This is a simple tool that removes the prompt for a password from a thin client where the BIOS is password protected.
The code below clears the flag in the BIOS data (stored in the battery-backed CMOS RAM) that indicates that a password is set. The detail is described here. The binary was compiled on a Tiny Core system.
/*-------------------------------------------------------------
* clrpwd.c
*-------------------------------------------------------------
*
* Program to disable the BIOS password in systems with a
* Phoenix Award BIOS.
*
* Author: David Parkinson
* Date: 14th October 2012
* Version: 1.0
*
*-------------------------------------------------------*/
#include <stdio.h>
main( int argc, char **argv )
{
FILE *nvram;
unsigned char buf[34];
int n, csum;
/* We use the Linux /dev/nvram device rather than go direct.
* Open it and read in the bit of interest */
nvram = fopen( "/dev/nvram", "r+" );
if( !nvram ) {
printf( "Cannot open /dev/nvram - you need to be root!\n" );
return( -1 );
}
n = fread( buf, 1, 34, nvram ); /* Read in the bytes */
if( n != 34 ) {
printf( "Read error: read %d bytes, not 34\n", n );
return( -2 );
}
/* For a sanity check let's check the checksum */
for( n=csum=0; n<32; ++n )
csum+=buf[n];
if( (csum&0xFFFF) != ((buf[32]<<8) + buf[33]) ) {
printf( "Checksum is wrong. Calculated 0x%04X, found 0x%02X%02X\n",
csum, buf[32], buf[33] );
return( -3 );
}
/* Check the current setting */
if( !(buf[3] & 0x2) ) {
printf( "Password is already disabled\n" );
return( 0 );
}
/* Make the modifications. Clear bit 1 and update the checksum */
buf[3] &= 0xFD;
csum -= 2;
buf[32] = (csum>>8) & 0xFF;
buf[33] = csum & 0xFF;
/* Write out the new values */
fseek( nvram, 0, SEEK_SET );
n = fwrite( buf, 1, 34, nvram );
if( n != 34 ) {
printf( "Error writing new values to CMOS\n" );
return( -4 );
}
printf( "CMOS updated, password removed\n" );
return( 0 );
}