Last year my brother bought a new Thinkpad T440 Touch from a Lenovo certified vendor on ebay with invoice and all.
A few weeks ago he set up passwords to secure it. (SVP,HDP and a userpassword via the BIOS)
And then he forgot them ... he entered them both to many times and the SVP became active.
He had it saved in a memo on his samsung smartphone but factory reset it a couple days prior to him forgetting them because of some problems with the phone so the memo is gone. (i tried to recover the data but so far no luck)
Lenovo wants 1000$ to fix the problem.
-
After some research i found out that there is a romanian company selling a SPEG + software (79$) which i could use to dump the BIOS and the TPM chips contents to a file send it to them they do IDONTKNOWWHAT (65$) and send me a modified file back which i then flash onto the BIOS chip reset the passwords and finally flash the original BIOS back onto the chip and all should be fine again.
Sounds great but i'm suspicious about how high the chances are that it actually works as intended and if they scam me or not.
-
So my questions are: Is there another way? (I know only two other ways one includes short circuiting the TPM which could kill the mainboard or replacing the mainboard and the SSD which is very expensive) Does anyone here have any experience with allservice DOT ro?
-
A simple piece of paper with the passwords written on it would have been enough to avoid all this.
-
Thanks to anyone who reads this and knows anything about these things and is willing to share their knowledge with me.
I haven't dabbled in the Thinkpad line on this matter, but had a locked HP EliteBook once. Now, I ended up not doing this, but my research pointed to the only way to unlock it, was to 'simply' change out the BIOS/UEFI chip. You could get some either third party or you could get some second hand. The former option being the cheapest, but also, you don't know that extra bits of firmware is not flashed on the chip. I don't know if a new chip will conflict with the HDD lock, it probably will.
can you simply disassemble the laptop until you get to the bios battery? remove main battery, and charger, then bios battery. hit the power button (to drain capacitors) ,then wait a hour or overnight. reassemble and that should get you into bios. once into bios you can boot from a live linux cd/thumb drive and follow these instructions note: this may make the rest of the drive unrecoverable, however you can format and reinstall. then use his backups to restore it to the previous state without the passwords. he does have backups, right ???
Oh that reminds me of a classmate back in school - he also set all the passwords on one of the first "ideapad" branded laptops Lenovo made. Decent machine but with a nasty firmware bug that caused it to save garbage in the rom instead of a password (hash).
We tried a lot as Lenovo denied his claims and also wanted 1000+€ for a replacement MB. But despite getting an exact copy of Motherboard with some other damage (USB controller was fried) but otherwise booting - we swaped the UEFI chips - but did not help - I assume the chipset and/or the dedicated DRM made the problems
The BIOS and the TPM are "married" to each other. So you would have to replace both and even then there might be some other chip on the board that might foil that plan.
These passwords remain set even when flashing the UEFI/BIOS. I once recovered 5 locked T440's (The BIOS was updated but the hashing algorithm changed lo and behold passwords don't work) using an i2c interface + programmer. Ended up zeroing the entire flash chip and writing a new BIOS to it and the security eeprom. In the process I pretty much ended up reverse engineering much of these BIOS's.
@tonicer But honestly without the hardware and know-how as just an average PC superuser, you are quite screwed.
An alternative involves this level of hardware hackery, but I do not know If it works for the T440, since I no longer have any of those around to test with.
Only do that if the board + chip matches exactly. Anything else send me a PM + Pics and I'll let you know what might be doable. But I cant guarantee always being available.
The T440 i have here is a 20B7S4NV07 Model and it's mainboards Part number is 00HW191.
EDIT: It looks like that mainboard is compatible with the same T440 models as the one that is in it right now. I did a part number search here http://pcsupport.lenovo.com/de/en/partslookup for 00HW191 and 04X4025
perhaps then he should write the passwords down on a sticky note and stick it to the drive side of the hard drive cover or something. an xkcd comes to mind:
