Today, I spent some time making major changes to the code. I really wanted more control over what's happening when when, I also wanted to make it a bit more versatile and also safe.

I added

• Wizard guided flow
• the ability to restore the eeprom from an existing binary file
• an option to verify what has been written to the eeprom
• fixed a bug with passwords shorter than seven characters
• added the ability to select the i2c bus on the beaglebone black
• added option to remove the password completely or chance to a new one
• added status bars for the read, write, and verify operations

The entire workflow of one session can be seen here:

EEPROM Tool - Crack your favorite laptop - hopefully without breaking it...
Author: Copyright 2021 - Timo Birnschein


Please select task: restore EEPROM from file: type <restore>, or read, modify and write system EEPROM: type <modify> (default is <modify>)

What i2c bus / SMBus would you like to use? Default is <2>:

Selecting I2C bus 2

Press Enter to read EEPROM contents...
Reading from EEPROM...
Reading EEPROM: |██████████████████████████████████████████████████| 100.0% Complete
Writing binary to file...  eeprom.bin
Extracting and translating password: hallo
Checksum of password as read from eeprom:  0xa5
Confirmation passcode (should be the same): hallo
Checksum of re-entered password as read from eeprom:  0xa5
Calculating own checksum: 0xa5

The above password might not be correct as your system might use a different encryption scheme!
If the password does not work, writing a new password also won't work! Only removing it altogether will work.

Choices are: remove existing password from EEPROM or write a new password to the EEPROM
Type <remove> or <new> without brackets and hit enter. If you just hit enter, the program will exit.
remove
Writing and encoding new password:
Checksum added to eeprom:  0x0
Writing confirmation password (must be the same):
Adding checksum to confirmation password:  0x0
Writing binary to file...  eeprom_mod.bin


Do you really want to write to the EEPROM of your computer?
************** THIS MIGHT BRICK YOUR LAPTOP!!! **************
Type:  and hit enter (case sensitive, no brackets!)...
Yes I want to
Writing binary file back into EEPROM, length: 256
Writing EEPROM: |██████████████████████████████████████████████████| 100.0% Complete
Reading EEPROM back for verification...
Reading EEPROM: |██████████████████████████████████████████████████| 100.0% Complete
Writing binary to file...  eeprom_verify.bin
Verifing EEPROM: |██████████████████████████████████████████████████| 100.0% Complete
Verification completed. EEPROM seems good. No guarantees!

Done. Bye.

I tested this using my 256 byte 24C02 instead of flashing my laptop a hundred times. This also led to me changing the address the script accesses to only 0x57 which is where the supervisor password is located. Eventually, I would like to blow this up even more by reading and writing the entire 24RF08 again but for only the supervisor password that's not required.

I still don't know where all the other passwords and features are. Unfortunately, there is no nicely documented summary available - at least not as far as I know. If someone has one, please let me know. We could make this into a fully configurable toolkit if we wanted to. Similar to the Lenovo service diskette that allows setting serial numbers and owners and the like.

Btw: Code is here now: https://github.com/McNugget6750/x201Password

Maybe at some point I might look into this menu system a bit more: https://www.daniweb.com/programming/software-development/code/309413/console-application-menu-module