Service Forum

[bbvt]

Hi,
I am going to try to unlock my T41 supervisor password and have some questions:

1)
To keep the IBM Warranty of my T41 I am looking for a way to avoid soldering wires to the atmel Eprom. I managed to connect three very tiny single copper wires to each of the three pins of the Atmel chip. Question is: will the unlock procedure work with those tiny wires? Does anybody know?

2)
Each time I start my T41 the first thing it does is display the 0199 error ("System Security. IBM Security password retry count exceeded"). When I press ESC my T41 starts with a normal windows xp boot. When I press F1 I am asked for the (supervisor) password. Question is: can I ignore this message, and just press f1 for the bios setup password prompt and then execute r24rf08? Or will this 0199 error in any way interfere with the passwordrecovery procedure?

(p.s. : NO the 0199 error won't dissappear when I change something in the Bios and press f10, like IBM says)

3)
I read on the forum that some eproms were so advanced that you had to use the W24RF08 writer software. Is this the case with the T41??
(passphrase is not enabled on my system)

Hope someone can help me! Thanks in advance.
Robert

[bob]

The procedure is meant to recover the Supervisor password. Since you know the password and you're able to enter BIOS Setup then no need to read the eeprom. To reset the error just remove the CMOS battery for a while or enter BIOS and set a new POP (Power ON password).

[bbvt]

Thanks Bob, but I do need to find the supervisor password.
I can enter the Bios, but only in USER mode. That means that I can change some bios options, but not all. In order to set the date/time or to specify the boot sequence, etc I still need the supervisor password. I cannot change those settings in user mode. (BTW, I enter the bios in user mode by pressing Enter when asked for password). So I still would like an answer to my questions nr. 1 and 2!

[bob]

Remove the CMOS batt first. If that won't help then you have a SVP that needs to be found. In this case read the eeprom (those tiny wires will do the job very well) and use IBMpass to find the password. Proceed exactly as described in the readme.pdf or the tutorial here

Good luck!

[bbvt]

In addition to my former post: I checked my bios and it says:
power on password: disabled
supervisor password: enabled

Concerning your cmos battery option:
I am afraid to remove (and re-attach) the cmos battery. Cause after that I will have to re-enter the time and date. And I won't be able to do that cause I need the supervisor password to change that setting!

[victor]

I think is pretty clear that you need to recover the supervisor password.
Press F1 to enter BIOS, then execute the reader.

Just do it.

[bbvt]

yyyyeeeeesssss!!! It worked.
Many, many thanks for providing this wonderfull solution Victor.
I am so happy!

Just to let you know: it worked out perfectly WITHOUT SOLDERING.
Tomorrow I will post some pictures of the wires attached to the Atmel.

Strange side-effect: my first try to read the password was with the 2.0 lite software. It showed a password but that one did not work. After that I tried the old IBMpass 1.1 software and it gave me an other password.
This one worked!

How can I thank you? Should I send you my .bin file???
Greetz from The Netherlands, Robert

[victor]

Well done.

When you open the dump with IBMpss 2.0, just look at 0x338 and 0x400 offsets. There is the password.

Yes, you could send me the dump, I am curious to see it.

Thanks

[bbvt]

As promised: two pictures of my solution:
I wanted to avoid soldering and it worked!
Please look at the red wire in the picture: the copper part consists of two tiny single copper wires twisted together. It really took some time to get the tiny wires in the right position, but than again:....it worked so it was all worthwhile

http://www.burobenvantreur.nl/t41-svp/t41-svp-hack1.jpg
http://www.burobenvantreur.nl/t41-svp/t41-svp-hack2.jpg

(sorry, the las picture is a bit off-focus!)

The advantages of wiring vs. soldering are obvious:
1) you don't loose your warranty (which you do if you solder on your thinkpad)
2) wiring is less "definitive" than soldering. If you make one little mistake with soldering (like hitting the wrong pin with the soldering iron in your trembeling hands ) then your in big trouble. When you hit the wrong pin with the little piece of wire then nothing is wrong. You'll have multiple tries.