311 lines
5.7 KiB
C
311 lines
5.7 KiB
C
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
|
|
/* run this program using the console pauser or add your own getch, system("pause") or input loop */
|
|
struct mac_tab
|
|
{
|
|
const unsigned long len;
|
|
const unsigned long vel[];
|
|
};
|
|
|
|
|
|
const char bios_head_X250[32]=
|
|
{
|
|
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0x5A,0xA5,0xF0,0x0F,0x03,0x00,0x04,0x03,0x06,0x02,0x10,0x15,0x20,0x01,0x21,0x00
|
|
};
|
|
const char bios_head_X260[32]=
|
|
{
|
|
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0x5A,0xA5,0xF0,0x0F,0x03,0x00,0x04,0x00,0x08,0x02,0x10,0x42,0x30,0x03,0x31,0x00
|
|
};
|
|
|
|
struct mac_tab x250_mac=
|
|
{
|
|
2,
|
|
{0x1000,0x2000}
|
|
};
|
|
struct mac_tab x260_mac=
|
|
{
|
|
2,
|
|
{0x1000,0x2000}
|
|
};
|
|
/*
|
|
bios type:
|
|
|
|
0: need change
|
|
1: X250
|
|
2: X260
|
|
|
|
|
|
*/
|
|
char bios_type=0;
|
|
char buff[0xffffff];
|
|
struct mac_tab *chage_mac_tab;
|
|
char outputdir[256];
|
|
char inputdir[256];
|
|
char chack_str(const char *a,char *b,int len)
|
|
{
|
|
int c;
|
|
for(c=0;c<len;c++)
|
|
{
|
|
if(a[c]!=b[c])
|
|
{
|
|
return 1;
|
|
}
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
|
|
void change_bios_type()
|
|
{
|
|
FILE *unlock_bios = NULL;
|
|
|
|
|
|
do
|
|
{
|
|
printf("选择BIOS机型:(输入编号)\n 1-> X250 \n 2-> X260 \n");
|
|
scanf("%d",&bios_type);
|
|
|
|
if(bios_type==1)
|
|
{
|
|
unlock_bios=fopen("./X250.bbb","rb");
|
|
chage_mac_tab=&x250_mac;
|
|
}
|
|
if(bios_type==2)
|
|
{
|
|
unlock_bios=fopen("./X260.bbb","rb");
|
|
chage_mac_tab=&x260_mac;
|
|
}
|
|
if(unlock_bios==NULL)
|
|
{
|
|
printf("ERROR_NOTFUND_THE_S_FILE\n");
|
|
bios_type=0;
|
|
}
|
|
}while(bios_type==0);
|
|
|
|
fread(buff,0xffffff,1,unlock_bios);
|
|
fclose(unlock_bios);
|
|
|
|
/*
|
|
|
|
|
|
|
|
*/
|
|
}
|
|
|
|
|
|
char tryunlock(char *dir)
|
|
{
|
|
int a=0;
|
|
unsigned long mac_t=0;
|
|
if(dir==NULL)//手动输入模式
|
|
{
|
|
printf(" 直接输入BIOS路径:\n 或输入命令:\n change 改变BIOS类型。\n exit 退出程序 \n");
|
|
for(a=0;a<256;a++)//清空输入缓存
|
|
{
|
|
inputdir[a]=0;
|
|
}
|
|
scanf("%s",inputdir);//读取输入
|
|
if(chack_str("change",inputdir,6)==0)//读取特殊字符串
|
|
{
|
|
change_bios_type(); //改变bios类型
|
|
return 1;
|
|
}
|
|
if(chack_str("exit",inputdir,4)==0)
|
|
{
|
|
return 0;
|
|
}
|
|
}else
|
|
{
|
|
a=0;
|
|
while(dir[a]!='\0')//拖入文件模式
|
|
{
|
|
inputdir[a]=dir[a];
|
|
a++;
|
|
}
|
|
}
|
|
|
|
if(bios_type==0) //还没设置bios类型
|
|
{
|
|
change_bios_type();//改变bios类型
|
|
|
|
}
|
|
|
|
printf("Input flie %s\n",inputdir);
|
|
|
|
FILE *bios=NULL; //将要破解的bios
|
|
FILE *output_bios=NULL; //输出的bios
|
|
bios=fopen(inputdir,"rb");
|
|
char id[32];
|
|
|
|
if(bios==NULL)//打开将要破解的bios失败 可能是路径错误
|
|
{
|
|
printf("ERROR. can't Open file ..\n");
|
|
return 0;
|
|
}else
|
|
{
|
|
fread(id,32,1,bios);//读取将要破解的bios的前32个字节 鉴定是不是bios文件
|
|
if(chack_str(buff,id,32))
|
|
{
|
|
printf("ERROR. Not Bios File\n");
|
|
return 0;
|
|
}else
|
|
{
|
|
//printf("try it..\n");
|
|
if(fseek(bios,0xf00,SEEK_SET))//读取将要破解的Bios的ID
|
|
{
|
|
printf("ERROR. -0\n");
|
|
return 0;
|
|
}else
|
|
{
|
|
fread(id,32,1,bios);
|
|
for(a=0;a<32;a++)//将ID写入已破解bios
|
|
{
|
|
buff[0xf00+a]=id[a];
|
|
}
|
|
}
|
|
//更改MAC地址
|
|
if(fseek(bios,0x1000,SEEK_SET))//读取将要破解的Bios的MAC
|
|
{
|
|
printf("ERROR. -0\n");
|
|
return 0;
|
|
}else
|
|
{
|
|
for(a=0;a<32;a++)//复用id数组
|
|
{
|
|
id[a]=0;
|
|
}
|
|
fread(id,6,1,bios);
|
|
//写入到已破解bios,有好几个地址
|
|
for(mac_t=0;mac_t<chage_mac_tab->len;mac_t++)
|
|
{
|
|
for(a=0;a<6;a++)
|
|
{
|
|
buff[chage_mac_tab->vel[mac_t]+a]=id[a];
|
|
}
|
|
}
|
|
|
|
}
|
|
|
|
for(a=0;a<256;a++)
|
|
{
|
|
outputdir[a]=0;
|
|
}
|
|
printf("MAC: %02X%02X%02X%02X%02X%02X \n",id[0],id[1],id[2],id[3],id[4],id[5]);
|
|
sprintf(outputdir,"%s%s",inputdir,"_unlock.bin");
|
|
printf("Output flie %s",outputdir);
|
|
output_bios=fopen(outputdir,"wb");
|
|
if(output_bios==NULL)
|
|
{
|
|
printf("ERROR. can't Output file ..\n");
|
|
}else
|
|
{
|
|
fwrite(buff,0xffffff,1,output_bios);
|
|
fclose(output_bios);
|
|
}
|
|
|
|
printf("\n\n");
|
|
|
|
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
fclose(bios);
|
|
|
|
return 1;
|
|
/*
|
|
int a;
|
|
FILE *bios=NULL;
|
|
FILE *output_bios=NULL;
|
|
bios=fopen(dir,"rb");
|
|
if(bios==NULL)
|
|
{
|
|
printf("ERROR. can't Open file ..\n");
|
|
}else
|
|
{
|
|
fread(id,32,1,bios);
|
|
if(chack_str(bios_head,id,32))
|
|
{
|
|
printf("ERROR. Not Bios File\n");
|
|
}else
|
|
{
|
|
//printf("try it..\n");
|
|
if(fseek(bios,0xf00,SEEK_SET))
|
|
{
|
|
printf("ERROR. -0\n");
|
|
}else
|
|
{
|
|
fread(id,32,1,bios);
|
|
for(a=0;a<32;a++)
|
|
{
|
|
buff[0xf00+a]=id[a];
|
|
}
|
|
for(a=0;a<256;a++)
|
|
{
|
|
outputdir[a]=0;
|
|
}
|
|
printf("id: %s \n",id);
|
|
sprintf(outputdir,"%s%s",dir,"_unlock.bin");
|
|
printf("Output flie %s",outputdir);
|
|
output_bios=fopen(outputdir,"wb");
|
|
if(output_bios==NULL)
|
|
{
|
|
printf("ERROR. can't Output file ..\n");
|
|
}else
|
|
{
|
|
fwrite(buff,0xffffff,1,output_bios);
|
|
fclose(output_bios);
|
|
}
|
|
|
|
printf("\n\n");
|
|
}
|
|
}
|
|
|
|
}
|
|
|
|
fclose(bios);
|
|
*/
|
|
}
|
|
|
|
int main(int argc, char *argv[])
|
|
{
|
|
|
|
printf("ThinkPad Bios unlock..v0.1\n\n\n");
|
|
if(argc==1)
|
|
{
|
|
printf("联想ThinkPad Bios超级密码解锁程序。支持X250,X260(测试)\n\n使用方法:\n");
|
|
printf("1 使用编程器将原机Bios读出\n");
|
|
printf("2 将读出的内容以二进制格式bin保存\n");
|
|
printf("3 将bin文件拖进本程序,程序会自动生成解锁Bios,(支持批量拖入,某些路径需要以管理员身份运行本软件)\n");
|
|
printf("4 将生成的解锁bios刷入,然后开机,按F1进入Bios,将超级密码改成空密码,按F10保存\n");
|
|
printf("5 完成! 注意,部分Bios芯片写入之前要先清空,否则无法校验通过。\n\n\n");
|
|
printf("编写日期 2021-12-12 00:46 联系 吴文峰 邮箱 kevin@lmve.net \n\n");
|
|
printf("项目地址 https://git.lmve.net/kevin/thinkpad_unlock_bios \n博客地址 https://wnfed.com \n\n!!!请勿商用!!!\n\n");
|
|
}
|
|
|
|
while(argc>1)
|
|
{
|
|
|
|
argc--;
|
|
tryunlock(argv[argc]);
|
|
}
|
|
printf("\n");
|
|
printf("\n");
|
|
|
|
char while_flag=0;
|
|
do
|
|
{
|
|
while_flag=tryunlock(NULL);
|
|
}while(while_flag);
|
|
|
|
//printf("have %d file\n",argc-1);
|
|
//printf(argv[1]);
|
|
//system("pause");
|
|
return 0;
|
|
}
|