Any way to remove or prevent use of manufacturer backdoor BIOS passwords?

Discussion in 'BIOS Mods' started by downloaddeviant, Dec 10, 2012.

  1. downloaddeviant

    downloaddeviant MDL Junior Member

    Jan 12, 2008
    64
    5
    0
    #1 downloaddeviant, Dec 10, 2012
    Last edited: Dec 10, 2012
    I have clients with very smart teenagers. Many of them know how to bypass the BIOS passwords by using manufacturer backdoor passwords.

    Is there a way to remove them from the BIOS completely so that they may not be used ever again and only the password set by parent or boss would be THE only BIOS password? Both scenarios - brand name PC and just custom rig motherboard situations?

    Thanks in advance...love MDL...

    *****
    I am not talking about simple resetting. I mean using a tool or method to go into the BIOS and remove or prevent use of manufacturer backdoor BIOS passwords, so that the ONE AND ONLY password that can be used is the one set by the PC owner.
     
  2. LatinMcG

    LatinMcG Bios Borker

    Feb 27, 2011
    5,314
    1,433
    180
    desktop boards= pull bios pwd reset jumper.
     
  3. drewbug

    drewbug MDL Member

    Aug 15, 2010
    232
    42
    10
    I really don't think that answers downloaddeviant's question at all.

    I would think that this would be possible. We should be able to find a backdoor password in a BIOS file and change it to something that either only the system owner knows. It might even be possible to change it to something that can't be entered with a keyboard, in effect making it entirely unusable!

    It may even be possible to write a tool that does this automatically with the most common types of BIOS files. I might be willing to take on the project, if there's be an interest.

    Do you have a link to an example BIOS with a known backdoor password?
     
  4. downloaddeviant

    downloaddeviant MDL Junior Member

    Jan 12, 2008
    64
    5
    0
    LOL No, that first response did not help at all. Although I do appreciate the effort. We all know the RESET method. I am specifically speaking of REMOVING or preventing the backdoor passwords from being used at all, never, ever, again. Even if reset.


    I know I am interested in a tool. I am sure others would be to, if put to a vote. I am not a programmer, etc. so I have no idea if this is a simple tool or if this is a serious undertaking. But I am game to help test it. lol
     
  5. drewbug

    drewbug MDL Member

    Aug 15, 2010
    232
    42
    10
    #5 drewbug, Dec 10, 2012
    Last edited: Dec 10, 2012
    I'm only an aspiring programmer, but I'd definitely be willing to give it a shot!

    Like I'd asked earlier, do you have a link to an example BIOS with a known backdoor password? One that you could test would be ideal.
     
  6. LatinMcG

    LatinMcG Bios Borker

    Feb 27, 2011
    5,314
    1,433
    180
    u dont need a default password on desktops if u use the jumper method.. now u get it ?

    laptops is only way to do the default removal... and not many laptops have a default that actually works.
     
  7. drewbug

    drewbug MDL Member

    Aug 15, 2010
    232
    42
    10
    #7 drewbug, Dec 11, 2012
    Last edited: Dec 11, 2012
    I don't mean any offense, but is English not your primary language?

    The goal here is not to unlock a BIOS with a forgotten password, it is to take the backdoor (or, as you refer to them, default) password(s) out of the BIOS.
     
  8. LatinMcG

    LatinMcG Bios Borker

    Feb 27, 2011
    5,314
    1,433
    180
    #8 LatinMcG, Dec 11, 2012
    Last edited: Dec 11, 2012
    hardware is not your strong subject is it ?

    the idea is nobody needs a stupid password if u have desktop with a jumper to do it = what is the point of removing a backdoor pwd that is not what the kids are using to REMOVE or BYPASS Password. instead they use a jumper.

    on a laptop the idea might work as there usualy is no jumper.. on desktop NO

    and yes u mean offense as u think im stupid (and thats borderline racist) yet u dont see the facts of desktop bios security. not laptop

    go keep playing with your Xor's
     
  9. drewbug

    drewbug MDL Member

    Aug 15, 2010
    232
    42
    10
    #9 drewbug, Dec 11, 2012
    Last edited: Dec 11, 2012
    downloaddeviant's original post specifically mentioned that his clients need to protect against people bypassing their BIOS passwords by using manufacturer backdoor passwords.

    The reason I asked whether or not English is your primary language was because I misunderstood you, and thought that you misunderstood me. I now see what you were trying to say in your previous post.

    I don't see how you can construe my words to be racist or insulting. I think you are a very knowledgeable member of the community, and as far as I'm concerned, this is a place where we can exist without skin color, without nationality, and without religious bias.

    I believe that there are many scenarios where a tool that removes any backdoor passwords from a BIOS would be useful. For example, some computer cases have physical locks on them that make it much more difficult for an attacker to utilize a jumper.

    Another thing to note is that, in environments like some schools or offices, it might be hard for an attacker to attain the kind of privacy that is necessary to open a computer's case without being seen, making blocking software attacks all the more important.

    I disagree with your assessment of me: I see the facts of desktop BIOS security quite clearly.

    Whether or not you do is yet to be determined.
     
  10. LatinMcG

    LatinMcG Bios Borker

    Feb 27, 2011
    5,314
    1,433
    180
    desktops have a password CLEAR jumper = the teens dont need to type anything.
    unless u put pc in a safe and drill holes to ventilate.

    if u put a cheap padlock in the back of pc.. i can pick it in 2 minutes or less with a small flathead and a paper clip or hair clip %98 of times. :cool2:
     
  11. downloaddeviant

    downloaddeviant MDL Junior Member

    Jan 12, 2008
    64
    5
    0
    Yes, exactly Drew. Thank you.


    LatinMG -
    Please cease your argument. We all know what you are recommending. I appreciate your effort to assist. Sincerely I do. I understand what you are trying to convey. But PHYSICAL RESET IS NOT THE POINT.

    Yes, clearly there would be no point IF people can reset the BIOS by hitting the jumper.

    Here is what you are unaware of and also have not considered.

    #1 -
    If anyone resets the BIOS and clears the password, the owner or parent of the PC would know it has been done and employee would be caught, then possibly fired...or proper punishment could be applied to child. BUT by using a backdoor password, the employees or kids could get into BIOS, make changes, use the PC then change things back without employer or parent ever knowing.

    #2 -
    Many of these PCs have locked cases or are in unreachable locations. Therefore, making physical BIOS resetting IMPOSSIBLE. And again, because these people can use backdoor BIOS passwords, they have total reign.

    ************************************************
    Now that this has been cleared up, please stop this debate. I am the original poster. I am kindly requesting you to cease your debate now.


    No matter how anyone wants to look at it, just consider this a PROOF OF CONCEPT exercise...OK?


    Getting back to the main point. Is there a tool, would anyone like to attempt creating such a tool, does anyone know of a tool that would essentially be able to go into the BIOS and remove any and all backdoor passwords or change the BIOS in such a way that there could only be 1 password? lol
     
  12. LatinMcG

    LatinMcG Bios Borker

    Feb 27, 2011
    5,314
    1,433
    180
    finally u answered what the scenario is. :worthy:

    my argument was because u wouldnt answer what the scenario is.
     
  13. downloaddeviant

    downloaddeviant MDL Junior Member

    Jan 12, 2008
    64
    5
    0
    Are you serious? Not trying to be hard on you here, but I have re-read your posts thoroughly as of this moment...you never asked me or wanted an exact explanation of the scenario. Second, I even made the effort to edit my first post for clarity. Third, I responded again to add clarity even further - Post #4. Fourth, I did so again earlier today - Post #11. Fifth, this was my thread and my request for help exactly, and clearly stated in the first post. I certainly respect your point of view, but why would anyone have to clearly explain their exact scenario to you at all? It was made clear that we were not talking about RESET. You could have politely ended it there. I asked and specifically detailed what I was seeking help with. You took it and made it into a debate for no reason that I can clearly make sense of. It is completely illogical, outrageous and inappropriate to defend yourself based on this premise, simply because the premise is that somehow I, or someone else should have read your mind somehow or should have explained, answered or placated you in some fashion. Let me be clear, I am saying not to start a fight or to insult you or to hurt your feelings or to be rude, flame you, etc. I am simply and utterly amazed at the logic you are using to rationalize and defend this entire debate. Truly, it seems as if you were bored and felt a need to harass rather than educate or contribute. I am sure this is not true. I feel you were trying to help, but you certainly took it too far. That is my opinion based on what I have read and seen in this thread. Regardless, I still thank you for your efforts and do not desire any hard feelings.
     
  14. drewbug

    drewbug MDL Member

    Aug 15, 2010
    232
    42
    10
    Some people just don't understand :rolleyes:

    That is something I had not even thought of! This makes the ability to remove backdoor passwords all the more useful!

    I'm still up for giving writing this tool a shot!

    I asked this question earlier, but I understand how you could have missed it in the mess that we just dealt with: do you have a link to an example BIOS with a known backdoor password? One that you could test would be ideal.
     
  15. tqhoang

    tqhoang MDL BIOS Modder

    Apr 29, 2008
    1,350
    261
    60
  16. LatinMcG

    LatinMcG Bios Borker

    Feb 27, 2011
    5,314
    1,433
    180
    #17 LatinMcG, Dec 13, 2012
    Last edited: Dec 13, 2012
    wow talk about trolling.. all that time it took to write that.. when u could use it to research the issue..

    no hard feeling? yet u go out of your way to rubb it in the face.. lol
    next time if i see downloaddeviant needs something.. click the x and forget him. enjoy
    then again.. i wont see it i added 2 aholes to ignore :p
     
  17. urie

    urie Moderator
    Staff Member

    May 21, 2007
    8,692
    3,044
    300
    Yes and just think what would happen System owner forgets Password (that's what usually happens) back to square one you would need a backdoor password :D But if you every manage to make the software or modded bios for every manufacturer you would need to make bios backup and even I don't think I would be Flashing another persons machine.
     
  18. drewbug

    drewbug MDL Member

    Aug 15, 2010
    232
    42
    10
    It's the responsibility of the system owner to keep their password in a safe place, and, of course, this would be an entirely optional thing.

    Think of it like the difference between WEP and WPA encryption on a wireless access point: WEP is better than nothing, but it really shouldn't be used in a high security (or even moderate risk) environment. A BIOS that includes a backdoor password is better than nothing, but it really shouldn't be used in a high security environment!

    What do you mean by this?
     
  19. urie

    urie Moderator
    Staff Member

    May 21, 2007
    8,692
    3,044
    300
    Exactly we all know that and that is the whole reason backdoor passwords exist (put there by Manufacturer)

    Exactly what I said you would need to edit individual bioses to remove backdoor password and add System owners password.