That reminds me of a trick I discovered nearly 10 years ago on an Acer to reset the BIOS Password from Windows.
There was this eSettings.exe which let you change some BIOS Settings from Windows, including the password. Of course it first asked for the old password and showed a prompt, denying the request if it was wrong.
I fired up good old OllyDbg and traced the prompt in the ASM code. I changed only one bit IIRC (jne to je, or similar), saved the .exe and tried my luck.
It let me through the prompt and I entered the new password. Amazingly the BIOS gladly accepted it!
I didn't bother to find out what functions it exactly called to set the new password to write a small tool, because I already had one. ;)
I wonder if this still works... If not with an Acer, maybe with some other make?
I haven't tried this on anything newer than Sandy Bridge, but yes.
I've never seen a BIOS that actually had anything but application-level password check for the calls from OS mode to rewrite the BIOS passwords or settings. No idea whether you can leverage TPMs or some of the enterprise trusting features to change that, though.
There was this eSettings.exe which let you change some BIOS Settings from Windows, including the password. Of course it first asked for the old password and showed a prompt, denying the request if it was wrong.
I fired up good old OllyDbg and traced the prompt in the ASM code. I changed only one bit IIRC (jne to je, or similar), saved the .exe and tried my luck.
It let me through the prompt and I entered the new password. Amazingly the BIOS gladly accepted it!
I didn't bother to find out what functions it exactly called to set the new password to write a small tool, because I already had one. ;)
I wonder if this still works... If not with an Acer, maybe with some other make?