eleventh alliance

PC Bios Security & Password Recovery

Numerous installations rely passwords checks enforced by their BIOS to stop people from gaining unauthorized access. However, this is not a good thing. The BIOS will possibly slow down an attack, or complicate it, but it will not stop it. This page intends to make it clear why.

Overview

  • BIOSes are not open for public review, as a matter of fact most of them has source code which has never touched the eye of a security expert. Therefore, assume them to only provide a weak level of security.
  • BIOSes doesn’t help if an attacker can steal your harddisk. They do not offer any data protection if hardware access is possible.
  • Any software (BIOS) setting can be reset. Often the motherboard has a switch to do this for you, otherwise one can mess around with the chips which stores the settings.
  • MS-DOS, Windows 95 and Windows 98 allows any user to read and write to the BIOS settings. Windows NT, Windows 2000, Linux, FreeBSD and other multiuser environments allows “superusers” (administrator, root, etc) to read and write to the BIOS settings. This makes password recovery and other attacks against the system possible.

How to set up your BIOS as secure as possible

  • Disable floppy, cdrom and network boot unless you explicitly need it at all times.
  • If your BIOS allows you to setup both ‘user’ and ’setup’ passwords, do so. And do not use a password even remotely close to other passwords you use, BIOS passwords are relativly simple to break.
  • Set fixed sizes for the harddisk. It might complicate for people who want to insert another harddisk without legal reasons.
  • Keep the chassi locked. Makes it hard to mess with the hardware.
  • Don’t use DOS or Windows 95/98. Use a multiuser operating system and learn about how to keep it moderately secure.

Backdoors & Default passwords

In order to simplify for their service personell, quite of lot of BIOS manufacturers insert ‘backdoors’ into their BIOSes. If you only know about them, you can avoid the entire protection scheme. Many of these systems use default or master passwords as backdoors, a list of such passwords is available here (maintained by Nathan Einwechter). Other backdoors and tricks are described in our “tips” list, which is available here. Additionally, there are similar lists on the net which may be more recently updated. If you are maintaining such a list, you really ought to take the time to have a look at an advisory I wrote on the subject when I noticed numerous errors in such lists.

Other default/master password lists on the web:
www.phenoelit.de/dpl

Password recovery and maintains & security tools

The most complete password recovery tool for BIOS available today is Christophe Grenier’s CmosPwd. I have previosly been devloped a little neat tool known as !BIOS. Feel free to have a look at the executable (IBIOS.EXE), the source code or the HOW-TO which explains just about every feature in !BIOS. I’ve written a small documentation on how you develop these tools, which might be handy for some of you get interested in developing on CmosPwd or take up the old !BIOS project. Have a look at it, available here.

Futher reading on BIOS related subjects

There are of course books on this subject. One book which seems to be really interesting (although I’ve only read parts of it available on the web is: “The BIOS Companion – The book that should come with your motherboard!” by Phil Croucher. Have a look at electrocution.com for extracts. The book “BIOS” from MicroApplication (ZD) is said to mention my tool, “!BIOS”. Haven’t read this book either.

Comments (6) 6:25 pm |