Announcement

**cdma-india** · 09-12-2020, 09:40 PM

Re: Lenovo Ideapad MXII-12IKB password unclock challenge

hallow any clue? what is " PwdUnlockChallangeVar"

**cdma-india** · 09-13-2020, 09:00 PM

Re: Lenovo Ideapad MXII-12IKB password unclock challenge

just up thread

**SMDFlea** · 09-14-2020, 06:44 AM

Re: Lenovo Ideapad MXII-12IKB password unclock challenge

Do you mean the model number is Miix 510-12IKB

**cdma-india** · 09-14-2020, 07:09 AM

Re: Lenovo Ideapad MXII-12IKB password unclock challenge

no model number is 80vv (Lenovo MIIX 720-12IKB)

**cdma-india** · 09-15-2020, 01:03 AM

Re: Lenovo Ideapad MXII-12IKB password unclock challenge

hallow maxpower ...
any light on this please

**SMDFlea** · 09-15-2020, 05:26 AM

Re: Lenovo Ideapad MIIX 720-12IKB

try this bios .

Attached Files

720-12IKB_3SCN71WW.zip (5.38 MB, 99 views)

**cdma-india** · 09-15-2020, 09:43 AM

Re: Lenovo Ideapad MIIX 720-12IKB

THANKS for unlock file but i want some more info about this bios structure , as described in start

**schveky** · 12-24-2022, 05:49 AM

Re: Lenovo Ideapad MIIX 720-12IKB

Hi everyone!
I have Lenovo Ideapad MIIX 720-12IKB. I do not want to open my device. Can someone help me how to create backup of my BIOS and than point me to the offset where the BIOS password is? I have Win10 64 bit running, I only need to unlock BIOS to make some settings changed.

**schveky** · 12-24-2022, 07:58 AM

Re: Lenovo Ideapad MIIX 720-12IKB

Hi,
I somehow managed to extract the BIOS file from Lenovo's package, also I made backup of my BIOS with Universal BIOS backup Tools. Can someone, please, locate the offset in that file, so I can decode the password?

Attached Files

**schveky** · 12-24-2022, 08:07 AM

Re: Lenovo Ideapad MIIX 720-12IKB

Need to mention, the BIOS Tool did not recognized my BIOS chip so I selected it as "custom 8MB chip"

**hoaca388** · 12-24-2022, 09:06 AM

Re: Lenovo Ideapad MIIX 720-12IKB

Originally posted by schveky View Post

Need to mention, the BIOS Tool did not recognized my BIOS chip so I selected it as "custom 8MB chip"

Next time use a programmer to backup your bios, your backup file is not good but luckily can find an virgin bios file from *.cap file.

But I wonder how can you write this to the bios chip without a programmer?

Attached Files

Ideapad MIIX 720.rar (5.23 MB, 34 views)

**schveky** · 12-24-2022, 12:08 PM

Re: Lenovo Ideapad MIIX 720-12IKB

Originally posted by hoaca388 View Post

Next time use a programmer to backup your bios, your backup file is not good but luckily can find an virgin bios file from *.cap file.

But I wonder how can you write this to the bios chip without a programmer?

I am not intending to write to the BIOS chip. I was hoping that someone can locate the password in my BIOS file, just like they did in lenovo miix 520 topic. After locating it one can decode it using scancodes. After that accesing the BIOS is simple (using decoded password).

**schveky** · 12-25-2022, 02:16 AM

Re: Lenovo Ideapad MIIX 720-12IKB

Originally posted by hoaca388 View Post

Next time use a programmer to backup your bios, your backup file is not good but luckily can find an virgin bios file from *.cap file.

Thank you hoaca388 for your effort! How you took out the "virgin bios file" from *.cap file?

**hoaca388** · 12-25-2022, 02:34 AM

Re: Lenovo Ideapad MIIX 720-12IKB

Change .cap to .bin, open .bin file with hxd editor, cut off excess parts of the file, mostly based on experience.

**schveky** · 12-28-2022, 12:07 AM

Re: Lenovo Ideapad MIIX 720-12IKB

Is there anybody who is familiar with this model of Lenovo? Ideapad Miix 720-12IKB ? There was so many people who knows Miix 520...
I need offset in the BIOS dump oppened with hex editor, where the BIOS password is located.

**AAAC** · 12-28-2022, 05:20 PM

Re: Lenovo Ideapad MIIX 720-12IKB

@schveky
This BIOS is different, as far as I know the password is stored as a 128-bit hash (MD5?) in "SaDataBase" UEFI variable.
So the first thing to do is to reverse engineer the driver(s) writing to this variable in order to determine if the code is hashing the password as an ASCII string, scan-codes of the password or other, then you could try to brute force crack it, maybe even build a sort of rainbow table so you could decode the passwords immediately.

**schveky** · 01-01-2023, 02:22 PM

Re: Lenovo Ideapad MIIX 720-12IKB

@AAAC
Tank you for reply. To be honest, I was expecting a simpler answer, because decoding the Miix520 BIOS password sounded like peace of cake, comparing to things you wrote. If I open my device, is it neccessery tho unsolder the BIOS chip in order to write a new BIOS file to it? Or, I can use a EEPROM programmer with a cliping tool, so no need for removing the chip? I was thinking if I remove the main laptop battery and CMOS battery, wait one day, than attach programmer via included clip...

Attached Files

**AAAC** · 01-02-2023, 05:51 PM

Re: Lenovo Ideapad MIIX 720-12IKB

@schveky
There's no way to know what you will find, unless we have the motherboard schematic or unless you disassemble the laptop in order to find the BIOS chip.

I've seen this "SaDataBase" uefi variable before and the password hash it stores, I've been wanting to write a program to brute-force crack the password assuming this is a MD5 hash and also assuming that it will be an easy password (max. 6 characters). I've even asked a friend with a laptop with a similar BIOS to set a known password and to provide a BIOS dump each time, all I need to do is to check a few of the DXE/SMM drivers writing to "SaDataBase" variable.

**RethoricalCheese** · 03-22-2023, 07:36 AM

Re: Lenovo Ideapad MIIX 720-12IKB

4F37C061F1854F9682F543FECB5EE9D6
password 1234

1234 -> MD5 and 02030405 (scancode) -> MD5 were not correct.

In my case, the password could be up to 64 bytes long so maybe has a trailing zero which needs to be taken into account.

Announcement

Lenovo Ideapad MIIX 720-12IKB

Lenovo Ideapad MIIX 720-12IKB

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment