Using a Backdoor BIOS Password
Some BIOS manufacturers implement a backdoor password. The backdoor password is a BIOS password that works, no matter what the user sets the BIOS password to. These passwords are typically used for testing and maintenance. Manufacturers typically change the backdoor BIOS passwords from time to time.
AMI Backdoor BIOS Passwords
Reported AMI backdoor BIOS passwords include A.M.I., AAAMMMIII, AMI?SW , AMI_SW, BIOS, CONDO, HEWITT RAND, LKWPETER, MI, and PASSWORD.
Award Backdoor BIOS Passwords
One reported Award backdoor BIOS password is eight spaces. Other reported Award backdoor BIOS passwords include 01322222, 589589, 589721, 595595, 598598 , ALFAROME, ALLY, ALLy, aLLY, aLLy, aPAf, award, AWARD PW, AWARD SW, AWARD?SW, AWARD_PW, AWARD_SW, AWKWARD, awkward, BIOSTAR, CONCAT, CONDO, Condo, condo, d8on, djonet, HLT, J256, J262, j262, j322, j332, J64, KDD, LKWPETER, Lkwpeter, PINT, pint, SER, SKY_FOX, SYXZ, syxz, TTPTHA, ZAAAADA, ZAAADA, ZBAAACA, and ZJAAADC.
Phoenix Backdoor BIOS Passwords
Reported Phoenix BIOS backdoor passwords include BIOS, CMOS, phoenix, and PHOENIX.
Backdoor BIOS Passwords from Other Manufacturers
Reported BIOS backdoor passwords for other manufacturers include:
Manufacturer | BIOS Password |
VOBIS & IBM | merlin |
Dell | Dell |
Biostar | Biostar |
Compaq | Compaq |
Enox | xo11nE |
Epox | central |
Freetech | Posterie |
IWill | iwill |
Jetway | spooml |
Packard Bell | bell9 |
QDI | QDI |
Siemens | SKY_FOX |
SOYO | SY_MB |
TMC | BIGO |
Toshiba | Toshiba |
Remember that what you see listed may not be the actual backdoor BIOS password, this BIOS password may simply have the same checksum as the real backdoor BIOS password. For Award BIOS, this checksum is stored at F000:EC60.
Resetting the BIOS Password using Software
Every system must store the BIOS password information somewhere. If you are able to access the machine after it has been booted successfully, you may be able to view the BIOS password. You must know the memory address where the BIOS password is stored, and the format in which the BIOS password is stored. Or, you must have a program that knows these things.
You can write your own program to read the BIOS password from the CMOS memory on a PC by writing the address of the byte of CMOS memory that you wish to read in port 0x370, and then reading the contents of port 0x371.
!BIOS will recover the BIOS password for most common BIOS versions, including IBM, American Megatrends Inc, Award and Phoenix.
CmosPwd will recover the BIOS password for the following BIOS versions:
- ACER/IBM BIOS
- AMI BIOS
- AMI WinBIOS 2.5
- Award 4.5x/4.6x/6.0
- Compaq (1992)
- Compaq (New version)
- IBM (PS/2, Activa, Thinkpad)
- Packard Bell
- Phoenix 1.00.09.AC0 (1994), a486 1.03, 1.04, 1.10 A03, 4.05 rev 1.02.943, 4.06 rev 1.13.1107
- Phoenix 4 release 6 (User)
- Gateway Solo - Phoenix 4.0 release 6
- Toshiba
- Zenith AMI