BIOS password cracking

[Dogbert] took a look at the security that goes into BIOS passwords on many laptops. He starts off with a little background about how the systems work. People are bound to forget their passwords, so when you enter a wrong one three times in a row you get a message similar to the one above that locks you out until all power is removed from the system (then you get three more tries). But check out that five-digit number in the picture. That’s a checksum of the password. Some BIOS versions display it automatically, some require you to hold down a certain key during POST, but it’s the pivotal data needed to crack the password.

[Dogbert's] post doesn’t go into verbose detail about the algorithms he uses to brute force the passwords. But he has posted the Python scripts he uses to do so. Learning how to generate the passwords based on the checksum is as simple as studying the code, which is often the best way to learn.

Subway hacker speaks


Popular Mechanics has an interview with [Zach Anderson], one of the MIT hackers that was temporarily gagged by the MBTA. The interview is essentially a timeline of the events that led up to the Defcon talk cancellation. [Zach] pointed out a great article by The Tech that covers the vulnerabilities. The mag stripe cards can be easily cloned. The students we’re also able to increase the value of the card by brute forcing the checksum. There are only 64 possible checksum values, so they made a card for each one. It’s not graceful, but it works. The card values aren’t encrypted and there isn’t an auditing system to check what values should be on the card either. The RFID cards use Mifare classic, which we know is broken. It was NXP, Mifare’s manufacturer, that tipped off the MBTA on the actual presentation.

Follow

Get every new post delivered to your Inbox.

Join 91,415 other followers