Normsweb.com was HACKED!

They were quickly blocked and ousted. Whatever plans they had FAILED!

It's currently in the hands of the Police so I can't say much, but the hacker was from Poland! That's right munchkin, Amazon has betrayed you! They told me who and where you are. Maybe you can sue Amazon for breaching data protection laws, if the police don't catch you first!

Next time, don't try to be clever. Sending gifts to the people you hack is such a dumb idea, or was it supposed to be intimidation? 'we know your address' etc.

Just know, YOU FAILED on all counts. Muppet!

Lost Supervisor Password (SVP) - IBM Thinkpad

The supervisor password (SVP) on the IBM Thinkpad is stored in an ATMEL chip (On most models the chip is an 8 pin DIL and is labelled 24RF08). It can not be reset by any normal means and even the IBM service manual (hardware maintenance manual) suggests that if SVP is lost, you must replace the motherboard in the laptop to overcome the issue.

However, we know that the motherboard does not need to be replaced! You can simply read the data stored in the ATMEL chip and decipher the SVP. - Well I say simply, but you will have to pull your laptop apart and solder three wires to the motherboard, which is far from simple.

Before you start this procedure, Read this whole page thoroughly and make sure you have all the parts in place and that you are confident to do the job. Also understand that if you mess it up, you could destroy your laptop. Proceed at your own risk! I am not responsible for any damage to you or your laptop from trying this fix.

NOTE: If you have any suspicion about the laptop possibly being stolen contact your local police station.

My info will always be FREE. But if this helps you, please consider a donation to help keep the site going.

How To

1. Get a Hardware Maintenance Manual for your laptop

Search the internet to try and find a hardware maintenance manual (service manual) for your laptop as this will tell you specifically how to pull the laptop apart without damaging it, and may also give you a clue as to where the ATMEL chip is located.

2. Build the EEPROM reader hardware

eprom reader

You will need these parts:
2 x 2.2K Resistors, 2 x 5.1v Zener diodes
1 x 9 Pin D-Sub Female Plug (for serial port on PC)

Put the parts together following the simplified diagram. Thanks to Benny from Germany for spotting an error in my diagram

This can all be built onto the back of the D-sub connector. Make the wires coming from the three points about 1 - 2 meters long, as they need to reach from the laptop to a second computer for when you read the chip.

3. Now the hard part, soldering the wires inside the laptop

Atmel chip pin-outs

Following the Hardware Maintenance Manual (if you found one), open the laptop and locate the ATMEL chip on the motherboard.

Solder a wire to any ground point on the board, Solder wires to SCL and SDA on the ATMEL chip. (make these wires long enough to stick out from the laptop when it's temporarily put back together)

Check and double check that you have not shorted the SCL and SDA pins on the chip. Maybe put some tape over the SCL and SDA wires to help to hold them secure. Leave the wires hanging out of the laptop - don't connect them to the reader yet, but make sure that the wires can't short to each other or ground. Temporarily rebuild laptop enough so that it will boot up. Boot up the laptop and Press F1 to enter the BIOS. At the password prompt, leave the laptop and prepare the second computer.

4. Preparing the second computer

Download and install these softwares on second computer. Reader software - r24rf08_setup.exe or PonyProg, Decoder software - setup_ibmpass21.zip. These softwares can easily be found with any search engine.

Note: Its possible that the r24rf08_setup.exe is infected. Avast! Anti-virus detects the threat as 'Win32:Malware-gen', so use it with caution.

Plug in the EEPROM reader, then connect the wires hanging out from the laptop to the wires coming from the EEPROM reader in this order (while its all still turned on): Ground first, then SDA and SCL.

5. Reading the ATMEL Chip

Bring up a Command Prompt on the second computer and navigate to the folder where you installed the reader software. Type in: R24RF08 dump.bin and hit enter. Hopefully now you will have a file on the second computer called dump.bin. (the PonyProg reader software will probably be slightly different, but as I have never used it I cannot tell you the precise operation)

6. Decoding the Supervisor Password:

IBM decoder screenshot

Run the IBM Pass 2.0 Lite Decoder Software on the second computer. Load up the dump.bin file you just created. Scroll down to the memory address of 0×330 and read the password!

If the password is not there, press the Translate button.

7. Testing the password

Unplug and disconnect the EPROM reader from the laptop and second computer. (Leave the wires soldered inside the laptop). Type your newly gained password into the laptop and try to go into the BIOS. Try to change any setting in the BIOS to confirm you now have full control!

8. Rebuild laptop

Turn laptop off and disconnect all power, de-solder the three wires carefully - you got this far, you don't wanna kill the laptop now. Put laptop back together. Just do the reverse of what you did to get it apart. - You're Done!

Feedback

Here are some e-mails that I have received from people who have tried this fix
(some long e-mails may be edited)

I've tried "Ponyprog" from Lancos on an EEPROM unsoldered from a dead T40. I used the interface circuit described on your website, and settings of "2402-16" and "24XXAuto". The Supervisor password is at 0x338 to 0x33e and again at 0x340 to 0x346, followed in each instance by a checksum byte. The page structure of the 24rf08 means that certain information appears twice in the dump: the serial numbers in particular.

I used r24rf08.exe and ibmpass22.exe despite the warning from Avast! (but on an isolated machine containing no data) and successfully recovered the SVP from an otherwise useless T42. I modifed the interface circuit so as not to apply excessive voltages to the EEPROM, which runs at 3.3V in the T4x series.

The attached drawing shows the circuit I used: the ponyprog interface loops pin7 of the serial plug back to pin6. I replaced each 5v1 zener with two green LEDs in series and a 1N4148 silicon diode in reverse parallel to keep the voltages applied to the EEPROM to within the datasheet limits. (Having worked with industrial electronics, I'm a bit conservative!) I agree that the circuit is a bit ungainly to wire up inside the shell of a DB9 plug (I built it on a solderless breadboard as I only intended using the circuit once.)

It is worth noting that although laptops use �5v signals at the serial port, desktops stick to the specs and use the full 12 volts. I had a laptop with a serial port, so the circuit has been tested with 5 volt signals. The SCL and SDA lines are pulled up to +3.3v inside the Thinkpad using 10k resistors.

Richard - UK

Modified Interface Diagram

Read the Disclaimer - Sitemap - Read the Privacy Policy
Design and Content is Copyright of N.D. Green (normsweb.com)
©2003 -