Badcaps.net Forum
Go Back   Badcaps Forums > Troubleshooting Hardware & Devices and Electronics Theory > Troubleshooting Laptops, Tablets, and Mobile Devices > BIOS Requests ONLY!
Register FAQ Calendar Search Today's Posts Mark Forums Read

 
Thread Tools Display Modes
Old 01-06-2022, 02:21 AM   #1
EineWildeStehlampe
New Member
 
Join Date: Jun 2021
City & State: Cologne
My Country: Germany
I'm a: Knowledge Seeker
Posts: 12
Default AMITSESetup Decryptor

As a lot of older firmware images use the well known, incredibly secure AMI XOR key to encode the supervisor password in the firmware image, I wrote a small Python tool to automate the process of searching through the image and decrypting the key. It is far from perfect but works well enough for me to share.

The tool uses UEFIExtract to dump the entire image, naively search for a folder ending in "AMITSEDecrypt", iterate through the body.bin to find all possible hashes stored in there, decrypt them with the XOR key, remove every second byte, then convert to ASCII.

Usage: python3 AMITSEDecrypt <Path/to/image.bin>

Hope it'll be of use to someone and excuse my horrible Python skills.
Attached Files
File Type: zip AMITSEDecrypt.zip (450.1 KB, 293 views)
EineWildeStehlampe is offline   Reply With Quote
Old 01-06-2022, 02:27 AM   #2
crowntoy99
Badcaps Veteran
 
Join Date: Oct 2012
City & State: kerala
My Country: india
I'm a: Student Tech
Posts: 221
Default Re: AMITSESetup Decryptor

good jobe
crowntoy99 is offline   Reply With Quote
Old 01-06-2022, 06:32 PM   #3
Maxpower3
Bad Veteran
 
Maxpower3's Avatar
 
Join Date: Feb 2018
City & State: Paris
My Country: France
I'm a: Knowledge Seeker
Posts: 359
Default Re: AMITSESetup Decryptor

good job, untested for the moment, thanks
Maxpower3 is offline   Reply With Quote
Old 01-07-2022, 02:23 PM   #4
Ghamidi
Badcaps Veteran
 
Join Date: Mar 2020
City & State: PARIS
My Country: France
I'm a: Knowledge Seeker
Posts: 223
Default Re: AMITSESetup Decryptor

great job thank you
Ghamidi is offline   Reply With Quote
Old 01-10-2022, 12:07 PM   #5
EineWildeStehlampe
New Member
 
Join Date: Jun 2021
City & State: Cologne
My Country: Germany
I'm a: Knowledge Seeker
Posts: 12
Default Re: AMITSESetup Decryptor

Quote:
Originally Posted by EineWildeStehlampe View Post
The tool uses UEFIExtract to dump the entire image, naively search for a folder ending in "AMITSEDecrypt", iterate through the body.bin to find all possible hashes stored in there, decrypt them with the XOR key, remove every second byte, then convert to ASCII.
I meant "AMITSESetup" obviously.
EineWildeStehlampe is offline   Reply With Quote
Old 01-10-2022, 01:05 PM   #6
Ghamidi
Badcaps Veteran
 
Join Date: Mar 2020
City & State: PARIS
My Country: France
I'm a: Knowledge Seeker
Posts: 223
Default Re: AMITSESetup Decryptor

Quote:
Originally Posted by EineWildeStehlampe View Post
I meant "AMITSESetup" obviously.
I tested work perfect

thank you so much
Ghamidi is offline   Reply With Quote
Old 01-10-2022, 05:12 PM   #7
EineWildeStehlampe
New Member
 
Join Date: Jun 2021
City & State: Cologne
My Country: Germany
I'm a: Knowledge Seeker
Posts: 12
Default Re: AMITSESetup Decryptor

Glad it's of use to someone. I'd love to keep a list of devices using the AMITSESetup variable if only I could find out how to edit my posts
EineWildeStehlampe is offline   Reply With Quote
Old 01-10-2022, 07:48 PM   #8
Maxpower3
Bad Veteran
 
Maxpower3's Avatar
 
Join Date: Feb 2018
City & State: Paris
My Country: France
I'm a: Knowledge Seeker
Posts: 359
Default Re: AMITSESetup Decryptor

Quote:
Originally Posted by EineWildeStehlampe View Post
Glad it's of use to someone. I'd love to keep a list of devices using the AMITSESetup variable if only I could find out how to edit my posts
see with a moderator to modify your first post.
Maxpower3 is offline   Reply With Quote
Old 01-12-2022, 08:38 AM   #9
LatinMcG
Member
 
Join Date: Jun 2015
City & State: Tampa, FL
My Country: USA/Puerto Rico
Line Voltage: Tickles the tongue
I'm a: Knowledge Seeker
Posts: 45
Default Re: AMITSESetup Decryptor

this works with some of the Panasonic laptops.. not all tho.
LatinMcG is offline   Reply With Quote
Old 01-21-2022, 07:34 PM   #10
EineWildeStehlampe
New Member
 
Join Date: Jun 2021
City & State: Cologne
My Country: Germany
I'm a: Knowledge Seeker
Posts: 12
Default Re: AMITSESetup Decryptor

Confirmed to work with at least those devices, will add more when I have some in:
- Microsoft Surface (Pro) 3
- Advantech MIO-5251
- Medion Lifetab P8912
- ASUS Vivobook Flip 14 TP412

I've noticed there's also a few AMI implementations storing the password in cleartext instead of scancodes, I'll probably add something to parse those aswell. And then there's some that look like SHA1 hashes, so I might at least add some functionality to detect those.
EineWildeStehlampe is offline   Reply With Quote
Old 01-21-2022, 08:01 PM   #11
onizzbox
Banned
 
Join Date: Nov 2018
City & State: Rio de Janeiro
My Country: Brazil
I'm a: Professional Tech
Posts: 631
Default Re: AMITSESetup Decryptor

Quote:
Originally Posted by EineWildeStehlampe View Post
Confirmed to work with at least those devices, will add more when I have some in:
- Microsoft Surface (Pro) 3
- Advantech MIO-5251
- Medion Lifetab P8912
- ASUS Vivobook Flip 14 TP412

I've noticed there's also a few AMI implementations storing the password in cleartext instead of scancodes, I'll probably add something to parse those aswell. And then there's some that look like SHA1 hashes, so I might at least add some functionality to detect those.
@EineWildeStehlampe
Similar to this here?
I'm finishing the script in C++ to make it faster, I'll post it in Badcaps next week.

Last edited by SMDFlea; 01-22-2022 at 03:13 AM..
onizzbox is offline   Reply With Quote
Old 01-21-2022, 08:29 PM   #12
Maxpower3
Bad Veteran
 
Maxpower3's Avatar
 
Join Date: Feb 2018
City & State: Paris
My Country: France
I'm a: Knowledge Seeker
Posts: 359
Default Re: AMITSESetup Decryptor

Quote:
Originally Posted by onizzbox View Post
@EineWildeStehlampe
Similar to this here?
I'm finishing the script in C++ to make it faster, I'll post it in Badcaps next week.
nice job as usual onizzbox
Maxpower3 is offline   Reply With Quote
Old 01-21-2022, 08:41 PM   #13
onizzbox
Banned
 
Join Date: Nov 2018
City & State: Rio de Janeiro
My Country: Brazil
I'm a: Professional Tech
Posts: 631
Default Re: AMITSESetup Decryptor

Quote:
Originally Posted by Maxpower3 View Post
nice job as usual onizzbox
Thanks! Maxpower3
Would you like to anticipate the release?
onizzbox is offline   Reply With Quote
Old 01-21-2022, 09:04 PM   #14
Maxpower3
Bad Veteran
 
Maxpower3's Avatar
 
Join Date: Feb 2018
City & State: Paris
My Country: France
I'm a: Knowledge Seeker
Posts: 359
Default Re: AMITSESetup Decryptor

Quote:
Originally Posted by onizzbox View Post
Thanks! Maxpower3
Would you like to anticipate the release?
no need, I already know your work and you have already shared a lot of knowledge and tools with me
Maxpower3 is offline   Reply With Quote
Old 01-21-2022, 09:57 PM   #15
onizzbox
Banned
 
Join Date: Nov 2018
City & State: Rio de Janeiro
My Country: Brazil
I'm a: Professional Tech
Posts: 631
Default Re: AMITSESetup Decryptor

Quote:
Originally Posted by onizzbox View Post
@EineWildeStehlampe
Similar to this here?
I'm finishing the script in C++ to make it faster, I'll post it in Badcaps next week.
@SMDFlea
I forgot to remove my credentials in the attached video, I can't edit the post anymore. Could you please remove it?
onizzbox is offline   Reply With Quote
Old 01-21-2022, 11:14 PM   #16
onizzbox
Banned
 
Join Date: Nov 2018
City & State: Rio de Janeiro
My Country: Brazil
I'm a: Professional Tech
Posts: 631
Default Re: AMITSESetup Decryptor

Quote:
Originally Posted by Maxpower3 View Post
no need, I already know your work and you have already shared a lot of knowledge and tools with me
Thank you Max!
Helping users on the forums or outside of them has always been a hobby, I don't depend on it for a living. I've always liked to share my knowledge, that's the only way we can evolve.
onizzbox is offline   Reply With Quote
Old 01-22-2022, 03:14 AM   #17
SMDFlea
Super Moderator
 
Join Date: Jan 2018
City & State: York
My Country: UK
I'm a: Knowledge Seeker
Posts: 10,090
Default Re: AMITSESetup Decryptor

Quote:
Originally Posted by onizzbox View Post
@SMDFlea
I forgot to remove my credentials in the attached video, I can't edit the post anymore. Could you please remove it?
removed.
SMDFlea is offline   Reply With Quote
Old 01-22-2022, 12:49 PM   #18
BootLoader1
Member
 
Join Date: Aug 2020
City & State: Internet
My Country: Poland
I'm a: Knowledge Seeker
Posts: 41
Default Re: AMITSESetup Decryptor

I wrote small software for decrypt AMI BIOS Password. Software can read Admin and Boot password, just open file or drag and drop a file.
Enjoy.
Attached Files
File Type: zip AMIDecryptor.zip (2.17 MB, 140 views)
BootLoader1 is online now   Reply With Quote
Old 01-22-2022, 03:01 PM   #19
onizzbox
Banned
 
Join Date: Nov 2018
City & State: Rio de Janeiro
My Country: Brazil
I'm a: Professional Tech
Posts: 631
Default Re: AMITSESetup Decryptor

Quote:
Originally Posted by BootLoader1 View Post
I wrote small software for decrypt AMI BIOS Password. Software can read Admin and Boot password, just open file or drag and drop a file.
Enjoy.
@BootLoader1
Very cool, but it doesn't work!!
Needs repairs...
Attached Files
File Type: rar 2022-01-22_19-07-04.rar (10.69 MB, 111 views)

Last edited by onizzbox; 01-22-2022 at 04:18 PM..
onizzbox is offline   Reply With Quote
Old 01-23-2022, 05:16 AM   #20
BootLoader1
Member
 
Join Date: Aug 2020
City & State: Internet
My Country: Poland
I'm a: Knowledge Seeker
Posts: 41
Default Re: AMITSESetup Decryptor

Working, working, but I forgot about this case. Now fixed and working well.
Attached Files
File Type: zip AMIDecryptor.zip (2.17 MB, 202 views)
BootLoader1 is online now   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



Badcaps.net Technical Forums 2003 - 2022
Powered by vBulletin ®
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.
All times are GMT -6. The time now is 04:35 PM.
Did you find this forum helpful?