It's Christmas, and both me and my wife go to visit our families. In this time of the year we can meet all our relatives. And try to fix their computers.
During the years I've collected a bunch of computers. Some of those are so old I'm quite surprised they still work. They are probably not good for surfing the modern web, full of Javascript and high resolution pictures. But by running GNU/Linux on them, I can get an up to date operating system even on older pieces of hardware.
Sometimes they simply stop working. After all, that Intel Celeron was definitely old. It doesn't boot. It simply… Beeps. Probably the mother board is dead.
Before throwing away a computer I usually go through a cleanup. I recover
the useful data, and run shred on the sensitive parts (encryption keys,
configuration files…). Probably nobody is checking out your hard drive
anyway, but this is just for good measure. Besides, often you stumble into
lots of nostalgic stuff. During this process I've found a backup copy of
some lost photos, taken around 2007.
Among them the photos of an old Thinkpad, chassis opened, showing the inner parts. I'm pretty sure this does not categorize as geek pornography.
The IBM (not Lenovo, yet) Thinkpad shown on the photos is my very first laptop. I bought it in 2004, and I installed Slackware on it by using an external floppy drive. This is because booting from CD was not an option back then — at least, not for Slackware — and new laptops didn't come with floppy drives anymore.
Around 2007, the Thinkpad stopped working. Luckily I know a guy who provided me with some pieces of the same model, and I was able to identify the problem by replacing the single pieces one by one. To make it short I needed a motherboard replacement.
Soon I realized how useless certain companies can be, when it comes to assistance. They kept it forever, and tried to deter me by doubling the price of reparation. When I firmly asked my laptop back, it came still broken and unburdened from the hard drive. They claimed there was no hard drive since the beginning.
The hell with those guys. I decided to buy another motherboard from eBay, and to mounte it myself. Happy ending? Not quite, it didn't work. The laptop started to whine about hardware tampering, and to ask for the BIOS Password.
The motherboard seller claimed that the item was tested before being sold, and nothing weird happened to him. So I guess the hardware recorded some component identifier, and detected the tampering when the id didn't match. Smart-ass hardware is probably the worst thing after smart-ass software.
So I needed a password. And of course I tried to type in any code retrieved from the Internet. None of them worked. During my attempts I stumbled into this blog post, where the author suggests a reasonably low level technique for dumping the CMOS EEPROM and retrieving the lost password. (If the site is no longer available, you may find a snapshot of the original post in the bottom of this story).
After trying everything else, I decided to go for the crazy solution. I borrowed a breadboard and the needed components from a friend of mine, bachelor of Electronic Engineering. I built the suggested circuit and welded it directly on the motherboard, hoping not to fry it in the process.
And then I took some snapshots, the very ones I've found on the old hard drive, today:
I was eventually able to dump the memory through a serial port. I was quite proud of my efforts, and I finally obtained as reward an apparently random sequence of bytes. Not really what I expected. I decided to overwrite it with something easier to type in, but I got an error message:
To receive a registration key you must purchase a commercial license. For further information or details, please forward to
support@allservice.ro
I simply contacted them to ask how to obtain the license. I was just hoping a license didn't cost more than the motherboard itself. I received immediate support by the technician:
So you need the eeprom writer to fix an IBM password. The eeprom wirter is just a writer it can't fix a password, it is just flashing eeproms. But assuming you have a TCPA lock we provide the service: That is TCPA unlock service. To be able to figure out what exactly is it you need, I may ask you if you've dumped the eeprom? If so, can you email us that eeprom dump to check if it is indeed TCPA encryption involved there?
I sent them the dump, and the guy on the other side of the Internet answered with:
Ok,
I saw your eeprom dump, and even if I am loosing you as a customer :), I must tell you that it is not encrypted, well not with the TCPA chip. If you open it in IBMpass 2.1Lite and turn the AA button on, you should see: "RACSERV" This is the Supervisor password.
As a general information, in case of TCPA ecryption, you should have to pay $30 for the writer and $25 for the TCPA reset service, but luckily for you, no need to do this for this one.
Good luck!
At this point I owed this guy a lot, I thanked him and he answered back:
Don't mention it. It's a real pleasure to help you people, everyday.
Fucking awesome. I guess after hitting send he put his red cape on, and
flew away.
The 'So do it yourself' website:
