Computer BIOS

BIOS can be secured with a password to prevent attackers from changing critical system configs such as boot management. BIOS password can be bypassed using the below methods although not all of them may work depending on the manufacturer, the motherboard and the BIOS version

Computer Battery Some batteries if removed for more than 30 mins, the BIOS password will be reset. This requires physical access to the computer to be able to take out the battery from the motherboard.

CMOS The CMOS method requires the attacker to take out the motherboard and connect the CMOS pins in order to reset the motherboard settings and this is because the BIOS password is essentially stored within the CMOS.

Using Kali Linux You could boot a live version of Kali using a USB and then run the below tool which is included in Kali.

cmosPwd /k

The above command will reset the CMOS and thus resetting the BIOS password.

Brute Force We can supply a wrong password for multiple times until the BIOS throws an error with a technical code. We can visit the below page

BIOS Master Password Generator for Laptops

And insert the given code, and the site may show a correct estimation of the password.

Using Chipsec CHIPSEC is a framework for analyzing the security of PC platforms, including hardware, system firmware (BIOS/UEFI), and platform components. It includes a security test suite, tools for accessing various low-level interfaces, and forensic capabilities. It can be run on Windows, Linux, Mac OS X, and the UEFI shell.

GitHub - chipsec/chipsec: Platform Security Assessment FrameworkGitHub

We can use this tool to disable the secure boot

python chipsec_main.py -module exploits.secure.boot.pk

Here's a breakdown of the command:

• python: This is the command to run a Python script in the terminal or command prompt.

• chipsec_main.py: This is the main Python script for the CHIPSEC framework. Running this script starts CHIPSEC and allows you to execute its various modules and functions.

• -module: This option specifies that the following argument will be the name of a module to run within CHIPSEC.

• exploits.secure.boot.pk: This indicates the specific module to be executed. In this context, it seems to target an exploit module related to Secure Boot, perhaps focusing on vulnerabilities related to the Platform Key (PK).

The Platform Key (PK) is a key component of the UEFI Secure Boot process, which is designed to ensure that a system only boots with software that is trusted by the device manufacturer or owner. If vulnerabilities exist in how the PK is handled, it could potentially allow unauthorized software, including malware, to boot, compromising the security of the system.

The specific module namedexploits.secure.boot.pk would likely be designed to test for vulnerabilities or misconfigurations in how the Secure Boot process handles the Platform Key. This could involve checking for common vulnerabilities, testing the ability to replace or modify the PK, or identifying other weaknesses that could be exploited.