-Mods, if this topic is against the rules, please let me know. I figured the forums would be interested in such an odd technique-
So my job has like 100 HP Probook 6570B's in storage, but they were all bios locked.
I was unable to unlock them with any tools, and dumping the bios was a lost cause, since the machine scrambles the bios contents on every power cycle.
I couldn't just dump the image from a clean unlocked machine on here, because then the UUID and serial would all be changed to the clean one's image.
About to give up, I tried something crazy, and it ended up actually working!
What we'll need is a CH341A programmer and a clip that allows me to clip onto the chip without desoldering, this setup is popular with Coreboot users. We'll also need a dremmel or sidecutters to nip out some plastic on this particular model to gain access to the bios chip.
The first step was to dump the bios from the machine. So I unplugged power, and set it down, connected my programmer, and opened up the software.
Hitting autodetect to make sure I've got a good connection
Reading the contents of the chip
Verifying that what I grabbed matches the chip...
And saving the image as the last four characters of the serial (helps me keep track)
Once we have a good dump of the machine's bios, we can erase the chip.
And then we flash a dump from an unlocked laptop of the same model, I found my image online. Sorry, not going to host it here. Its not hard to find if you understand how to use google.
After this completes, it'll auto verify.
Now that we have a clean image, (with the wrong ids and stuff) we can disconnect our clip and boot up the machine into the BIOS settings.
And now we close the machine, still running, and put the clip back on.
Now we erase the chip again...
And open the original bios image we grabbed from it at the start, and flash it back onto the running machine, where it will auto verify.
Now that we've got the original bios back onto the chip, but have gotten past the password prompt by using the other bios, all we need to do now is save and exit
After rebooting, we're greeted with this confirmation...
After making a selection, we're now back in the BIOS, with no password, and we've got all of the original IDs! From here I'd suggest doing a security and settings reset, and then updating the bios to the latest version.
Presumably what happened was the laptop loaded whatever settings it wanted from the clean image, and stored them in RAM. I noticed once idle in the bios, the machine is not reading or writing to the chip. This is why I was able to live flash it.
When I hit save and exit, it applied the settings it had loaded into RAM into the original copy of the bios, overwriting the password and anything else the machine had enabled.
I have done about 10 of these machines so far and they have all worked perfectly. I've even updated the BIOSes after this and they all took it, no complaints.
I'm going to try the same on some dells that have a bonus of being computrace enabled. Not sure if it'll work, but it sure won't hurt to try.
As of right now, I do not know of any other method of erasing the bios password on these machines that retains all the original UUIDs, serial numbers, etc, so let me know if you've got any machines to try, I'd be interested to see your results!