Then talk about the CMOS password-vulnerability warning-the black bar safety net

For the CMOS is concerned, I believe we already no longer unfamiliar. But it is the CMOS password, I want to really understand the person it is not too much, so we did some experiments to study a bit. Previously there have been a lot of people discussed, but I think there’s still talk of the necessary, here’s the appropriate part of the come up to, to satisfy you.
Talking about passwords before, or first talk about what is CMOS(herein the statement of the CMOS are for the Award concerned). CMOS actually is stored in the computer’s system clock and hardware configuration aspects of some of the information for the system boot time to read; at the same time to initialize the computer of the various parts of the state, a total of 1 2 8 bytes, stored in the RAM chip.

Well, first look at an example used to explain the CMOS of some structure, the following 1 2 8 bytes is my CMOS content:
00000000H 3 0 0 0 FF 0 0 3 9 0 0 FF 0 0 1 2 0 0 FF 0 0 0 1 0 0 1 8 0 0
Seconds seconds Alarm minutes Alarm hours Alarm week date
00000010H 1 1 0 0 9 8 0 0 2 6 0 0 0 2 0 0 7 0 0 0 8 0 0 0 0 0 0 0 0 0 0 0
Month year register A register B register C register D diagnostic under power
00000020H 4 0 0 0 7E 0 0 F0 0 0 0 3 0 0 0F 0 0 8 0 0 0 0 2 0 0 0 0 0 0
Floppy drive password for the domain hard drive unknown device fundamental memory expansion
00000030H 7C 0 0 2E 0 0 0 0 0 0 7F 0 0 1 5 0 0 8 6 0 0 0 0 0 0 0 0 0 0
Memory hard drive type unknown cipher data bit is unknown
00000040H 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 E2 0 0 2 2 0 0
Unknown
00000050H 0F 0 0 FF 0 0 FF 0 0 E1 0 0 2 2 0 0 3F 0 0 0 8 0 0 5 9 0 0
Unknown
00000060H 0 0 0 0 7C 0 0 1 9 0 0 8 0 0 0 FF 0 0 FF 0 0 FF 0 0 FF 0 0
Unknown century, value unknown
00000070H 7D 0 0 8 1 0 0 AA 0 0 0F 0 0 3 9 0 0 9B 0 0 E8 0 0 1 9 0 0
Unknown

The contents of the above reference to the other information, so may not be entirely correct, however 38H-3AH password data is inverted to be sure, so the next will cut to the chase and talk about the CMOS password, since I can find are for Award BIOS, so the following conclusions are for the Award of CMOS, and in the following boards and the corresponding BIOS on the verify pass. This article about the value of 1 6 into the system
Motherboard name and model number BIOS version BIOS date
Aopen(built)AP58 R1. 50c 1998-07-13
Aopen(built)AX5T R1. 8 0 1998-07-30
EPoX(pan UK)MVP3E unknown 1998-08-03
EPoX(pan UK)P2-112A unknown 1998-09-16
FIC(VW)PA-2 0 0 7 v1. 0A 1997-06-25
In 38H-3BH these four bytes, since 39H and 3BH this two byte always 00H, so it is skipped, then the CMOS password of the key will focus to the 38H and 3AH these two bytes. First introduced a little Award of the password rules, the Award allows one bit to eight-digit password, each character of the range from 20H-7FH, that is, by spaces to ASCII code 1 2 7 Number. Surely everyone has found out, the eight characters to be placed into the two bytes goes, does not seem to compress it is not. Indeed, the Award is to be compressed, but not an ordinary compression method, I want to Award another encrypted idea, because in the CMOS the hollow bit also a lot, you want to put eight bytes seems to be no problem, but so bare of the password is even more useless. The usual compression methods presence or absence of lossless compression, such as zip,arj, etc., or is a lossy compression, like mpeg,jpeg, etc. But for so few bytes, these methods nothing comes in, and compressed something that should be reduced, otherwise the pressure to pressure to go on no meaning. But the Award approach is different, he is not only a super-lossy compression, but this compression is not restored, the following will give his encryption compression methods the following value, the calculation are based on the 1 6 hexadecimal: the
If there is a password, eight bits, referred to as: ABCDEFGH each bit in the range of 20H-7FH, which according to the following formula calculation: H+4G+1 0F+4 0E+1 0 0D+4 0 0C+1 0 0 0B+4 0 0 0A, The results from low to high Save to: H1,H2,H3, byte, and then the H2 is saved to the address: 3AH, H1 and H3 and saved to a 38H. If the password is inadequate in eight-bit, and so on. The following give an example:
My password is: rvte, the ASCII code is: 72H, a 2AH, the 76H, AND 74H, a 65H, according to the formula calculation: 7 21 0 0+2A4 0+7 61 0+7 44+6 5=8 6 1 5，thus H1=00H, H2=86H, H3=15H, so 3AH value 86H, the 38H value for 15H.
It seems the password it’s that simple, every time you enter the password, the BIOS will calculate, and then with CMOS values in a comparison, if the same release, otherwise free to talk. The process is such, but still some problems to be described, the first to calculate the see, two bytes can Express the password can have how many: 1 6 4=6 5 5 3 6 species, and eight-digit password, each and every with 9 6, You can represent password: 9 6 8≈7.2×1 0 1 5 species, so in theory, every password, all you can find about 1 0 1 1 so more can play the same role password. But the fact is not everyone is the eighth bit of the password, perhaps not much larger so scary, but also pretty much, as I the password, the light and the he same features the five-digit password would have twenty-five thousand, six bits, seven bits, eight bits, the number is unknown, because never put he finished, far too long, the power consumption can not afford. So I casually put our research to use that little program attached, you can search for Award CMOS password, you can also calculate and see.
CMOS password talk is about it, also the stop of the pen. However, in order to reduce everyone’s questions, and then talk a few words. Now the BIOS are more advanced, in the CMOS settings, most had User and SuperVisor password set up, I discussed here the address for the User, as the SuperVisor, 自各儿 study it, because the password to this thing, that’s too bright, everyone is bored, for not. Well, stop there.