====== Project Fail: HP ProBook BIOS Password Crack ====== Source: [[https://www.nerdworld.org/Content/Password%20Crack/Password%20Crack.html|Nerdworld]] ===== Background ===== A second‑hand HP ProBook was purchased with a locked-down Windows 10 installation. The BIOS was protected by an unknown administrator password set by a cyber‑school IT department. Although the system could be wiped and reinstalled, the BIOS settings remained inaccessible. ===== Why Traditional Methods Failed ===== Older systems allowed BIOS password resets by: * clearing CMOS jumpers * removing the RTC battery * resetting configuration RAM Modern HP ProBooks store the password in a separate rewritable ROM. Therefore, CMOS resets **do not** remove the password. HP officially offers a master unlock key, but only to large enterprise customers. Regular users receive no assistance. ===== Attempted Approaches ===== Several methods were explored: ==== 1. YouTube Tutorials ==== Many videos claim to show reset methods, but none worked for this model. ==== 2. HP BIOS Configuration Utility ==== HP provides a Windows tool that can modify BIOS settings, but it requires knowing the current password — making it useless in this case. ==== 3. Rust-Based Brute Force Tool ==== A GitHub project attempted to brute-force the password via the HP utility. The program could not be executed successfully, and others reported similar issues. ==== 4. Custom Python Brute Force Script ==== A custom Python script was created to: * read password candidates from a list * call the HP BIOS utility * attempt to clear the password * log each result Each attempt took about **9 seconds**, making brute force extremely slow. ===== Password List Generation ===== Initial lists: * 50,000 common passwords → no success * 100,000 passwords → no success Expanded lists: * 500,000 generated candidates (with leetspeak variations) * another 500,000 unique candidates Total runtime: * ~52 days for each 500k batch * nearly **6 months** of continuous testing No password was ever found. ===== Final Outcome ===== Despite months of effort, the BIOS password could not be cracked. The project is considered a “successful failure”: * the laptop now runs Debian Linux without issues * the process provided experience with scripting, automation, and AI-assisted coding * it highlighted the robustness of modern HP BIOS security ===== Provided Files ===== The original project included: * Python script for sequential password testing * Python script for generating 1 million password candidates * HP BIOS Configuration Utility (See original source for downloads.) ===== Conclusion ===== Modern HP ProBook BIOS passwords are extremely resistant to brute-force attacks. Without the original password or HP enterprise support, unlocking the BIOS is effectively impractical. This project demonstrates both the limits of brute force and the value of experimentation.