Re: Password for Unbranded NUC-like Board BIOS

Hi,
I've also tried to find AMITSESetup variable, it is empty, so I did check AMITSE dxe driver by tracing other variables and invalidated a variable by patching your file.
Before patching the bios I did also consider that the password may be stored in volatile memory, did you try to disconnect CMOS battery to see if that clears the password?

VERY IMPORTANT: Make sure you have a good backup of your bios, this is your last chance. Sometimes CH341A programmer corrupts readings/writings of bios chip. If you haven't done so, I suggest to READ and SAVE bios chip contents, do this 3 times and then make sure all 3 files are identical.

Re: Password for Unbranded NUC-like Board BIOS

the pass is on the yellow and green stickers on the motherboard

Re: Password for Unbranded NUC-like Board BIOS


Hi, AAAC

I programmed the SPI flash chip with your patched file.

Good news is it didn't get brick, bad news is the password still there.

As your advice.
Actually before I upload the dump, SPI flash was read for several times, all the dump files are identical.

For hardware reset method, the board doesn't have CLR_CMOS jumper, CMOS battery was removed at the first beginning.

When I checked similar boards' manual, there's a way for short connect BAT connector to reset BIOS, which also didn't work for this board.


By the way, when I compare the patched file from you, it's addr 0x90DEF1h & 0x93DEF1h changed from 0x83 to 0x03.

After 1st boot of patched, new read from SPI flash shows the value of 0x93DEF1h is now 0x83, and 0x90DEF1h is still 0x03.

Thanks for your help!
Any new thoughts please let me know.

Re: Password for Unbranded NUC-like Board BIOS

@Radar_Cap
Yes, I've only invalidated "Ep" variable, which to me seemed the way to go.
Will try to trace strings such as: "Create New Password" and "Confirm New Password", to see where the password is saved.

Re: Password for Unbranded NUC-like Board BIOS

While checking the code did find a couple of strings, actually the same string, one lowercase and the other UPPERCASE, which makes sense for a typed password. If this one works, it means that the password is hard coded into the uefi firmware. Good luck!
password = hstsys123

Re: Password for Unbranded NUC-like Board BIOS

Yes, it worked! Appreciate your help!



By the way, it seeems this is a solid passowrd. Either you set the password or not.
Even I clean the password in BIOS setup. Still need to type in this default password to make the machine boot.
Is that possible to remove this default password check?

Thanks!

Re: Password for Unbranded NUC-like Board BIOS

This is a customized BIOS, so maybe if you could find a regular stock BIOS you can swap it.
The DXE driver module where I found the hard coded password is AMITSE (GUID: B1DA0ADF-4F77-4070-A88E-BFFE1C60529A), that's the one to be modified in order to make it boot without asking for a password, it will require "trial and error" or to study the module very well in order to properly patch it. First test would be to NULL those strings ("hstsys123") and see what happens.
What's the application of this motherboard?

Re: Password for Unbranded NUC-like Board BIOS

Thanks for your advise, I'll try if I get time to look into that.

For the board, it shipped without case, there's no direct description for the usage.
When I check the model in POST screen, it should be the motherboard of video conference device, but retail version have different I/O ports, so I guess it's kind of engineering sample board for that product.