pwgen-asus.py does not generate the correct rescue password for Asus laptop with current date
witchole opened this issue · 2 comments
The python script pwgen-asus.py does not generate the correct rescue password for an Asus ZX553VD-DM640T laptop where the system date is current (2021/12/nn). It does show the BIOS date and "Enter Rescue password" when Alt-R is pressed, but always reports "invalid password".
- Is it possible that this algorithm is wrong for recent dates, or could this Asus laptop have a different algorithm altogether?
- The program can be massively simplified with a hard-coded table, as shown below. Dogbert presumably wants to show that s/he knows the original Asus algorithm.
def calculatePassword(date):
table = ['B', 'L', 'D', 'D', 'B', 'A', '4', 'H',
'0', 'O', 'L', 'B', '0', 'L', 'B', '2',
'1', '1', 'C', '9', 'B', 'O', 'A', 'A',
'A', 'A', 'A', 'A', 'A', 'A', 'A', 'A']
chksum = int(date.replace("-", ""), 16)
password = ""
for i in range(8):
chksum = 33676 * chksum + 12345
index = (chksum >> 16) & 31
password += table[index]
return password
According to a comment on Dogbert's Blog ASUS created a new BIOS password algorithm that seems to affect systems from around 2014.
I wonder whether the solution "simply" requires a different set of the 3 seed values - currently (11,19,6) - in the initTable() function, or maybe different values to replace 33676 and 12345?
The vendor might have changed the hashing algorithm - feel free to reverse-engineer it yourself.
Support for EFI bios binaries in various tools (Ghidra and so on) has been vastly improved compared to when I took a shot at this. Hence, it shouldn't be that hard anymore.