The View from Landmark

Trends and issues in personal computing from Bud Stolker, a long-time PC consultant. The View from Landmark features tips and techniques to make time spent with your computer more productive and rewarding, commentary on new personal computer policies and trends, plain-English explanations of new hardware, software, and network designs and their relevance to you, and answers to common questions. There may be personal material interspersed if Bud believes it is of general interest.

Tuesday, April 12, 2005

Cracking a Password-protected Dell Laptop

A client brought me her Dell laptop today with an interesting security problem: Her 14-year-old son and genius-grade computer geek, retaliating for the loss of his computer privileges, had password-protected her computer so that she could no longer access her business files.

She wanted me to crack through the protection and retrieve her files.

No problem, I figured. I’ll just remove the CMOS battery that holds the time, date, and hardware configuration, and the computer will revert to its factory defaults (including no password).

It didn’t work that way. In fact, I was utterly unable to get past the security screen.

It turns out that many Dell, IBM, HP, Sony, and Toshiba laptops are protected by a password chip. This EEPROM (electrically erasable programmable read-only memory) chip requires an EEPROM programmer (an electronic device) to retrieve the data. Trouble is, the chip is soldered to the motherboard and is extremely delicate.

Dell sells a lot of laptops to the Defense Department. That chip is part of DoD’s C2 security scheme for computers, which as you’d expect is pretty strong. The government's “Trusted Computer System Evaluation Criteria” define a series of divisions from D (least secure) to A (most secure), with levels within those divisions. There’s no “back door” password for C2, nor will Dell help unlock the computer.

My client actually had two identical computers. The twin was her son’s, which she had confiscated. So I put her hard disk in her son’s unprotected computer, hoping that it would work there.

It didn’t. The password protection covered the hard disk in or out of the computer – just what you would expect a security protection scheme to do.

A German entrepreneur advertising on eBay will try to retrieve the password if you unsolder the chip and send it to him. But even if you solder in a new chip successfully and unlock the computer, the hard disk remains locked.

Basically, there is no easy way around the protection except to get the password from the person who put it in. But in this case, he’s been sleeping on the garage floor for several nights and shows no signs of giving in.

Bottom lines:

1. Make regular copies of your data and put them in a safe place.
2. Don’t separate a geek from his computer without considering the consequences.
3. Spank your child regularly, starting at an early age.

Update April 14: Wanting to go back to a normal life, the son at long last gave up the password. Mom promptly put her own password in place, shared it with a couple of friends in case of extreme emergency, and deducted my consulting fee for research and experimentation from her son’s bank account. Case closed.