#StackBounty: #boot #bios #passwords #patch #decoding Reset insyde H20 bios admin password

Bounty: 100

I have a Lenovo G470, i3 processor with insyde H20 BIOS 40CN33WW (V2.19) (x64)

** Back story,**
A year ago I had disabled UEFI boot and booting from Pendrive and added
Admin by password, unfortunately, I forgot the admin password.but I can boot with hardrive and cd in legacy mode

In the case of boot failure, I have inserted the live Linux cd and fix the issue. But I lost the live cd also, so I wish to boot with my bootable Pendrive but the problem is I can’t due reason mentioned above

**Main questions **

1.So how do I reset the bios password?
Modified code? If yes how?

Reading from CMOS

2.How is CMOS able to retain information even though there is no button cell battery inside, given that the main battery was removed and the laptop was kept unused for a year?
(As far as I know CMOS is volatile memory, and bios setting not stored in nvram in my laptop)

Attempts to reset the password and details of attempts

  1. Contacted Lenovo customer care, they told replacing the motherboard is the only option ahead
  2. Link to bios firmware
  3. I found That in bios firmware ,Iscflashx64.sys file has content related to password verification screen shot,(sorry I don’t know the line number , but it’s a small file we can just scroll and find it easily)
  4. There is no backdoor Password, as the computer shows no error code when I entered the BIOS password wrong for three times.screen shot , (note..It allows only 7 characters password)
  5. I can boot into OS, and it’s possible to flash bios firmware.
  6. I have searched Google it didn’t help that much.and I have shared everything possible
  7. I did try some kill CMOS software on linix , it said it killed successfully (but it didn’t)

My ideas

Maybe I can modify the password verification code and make it accept any password and reflash the firmware.
I don’t have the expertise to do this, any ideas? proof of concept

Trying the “reset bios eeprom Method”, could anyone help me locate bios eeprom location or number (U45), (U46)… etc

Updates

After going through mother board schematicsschematics i found that on page 18, there is almost nothing connected to vram and next on pg.41 and 40 we find a cmos next to bios.

With code name U33 and is located on motherboard

so I concluded that the bios data Which might include my password is in CMOS (schematics and datasheet of cmos) , can someone confirm the same Please?

So then I’m think of proceeding with method given in this article So basically dump bios and find my password in it.

Related question Reset BIOS on HP ProBook 4310s
I guess I have shared enough details such that an expert an easily determine a best solution


Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.