Omnibook XE3: Resetting a BIOS password the hard(ware) way

Everything started with the following question:

Hi dude, tomorrow I’m going to Helsinki and I don’t remember this laptop’s password, can you help me ?

A few searches looking for the typical master or universal passwords didn’t help much (nope, “admin” does not work as a backdoor bios password as most sites say, really). The owner was really fed up with HP support and it was quite late at night, so calling nor sending emails were going to help either.

Searching a bit deeper on forums, people were complaining about the same problem without solution: “Cannot reset omnibook xe3 bios password”, and the well known common thrick to erase the bios password was futile (removing the CMOS battery for a while to erase the password and settings). According to some posts, the password was actually stored on a 24C16 EEPROM close to the BIOS chip… So there we go :-)

First, locate and remove the smd chip (excuse me for the poor quality of the picture :-/):

Omnibook motherboard

Second, solder wires with metal legs (taken from spare resistors, for instance) to the chip to adapt it to a TE20 programmer:

TE20 programmer with 24C16 attached

Third, download icprog and configure it properly (I use TE20 which is recognized as a JDM programmer, but YMMV). Now, it comes the most interesting part… figuring out where is the password from the eeprom hexdump… will it be human readable ? cyphered ? Let’s see:

ICprog screenshot 2 ICprog screenshot one

The first number matches with the laptop’s serial number, good… there’s garbage in the middle (perhaps a ciphered password?) and then more serial numbers found on the chassis (some of them partially) and one unknown string: 15371K… perhaps the cleartext password ?

I was running out of time so I decided to write the eeprom filling the strange middle characters with 0′s in an attempt to clear a possibly ciphered password… and if the laptop prompted for a password, I would try 15371K… None of these finally occured:

Re-soldered the chip back, reassembled the laptop (a painful task, lot’s of screws !) and switched it on. The initial boot screen was frozen on the first 2 reboots, without password prompt, just a static HP logo in the middle of the screen with no response, but wait, don’t panic !

After rebooting for three times on a row, the laptop complained about corrupted bios, one more reboot and I was able to enter the BIOS ! :-) Happy end, isn’t it ? Well, sort of, there are some pending curiosity issues here:

  • It seems that the bios detected corrupted data on 24C16 and then restored or cleared its contents, then:
    1. Which was the actual password ? The cleartext one or the “ciphered” one ?
    2. Was the password really inside this particular eeprom or somewhere else ?
  • Perhaps this process was not necessary and the forums guys were wrong about the uselessness of the battery trick

Nevermind, the laptop is now 100% functional with Ubuntu installed and flying to Helsinki ;-)

21 thoughts on “Omnibook XE3: Resetting a BIOS password the hard(ware) way

  1. Hello, I have this problem in my laptop omnibook xt6200, can I do it in my laptop?
    Excuse me for my poor Inglish, I’m from Spain.

  2. Hello again, the bios chip of my laptop is the SST39SF040, if can I do anything with it, tell me, please.
    THANKS.

  3. I’m from spain also ;-) To follow my method (which I don’t really know if it’s applicable to your hardware), you first have to find a 24C* eeprom nearby your bios chip, not the bios chip itself.

    Anyway, have you tried to remove your bios battery (AND the laptop’s battery) for a while, say, 10 minutes ?

  4. Sure, it was there in my case. Take another look at the photo: look for a red circled component labeled as “Batt”. You have to remove all the screws to get access to the bios battery, did you do so ? It’s a little button-sized battery, covered with brown plastic to avoid shortcircuits.

    Perhaps your laptop has another mainboard layout revision and it’s somewhere else (unlikely), keep looking and you will find it.

  5. Do you know if the laptop would boot without the 24C16 chip. Or if it is improperly installed? My soldering skills are not up to par. Now the laptop won’t boot any more. I know all the connections are right. It’s silly to mention but at least the CD player works with the front controls!

  6. Did you read/write the 24C16 editing the (supposed) password field ?

    Sorry but I don’t really know if it’s gonna boot without even finding where the password is stored… I never tried this :/

    Good luck and feel free to share your results here ;)

  7. Nice guide

    and a note for the archives:

    had successfully reset the cmos password on omnibook xe2 (dd model)
    by jumpering the two contacts, located in the central area underneath the so-dimm module slot (slot0, the one near the battery).
    can’t miss’em, they are triangular in shape and it’s as simple as bridging them with a small phillips screwdriver for a few sces.

    Hack the planet!

  8. quote:

    had successfully reset the cmos password on omnibook xe2 (dd model)
    by jumpering the two contacts, located in the central area underneath the so-dimm module slot (slot0, the one near the battery).
    can’t miss’em, they are triangular in shape and it’s as simple as bridging them with a small phillips screwdriver for a few sces.

  9. Hadderakk! You saved my stupid bios that suddenly started to ask for bios for boot, and for bios setup. Could not get through any way!
    This solved it – can’t be easier

    big thanks!
    /javier

    (XE2 omnibook!!!!)

  10. thank you man xD i´ve got this notebook with same problem and i replace this EEPROM 24C16 like you and the notebook boot´s up to bios at first time ! it´s incredible but it´s true ;) thank you very much

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>