Sunday, January 20, 2013

Backtrack Forensics: cmospwd

Menu: Forensics -> Password Forensic Tools
Directory: /pentest/passwords/cmospwd

cmospwd is a tool to retrieve password, which used to protect BIOS access. You can also create a dump of the BIOS, simple erase it or restore it from a backup. Please note that on laptops the password is usually stored in EEPROM instead of CMOS, thus if you erease the BIOS you won't be able to boot any more. Works with the following BIOSes:

  • AMI WinBIOS 2.5
  • Award 4.5x/4.6x/6.0
  • Compaq (1992)
  • Compaq (New version)
  • IBM (PS/2, Activa, Thinkpad)
  • Packard Bell
  • Phoenix 1.00.09.AC0 (1994), a486 1.03, 1.04, 1.10 A03, 4.05 rev 1.02.943, 4.06 rev 1.13.1107
  • Phoenix 4 release 6 (User)
  • Gateway Solo - Phoenix 4.0 release 6
  • Toshiba
  • Zenith AMI


cmospwd /d - dump the BIOS
cmospwd /k - erase CMOS
cmospwd /m[number]* - run selected modules


You first need o run the command without any arguments, and you will get a list of BIOSes. You need to use the number, which shown next to your manufacturer, and run cmospwd /m[number] after that.

Official website:

1 comment:

Anonymous said...

Question about command syntax:

If I wanted to recover the password for the Award Medallion 6.0 (from the article's image), would I type:

cmospwd /m[13200001]