Hello, looks at this nice computer, it's locjed tho, what a shame. It's a Omnibook 800CT, the one with the cute little mouse that comes out.
I have been looking everywhere to unlock this, does anyone have some knowledge on this issue?
When searching on this forum, i've seen a few old thread that seem to have multiple users not finding a solution.
Let me explain in details the nature of the issue for future users with the same issue on a Omnibook:
-The password is 8 alphanumerical characters.
-The bios password is happening after the bios and before the boot (meaning i can access the bios, but the reset password option in the bios is locked by that password i dont have as well so its a dead end)
-The password is located in the eeprom or something of that sort, it's not in the HDD (i removed it and still its locked), its probably not in the ram either, and the ram is 4x 8MB chips soldered on the board anyway.
-There is sites that generate master passwords like Here, but when i enter my machine serial number, it gives me a code that is more than 8 characters, i'm assuming it might be the code u enter after pressing ALT SHIFT F10 usually, but that keypress combination doesnt work, i tried many other alternatives to it, still cant see anything pop up to enter a code (the service manual describe this procedure Manual on page 83 if you want to look into it) Would anyone know the right key combination? my machine was sold in the EU, im wondering if that's related to the azerty keyboard maybe)
-There is forum posts out there that say that the bios password may be stored into a tantalum capacitor, and that shorting it and even cutting a leg might get rid of the password, but, there is absolutely no real proof of that, just vague and old memories from users that cant really confirm that's the way to do that. Other users have mentionned that the bios might be smart enought to still double check a hash or something and notice that the password was not entered, therefore not really solving anything. (security was a main concern back then, they really engineered things smartly on those kind of portable pc)
-After a lot of thinking, my hardware repair skills are not good enought to attempt soldering/cutting on such tiny elements, and i am not comfy with a destructive method so the next best thing i'm thinking, and others have mentionned that, is trying to bruteforce the password with a Pi connected to the PS/2 keyboard, and having a Pi camera with OpenCV to monitor and log sucess if it happens.
Trying every password ever mathematically would take 60million years (yes) at 3 password per second rate.
Trying a dictionary based method is more around 5 hours, and name based and such probably something similar. For info, the bios doesnt lock after many attempt and doesnt delay attempts so its possible to spam passwords.
One question on that, do you think that the password can include capital letters or not? I assume yes but id like to make sure, it would make the brute force method way easier if capital letters were not possible on bios passwords.
Considering all that, i'm thinking to approach the issue this way, it's a gamble for sure, there is no guarantee of sucess ever but that's a good occasion to learn to use a Pi. I might keep this board informed of progress if you'r interested in that.
Do you have a cool idea i didnt think about yet? Especially a key combination instead of the alt shift F10? Or someone who has reverse engineered the descrambling software from HP they use to have. let me know i'm eager to see your answers!
I have been looking everywhere to unlock this, does anyone have some knowledge on this issue?
When searching on this forum, i've seen a few old thread that seem to have multiple users not finding a solution.
Let me explain in details the nature of the issue for future users with the same issue on a Omnibook:
-The password is 8 alphanumerical characters.
-The bios password is happening after the bios and before the boot (meaning i can access the bios, but the reset password option in the bios is locked by that password i dont have as well so its a dead end)
-The password is located in the eeprom or something of that sort, it's not in the HDD (i removed it and still its locked), its probably not in the ram either, and the ram is 4x 8MB chips soldered on the board anyway.
-There is sites that generate master passwords like Here, but when i enter my machine serial number, it gives me a code that is more than 8 characters, i'm assuming it might be the code u enter after pressing ALT SHIFT F10 usually, but that keypress combination doesnt work, i tried many other alternatives to it, still cant see anything pop up to enter a code (the service manual describe this procedure Manual on page 83 if you want to look into it) Would anyone know the right key combination? my machine was sold in the EU, im wondering if that's related to the azerty keyboard maybe)
-There is forum posts out there that say that the bios password may be stored into a tantalum capacitor, and that shorting it and even cutting a leg might get rid of the password, but, there is absolutely no real proof of that, just vague and old memories from users that cant really confirm that's the way to do that. Other users have mentionned that the bios might be smart enought to still double check a hash or something and notice that the password was not entered, therefore not really solving anything. (security was a main concern back then, they really engineered things smartly on those kind of portable pc)
-After a lot of thinking, my hardware repair skills are not good enought to attempt soldering/cutting on such tiny elements, and i am not comfy with a destructive method so the next best thing i'm thinking, and others have mentionned that, is trying to bruteforce the password with a Pi connected to the PS/2 keyboard, and having a Pi camera with OpenCV to monitor and log sucess if it happens.
Trying every password ever mathematically would take 60million years (yes) at 3 password per second rate.
Trying a dictionary based method is more around 5 hours, and name based and such probably something similar. For info, the bios doesnt lock after many attempt and doesnt delay attempts so its possible to spam passwords.
One question on that, do you think that the password can include capital letters or not? I assume yes but id like to make sure, it would make the brute force method way easier if capital letters were not possible on bios passwords.
Considering all that, i'm thinking to approach the issue this way, it's a gamble for sure, there is no guarantee of sucess ever but that's a good occasion to learn to use a Pi. I might keep this board informed of progress if you'r interested in that.
Do you have a cool idea i didnt think about yet? Especially a key combination instead of the alt shift F10? Or someone who has reverse engineered the descrambling software from HP they use to have. let me know i'm eager to see your answers!
