Crack CMOS' memory space

A computer configured using its BIOS has its options written to CMOS. If the BIOS is password protected and stored in CMOS, there used to be no easy way to get at it.

Please let us know how useful you find this tip by rating it below. Do you have a useful Windows tip, timesaver

or workaround to share? Submit it to our tip contest and you could win a prize!


When a user or administrator configures a computer using its BIOS, the configuration options available through BIOS are written to a memory space known as CMOS.

CMOS is generally non-volatile; it persists even when the computer is turned off or unplugged. When a BIOS is password-protected, the password is stored in CMOS. Unfortunately, if you need to enter BIOS and make changes and you don't have the password, there is usually no easy way to get it. A system reclaimed from another organization or division might be password-protected, for instance.

The typical strategy when dealing with such a system is to wipe the CMOS -- typically by applying a motherboard jumper setting -- and start from scratch. But sometimes wiping the CMOS is simply not an option. For instance, there might be difficult-to-reproduce settings or data in the CMOS that need to be preserved or recovered. Law enforcement officials, for example, might need to do this when dealing with a computer that's been entered into evidence.

One possible way to solve this problem is with a CMOS password recovery utility. One such tool is cmospwd, a free and open-source application that runs under both DOS and 16/32-bit Windows.

Cmospwd works with BIOSes from almost all of the major manufacturers -- AMI, Award, IBM and Phoenix are among them -- and also attempts to use generic backdoor passwords for certain brands of BIOS that support it. (The author also has a tool called KeyDisk that can be used to hard-reset CMOS in Toshiba laptops, and includes instructions for building a hardware parallel-port loopback key that can also be used to reset CMOS in Toshiba machines.)

Note that the most convenient way to run the program is through DOS. The 32-bit Windows version requires the presence of a kernel-level driver (included with the program) called ioperm. It may just be easier to build a bootable DOS diskette and use that, especially if Windows isn't even running on the target machine.


Serdar Yegulalp wrote for Windows Magazine from 1994 through 2001, covering a wide range of technology topics. He now uses his expertise in Windows NT, Windows 2000 and Windows XP as publisher of The Windows 2000 Power Users Newsletter and writes technology columns for TechTarget.
This was first published in March 2005

Dig deeper on Windows Server Monitoring and Administration

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close