Acer/Insyde systems store BIOS passsword as cleartext

If you have an Acer, ask them when they are going to patch this! If you know of a patch for this, please leave a Comment (see left).

 

One thought on “Acer/Insyde systems store BIOS passsword as cleartext

  1. Patching the algorithm will be too hard without sources, but this region can be read-protected by PR2/PR3, which normally aren’t used and available. You have to patch PchInitDxe driver to not set FLOCKDN bit too early (you can’t change PRs if it’s already set), and write a driver to enable read-protection on ExitBS event.
    I will present a fix for it together with other fixes during my ZeroNights 2015 talk, then all the slides, sources, patches and images will be available on GitHub.

    Like

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s