Sign in to follow this  
Followers 0
leftler

Program wont loop correctly. (solved)

8 posts in this topic

#1 ·  Posted (edited)

I locked my self out of my bios, I am 99% sure that my password is contained in pass.txt. HP provides a program to edit the bios from within windows, however it only allows 3 tries per lanuch of the program. My program successfully opens the program once, tries 3 times, then closes it. However during the second or third time through it does not reopen the program, I know it loops because I put a debug message between the run and the first WinWaitActive and it does fire showing a second loop through the code.

Any suggestions?

EDIT--

updated code

#include <Array.au3>
#include <File.au3>
$addr = "C:\Documents and Settings\Administrator\Desktop\pass.txt"
Dim $aPasswords
If Not _FileReadToArray($addr, $aPasswords) Then
    MsgBox(4096,"Error", " Error reading wordlist   error:" & @error)
    Exit
EndIf

For $element  = 0 to $aPasswords[0] Step 1
    If Not Run("C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHost.exe","C:\Program Files\HPQ\HP ProtectTools Security Manager") Then
        MsgBox(4096,"Error", " Error reading wordlist   error:" & @error)
        Exit
    EndIf
;   MsgBox(4096, "asdf",$aPasswords[$element],2)
    WinWaitActive("HP ProtectTools Security Manager")
    MouseClick("left", 674,437); click the bios menu option
    for $i = 1 to 3 step 1
        $element = 1 + $element
        WinWaitActive("Enter Setup Password")
        Send($aPasswords[$element])
        Send("{ENTER}")
        WinWaitNotActive("Enter Setup Password")
        Sleep(1); a sleep to let the next window load
        if(WinActive("BIOS Configuration","Incorrect Password")) Then
            Send("{ENTER}")
        Else
            MsgBox(0,"found it", $aPasswords[$element] + " element " + $element)
            Exit
        EndIf
    Next
    if(WinActive("","Entering read-only mode.")) Then
        Send("{ENTER}")
    Else
        MsgBox(0,"found it", $aPasswords[$element] + " element " + $element)
        Exit
    EndIf
    MouseClick("left", 1107,874); click the close button
    WinWaitClose("HP ProtectTools Security Manager")
    sleep(50)
Next
MsgBox(0, "bad news", "Could not find it")
Edited by leftler

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

Are you talking about a BIOS password, or a Windows password?

To reset the BIOS password you open up your PC and move a jumper on the motherboard (or unplug the PC and pop out the motherboard's lithium battery for a minute).

Edit: laptop or desktop? Model?

Edited by Spiff59

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

I changed run to

If Not Run("C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHost.exe","C:\Program Files\HPQ\HP ProtectTools Security Manager") Then
        MsgBox(4096,"Error", " Error reading wordlist   error:" & @error)
        Exit
    EndIf

to see if the run is failing or something but I never get the error MsgBox when it stops working. Double clicking a icon I have for the program and the script will start again and do another 1-3 loops.

Edited by leftler

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

Are you talking about a BIOS password, or a Windows password?

To reset the BIOS password you open up your PC and move a jumper on the motherboard (or unplug the PC and pop out the motherboard's lithium battery for a minute).

Edit: laptop or desktop? Model?

It is a Compaq nw8440 with a TPM(Trusted Platform Module) in stringent security mode. When in stringent security mode the BIOS password is stored on the TPM and removing the RTC will not reset it. the only way to change it is to either replace the motherboard or remember the password.

EDIT--

I also have already tried software password resetters like the one that comes with UBCD4WIN with no luck too.

EDIT2--

I also have used the linux based TPM-TOOLS to try to reset the TPM by using "Physical access" token but it appears to be not implmented or disabled on my TPM, the owner password for the TPM is the same password for the BIOS.

I wanted to try out the TPM and it requires you to activate the BIOS password to turn it on, so I set them both on the same day (this was like a year and a half ago) and I wanted to be "super secure" so I used some really long password that was a derivative of my normal passwords I use. I allready wrote a C++ program that calculated every password permutation I could have used and that is what is stored in pass.txt

EDIT3--

There are about 900 passwords I need to try, so I don't want to have to click some icon every 3 to 9 guesses.

Edited by leftler

Share this post


Link to post
Share on other sites

I went and visited the HP website... that's some nasty stuff! Replace the motherboard they say. Nuts. I guess if they had socketed the chip in question, then theives could have just swapped the chip as well. So, I see why you're resigned to using a brute-force method.

I doubt many of us here can kick off your script, not having the ability to run that app. Glancing at your script, I see nothing wrong, The second "ENTER" strikes me as odd, but you're the one who can see what's going on. The Sleep(1)"s actually get changed to Sleep(10) internally, as 10 milliseconds is the minimum for the sleep command. Even that isn't much time, but I'm assuming that you've played with the delays, and you're not locking up mid-script anyway, but at the program launch. I have had better luck with ShellExecute in some instances, but that's just a shot in the dark. If clicking the iicon works faillessly, you could try MouseMove and/or MouseClick() possibly, and actually click on it to lauch things... Just brainstorming (well, more a light breeze than a storm)

Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

I went and visited the HP website... that's some nasty stuff! Replace the motherboard they say. Nuts. I guess if they had socketed the chip in question, then theives could have just swapped the chip as well. So, I see why you're resigned to using a brute-force method.

I doubt many of us here can kick off your script, not having the ability to run that app. Glancing at your script, I see nothing wrong, The second "ENTER" strikes me as odd, but you're the one who can see what's going on. The Sleep(1)"s actually get changed to Sleep(10) internally, as 10 milliseconds is the minimum for the sleep command. Even that isn't much time, but I'm assuming that you've played with the delays, and you're not locking up mid-script anyway, but at the program launch. I have had better luck with ShellExecute in some instances, but that's just a shot in the dark. If clicking the iicon works faillessly, you could try MouseMove and/or MouseClick() possibly, and actually click on it to lauch things... Just brainstorming (well, more a light breeze than a storm)

The second enter was before I discovered that if you have a ! in the array it needs to be {!} or it will get processed as a alt command. when the password ended in a ! it processed it as a Alt+Enter, I need to fix my wordlist generator to fix that, it currently is not inputing any !.

How would i code it that if, after 1 second the window has not shown up yet, double click on the icon x,y cords but if before the 1 second just continue on?

Edited by leftler

Share this post


Link to post
Share on other sites

#7 ·  Posted (edited)

The Sleep(1)"s actually get changed to Sleep(10) internally, as 10 milliseconds is the minimum for the sleep command.

Spiff I love you, I was only trying waits from 0-10 I set the wait to 50 and the hangup Disappeared.

Edited by leftler

Share this post


Link to post
Share on other sites

#8 ·  Posted (edited)

You could add a timeout parm to your WinWaitActive, then if not Winactive, fire off a double click at the right coords, like "Mouseclick("left",110,595,2)". Guees you don;t need to get fancy since this is a one-time (you hope!) script. I'd just play with a MouseMove(x.y) to figure out through trial and error the coords to the icon in question. Of course you need the Scite window sized so the icon you're after is visible.

Edit: Am glad some of my babbling had some positive effect. Let us know if one of the 900 passwords frees your laptop from it's shackles.

Edited by Spiff59

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0