HP EliteBook **70 Series BIOS Password Reset [Util Test]

Firstly I'd like to thank Mazzif for your research and work in writing and releasing both your orginal tool and the information in this thread.

I know this has been mentioned in previous posts on the thread, but it's possible to erase only the "HP_BiosUser01" and "HP-BiosUser02" regions within the VSS_Store, and flash only the affected region using Flashrom's Layout feature, which saves a few minutes compared to flashing the whole SPI chip.

I thought I would post my notes on this process if it helps anyone out. This is using a Raspberry PI with Flashrom, auto detected SPI chip. You will need to add the -c option if your chip is not auto detected.

read:

Code:

flashrom -p linux_spi :dev=/dev/spidev0.0,spispeed=8000 -c "W25Q128.V" -r dump-a.bin
flashrom -p linux_spi :dev=/dev/spidev0.0,spispeed=8000 -c "W25Q128.V" -r dump-b.bin
md5sum dump-a.bin
md5sum dump-b.bin

If they match, proceed. If not, take more reads until you have a matched pair at minimum.

Copy to desktop, open bios dump BIN file in UEFItool, go to Intel Image\BIOS Region\FFF...\VSS Store and find the line with HP-BiosUser-01 in the text column
note the Offset displayed at the top of the Information pane e.g. EE010Ch (ignore h)

Once you have the offset address, open bios dump bin file in HxD (or your favourite hex editor) and:

goto offset discovered above e.g. EE010C (Ctrl-G)
paste write (ctrl-B) the following data (4KB of FF):

Code:

FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

take note of the offset displayed at the bottom left of HXD - this is your second offset for the layout file.

save this file as dump-clean.bin

create layout.txt file containing the following three lines:

Code:

000000:EE010B prior ("zero" to "one less than uefitool offset")
EE010C:EE02BA vss ("offset shown in uefitool" to "one less than end of paste offset")
EE02BB:FFFFFF end ("end of paste offset" to "end of file")

upload/copy both files to your flashrom folder then use the following command to flash only the relevant region:

Code:

flashrom -p linux_spi :dev=/dev/spidev0.0,spispeed=2000 --layout layout.txt --image vss -w bios-clean.bin

For older laptops, this will blank the VSS region anyway and you need to use DMI Tool to re-program it.
For newer lapops Folio/Ultraslim (2013+), it will recover data from the secondary SPI chip during first boot and no reprogramming is required.

 

Padding file for VSS blanking is available here - https://forums.mydigitallife.net/th...40-g1-bios-admin-password.61719/#post-1387851

 

Can anyone help me with 9470m?

 

Please explain a bit more

 

Hey Guys,
Have somebody experience with HP Zbook 15 G2?
I have successfully unlocked 1 Zbook 15 G2 but the other one i had some problems. After Flashing clean bios rom ( overwrited $VSS with padding.pad ) the notebook won´t boot from USB. Always it freezes up. Only Linux Live Stick is working

Is there an other way to clean bios?

 

how do you extract bios region from hp support update all i get is a .exe that extracts a decrypted .bin file ?

 

load .bin to UEFITool and then extract by right click.

 

sendme copy.
i would find a donor bin to grab vss and adjust your info into it.

 

i did load the bin in uefi tool and i can find the vss section in bios region when i try open it in hex edit its all blank
can i extrakt it and build a image still?

 

ohh yes the new ones hide it in different place.. send me backup.bin and i can try rebuild or find good matching .bin

 

You need to login to view this posts content.

 

You need to login to view this posts content.

 

You need to login to view this posts content.

 

You need to login to view this posts content.

 

here is how i find it in UEFITOOl.. expand bios region.. look for NVRam and expand.
open in hexeditor and ctrl G to the Base address then ctrl E to select full size (3rd line)

 

make backup.bin first and verify pass.
then you can flash.. first erase chip.

 

You need to login to view this posts content.

 

You need to login to view this posts content.

 

tank you.
what tool should i use to to the backup, pass veryfication flashing and erasing ?
I am really sorry if my qiestions sound stupid. i' ve tried to rtfm (read most posts) but simply cant understand much.
thank you

 

i dont think you have a hardware bios programmer... im talking about flashing chip via programmer.. not some software in laptop