cmospwd-5.0/0000755000175000017500000000000010707560445013202 5ustar lfaraonelfaraonecmospwd-5.0/COPYING0000644000175000017500000004310310444354236014233 0ustar lfaraonelfaraone GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Lesser General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. cmospwd-5.0/src/0000755000175000017500000000000011342530246013761 5ustar lfaraonelfaraonecmospwd-5.0/src/ioperm-0.4-patched/0000755000175000017500000000000010175533401017160 5ustar lfaraonelfaraonecmospwd-5.0/src/ioperm-0.4-patched/admin/0000755000175000017500000000000010175533006020251 5ustar lfaraonelfaraonecmospwd-5.0/src/ioperm-0.4-patched/admin/uninstall.c0000644000175000017500000000433010175532623022432 0ustar lfaraonelfaraone/* * $Id: uninstall.c,v 1.3 2003/01/23 15:16:35 telka Exp $ * * Copyright (C) 2002 ETC s.r.o. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA * 02111-1307, USA. * * Written by Marcel Telka , 2002. * */ #include #include void start( int, const char * ); void err( int, const char * ); void ok( int ); int uninstall( int verb ) { SC_HANDLE scm; SC_HANDLE svc; SERVICE_STATUS stat; if (verb) printf( "Uninstalling ioperm.sys...\n" ); start( verb, "OpenSCManager" ); scm = OpenSCManager( NULL, NULL, SC_MANAGER_ALL_ACCESS ); if (scm == NULL) { err( verb, "OpenSCManager" ); return 0; } ok( verb ); start( verb, "OpenService" ); svc = OpenService( scm, TEXT("ioperm"), SERVICE_ALL_ACCESS ); if (svc == NULL) { if (GetLastError() != ERROR_SERVICE_DOES_NOT_EXIST) err( verb, "OpenService" ); else { if (verb) printf( "failed\n" ); printf( "ioperm.sys is not installed.\n" ); CloseServiceHandle( scm ); return 1; } CloseServiceHandle( scm ); return 0; } ok( verb ); start( verb, "DeleteService" ); if (!DeleteService( svc )) { err( verb, "DeleteService" ); CloseServiceHandle( svc ); CloseServiceHandle( scm ); return 0; } ok( verb ); start( verb, "ControlService" ); if (!ControlService( svc, SERVICE_CONTROL_STOP, &stat )) { if (GetLastError() != ERROR_SERVICE_NOT_ACTIVE) err( verb, "ControlService" ); else { if (verb) printf( "failed\n" ); printf( "ioperm.sys is not running.\n" ); } } else ok( verb ); CloseServiceHandle( svc ); CloseServiceHandle( scm ); return 1; } cmospwd-5.0/src/ioperm-0.4-patched/admin/ioperm.c0000644000175000017500000001016510175532623021717 0ustar lfaraonelfaraone/* * $Id: ioperm.c,v 1.4 2003/01/23 15:16:35 telka Exp $ * * Copyright (C) 2002 ETC s.r.o. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA * 02111-1307, USA. * * Written by Marcel Telka , 2002. * */ #include #ifdef __CYGWIN__ #define HAVE_POPT_H 1 #endif #ifdef HAVE_POPT_H #include #endif #ifndef PACKAGE #define PACKAGE "ioperm" #endif #ifndef PACKAGE_STRING #define PACKAGE_STRING "ioperm 0.4 modified by C.Grenier" #endif #include int install( int ); int uninstall( int ); int main( int argc, const char **argv ) { int i = 0; int u = 0; int v = 0; int verb = 0; OSVERSIONINFO version; #ifdef HAVE_POPT_H poptContext popt_context; int rc; #endif #ifdef HAVE_POPT_H struct poptOption options_table[] = { { "install", 'i', POPT_ARG_NONE, &i, 0, "Install ioperm.sys driver", NULL }, { "uninstall", 'u', POPT_ARG_NONE, &u, 0, "Uninstall ioperm.sys driver", NULL }, { "version", 'V', POPT_ARG_NONE, &v, 0, "Output version information and exit", NULL }, { "verbose", 'v', POPT_ARG_NONE, &verb, 0, "Verbose output", NULL }, POPT_AUTOHELP POPT_TABLEEND }; popt_context = poptGetContext( NULL, argc, argv, options_table, 0 ); poptSetOtherOptionHelp( popt_context, "[--help] [-V] [-v] [-i|-u]" ); rc = poptGetNextOpt( popt_context ); if (rc != -1) { poptPrintUsage( popt_context, stderr, 0 ); poptFreeContext( popt_context ); return -1; } #else { int j; for(j=0;j, 2002. * */ #include #include #ifdef __CYGWIN__ #include #endif #ifdef __MINGW32__ #include #endif void start( int verb, const char *fnc ) { if (verb) printf( "%-20s", fnc ); } void err( int verb, const char *fnc ) { if (verb) printf( "failed\n" ); else fprintf( stderr, "%s function call failed.\n", fnc ); } void ok( int verb ) { if (verb) printf( "ok\n" ); } int install( int verb ) { SC_HANDLE scm; SC_HANDLE svc; char drv_path[MAX_PATH]; if (verb) printf( "Installing ioperm.sys...\n" ); start( verb, "OpenSCManager" ); scm = OpenSCManager( NULL, NULL, SC_MANAGER_ALL_ACCESS ); if (scm == NULL) { err( verb, "OpenSCManager" ); return 0; } ok( verb ); #ifdef __CYGWIN__ cygwin_conv_to_full_win32_path( PREFIX "/bin/ioperm.sys", drv_path ); if(access(drv_path,F_OK)!=0) #endif { /* cygwin is not installed */ if(getcwd(drv_path,sizeof(drv_path))==NULL) { return 0; } strcat(drv_path,"/ioperm.sys"); } start( verb, "CreateService" ); svc = CreateService( scm, TEXT("ioperm"), TEXT("ioperm support for Cygwin driver"), SERVICE_ALL_ACCESS, SERVICE_KERNEL_DRIVER, SERVICE_AUTO_START, SERVICE_ERROR_NORMAL, drv_path, NULL, NULL, NULL, NULL, NULL ); if (svc == NULL) { if (GetLastError() != ERROR_SERVICE_EXISTS) err( verb, "CreateService" ); else { if (verb) printf( "failed\n" ); printf( "ioperm.sys is already installed.\n" ); start( verb, "OpenService" ); svc = OpenService( scm, TEXT("ioperm"), SERVICE_ALL_ACCESS ); if (!svc) err( verb, "OpenService" ); } if (svc == NULL) { CloseServiceHandle( scm ); return 0; } } ok( verb ); start( verb, "StartService" ); if (!StartService( svc, 0, NULL )) { if (GetLastError() != ERROR_SERVICE_ALREADY_RUNNING) err( verb, "StartService" ); else { if (verb) printf( "failed\n" ); printf( "ioperm.sys is already running.\n" ); } } else ok( verb ); CloseServiceHandle( svc ); CloseServiceHandle( scm ); return 1; } cmospwd-5.0/src/ioperm-0.4-patched/README0000644000175000017500000000156610175533401020050 0ustar lfaraonelfaraoneioperm support for Windows ========================= This software adds support for ioperm()/iopl() functions to Cygwin. ioperm package is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. There is absolutely no warranty for ioperm. Please read COPYING file for more info. Warning: Current release of this software may decrease your system security on Windows NT/2000/XP because enables access to system I/O ports for all processes, including non-privileged. If you are not sure, please do not use it on Windows NT/2000/XP. Download -------- Source tarball is available from ioperm homepage: http://openwince.sourceforge.net/ioperm/ CmosPwd -------- CmosPwd is shipped with a modified version of ioperm for cygwin and mingw32. Patched files can be found in the admin subdirectory. cmospwd-5.0/src/cmospwd.c0000644000175000017500000015004310707555165015617 0ustar lfaraonelfaraone/* File: cmospwd.c Copyright (C) 1998-2006 Christophe GRENIER http://www.cgsecurity.org This software is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. Thanks to Bluefish for BSD support NetBSD support by Einar Karttunen Compile with -li386 on NetBSD, e.g. "make cmospwd LDFLAGS=-li386" CYGWIN32: gcc -o cmospwd_win.exe cmospwd.c -O2 -Wall -lioperm MINGW32: gcc -o cmospwd_win.exe cmospwd.c -O2 -Wall */ #include #include #include #include #ifdef __CYGWIN32__ #define HAVE_CTYPE_H 1 #define HAVE_SYS_IO_H 1 #endif #ifdef __FreeBSD__ #define HAVE_CTYPE_H 1 #endif #ifdef __linux__ #define HAVE_CTYPE_H 1 #define HAVE_SYS_IO_H 1 #endif #ifdef __MSDOS__ #define HAVE_CONIO_H 1 #define HAVE_CTYPE_H 1 #define HAVE_DOS_H 1 #endif #if defined(__NetBSD__) #define HAVE_SYS_TYPES_H 1 #define HAVE_MACHINE_SYSARCH_H 1 #endif #ifdef WIN32 #define HAVE_CONIO_H 1 #define HAVE_WINDOWS_H 1 #endif #ifdef __MINGW32__ #define HAVE_CTYPE_H 1 #define HAVE_WINDOWS_H 1 #define HAVE_WINIOCTL_H 1 #define HAVE_ERRNO_H 1 #endif #ifdef HAVE_CONIO_H #include #endif #ifdef HAVE_CTYPE_H #include /* Usefull for toupper */ #endif #ifdef HAVE_DOS_H #include #endif #ifdef HAVE_ERRNO_H #include #endif #ifdef HAVE_WINDOWS_H #include #endif #ifdef HAVE_SYS_IO_H #include #endif #ifdef HAVE_SYS_TYPES_H #include #endif #ifdef HAVE_MACHINE_SYSARCH_H #include #endif #ifdef HAVE_WINIOCTL_H #include #endif #ifdef __MINGW32__ #define IOCTL_IOPERM CTL_CODE( FILE_DEVICE_UNKNOWN, 0xA00, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define IOCTL_IOPL CTL_CODE( FILE_DEVICE_UNKNOWN, 0xA01, METHOD_BUFFERED, FILE_ANY_ACCESS ) struct ioperm_data { unsigned long from; unsigned long num; int turn_on; }; struct iopl_data { int value; }; int ioperm( unsigned long from, unsigned long num, int turn_on ) { HANDLE h; struct ioperm_data ioperm_data; DWORD BytesReturned; BOOL r; h = CreateFile( "\\\\.\\ioperm", GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL ); if (h == INVALID_HANDLE_VALUE) { errno = ENODEV; return -1; } ioperm_data.from = from; ioperm_data.num = num; ioperm_data.turn_on = turn_on; r = DeviceIoControl( h, IOCTL_IOPERM, &ioperm_data, sizeof ioperm_data, NULL, 0, &BytesReturned, NULL ); if (!r) errno = EPERM; CloseHandle( h ); return r ? 0 : -1; } #endif #if defined(WIN32) && !defined(__MINGW32__) #define outportb(PORT,VALUE) outp(PORT,VALUE) #define inportb(PORT) inp(PORT) // // Macro definition for defining IOCTL and FSCTL function control codes. Note // that function codes 0-2047 are reserved for Microsoft Corporation, and // 2048-4095 are reserved for customers. // #define CTL_CODE( DeviceType, Function, Method, Access ) ( \ ((DeviceType) << 16) | ((Access) << 14) | ((Function) << 2) | (Method) \ ) #define METHOD_BUFFERED 0 #define FILE_ANY_ACCESS 0 #define DEVICE_NAME_STRING L"gwiopm" #define IOPM_VERSION 110 // decimal #define IOPM_TEST0 0x0123 #define IOPM_TEST1 0x1234 #define IOPM_TEST2 0x2345 // Device type -- in the "User Defined" range." #define IOPMD_TYPE 0xF100 // used several places // The IOCTL function codes from 0x800 to 0xFFF are for non-Microsoft use. // LIOPM means "local I/O Permission Map" maintained by this driver. //-------------------------- // Test functions #define IOCTL_IOPMD_READ_TEST CTL_CODE(IOPMD_TYPE, 0x900, METHOD_BUFFERED, FILE_ANY_ACCESS ) // returns IOPM_TEST #define IOCTL_IOPMD_READ_VERSION CTL_CODE(IOPMD_TYPE, 0x901, METHOD_BUFFERED, FILE_ANY_ACCESS ) // returns IOPM_VERSION // Manipulate local IOPM #define IOCTL_IOPMD_CLEAR_LIOPM CTL_CODE(IOPMD_TYPE, 0x910, METHOD_BUFFERED, FILE_ANY_ACCESS ) // set map to block perm on all I/O addresses #define IOCTL_IOPMD_SET_LIOPM CTL_CODE(IOPMD_TYPE, 0x911, METHOD_BUFFERED, FILE_ANY_ACCESS ) // set a uint8_t (8 ports-worth) in LIOPM #define IOCTL_IOPMD_GET_LIOPMB CTL_CODE(IOPMD_TYPE, 0x912, METHOD_BUFFERED, FILE_ANY_ACCESS ) // get a uint8_t from LIOPM (diagnostic) #define IOCTL_IOPMD_GET_LIOPMA CTL_CODE(IOPMD_TYPE, 0x913, METHOD_BUFFERED, FILE_ANY_ACCESS ) // get entire array of current LIOPM // Interact with kernel #define IOCTL_IOPMD_ACTIVATE_KIOPM CTL_CODE(IOPMD_TYPE, 0x920, METHOD_BUFFERED, FILE_ANY_ACCESS ) // copy LIOPM to be active map #define IOCTL_IOPMD_DEACTIVATE_KIOPM CTL_CODE(IOPMD_TYPE, 0x921, METHOD_BUFFERED, FILE_ANY_ACCESS ) // tell NT to forget map #define IOCTL_IOPMD_QUERY_KIOPM CTL_CODE(IOPMD_TYPE, 0x922, METHOD_BUFFERED, FILE_ANY_ACCESS ) // get OS's IOPM into LIOPM? #define GWIOPM_PARAMCOUNT 3 // for most functions #define GWIOPM_PARAMCOUNT_BYTES GWIOPM_PARAMCOUNT * 4 // for most functions #elif defined(__FreeBSD__) FILE *cmos_fd; #endif #define TAILLE_CMOS 4*0x80 #define TAILLE_CMOS_MAX 4096 #define TAILLE_BUFFER 2*0x200+TAILLE_CMOS_MAX #define MINLEN_CRC 6 /* port i/o privileges & co. */ #define IO_READ 1 #define IO_WRITE 2 #define IO_RDWR (IO_READ | IO_WRITE) #define PORT_CMOS_0 0x70 #define PORT_CMOS_1 0x71 #define PORT_CMOS_2 0x72 #define PORT_CMOS_3 0x73 #define PORT_CMOS_4 0x74 #define PORT_CMOS_5 0x75 #define PORT_CMOS_6 0x76 #define PORT_CMOS_7 0x77 #define UNKNOWN_CAR '?' #define VAL_NON_STOP 256 #define VAL_STOP 257 #define VAL_UNK 258 int get32(int position, const uint8_t *data_src); void aff_hexa(const unsigned char*buffer,const unsigned int lng); void aff_result(const unsigned int *src, const unsigned int lng); void table2val(unsigned int*dst, const uint8_t *src, const unsigned int lng, const unsigned int *table); int check_crcadd(int position, int size, int pos_crc); int check_filled(const unsigned int*value, const unsigned int lng, const unsigned int filled_value); void award_backdoor(void); void generic_acer(unsigned int *dst, const unsigned int lng); int generic_ami(unsigned int *data, const unsigned int lng, const int methode); void generic_award6(unsigned int *value, const unsigned int lng); void generic_basic(const unsigned int offset, const unsigned int lng, const int algo,const unsigned int val_stop,const int mode_aff, const uint8_t *data_src); void generic_compaq(unsigned int *value, const unsigned int lng); void generic_crc(int algo, int position, const uint8_t *data_src); void generic_dtk(unsigned int*value, const unsigned int lng); void generic_packard(unsigned int *value, const unsigned int lng); void generic_phoenix_add(unsigned int *value, const unsigned int lng); void generic_phoenix_dec(unsigned int *value, const unsigned int lng); void generic_phoenix_xor(unsigned int *value, const unsigned int lng); void generic_unknown(unsigned int*value, const unsigned int lng); void generic_table(unsigned int *value, const unsigned int lng, const int algo,const unsigned int val_stop,const int mode_aff); void convert_scancode2ascii(unsigned int*dst, const unsigned int lng); uint8_t scan2ascii(uint8_t); unsigned char filtre(unsigned char); void dumpcmos(const int cmos_size, const int scancode); int ask_YN(const char*); uint8_t parity_test(uint8_t val); uint16_t rol(uint16_t); uint8_t rcl8(uint8_t); uint8_t rcl8n(uint8_t, unsigned int); uint8_t brute_awa(uint16_t, uint16_t, uint8_t); uint8_t brute_award(uint16_t); void set_permissions(void); void unset_permissions(void); uint16_t do_tosh(uint16_t, uint8_t); uint8_t brute_tosh(uint16_t, uint16_t, uint8_t); uint8_t brute_toshiba(uint16_t); void keyb_mem(); #define m_acer "\nAcer/IBM " #define m_ami_old "\nAMI BIOS " #define m_ami_winbios "\nAMI WinBIOS (12/15/93) " #define m_ami_winbios25 "\nAMI WinBIOS 2.5 " #define m_ami_unk "\nAMI ? " #define m_award "\nAward 4.5x/6.0 " #define m_award_medallion "\nAward Medallion 6.0 " #define m_award6 "\nAward 6.0 " #define m_compaq "\nCompaq (1992) " #define m_compaq2 "\nCompaq " #define m_compaq_deskpro "\nCompaq DeskPro " #define m_dtk "\nDTK " #define m_ibm "\nIBM (PS/2, Activa ...) " #define m_ibm_thinkpad "\nIBM Thinkpad boot pwd " #define m_ibm_300 "\nIBM 300 GL " #define m_ibm_thinkpad_765_380z "\nThinkpad 765/380z EEPROM " #define m_ibm_thinkpad_560x "\nThinkpad 560x EEPROM " #define m_ibm_thinkpad_x20_570_t20 "\nThinkpad x20/570/t20 EEPROM " #define m_packardbell "\nPackard Bell Supervisor/User " #define m_phoenixa08 "\nPhoenix A08, 1993 " #define m_phoenix "\nPhoenix 1.00.09.AC0 (1994) " #define m_phoenix_1_03 "\nPhoenix a486 1.03 " #define m_phoenix_1_04 "\nPhoenix 1.04 " #define m_phoenix_1_10 "\nPhoenix 1.10 A03 " #define m_phoenix4 "\nPhoenix 4 release 6 (User) " #define m_phoenix_40_r_60 "\nPhoenix 4.0 release 6.0 " #define m_phoenix405 "\nPhoenix 4.05 rev 1.02.943 " #define m_phoenix406 "\nPhoenix 4.06 rev 1.13.1107 " #define m_gateway_ph "\nGateway Solo Phoenix 4.0 r6 " #define m_toshiba "\nToshiba " #define m_zenith_ami "\nZenith AMI Supervisor/User " #define m_samsung_P25 "\nSamsung P25 " #define m_Sony_Vaio "\nSony Vaio EEPROM " #define m_Keyb_Mem "\nKeyboard BIOS memory " void acer(void); void ami_old(void); void ami_winbios(void); void ami_winbios2(void); void ami_unk(void); void award(void); void award_medallion(void); void award6(void); void compaq(void); void compaq2(void); void compaq_deskpro(void); void dtk(void); void phoenixa08(void); void ibm(void); void ibm_thinkpad(void); void ibm_thinkpad2(void); void ibm_300(void); void packardbell(void); void phoenix(void); void phoenix_1_04(void); void phoenix_1_10(void); void phoenix4(void); void phoenix_40_r_60(void); void phoenix_1_03(void); void phoenix405(void); void phoenix406(void); void gateway_ph(void); void toshiba(void); void zenith_ami(void); void samsung(void); void sony_vaio(void); void keyb_mem(void); void (*tbl_func[])(void)={acer, ami_old,ami_winbios,ami_winbios2,ami_unk, award, award_medallion, award6, compaq,compaq_deskpro,compaq2, dtk, ibm,ibm_thinkpad,ibm_thinkpad2,ibm_300, packardbell, phoenix,phoenix_1_03,phoenix_1_04,phoenix_1_10,phoenix4,phoenix_40_r_60,phoenix405,phoenix406, phoenixa08, gateway_ph, samsung, sony_vaio, toshiba, zenith_ami, keyb_mem}; #define nbr_func sizeof(tbl_func)/sizeof(*tbl_func) int kill_cmos(const int cmos_size); int load_cmos(const int cmos_size); int restore_cmos(const int cmos_size,const int choix); int load_backup(const char*); int save_backup(const int cmos_size, const char* name); unsigned int get_table_pb(unsigned int val); typedef struct s_cmos_f t_cmos_f; typedef struct s_cmos_l t_cmos_l; typedef struct s_cmos t_cmos; struct s_cmos_f { int scancode; int position; int size; int order; }; struct s_cmos_l { int type; char* info; t_cmos_l *next; }; struct s_cmos { char *name; t_cmos_l *first; }; #if defined(__linux__)||defined(__FreeBSD__)||defined(__NetBSD__)||defined(__CYGWIN32__)||defined(__MINGW32__) static __inline__ void outportb(uint16_t port,uint8_t value) { __asm__ volatile ("outb %0,%1" ::"a" ((char) value), "d"((uint16_t) port)); } static __inline__ uint8_t inportb(uint16_t port) { uint8_t _v; __asm__ volatile ("inb %1,%0" :"=a" (_v):"d"((uint16_t) port)); return _v; } #endif enum {KEYB_US,KEYB_FR, KEYB_DE}; int keyb=KEYB_US; uint8_t cmos[TAILLE_CMOS_MAX]; int get32(int position, const uint8_t *data_src) { return ((data_src[position+1] <<8) | data_src[position]); } /* CONVERTION ET FILTRAGE */ uint8_t scan2ascii(uint8_t car) { static const uint8_t tbl_fr[255]= { ' ',' ','1','2','3','4','5','6', '7','8','9','0',')','=',' ',' ', 'A','Z','E','R','T','Y','U','I', /* 10 */ 'O','P',' ','$',' ',' ','Q','S', /* 18 */ 'D','F','G','H','J','K','L','M', /* 20 */ '%','ý',' ','*','W','X','C','V', 'B','N',',',';',':','/',' ','*', /* 30 */ ' ',' ',' ','f','f','f','f','f', /* F1 a F10 */ 'f','f','f','f','f',' ',' ','7', /* 40 */ '8','9','-','4','5','6','+','1', '2','3','0','.',' ',' ','>',' '}; /* 50 */ static const uint8_t tbl_de[255]= { ' ',' ','1','2','3','4','5','6', '7','8','9','0','-','=',' ',' ', 'Q','W','E','R','T','Z','U','I', /* 10 */ 'O','P',' ','$',' ',' ','A','S', /* 18 */ 'D','F','G','H','J','K','L',';', /* 20 */ 'ù','`',' ','*','Y','X','C','V', 'B','N','M',',','.','/','"','*', /* 30 */ ' ',' ',' ','f','f','f','f','f', /* F1 a F10 */ 'f','f','f','f','f',' ',' ','7', /* 40 */ '8','9','-','4','5','6','+','1', '2','3','0','.',' ',' ','>',' '}; /* 50 */ static const uint8_t tbl_us[255]= { ' ',' ','1','2','3','4','5','6', '7','8','9','0','-','=',' ',' ', 'Q','W','E','R','T','Y','U','I', /* 10 */ 'O','P',' ','$',' ',' ','A','S', /* 18 */ 'D','F','G','H','J','K','L',';', /* 20 */ 'ù','`',' ','*','Z','X','C','V', 'B','N','M',',','.','/','"','*', /* 30 */ ' ',' ',' ','f','f','f','f','f', /* F1 a F10 */ 'f','f','f','f','f',' ',' ','7', /* 40 */ '8','9','-','4','5','6','+','1', '2','3','0','.',' ',' ','>',' '}; /* 50 */ /* start */ if (car<0x58) { switch(keyb) { case KEYB_FR: return tbl_fr[car]; case KEYB_DE: return tbl_de[car]; case KEYB_US: default: return tbl_us[car]; } } return ' '; } unsigned char filtre(unsigned char lettre) { if ((lettre>=32) && (lettre <=125)) return lettre; else switch(lettre) { case(131): case(132): case(133): case(134): case(160): return 'a'; case(130): case(136): case(137): case(138): return 'e'; case(139): case(140): case(141): case(161): return 'i'; case(164): return 'n'; case(147): case(148): case(149): case(162): return 'o'; case(150): case(151): case(163): return 'u'; case(152): return 'y'; case(142): case(143): return 'A'; case(144): return 'E'; case(165): return 'N'; case(153): return 'O'; case(154): return 'U'; default: return ' '; } } unsigned int get_table_pb(unsigned int val) { switch(val) { case 0xE7: case 0x3F: return 'B'; case 0xA3: return 'C'; case 0xFB: return 'D'; case 0xBD: return 'E'; case 0xF6: return 'F'; case 0x77: return 'G'; case 0xB9: return 'H'; case 0xCF: return 'O'; case 0xD7: return 'T'; } return VAL_UNK; } void dump(const void *data_original, const unsigned int*data_processed,unsigned int lng) { unsigned int i,j; unsigned int nbr_line; unsigned char car; nbr_line=(lng+0x10-1)/0x10; for (i=0; (i>=1; } return res; } uint8_t rcl8(uint8_t num) { return (num<<1)|(num >> 7); } uint8_t rcl8n(uint8_t num, unsigned int n) { unsigned int i; uint8_t res=num; for(i=0;i> 14); } /* Fonctions generiques */ /* * pos_ini, size, meth_parcourt(COPIE, COPIE2) * => table * => table_de_valeur * => pre-verif * => decryptage * => post-verif * => affichage direct ou apres conversion scan2ascii * * methode_CRC * pos_ini * => valeur * => brute force * */ enum { ALGO_AMI_F0, ALGO_AMI, ALGO_AMI_80, ALGO_UNKNOW, ALGO_AWARD, ALGO_AWARD6, ALGO_TOSHIBA, ALGO_ACER, ALGO_PACKARD,ALGO_NONE,ALGO_PHOENIX_DEC,ALGO_PHOENIX_XOR,ALGO_PHOENIX_ADD,ALGO_DTK,ALGO_COMPAQ}; enum { AFF_SCAN,AFF_ASCII}; void table2val(unsigned int*dst, const uint8_t *src, const unsigned int lng, const unsigned int *table) { int i; for(i=0;i255) dst[pos-1]=UNKNOWN_CAR; else dst[pos-1]=i; dst[pos]=VAL_STOP; } return 0; } void generic_acer(unsigned int *dst, const unsigned int lng) { int i; for(i=0;(i>1; /* ibm_1 */ } /* shr al,1 D0 E8 * cmp al,[bx+si] 3A 00 */ } void generic_award6(unsigned int *dst, const unsigned int lng) { int i; for(i=0;(i> 2; break; case 1: b=(value[(i/4)*3] << 4) + (value[(i/4)*3+1]>>4); break; case 2: b=((value[(i/4)*3+1] << 2) & 0x3C) + (value[(i/4)*3+2] >> 6); break; default: b=value[(i/4)*3+2]; break; } b=b&0x3F; if(b==0) break; if(b<=10) value2[i]=b-1+'0'; else value2[i]=b-1+'A'; } for(i=0;i=0;i--) printf("%c", awa_res[i]); printf("]"); #endif return res; } /* Brute force Toshiba */ uint16_t do_tosh(uint16_t valcrc, uint8_t car) { register uint8_t ah,al,dh,dl; al=(uint8_t)valcrc; ah=valcrc>>8; ah^=car; /* xor ah,[bx] */ dl=ah; /* mov dl,ah */ dl<<=4; /* shl dl,4 C0 E2 04 */ ah^=dl; /* xor ah,dl 32 E2 */ dl=ah; /* mov dl,ah 8A D4 */ dl>>=5; /* shl dl,5 */ dl^=ah; /* xor dl,ah */ dh=ah; ah<<=3; ah^=al; dh>>=4; ah^=dh; al=dl; return (ah<<8)|al; } int tosh_pos; char tosh_res[11]; uint8_t brute_tosh(uint16_t but, uint16_t valcrc, uint8_t lng) { unsigned int p; static uint8_t const tbl_car[]={0x10,0x11,0x12,0x13,0x14,0x20}; if (lng==0) { if(valcrc==0) valcrc++; return (but==valcrc); } else { for (p=0;p=0;i--) putchar(scan2ascii(tosh_res[i])); putchar(']'); } else printf("\nEchec"); return res; } void acer() /* ACER */ { printf(m_acer); generic_basic(0x27, 7, ALGO_ACER,0,AFF_SCAN,cmos); generic_basic(0x100, 7, ALGO_ACER, 0,AFF_ASCII,cmos); } void ami_old() /* AMI */ { printf(m_ami_old); generic_basic(0x37, 1+6, ALGO_AMI_F0,0,AFF_ASCII,cmos); } void ami_winbios() { printf(m_ami_winbios); generic_basic(0x37, 1+6, ALGO_AMI,0,AFF_SCAN,cmos); } void ami_winbios2() { printf(m_ami_winbios25); generic_basic(0x37, 1+6, ALGO_AMI_80,0,AFF_SCAN,cmos); generic_basic(0x4B, 1+6, ALGO_AMI_80,0,AFF_SCAN,cmos); /* setup, Added by Tompa Lorand, 01-apr-2003 */ generic_basic(0x5f, 1+6, ALGO_AMI_80,0,AFF_SCAN,cmos); /* AMI Bios (1985-2003) version 2.54 */ generic_basic(0x60, 1+6, ALGO_AMI_80,0,AFF_SCAN,cmos); } void ami_unk() { /* Philippe Biondi */ printf(m_ami_unk); generic_basic(0x4d, 1+7, ALGO_AMI_80,0,AFF_SCAN,cmos); generic_basic(0x54, 1+7, ALGO_AMI_80,0,AFF_SCAN,cmos); /* Rajabaz */ generic_basic(0x4c, 1+7, ALGO_AMI_80,0,AFF_SCAN,cmos); generic_basic(0x53, 1+7, ALGO_AMI_80,0,AFF_SCAN,cmos); /* Bidouilleurs LBCU */ generic_basic(0x50, 1+7, ALGO_AMI_80,0,AFF_SCAN,cmos); } void samsung() { printf(m_samsung_P25); generic_basic(0xE3,7,ALGO_NONE,0,AFF_SCAN,cmos); generic_basic(0xF0,7,ALGO_NONE,0,AFF_SCAN,cmos); generic_basic(0xF8,7,ALGO_NONE,0,AFF_SCAN,cmos); } void sony_vaio() { printf(m_Sony_Vaio); generic_basic(0x00,7,ALGO_ACER,0,AFF_ASCII,cmos); putchar(' '); generic_basic(0x07,7,ALGO_ACER,0,AFF_ASCII,cmos); #ifdef __linux__ { FILE *fb; unsigned char eeprom[14]; fb=fopen("/sys/bus/i2c/devices/0-0057/eeprom","r"); if(!fb) return ; fread(&eeprom,1,14,fb); fclose(fb); putchar(' '); generic_basic(0x00,7,ALGO_ACER,0,AFF_ASCII,eeprom); putchar(' '); generic_basic(0x07,7,ALGO_ACER,0,AFF_ASCII,eeprom); } #endif } /* AMI @art.fr CRC+Crypted adm pwd at 38-3F, filled with 00 * user pwd at 0x40-47 */ void zenith_ami() { printf(m_zenith_ami); generic_basic(0x38+1, 7, ALGO_UNKNOW,0,AFF_ASCII,cmos); putchar(' '); generic_basic(0x40+1, 7, ALGO_UNKNOW,0,AFF_ASCII,cmos); } /* AWARD */ void award() { printf(m_award); generic_crc(ALGO_AWARD,0x1C,cmos); generic_crc(ALGO_AWARD,0x60,cmos); generic_crc(ALGO_AWARD,0x4D,cmos); printf(m_award); generic_crc(ALGO_AWARD,0x63,cmos); generic_crc(ALGO_AWARD,0x64,cmos); /* jedi_ukgateway_net */ generic_crc(ALGO_AWARD,0x5D,cmos); /* Setup YOGESH M */ generic_crc(ALGO_AWARD,0x3E,cmos); /* User slug(at)navigator.lv */ } void award_medallion() { /* Pencho Penchev Hewllett Packard Brio system */ printf(m_award_medallion); generic_crc(ALGO_AWARD,0x68,cmos); /* supervisor */ generic_crc(ALGO_AWARD,0x6A,cmos); /* user */ generic_crc(ALGO_AWARD,0x4E,cmos); /* Lewis DH */ generic_crc(ALGO_AWARD,0x71,cmos); /* Lewis DH */ } void award6() { printf(m_award6); /* Tompa Lorand-Mihaly, april 2003 */ generic_basic(0xE0, 8, ALGO_AWARD6,0,AFF_ASCII,cmos); /* Ai-Nung Wang, october 2003 */ generic_basic(0xB0, 8, ALGO_AWARD6,0,AFF_ASCII,cmos); /* Jason Gorski, january 2005 */ generic_basic(0x90, 8, ALGO_AWARD6, 0, AFF_ASCII,cmos); /* daiver1989 mail ru, april 2006 */ generic_basic(0xB4, 8, ALGO_AWARD6, 0, AFF_ASCII,cmos); } /* COMPAQ */ void compaq() { printf(m_compaq); generic_basic(0x38, 8, ALGO_NONE,0,AFF_SCAN,cmos); } void compaq2() { printf(m_compaq2); generic_basic(0x51, 7, ALGO_NONE,0,AFF_SCAN,cmos); /* setup */ generic_basic(0x38, 7, ALGO_NONE,0,AFF_SCAN,cmos); } void compaq_deskpro() { printf(m_compaq_deskpro); /* - Luka "The /\/\ighty \/\/izzy" * Compaq 5200, August 1998 */ generic_basic(0x37, 8, ALGO_COMPAQ,0,AFF_SCAN,cmos); /* - Quattrocchi Stefano * Compaq DeskPro EP Serie 6350/6.4 EA2, May 2001 */ generic_basic(0x77, 8, ALGO_COMPAQ,0,AFF_SCAN,cmos); } /* IBM */ void ibm() { printf(m_ibm); generic_basic(0x48, 7, ALGO_NONE,0,AFF_SCAN,cmos); generic_basic(0x38, 7, ALGO_NONE,0,AFF_SCAN,cmos); } void ibm_thinkpad() { printf(m_ibm_thinkpad); generic_basic(0x38, 7, ALGO_NONE,0,AFF_SCAN,cmos); /* pwd boot */ } void ibm_thinkpad2() { printf(m_ibm_thinkpad_x20_570_t20); generic_basic(0x338, 7, ALGO_NONE,0,AFF_SCAN,cmos); generic_basic(0x3B8, 7, ALGO_NONE,0,AFF_SCAN,cmos); printf(m_ibm_thinkpad_560x); generic_basic(0x38, 7, ALGO_NONE,0,AFF_SCAN,cmos); generic_basic(0x40, 7, ALGO_NONE,0,AFF_SCAN,cmos); printf(m_ibm_thinkpad_765_380z); generic_basic(0x38, 7, ALGO_NONE,0,AFF_SCAN,cmos); generic_basic(0x40, 7, ALGO_NONE,0,AFF_SCAN,cmos); } void ibm_300() { printf(m_ibm_300); generic_basic(0x48, 7, ALGO_NONE,0,AFF_SCAN,cmos); } void packardbell() /* PACKARD BELL */ { printf(m_packardbell); generic_basic(0x38, 1+7, ALGO_PACKARD,0xFF,AFF_ASCII,cmos); putchar(' '); generic_basic(0x40, 1+7, ALGO_PACKARD,0xFF,AFF_ASCII,cmos); } void phoenix() /* PHOENIX */ { static const int tbl_phoenix[8]={0x39,0x3C,0x3B,0x3F,0x38,0x3E,0x3D,0x3A}; unsigned int value[8]; uint8_t res[9]; uint8_t crc=0; uint8_t i; printf(m_phoenix); table2val(value, cmos, 8,tbl_phoenix); printf("["); for (i=0;i<7 && value[i]!=0;i++) { printf("%c",filtre(res[i])); res[i]=(value[i] ^ 0xF0) + i; crc+=res[i]; } printf("]"); if (crc!=value[7]) printf(" CRC pwd err"); } void phoenix_1_03() { printf(m_phoenix_1_03); if(((cmos[0x60]==0)||(cmos[0x60]==1))&&(cmos[0x61]<=7)) generic_basic(0x62, cmos[0x61], ALGO_PHOENIX_ADD,0xFF,AFF_ASCII,cmos); else printf("err"); /* CRC 32 en 7E * 3B-3D => 6A-6C * 40 => 6F * */ } void phoenix_1_04() { printf(m_phoenix_1_04); generic_basic(0x50, 7, ALGO_NONE,0,AFF_SCAN,cmos); /* setup */ generic_basic(0x48, 7, ALGO_NONE,0,AFF_SCAN,cmos); } void phoenix_1_10() { /* Phoenix Bios V1.10 A03 / Dell GXi */ printf(m_phoenix_1_10); if(!check_crcadd(0x1D,7,0x1D+7) || !check_crcadd(0x38,7,0x38+7)) { printf("CRC pwd err"); return; } generic_basic(0x1D, 7, ALGO_NONE,0,AFF_SCAN,cmos); /* setup */ generic_basic(0x38, 7, ALGO_NONE,0,AFF_SCAN,cmos); } void phoenix4() { printf(m_phoenix4); generic_basic(0x35, 7, ALGO_NONE,0,AFF_SCAN,cmos); /* user */ } void phoenix405() { static const int tbl[8]={0x45,0x52,0x4b,0x4a,0x50,0x4F,0x4D,0x48}; static const int tbl2[8]={0x4c,0x51,0x49,0x54,0x53,0x47,0x46,0x4E}; unsigned int value[8]; printf(m_phoenix405); table2val(value, cmos, 8, tbl); generic_table(value, 8, ALGO_NONE,0,AFF_SCAN); table2val(value, cmos, 8, tbl2); generic_table(value, 8, ALGO_NONE,0,AFF_SCAN); } void phoenix406() { printf(m_phoenix406); generic_basic(0x45, 8, ALGO_NONE,0,AFF_SCAN,cmos); } void phoenix_40_r_60() { printf(m_phoenix_40_r_60); generic_basic(0x35, 7, ALGO_PHOENIX_DEC,0,AFF_SCAN,cmos); } void dtk() { printf(m_dtk); generic_basic(0x38,4,ALGO_DTK,0,AFF_ASCII,cmos); generic_basic(0x3B,6,ALGO_DTK,0,AFF_ASCII,cmos); } void gateway_ph() { /* Gateway Solo */ printf(m_gateway_ph); generic_basic(0x40, 7, ALGO_NONE,0,AFF_SCAN,cmos); generic_basic(0x47, 7, ALGO_NONE,0,AFF_SCAN,cmos); } void phoenixa08() { printf(m_phoenixa08); generic_basic(0x23, 7, ALGO_NONE,0,AFF_SCAN,cmos); generic_basic(0x42, 7, ALGO_NONE,0,AFF_SCAN,cmos); } void toshiba() { printf(m_toshiba); generic_crc(ALGO_TOSHIBA,0x35,cmos); generic_crc(ALGO_TOSHIBA,0x33,cmos); } void set_permissions() { #if defined(__linux__) if (ioperm(PORT_CMOS_0,4*2,IO_READ|IO_WRITE)) { printf("Need to be run as root to access the Cmos.\n"); exit(1); } #elif defined(__CYGWIN32__) || defined(__MINGW32__) if (ioperm(PORT_CMOS_0,4*2,IO_READ|IO_WRITE)) { printf("As administrator, run \"ioperm.exe -i\" before.\n"); exit(1); } #elif defined(WIN32) char OutputBuffer[100]; char InputBuffer[100]; HANDLE h; BOOLEAN bRc; ULONG uint8_tsReturned; h = CreateFile("\\\\.\\gwiopm", GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); if(h == INVALID_HANDLE_VALUE) { printf("Couldn't access gwiopm device\n"); exit(2); } memset(OutputBuffer, 0, sizeof(OutputBuffer)); InputBuffer[0]=0x70>>3; InputBuffer[1]=0; /* 0x70 et 0x71 */ bRc = DeviceIoControl ( h, (DWORD) IOCTL_IOPMD_SET_LIOPM, &InputBuffer, 2, &OutputBuffer, sizeof( OutputBuffer), &uint8_tsReturned, NULL ); if(bRc!=TRUE) printf("Set_LIOPM failed"); //IOCTL_IOPMD_ACTIVATE_KIOPM bRc = DeviceIoControl ( h, (DWORD) IOCTL_IOPMD_ACTIVATE_KIOPM, &InputBuffer, 2, &OutputBuffer, sizeof( OutputBuffer), &uint8_tsReturned, NULL ); if(bRc!=TRUE) printf("ACTIVATE_KIOPM failed"); CloseHandle(h); #elif defined(__NetBSD__) if(i386_iopl(3)!=0) { perror("i386_iopl"); exit(1); } #elif defined(__FreeBSD__) cmos_fd = fopen("/dev/io", "r"); if(cmos_fd==NULL){ perror("fopen /dev/io failed"); exit(1); } #endif } void unset_permissions() { #ifdef __linux__ ioperm(PORT_CMOS_0,4*2,0); #elif defined(__FreeBSD__) fclose(cmos_fd); #endif } uint8_t read_cmos(const unsigned int cell); void write_cmos(const unsigned int cell, const uint8_t value); uint8_t read_cmos(const unsigned int cell) { if(cell<128) { outportb(PORT_CMOS_0,cell); return inportb(PORT_CMOS_1); } if(cell<2*128) { outportb(PORT_CMOS_2,cell); return inportb(PORT_CMOS_3); } #if !defined(WIN32) || defined(__MINGW32__) if(cell<3*128) { outportb(PORT_CMOS_4,cell); return inportb(PORT_CMOS_5); } if(cell<4*128) { outportb(PORT_CMOS_6,cell); return inportb(PORT_CMOS_7); } #endif return 0; } void write_cmos(const unsigned int cell, const uint8_t value) { if(cell<128) { outportb(PORT_CMOS_0,cell); outportb(PORT_CMOS_1,value); return; } if(cell<2*128) { outportb(PORT_CMOS_2,cell); outportb(PORT_CMOS_3,value); return; } if(cell<3*128) { outportb(PORT_CMOS_4,cell); outportb(PORT_CMOS_5,value); return; } if(cell<4*128) { outportb(PORT_CMOS_6,cell); outportb(PORT_CMOS_7,value); return; } } int kill_cmos(const int cmos_size) { int i; char car; printf("Warning: if the password is stored in an eeprom (laptop/notebook), the password won't be erased.\n" "\n1 - Kill cmos" "\n2 - Kill cmos (try to keep date and time)" "\n0 - Abort" "\nChoice : "); fflush(stdout); do { car=toupper(getchar()); } while((car<'0')||(car>'2')); fflush(stdout); if(car=='0') return 1; set_permissions(); for (i=(car=='1'?0:0x10);i'2')); printf("%c\n", car); fflush(stdout); if(car=='0') return 1; } set_permissions(); for (i=(car=='1'?0:0x10);iTAILLE_CMOS_MAX) taille=TAILLE_CMOS_MAX; for(i=0;i='0' && buffer[0]<='9' && buffer[1]>='0' && buffer[1]<='9' && buffer[2]==',') { int pos_file; int pos_cmos=0; for(pos_file=0;pos_fileTAILLE_CMOS_MAX) taille=TAILLE_CMOS_MAX; for(i=0;i>5)|(car&0x18))); } fclose(fb); printf("]\n"); } #endif void keyb_mem() { #ifdef __linux__ FILE *fb; unsigned char mem[32]; int i; fb=fopen("/dev/mem","r"); if(!fb) return ; printf(m_Keyb_Mem); fseek(fb,0x041f,SEEK_SET); fread(&mem,1,sizeof(mem),fb); fclose(fb); printf("["); for(i=0;i=argc || arg_save_filename>=argc) mode=MODE_HELP; switch(mode) { case MODE_HELP: printf( "\nUsage: cmospwd [/k[de|fr]] [/d]" "\n cmospwd [/k[de|fr]] [/d] /[wlr] cmos_backup_file write/load/restore" "\n cmospwd /k kill cmos" "\n cmospwd [/k[de|fr]] /m[01]* execute selected module" "\n" "\n /kfr french AZERTY keyboard, /kde german QWERTZ keyboard" "\n /d to dump cmos" "\n /m0010011 to execute module 3,6 and 7" "\n" "\nNB: For Award BIOS, passwords are differents than original, but work." "\n"); return 0; case MODE_KILL: return kill_cmos(cmos_size); case MODE_RESTORE: if(arg_load_filename<0) { printf("\nMissing filename\n"); return 1; } if((cmos_size=load_backup(argv[arg_load_filename]))<0) return 1; return restore_cmos(cmos_size,1); case MODE_RESTORE_FORCE: if(arg_load_filename<0) { printf("\nMissing filename\n"); return 1; } if((cmos_size=load_backup(argv[arg_load_filename]))<0) return 1; return restore_cmos(cmos_size,0); case MODE_LOAD: if(arg_load_filename<0) { printf("\nMissing filename\n"); return 1; } if((cmos_size=load_backup(argv[arg_load_filename]))<0) return 1; break; case MODE_NORM: if(load_cmos(cmos_size)) return 1; break; case MODE_SAVE: if(arg_save_filename<0) { printf("\nMissing filename\n"); return 1; } if(load_cmos(cmos_size)) return 1; return save_backup(cmos_size,argv[arg_save_filename]); } switch(keyb) { case KEYB_FR: printf("\nKeyboard : FR"); break; case KEYB_DE: printf("\nKeyboard : DE"); break; case KEYB_US: default: printf("\nKeyboard : US"); break; } if(arg_module>=0) { unsigned int i; for(i=0;argv[arg_module][i+2] && (i0 && i%17==0) wait_key(); tbl_func[i](); } } #ifdef __linux__ award_backdoor(); #endif if(do_dump) { unsigned int*cmos_processed=(unsigned int*)malloc(sizeof(unsigned int)*cmos_size); wait_key(); printf("\nDump cmos\n"); convert_uchar2uint(cmos_processed,cmos,cmos_size); dump(cmos,cmos_processed,cmos_size); wait_key(); printf("\nDump cmos (Scan code convertion)\n"); convert_uchar2uint(cmos_processed,cmos,cmos_size); convert_scancode2ascii(cmos_processed,cmos_size); dump(cmos,cmos_processed,cmos_size); wait_key(); printf("\nDump cmos (ACER convertion)\n"); convert_uchar2uint(cmos_processed,cmos,cmos_size); generic_acer(cmos_processed,cmos_size); dump(cmos,cmos_processed,cmos_size); wait_key(); printf("\nDump cmos (ACER + Scan code convertion)\n"); convert_uchar2uint(cmos_processed,cmos,cmos_size); generic_acer(cmos_processed,cmos_size); convert_scancode2ascii(cmos_processed,cmos_size); dump(cmos,cmos_processed,cmos_size); wait_key(); printf("\nDump cmos (AMI convertion)\n"); convert_uchar2uint(cmos_processed,cmos,cmos_size); generic_ami(cmos_processed,cmos_size,ALGO_AMI); dump(cmos,cmos_processed,cmos_size); wait_key(); printf("\nDump cmos (AMI + Scan code convertion)\n"); convert_uchar2uint(cmos_processed,cmos,cmos_size); generic_ami(cmos_processed,cmos_size,ALGO_AMI); convert_scancode2ascii(cmos_processed,cmos_size); dump(cmos,cmos_processed,cmos_size); free(cmos_processed); } #ifndef __MSDOS__ printf("\n"); fflush(stdout); #endif return 0; } cmospwd-5.0/src/Makefile0000644000175000017500000000012510453426543015425 0ustar lfaraonelfaraoneCC=gcc CFLAGS=-Wall -W -O2 cmospwd: cmospwd.c $(CC) $(CFLAGS) -o cmospwd cmospwd.c cmospwd-5.0/cmospwd.txt0000644000175000017500000002574510707557707015443 0ustar lfaraonelfaraone========================================================================= CmosPwd Christophe GRENIER grenier@cgsecurity.org http://www.cgsecurity.org ========================================================================= CmosPwd is a cmos/bios password recovery tool. CmosPwd is under GNU Public License. You can freely distribute it. It can be compiled under Dos, Windows, Linux, FreeBSD and NetBSD. Platforms - Dos-Windows version Well, ... it works! - Linux && BSD version Users can work on cmos backup but they need root priviledge to use ioperm function to have full access to cmos. - Windows NT, 2000, XP, 2003 To work on cmos memory, ioperm need to be installed and running. ioperm gives direct port I/O access for specified ports to user-mode process (ring 3) using Ke386SetIoAccessMap and Ke386IoSetAccessProcess kernel functions. 1- You need administrator priviledges to install this driver "ioperm.exe -i" 2- Start the service if needed with "net start ioperm" 3- Run "Cmospwd_win.exe" WARNING: You should disable or uninstall ioperm with "ioperm.exe -u" if you don't want to decrease your security! --------------------------------------------------- --------------------------------------------------- ¦ Typical Usage for DOS and all Windows users ¦ --------------------------------------------------- --------------------------------------------------- 1) Identify your BIOS manufacturer (usually displayed at boot-up) 2) Start in DOS, or start a DOS session in Windows 95/98/ME. For Windows NT or Windows 2000 boot from a DOS or Windows 95/98 boot disk (you can find boot disks at www.AnswersThatWork.com), and run CMOSPWD from your boot floppy (or another floppy). 3) C: [Enter] cd \CMOSPWD [Enter] 4) Type CMOSPWD at the DOS prompt and press Enter. 5) CMOSPWD will display a list of possibilities. Use the possibilities itemised against your BIOS manufacturer. Remember : a) For AWARD BIOSes, use the Numeric Keypad (with NumLock ON). b) AWARD 4.50PG BIOS always accepts "AWARD_SW", or "d8on", or "589589". c) Old Phoenix BIOSes will accept "phoenix". 6) If the standard method does not work, then try to kill the CMOS password with CMOSPWD /K (and press Enter), and then see if you can get into the CMOS without a password. If you can, you successfully "killed" the old CMOS password. DO NOT KILL THE CMOS ON LAPTOPS! --------------------------------------------------- --------------------------------------------------- |General Usage (List of commands) | --------------------------------------------------- --------------------------------------------------- cmospwd [/d] cmospwd [/d] /[wlr] cmos_backup_file write/load/restore cmospwd /k kill cmos cmospwd /m[01]* execute selected module /d to dump cmos in ascii and scan code /m0010011 to execute module 3,6 and 7 Keyboard: /kfr French AZERTY /kde German QWERTY default is US QWERTY --------------------------------------------------- --------------------------------------------------- |Laptops | --------------------------------------------------- --------------------------------------------------- On laptops, the password is usually stored in an eeprom on the motherboard, you need an eeprom programmer (electronic device) to retrieve it. Acer 630: eeprom 93c56 ? Compaq M700: eeprom 24C02 Dell Inspirion 5100: eeprom 93lc46, password in scan code at 0x310 Dell Inspirion 7500: eeprom 24c164 Dell Inspirion 8100: eeprom 24c02 Dell Latitude C600: eeprom 24c02, password in scan code at 0x00, 0x10 and 0x90 Dell Latitude C610: eeprom 24c02, password in scan code at 0x00, 0x10, 0x80 and 0x90 Dell Latitude CPI: eeprom 24c02, password in scan code at 0x00, 0x10, 0x80 Dell D600: eeprom 24c04, password in scan code at 0x110 IBM Thinkpad X20: eeprom 24RFC08CN, password in scan code at 0x338 IBM TP 240: eeprom ?, password in scan code at 0x338. IBM TP 380Z: eeprom 24c01, password in scan code at 0x38 and 0x40 IBM TP 390: eeprom 24c03 (be carrefull, there are two eeprom) IBM TP 560X: eeprom 24c01, password in scan code at 0x38 and 0x40 IBM TP 570: eeprom ?, password in scan code at 0x338 and 0x3B8. IBM TP 750C,755CX,760C,765D: eeprom 93c46, password in scan code at 0x38 and 0x40 OKI M811b may be written on the chip. Search near pcmcia slot or adjacent the floppy connector on the top side of the board IBM TP 770: eeprom 24c01 IBM TP 600E, T21, T23: 14 PIN 24RF08 IBM TP T20,X20,X30: 24RF08, password in scan code at 0x338 and 0x340 HP Omnibook 900,2100,4150,7150: eeprom AT24c164, 0x6D-0x7F area, unknow algo put a 00 at 0x7F to clear admin password HP Omnibook 6000: eeprom 24c08 or 24c164 0x50-0xBF area (maybe 0x50-0x6F only), unknow algo HP Omnibook 6100: eeprom 24c08 HP Omnibook XE3: eeprom 24c16 HP Omnibook 770x: eeprom 24c01 HP Pavilion ze4455ea: eeprom 24c08 HP VECTRA VL18: http://h200001.www2.hp.com/bc/docs/support/SupportManual/lpv06673/lpv06673.pdf Sony pcg-fx950: eeprom 93c46 ? Toshiba 74600C: eeprom 93c56 VAIO 641: eeprom 24c02 write zero at 0x0 be carrefull, there are two eeprom you must unsolder one to the pci controler it is in the down side of the bord VAIO 8851 eeprom 24c02 (ic 903) write zero at adres 0x0 the down side of the board VAIO srx 87: eeprom 2408 write zero at 0x0 the ic is behind the modem in the top side of the board VAIO PCG-FX150, eeprom 24c04 near the reference IC1103 VAIO PCG-GRX560, eeprom 24c04 near the reference IC1001 You can get/buy eeprom programmer in electronic shops or labs, you need another PC to use it. You can desolder the eeprom with hot air or you can try to "clip" the eeprom. With the eeprom programmer, backup your eeprom and run "cmospwd /d /l eeprom_backup". If you don't see the password, you can try to fill the eeprom with zero or FF, don't forget the reset the cmos. --------------------------------------------------- --------------------------------------------------- |Toshiba | --------------------------------------------------- --------------------------------------------------- Differents passwords give the same 32-bit CRC, so CmosPwd can only give one of them. To reset the password of an old Toshiba, you can use KeyDisk. (cf my web page) If this doesn't work, you can try to build the Toshiba Parallell loopback. To make a simple device that you connect to your parallell port, a lot of Toshiba computers remove the password when you boot it up. The device, named "loopback" by some, could be made out of any parallell wire with 25pins connectors (db25). You should connect these pins: 1-5-10, 2-11, 3-17, 4-12, 6-16, 7-13, 8-14, 9-15, 18-25. A db25 looks like: 1 13 _______ \_____/ 14 25 --------------------------------------------------- Divers - Medion Try the password "am8888egh". - Award 4.50PG There is an universal password AWARD_SW. (d8on, 589589 ... works too) - Award 4.5x using DFI motherboards The universal password is "Y. C. Lu" (spaces and capitals as shown). Information from David Walker. - Award Differents passwords give the same 32-bit CRC, so CmosPwd can only give one of them. Use the numeric keypad. - COMPAQ LTE 5300 notebook Tolga Sinan Guney: there is a reset jumper on the motherboard - DIGITAL PC300, Phoenix 4.0 Rel 6.0,0 Rene Pocisk: cmospwd /k works - Fujitsu ICL aksion: passwords are stored in EEPROM - Fujitsu Point 1600 William Simcox: "I was able to clear the password and reset BIOS to default values using CMOSPWD /K" - Phoenix There is a backdoor in old version of Phoenix BIOS, the universal password is "phoenix". - Siemens Nixdorf PCD-4ND, Michael: You can clear the password of this phoenix 1.03 with "cmospwd /k" Scenic Mobil 700, Josef Benda: "cmospwd /k" works! Phoenix Note BIOS v4.0 Scenic Mobile 510AGP, Bernd: "cmospwd /k" works! Phoenix 4.0 R6 Version 3F31 dated 9.2.2000 - Acer Travelmate 530 "cmospwd /k" removes the password. - Acer travelmate 2450 "cmospwd /k" removes the password. - Sony Vaio PCG505HS Brad Frisbie: "cmospwd /k" works, Phoenix 6 R4 - Sony Vaio PCG-FR105 Andrea Michele Zoia: 'cmospwd_win /k' removes the password. - IBM NetVista 8303-41G Roel: CmosPwd /k works, Phoenix Bios 4.0 Release 6.0. - Panasonic CF-25 Stefan Stevens: CmosPwd /k works - Tulip Vision Line bn 100 CmosPwd /k works, PhoenixBios 4.0 Release 6.0 11/03/01 - LG GS50-5FY notebook Angelika Jurkiewicz: CmosPwd /k can remove supervisor password. - TI Extensa 600CD Dathan Alley: CmosPwd /k works What to do if you can't use cmospwd to clear your cmos ? Under Dos/Win9x, you can use debug to reset cmos CRC stored at 0x2E-0x2F debug -o 70 2E -o 71 0 -q What to do if cmospwd don't work on your PC ? Try to clear password with cmospwd /k. If cmospwd /k doesn't work, password is stored in an EEPROM. Try to find a reset jumper on your motherboard or contact your PC vendor. If it works, I can try to discover how passwords are encrypted. I need to know what Bios you used and some cmos memory backup with their passwords. (cmospwd /w backupfile) For passwords, choose - some 1 and 2-letter passwords - BBBBBBB - BBBBBBC - BBBBBCB - BBBBCBB - BBBCBBB - BBCBBBB - BCBBBBB - CBBBBBB Thanks to - Philippe Garcia-Suarez (AMI Zenith, IBM Thinkpad) - Mark Miller (AMI WinBIOS) - Ian Sharpe (Award 4.51PG) - Darren Evans (Phoenix 4 release 6) - Teun van de Berg (bug report for "cmospwd /w") - Giovanni (IO access under NT) - Robert Rafai (Dell Latitude) - Guillaume Letessier (Toshiba) - hackvenger (Phoenix 4.0 realase 6.0) - "P. MADRE" (Award 4.51PG) - SerbianHacker/Sasha Miloshevic (IBM ThinkPad 770) - Michael (Siemens Nixdorf PCD-4ND, Phoenix 1.03) - w0rm (Phoenix a486 1.03) - Olaf Freyer (Phoenix 4.05 rev 1.02.943, Phoenix 4.06 rev 1.13.1107) - Peter "Bluefish" Magnusson, author of !BIOS - Tjiq (User password of AMI WinBIOS) - Jedi (Award 4.51PG) - Michel Creppy from Le Software Man - YOGESH M (Award 4.51PG) - Quattrocchi Stefano (Compaq DeskPro) - Pencho Penchev (Award Medallion 6.0) - Ernst Oudhof, bug correction for MODE_RESTORE_FORCE - Lewis Hadley (Award 6.0 Medallion) - Philippe Biondi (another AMI BIOS) - Tompa Lorand-Mihaly (AMI Bios ver. 1.08 AN 1994 and Award 6) - Jose Velasquez Villegas (ThinkPad 560x) - bre786 (IBM ThinkPad T20) - Ai-Nung Wang (Award 6) - Zoulou Yankee (Compaq Deskpro) - Markus Birth (Sony Vaio) - Einar Karttunen (NetBSD support) - Jason Gorski (Award 6.0PG, acer version) - Michael Perekrestov (Samsung P25) - Carl Farrington (VAIO/Acer) - Andrea Michele Zoia (VAIO) - Simon Comeau Martel (AMI 2.54) and to all the guys, who provided information about cmos and reported bugs. If you have problems or questions about cmospwd, please mail me. Christophe GRENIER grenier@cgsecurity.org http://www.cgsecurity.org