Disvail Dynamics

User Tools

Site Tools

Trace: project_fail
namespace:project_fail

Table of Contents

Project Fail: HP ProBook BIOS Password Crack

Source: Nerdworld

Background

A second‑hand HP ProBook was purchased with a locked-down Windows 10 installation. The BIOS was protected by an unknown administrator password set by a cyber‑school IT department. Although the system could be wiped and reinstalled, the BIOS settings remained inaccessible.

Why Traditional Methods Failed

Older systems allowed BIOS password resets by:

  • clearing CMOS jumpers
  • removing the RTC battery
  • resetting configuration RAM

Modern HP ProBooks store the password in a separate rewritable ROM. Therefore, CMOS resets do not remove the password.

HP officially offers a master unlock key, but only to large enterprise customers. Regular users receive no assistance.

Attempted Approaches

Several methods were explored:

1. YouTube Tutorials

Many videos claim to show reset methods, but none worked for this model.

2. HP BIOS Configuration Utility

HP provides a Windows tool that can modify BIOS settings, but it requires knowing the current password — making it useless in this case.

3. Rust-Based Brute Force Tool

A GitHub project attempted to brute-force the password via the HP utility. The program could not be executed successfully, and others reported similar issues.

4. Custom Python Brute Force Script

A custom Python script was created to:

  • read password candidates from a list
  • call the HP BIOS utility
  • attempt to clear the password
  • log each result

Each attempt took about 9 seconds, making brute force extremely slow.

Password List Generation

Initial lists:

  • 50,000 common passwords → no success
  • 100,000 passwords → no success

Expanded lists:

  • 500,000 generated candidates (with leetspeak variations)
  • another 500,000 unique candidates

Total runtime:

  • ~52 days for each 500k batch
  • nearly 6 months of continuous testing

No password was ever found.

Final Outcome

Despite months of effort, the BIOS password could not be cracked. The project is considered a “successful failure”:

  • the laptop now runs Debian Linux without issues
  • the process provided experience with scripting, automation, and AI-assisted coding
  • it highlighted the robustness of modern HP BIOS security

Provided Files

The original project included:

  • Python script for sequential password testing
  • Python script for generating 1 million password candidates
  • HP BIOS Configuration Utility

(See original source for downloads.)

namespace/project_fail.txt · Last modified: by miko
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki