting a Dell BIOS Password
Christophe Grenier has written a program that will calculate the master BIOS password for Dell Latitudes from the Service Tag number. That program is available at
http://www.users.globalnet.co.uk/~skynet/zips/latitude.exe.
Resetting a Toshiba BIOS Password
KeyDisk will reset the BIOS password on Toshiba laptops.
Most Toshiba laptops can be convinced to boot without their power-on BIOS password by attaching a dongle to the serial port which crosses a number of the pins. The pin out is:
Pins
1-5-10
2-11
3-17
4-12
6-16
7-13
8-14
9-15
Some Toshiba's can be convinced to bypass the startup BIOS password if you hold down the <LEFT-SHIFT> key while booting the system.
Resetting an IBM ThinkPad BIOS Password
KeyMaker will recover the BIOS password on IBM ThinkPads.
Resetting an IBM Aptiva BIOS Password
Some IBM Aptiva's can be convinced to bypass the startup BIOS password if you press both mouse buttons repeatedly while booting the system.