Re: Extract bios password from EliteBook 840 G8 Bios dump, possible?
Hi,
I have managed to unlock my HP 850 G8.
Big thx for all the hints and instructions here in this forum!
Since I have started from scratch with this topic and invested quite some hours I'd like to share my experience. Hope it is useful.
What you need:
Hardware (all bought on amazon)
Software
Steps:
Hi,
I have managed to unlock my HP 850 G8.
Big thx for all the hints and instructions here in this forum!
Since I have started from scratch with this topic and invested quite some hours I'd like to share my experience. Hope it is useful.
What you need:
Hardware (all bought on amazon)
- Hot Air Heat Gun - I have bought the cheapest (885D - 50€)
- Programmer - T48 Programer (130€) be careful you have a SOIC8 to DIP8 adapter included.
The adapter did not fit 100% to the chip so I need to remove some plastic inside adapter so all pins had a connection. But maybe I was just stupid
- Flux paste (10€, actually no clue what it does but everyone on youtube was using it)
Software
- Xgpro v12.5 and drivers downloaded (just downöpad from vendor website)
- HxD64 hex editor (google)
Steps:
- Disassemble the notebook and get the mainboard out. There is a nice video on youtube from HP support showing how to remove the system board. Just search for "Removing & Replacing Parts | HP EliteBook 850 G8 Notebook PC"
- Find the bios chip with the tag U366 U368 next to the chip in white letters. On the chip it says "winbond 25Q256JVEN". I didn't touch the other chip on the mainboard front side U367
- Now start heating the chip. I used a temperature of 340°C and it took around 30sec until I could remove the chip. So no worries, it finally moves
. There is not much to explain about the heating gun, I used the 2nd biggest adapter, plugged it in and started.
- Plugin the programmer, install drivers and start software. Follow the instructions. It updated the firmware on first start but otherwise worked smoothly. USB programmer connection status was ok
- Select the right chip (in top menu: Select IC(S), search for 25Q256JV. I got 6 results and selected the W25Q256JV@WSON8 chip. (Probably also works with the others no clue as well)
- Click on READ now and the tool shows you already which adapter to use and how to plug in. Click "View adapter" and you get a picture as well.
- Put the chip in the adapter and click on Read. It took me several tries until the read was successful. The tool is quite helpful and shows you what went wrong, which pin has a problem etc.
- Once you could read the chip, save the bin, save a copy and open it in hex editor HxD64
- I didn't want to upload my bin here so I analyzed three different 850 G8 bin pairs of locked and unlocked files from this threat. In all of them was the same difference. From line 00037000 there was a text starting with "NvramActiveRegn" until line around 00037BC0. As in the other unlocked files I replaced them with FF values. Then I saved it as a new file
- In the Xgpro click on LOAD and open the unlocked file. Then click on PROG and flash it to the chip. In my case it was successful at the 1st try.
- Take the chip and solder it back to the main board. Here this was difficult tome. Took me 3 times until it worked. The first 2 times the notebook did not start. The numlock and capslock where blinking six time. Also from this threat I knew that it is probably a soldering issue. So it only worked when I was putting flux on the board, pre heated it a little bit, put the chip exactly in position and pressed it a little with a screwdriver while I was heating. Also I heated longer this time around 40sec
- The notebook takes a bit for the first boots, It blinks, reboots a few times. But when the screen pops up press F10 and go to the BIOS setup. You get a few errors about security, changed policy etc which you need to confirm. When in the menu go to the security menu and set security back to factory. It will again reboot 2-3 times and ask you to confirm some stuff and enter a pin shown on the screen. Once done go again to BIOS menu and reset BIOS also to factory
--> be sure to do that on the 1st boot and don't miss it. I did something wrong here and the notebook was showing me a key error on every boot and all of a sudden not booting at all. With the caps lock light on but no way to boot it. Even after removing CMOS, battery etc no way. I HAD TO REDO ALL STEPS
, get the chip out, flash and solder it in again. Try to avoid that
- My chip looks pretty damaged now but everything works like a charme
Comment