[14041] in bugtraq
Re: Toshiba NoteBooks BIOS Password Backdoor - Password Cracker
daemon@ATHENA.MIT.EDU (Nick FitzGerald)
Sun Feb 27 22:31:40 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7BIT
Message-Id: <200002252343.MAA04678@fep3-orange.clear.net.nz>
Date: Sat, 26 Feb 2000 12:38:33 +1200
Reply-To: nick@virus-l.demon.co.uk
From: Nick FitzGerald <nick@VIRUS-L.DEMON.CO.UK>
X-To: Christophe GRENIER <grenier@NEF.ESIEA.FR>,
BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.10.10002251623090.22504-100000@nef.esiea.fr>
> If you can boot, it is possible to get a password with the same checksum
> and enter the Bios. The checksum value is stored in Cmos. If you create a
> recovery disk, this value is stored after the word "KEY" in the 1 first
> sector (sector 0 is boot sector).
Maybe you missed Oscar's point? His description explains how to
break *power-on* security on a Tosh notebook. If you can boot it
from a floppy, all bets are off...
It appears Toshiba has been practising "security through obscurity"
as in the past we were always told that the only way to recover from
a lost/corrupted power-on password was to send the machine to Toshiba
(*not* a Toshiba authorized service centre, to a genuine Toshiba
service centre). Seems they were not splitting the cases and doing
some extra magical internal hardware twiddling after all, but simply
sitting on a stock of "magic disks".
Of course, if anyone was "depending" on power-on passwords to protect
their Tosh (or any other) notebook, they were slightly delusional to
start with, as described in the usual dicta regarding attackers
having physical access to a machine...
> To crack Toshiba password (Award, AMI and some others models), you can
> try CmosPwd (Dos/Win9x, WinNT, Linux versions) avaible at
> http://www.esiea.fr/public_html/Christophe.GRENIER/
*If* you have boot access, this is a very handy little util! (If
you don't have boot access, a screw-driver and a good memory for
mainboard layouts and jumper positions helps...)
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
