If you need to get this now, go to theonlypcdoctor.com store our new

site for downloads! There also discounts from our regular prices as well.

TheOnlyPCDoctor Store

 

 

Remove BIOS passwords - SONY VAIO

 

In the newer SONY VAIO Notebooks, the BIOS password is no longer stored in the volatile CMOS-area but on an EEPROM.

Jean Delvare has published his results of an analysis of various Sony Vaio EEPROM dumps on his homepage. There you can see that the BIOS password is stored encrypted in the first 7 Bytes of the EEPROM and, if no password is set, these Bytes are 00h. So if you delete the whole chip - like you can do with DELL notebooks - you should get rid of the password.
Unfortunately, this would delete all other informations like e.g. serial number, model name, etc., so that specific Sony-Applications might cause trouble or even don't accept the notebook as a SONY-device.

If you are still able to boot up the notebook, but only can't get into the BIOS setup, you can approach the password the following way:
 

  • download and extract the DOS-version of HWiNFO.

  • copy the program GETSMBUS.EXE from HWiNFO to a FAT(32)-partition on the target computer or on a floppy.

  • boot up a DOS-based operating system, e.g. from a Win98/WinME-Installation-CD.

  • run the program GETSMBUS.EXE.

The file SMBUS57.DAT created by GETSMBUS.EXE contains a complete dump of the EEPROM at address 0x57 - in 99% the SONY VAIO chip. The EEPROM can be read easily through the so-called SMBus. Usually the SMBus is used to query e.g. the RAM-modules for Vendor and Speed-Infos (they have a similar EEPROM). Also temperatures and fan-speeds can be read through the SMBus.

Now you have the encrypted password and only have to decrypt it.
Alternatively, you can desolder the EEPROM (likely of Type 93C46) and read it with an EEPROM-Programmer. Or just overwrite the first 7 Bytes with 00h. But it seems as if the EEPROM is built onto the bottom side of the mainboard and therefore it's hard to reach.

Decrypt the password
If you take a look onto the encrypted Bytes with a Hex-Editor, you'll soon notice that each Byte is an even number. So just divide by 2 and take a look at the character with this ASCII-code. I wrote a small JavaScript to demonstrate it. After entering the 7 Bytes with the encrypted password, it calculates the password in cleartext.
 

Enter 7 Bytes as Hex:

Here is a small Program which is able to parse the file SMBUS57.DAT or even query the SMBus directly. From the obtained data it shows information about the SONY Vaio-notebook - even the password(s). Here is a screen-shot:

By the way: this is an interior view of a SONY VAIO Z1:

(The DIP-switches below the keyboard are probably for setting the used TFT-panel. You can not delete the password with them anyway!)

And this is a naked SONY VAIO V505:


Hit Counter 

All trademarks and copyrights on the CD's are owned by their respective companies.

Questions or problems regarding this web site should be directed to [online form].
Copyright © 2002-2009 [PC Doctor]. All rights reserved.
Last modified: 07/08/10.

__________________


Get cash back on all your eBay purchases!

Click Here to Visit!