Categories
Development Hardware

Live hardware hacking!

Recently I did something that I never thought would be possible: I short-circuited a chip on a laptop while it was on, and by that I could get some work done!

My goal was to remove the BIOS supervisor password from an old Thinkpad laptop that I bought second hand. The owners themselves forgotten what the password was, so I thought I would give the laptop a hand to free itself up!

But there was a little problem! According to Lenovo’s official documentation, the only way to reset/remove the BIOS supervisor password was to replace nothing less than the entire laptop motherboard ?.So, is there really no way to remove the supervisor password from this laptop’s BIOS? Well it turns out there is! Thanks to the always amazing tinkerer community on the Internet, I found about a way to remove supervisor password from Thinkpad laptops. But honestly, I did not really believe what I read until I did it myself ?.

 

How did I remove the supervisor password?

First, I had to find the EEPROM chip on my motherboard. I found it from a page that lists the location of this chip in many Thinkpad models. Apparently, this chip is where the supervisor password is physically stored and enforced in the hardware.

Then, I removed the keyboard…Then the palm rest…And finally, this is the EEPROM chip.

The next step was to use a screwdriver to short-circuit two pins (SCL and SDA) on the EEPROM chip. After turning on the computer and just before pressing F1 to load the BIOS setup, I short-circuited the two pins on the EEPROM chip. The timing for doing this was very critical and it took many unsuccessful tries, but eventually the BIOS loaded with the supervisor password apparently disabled.

When the BIOS setup screen loaded in a temporarily liberated state, without disconnecting the two pins, I reset the supervisor password to blank. (I leave it as a fun exercise to the reader to imagine me with one hand holding the screwdriver in place and with the other hand pressing keys on a wobbly keyboard that hangs from the laptop by a thin wire ?) Finally, I released the screwdriver and let the laptop reboot. After that, there was no supervisor password left on the BIOS ?.

Clearly, I do not really understand what I did in this process! I still don’t exactly know what an EEPROM chip is and what it does. Nevertheless, the whole thing worked, and I did something that I’d never done before: live hardware hacking on a running computer!