[dogber1]

That's a great re-implementation from some stuff I did eons ago [0].

BIOS passwords are indeed a complete joke as means to secure access. There are a bunch of vendors out there who moved the authentication off from the BIOS/CPU to the KBC (keyboard controller) - Toshiba and Lenovo are among them. Still, it's ludicrously easy to circumvent these.

[0] https://dogber1.blogspot.com/2009/05/table-of-reverse-engine...

[ratiolat]

The linked article did not have info about Thinkpads. I wonder how nowadays one can skip BIOS password of a T series thinkpad. So far it has always ended up with a motherboard change for me.

[blkhawk]

There is a guy in hungary that offers unlocking services for about 50EUR. He is a bit difficult to work with (insists on a NDA) but the procedure is as follows: you dump the bios via SPI and send it to him. Afterwards you get a patched image back you flash onto the bios chip. Then you boot and you need to enter some numbers he also sends you (I assume some type of copy protection) and it will unlock and reset the bios password. After that you just reflash the bios image you made earlier.

[Zod666]

If you don't mind physically opening the laptop, you open it and take out the CMOS battery, boot it up without it then shut it down and put the CMOS battery back in and boot. The BIOS password will no longer bet set. I don't know if this still works but it used to on older laptops.

[zaarn]

Modern UEFI uses Flash Storage and CMOS is only relevant for the computer time keeping (though some UEFIs have a full CMOS to emulate BIOS behaviour)

[oneplane]

Doesn't work anymore. The data is no longer stored in CMOS.

[AstralStorm]

Sometimes it is the same chip but not the same range, so it's not cleared ever.

[woodrowbarlow]

i used this method on an old t520 with success.

[4cao]

For slightly older ThinkPads, the method is to short clock and data lines (SCL and SDA), power on the laptop, and press F1 all at the right moment. This website has the locations for many models, for example the X220: http://www.ja.axxs.net/x220.htm (note that this person is/was selling a device to assist with the process but its use is not required, although, predictably, it doesn't say so on the website).

For newer ThinkPads, there is a method to replace the LenovoTranslateService EFI module with a modified version that passes control to another module, which in turn removes the password. This is supposed to be a paid solution (the module will ask for a code that has to be purchased) but apparently there is a "workaround" for that too.

I might not be up to date as I had no need for any of these and my most recent ThinkPad is an X220 but it's safe to say there is always going to be some solution without having to resort to motherboard replacement.

[rustybolt]

There is a trick that work for some (most?) models in the T-series: if you short the pins of some chip with the right timing, you can bypass the password check. See, for example: https://amp.reddit.com/r/thinkpad/comments/b7jbqq/reset_bios...

[numpad0]

I believe you force BIOS to think that it had been lucky but checksums don’t match and EEPROM save is corrupt, then load default and let password go.

Works for straightforward ones like most Lenovo, but not for weirdos like Toshiba. Sometimes I see lots of Toshiba office laptops with locked BIOS waiting to be recycled as the result.

[DanBC]

Older Toshibas have pins near the RAM that can be shorted to clear the passwords. There's a big list here: https://biosbypass.com/how-to-clear-toshiba-bios-password/

[tonyedgecombe]

I seem to remember the last model that works on is the T420, after that you are out of luck.