Home > Articles

  • Print
  • + Share This
This chapter is from the book

This chapter is from the book

BIOS and Console Passwords

Nearly all computers today support BIOS passwords, console passwords, or both. BIOS passwords bar malicious users from accessing system setups, while console passwords protect workstation single-user modes. Either way, such password systems are at least marginally effective, and you should use them.

Be sure to use a unique password; that is, one that's different from other passwords you've used on the network. This ensures that even if attackers later crack your BIOS password, they can't use it to crack other hosts, applications, or networks.

How secure are BIOS passwords? Not very. They mainly foil newbie attackers. Today, most crackers know default and backdoor BIOS setup keys and passwords for most makes and models. Table 3.1 lists a few.

Table 3.1. Well-Known BIOS Entry Keys and Passwords

Manufacturer

Entry Key and/or Default Passwords

American Megatrends

A.M.I., , alfarome, AMI, ami, AMI SW, AMI!SW, AMI?SW, AMI_SW, AMIDECODE, bios, BIOS, cmos, efmukl, EWITT RAND, HEWITT RAND, Oder, PASSWORD, and setup.

Award

award, 01322222, 589589, 589589, 589721, aLLy, aPAf, AW, Award, AWARD, AWARD PW, AWARD SW, Award SW, AWARD_HW, AWARD_PS, AWARD_PW, AWARD_SW, awkward, CONCAT, djonet, LTHLT, j256, J262, j262, j322, J64, KDD, SER, SKY_FOX, Syxz, TTPTHA, ZAAADA, ZBAAACA, and ZJAAADC.

Generic entry keys

Generic entry key combinations include ALT+?, ALT+S, ALT+ENTER, F1, F2, F3, CTRL+F1, CTRL+F3, CTRL+SHIFT+ESC, DEL, CTRL+ALT+INS, CTRL+ALT+S, ESC, and INS.

Generic passwords

Generic default passwords (on various models) include admin, ALFAROME, BIOS, BIOSSTAR, biosstar, BIOSTAR, biostar, CMOS, CONDO, J64, PASS, PASSOFF, SETUP, and system.

IBM Aptiva

Attackers can bypass the BIOS password by repeatedly depressing both mouse buttons on boot.

Toshiba

Some models enable operators to bypass BIOS password protection by holding down the Shift button.


Additionally, various prefabricated tools exist that either ferret out your BIOS password or "blast" it. (Blasting is where the attacker forces the password out of BIOS memory.) True, attackers must have these tools on hand when they crack your BIOS password (and few carry such tools in their back pocket). However, if Internet access is available, they can download such tools in seconds.

Hence, you can't rely on BIOS passwords as a serious line of defense. At best, they keep out casual users and give more experienced users pause—if only because it takes time to disable one. For machines located in well-lit, frequented areas, BIOS passwords are like shatter-resistant glass panes. True, an intruder can break them, but he'll attract unwanted attention in the bargain.

Note, however, that BIOS passwords will not defeat a determined attacker who has sufficient time alone. Machines already booted, or those unattended and solely protected by BIOS passwords, are vulnerable to several types of attacks.

From a software standpoint, an attacker can disable BIOS passwords on any Windows machine that supports the DEBUG command. For example, suppose an attacker passed your machine now and saw Windows running. He could crank up DEBUG and try these commands:

O 70 2E
O 71 FF
Q

or these:

O 70 17
O 71 17
Q

or these:

O 70 FF
O 71 17
Q

These command strings send various byte values to ports 70 and 71, and clear BIOS passwords on most IBM compatibles. This is functionally equivalent to disabling the CMOS battery (another common physical attack), or switching BIOS jumper settings. Most motherboards, as a failsafe measure, have a jumper setting that voids the current BIOS password. This way, if you forget the password (or if someone changes it to an unknown value), you can still recover.

Finally, most BIOS password algorithms have now been disclosed, making it easy to create a BIOS password cracker. For specific algorithms (and recipes for making such a tool), visit Eleventh Alliances BIOS password algorithm page, located at http://mirror.11a.nu/bios3.htm.

CAUTION

Reconsider setting BIOS and PROM passwords on servers that you later intend to remotely reboot. If these passwords are set and the machine reboots, it will hang at the password prompt, waiting for an answer. If the server provides critical servers, this could have you hopping out of bed in the wee hours.

  • + Share This
  • 🔖 Save To Your Account