I was given a laptop this weekend by a coworker who had forgotten their password. Usually resetting a CMOS / BIOS password would be an easy task to complete. With most computers you just move a jumper, flip a dip switch, or in some cases, it’s as easy as pushing a button. Laptops are a bit more complicated. Sure, some still have jumpers, but most do not. If your lucky, you’ll have a removable CMOS/RTC battery so you can just pull that and your computer will ‘forget’ the password (along with all of your BIOS settings store in the CMOS!) Dell (and to be fair a number of other manufacturers) takes this a step further on some models of laptops. Since laptops are a big target for theft and passwords are in place to prevent unwanted people, say a thief, from getting to the data, Dell (and others) have come up with a number of different methods over the years to make this task difficult as a deterrent (and as another ‘feature’ to sell the laptop). The problem is, when a legitimate user gets locked out of their own computer, it can be frustrating (not to mention in some cases, expensive!)
The laptop in question was one of those special situations. When turned on, it would bring you to a white / grey screen prompting for a password. The password is actually stored on a special NVRAM chip along with some other information about the laptop (Service Tag, Owner Info, Asset Name, etc.) While there are tools supposedly to find out the ‘master’ password via the service tag, I was not able to get those to work. There are plenty of people online that claim for $50 they can give you the answer, but I don’t like going that route for a number of reasons. I gathered bits of information from all over the internet and formulated a plan.
First, I had to get to the chip. This involved stripping the laptop down to the system board, but leaving key components connected since I would need to have the laptop running for parts of the procedure.
Next, I had to selectively disable the eighth leg on this chip to fool the computer into thinking it was brand new and reprogram it. The choice method for this was to carefully wick the solder from the leg and then thread VERY thin wire behind the leg. Next, with gentle pressure on the wire, I tapped the iron to the leg to break the remaining bond and like a dog to a fire hydrant, the leg lifted off the board.
Next, I tried to turn the laptop on to see if there was a change. This sent me into a bit of a panic, since the laptop refused to even turn on now. The way I saw it, I had either broke something or this was a normal reaction to having that leg off. I decided to test my hypothesis by reattaching the leg. After doing so, the laptop turned on and I was once again greeted by the password screen.
Okay, so- normal operation. This means that without the chip, you can’t turn the laptop on, but with the chip, you can turn it on but have to enter a password. Thankfully, us humans are still smarter than computers, even if just. Here is where we lie to the computer a bit. It won’t turn on unless that chip is in place, so what I did is use a dental pick (another tool that should be in your collection) to bridge the connection and allow the computer to turn on. Shortly after the screen initialized, I removed the pick so when the computer went to read it, nothing. This caused it to enter a special ‘Manufacturing Mode’ where the computer redetects and sets up the hardware, including our chip. The first time around it started in Level [FF], which I am assuming is the flash mode where it reset the chip. Every reboot after that and it’s just Level [01].
The results so far are pretty promising, so I soldered the leg back down. After that, I was able to exit manufacturing mode.
Success! A normal boot from the hard drive. Only one issue remained. Remember I told you about the extra info stored on the chip? Well, the service tag was on there. It’d be nice to put that back for a number of reasons, mainly because without it, I don’t think you can set another password. Dell provides a utility to change the values stored on the chip called ASSET_A209.COM. To use it, I needed to make a bootable USB drive (Good instructions for that here). After the flash drive was ready I copied over the asset software and proceeded to boot from the drive. Then it was just a matter of running the program with the /s switch followed by your service tag number (ASSET_A209 /s ABCD123)
It’s worth mentioning that the service tag can only be programmed once, so get it right the first time or else the whole process will have to be repeated. I know a certain coworker that is going to be happy on Monday (also, you owe me a lunch or two :-)
2010-01-20 Update:
Midnight Mods reader Tommy Chooi has reported that you should be able to reset the password by calling dell and verifying ownership of the laptop. After verification, they will generate a password for you based on your service tag. Thanks Tommy!
2010-02-20 Update:
Reader Dave says “Found shorting out pins 3 and 6 while turning it on did the trick (a bit easier than disconnecting pin 8).” – Thanks Dave!
Let us know what worked for you!