Recover Insyde BIOS password - Xiaomi Gaming Labtop

Hi there

Got a labtop in second hand, the guy just forgot the password. The labtop is fine, so I cannot risk too much messing with the BIOS.

The Big problem there is that he doesn’t boot from usb, never Sadly

BIOS Vendor: TIMI
BIOS Version: XMGCF500P0604
BIOS Release Date: 10/02/2018
BIOS Start Segment: E000
BIOS Size: 16384 KBytes
System BIOS Version: 1.6
Embedded Controller Firmware Version: 1.4
Intel ME Version: 12.0, Build 1091, Hot Fix 3

Original (from the manufacturer) and Backup BIOS dump (from the machine): https://www.dropbox.com/sh/1drdee495buso…KMVgJYbq8a?dl=0
Backup was made with FPTW64.

What did I tried:
- every option on platform.ini… nothing works, it looks that is ignoring the file
- comparing the binaries of backup and original
- Seeing multiple programs with BIOS info.

Please help me, if it is something that takes a lot of time, you could try to explain to me and I try to do by myself.
I’m really lost right now.

I think this is an InsydeH2O Bios, 10 characters of password.

It’s a Xiaomi Gaming Labtop.

Thank you

SOLVED (but I really don’t know HOW… so I can post here)

@davser

More information is needed…

What EXACTLY is the issue? Are you trying to recover/bypass a password, or flash a new BIOS firmware?

Make is Xiaomi, what is the model?

If you are trying to recover/bypass a password…EXACTLY which password is the issue? BIOS pw? Hard Drive pw? …?

If it is the BIOS password, there are several ways to “bypass” it.

If it’s the Hard Drive (BitLocker, etc.), without the password or other (USB) recovery method, your information is gone. Reformat and reuse the drive.

If you are trying to flash a new BIOS and you are getting an error, screenshots of the error messages would be helpful (or write them down).

Hi

I already know the password, a guy helped me talking to me in PM. However I don’t know the method… but he retrieve the password very quickly.
I really don’t know what he used. If I know, I will explain here. I guess he must used an hex editor or something…
I was really interested knowing that, but is just curiosity. Practical terms I already know the password.

A couple of guys told it was impossible and that I needed hardware.

Is the master BIOS password.


It was me. :slight_smile:



@DeathBringer
Nice! So many awesome people on here that are willing to help others. Love it!
I think @davser , and many others, would like to know the method you used to "retrieve" the PWD…
Magicians don’t give out their secrets but…Is this information something you are willing to share?

@davser
Glad you got it sorted out! There are some truly awesome/helpful people on here.

Well, knowing the password, it was relatively easy to understand the process.

I really don’t know if this is the method for all Insyde BIOS, but I’m sure this works on a Xiaomi Gaming Labtop or maybe other Xiaomi Labtop.

The main difficult here is really not getting the password from the dump. I did not get it, because I saw some information saying that it was needed some hardware.

Also I used a very limited HexEditor that could not give me a full screen view of the hex characters converted.

The problem was that the H2OFFT (Insyde Firmware Flash Tools) that I downloaded, kept saying that it was the wrong version. I downloaded several versions, none of them worked.

Then I read in a page something about the Intel Management Engine… (ME). I discovered that I needed the H20FFT for my version of ME.

I found that version, and finally worked, mine was v12. I got the dump. I saw my version with HWInfo.

Later another guy sent me a installer, that I never saw elsewhere, that trries to install all the versions of the H20FFT until he catches yours (nice idea!).

The software also test if your BIOS is write protected… mine was, so I was sure that I need some hardware to rewrite BIOS.

Best chance was discover the password with an HexEditor, with no risk at all of crashing the BIOS.

Then @DeathBringer saw my dump, he just said that no cables were needed, and caught my needed password.

I didn’t have much experience in hex editors, so I lost confidence to look on the dump (it could not be that easy, I thought).

Well it is, the password was near a line saying something like “Master pw”.

So, a nice trick will be search for “pw” or “master” inside the dump.

I hope I can help someone with this.

Thanks @DeathBringer (for password) and other guy (for the all versions FFT).

Hello
I have got same problem.
My BIOS is protected by some password…
Can You help me? I also have Xiaomi device. There is 10 digit password and the hash is not generated…

@lewiad95
Can you boot in Windows?
Have you a hardware programmer to read BIOS chip?

@DeathBringer
Yes, I can boot into OS, but I don’t have hardware programmer.
I read in manual for Insyde H20FFT software that it can make BIOS backup but there is no any example how to do it.

@lewiad95
Try to use Universal BIOS Backup ToolKit 2.0 to make suitable backup.

@DeathBringer
I have an error: "Can not identyfi the BIOS !"

@lewiad95
Set manually custom size to 8192K.


Can You help how to decode backuped rom?

I need to see it.

I need to see it.



here you have file -> https://drive.google.com/file/d/1mftDtmq…iew?usp=sharing

@lewiad95
OK, read PM.

Hello, Can I also ask for help? I asked someone to reformat my xiaomi pro laptop, and it was asking for BIOS password which I don’t know :frowning:

Is this thread still active? I also bought a 2nd hand laptop and there is a bios password. I need get the password from .bin file but seems difficult

I bought a 2nd Hand Xiaomi Notebook Pro laptop but the first owner used a password in the Bios and I cant contact the first owner because I bought the laptop from a local supplier which buys it outside the country.
After searching the web with no clear answer or tutorial. I want to share how I did it.

1st Step. Download Intel FPTW64 FPTW64 files I used from here and place all the files in your :\C folder. You will make a backup of your BIOS. To do this. Open CMD as Administrator then type cd C:\ then press Enter, then after that type

.\fptw64.exe -bios -d bios_backup.bin . This will create a bios_backup.bin file which contains your bios password.

2nd Step. To decode the BIOS .bin file. You need HxD hex editor. Open your .bin file on the HxD program . This will show text you cannot undestand but you only need to use ctrl+f to find this specific location on the texts Use CTRL+F then go to the Hex-values tab and type this 00 65 00 72 00 76 00 69 00 73 00 6F 00 72 00 50. After that you will see on the left side under Decoded Text there is something like {S.y.s.t.e.m.S.u.p.e.r.v.i.s.o.r.P.w…(this area will contain your password)aU?..

Take a photo of that so you can type it when you log in to your BIOS .
If your laptop will not open because of Bios lock . You can use a device called CH341A . Its a device that can attach directly to your bios chip and download the bios file directly from thr chip.

i have made backup of rom please help me to decode it