Project Fail: Unlocking the Mystery of a Laptop BIOS Password with AI
Are you tired of being locked out of your laptop's BIOS? You're not alone.
When you buy a used computer, there's always the risk of unpleasant surprises. From iCloud-locked Apple hardware to BIOS-password-protected PCs, some of these issues can be more severe than others. In the case of BIOS passwords, they can be a minor annoyance that's easily fixed by clearing the CMOS memory. But what happens when the password is encrypted and stored on a separate Flash memory, as was the case with an HP ProBook laptop purchased off Facebook Marketplace? That's what [Casey Bralla] found out when they tried to crack the password using AI.
The HP ProBook Laptop: A BIOS Security Challenge
HP's decision to lock down access to the BIOS on their laptops may have been driven by the need to protect against bored and enterprising students. However, this decision also made it difficult to crack the password, as it was stored on a separate Flash memory. While a master key supposedly exists, HP's policy is to replace the system board, which can be costly and time-consuming.
Brute-Force Cracking with AI: A Six-Month Journey
Undeterred by the challenges, [Casey] turned to AI to help them crack the password. They started with a Rust-based project on GitHub that promised much but failed to build. Undeterred, they tasked the Claude AI to write a Python script to do the brute-forcing via the Windows-based HP BIOS utility. The chatbot was also asked to generate multiple lists of unique passwords to try, based on human guesses.
After six months of near-continuous attempts at nine seconds per try, this method failed to produce a hit. However, at least the laptop can still be used, just without BIOS access. This may require [Casey] to work up the courage to do some hardware hacking and erase that pesky UEFI BIOS administrator password, proving at least that apparently it’s fairly good BIOS security.
The Takeaway: A Lesson in BIOS Security
While this project failed to crack the password, it highlights the challenges of BIOS security and the importance of understanding how passwords are stored and protected. It also serves as a reminder that AI can be a powerful tool for solving complex problems, but it's not a panacea. In the end, it's up to us to understand the technology and take the necessary steps to protect our devices.
