Ever bought a used laptop, only to discover it's locked down tighter than Fort Knox? It's a frustrating experience, especially when you're staring down a BIOS password. While some issues are easily fixed, like clearing the CMOS memory, others are a real headache. Take the case of a former student-issued HP ProBook laptop purchased off Facebook Marketplace, as discovered by [Casey Bralla].
HP, perhaps understanding the ingenuity of students, locks down BIOS access on these laptops by storing the encrypted password and settings in a separate Flash memory. This is where things get tricky. Although a master key is rumored to exist, HP's official solution is to replace the entire system board. Talk about overkill!
There are some recovery options, but they often require answering security questions. This is where [Casey] decided to get creative. He tried brute-force cracking, starting with a promising but ultimately unsuccessful Rust-based project. Then, he turned to the power of AI, tasking the Claude AI to write a Python script for brute-forcing via the Windows-based HP BIOS utility. The AI also generated multiple lists of potential passwords based on human guesses.
The result? After six months of nearly continuous attempts, with each try taking about 9 seconds, the method failed. The laptop remains usable, but without BIOS access. This led [Casey] to consider hardware hacking to erase the UEFI BIOS administrator password, ultimately demonstrating that the BIOS security is quite robust.
But here's where it gets controversial... Is replacing the entire system board the only viable solution? Is this an overreach by HP?
What are your thoughts on this? Share your opinions in the comments below!
