Saturday, January 21, 2012

Password Recovery for FSI Amilo Pi Laptops

I received numerous emails in the past from owners of Fujitsu-Siemens Amilo Pi laptops that got locked up beyond recovery: in a nutshell, a BIOS update or some other minor event has caused the password checksum to be overwritten by a seemingly random number above 2^14 (16384). In conjunction with the butchered CRC16 implementation courtesy of Phoenix, this basically means that there are no valid passwords for checksums above that number, i.e. the laptop has become an expensive paperweight.

However, there is a small backdoor, and that is the BIOS emergency recovery: it's basically the last resort to recover from a bad BIOS update. I've patched out the password check from the binary so it can be used to reset the machine  to a valid password. Here's a quick how-to:
  1. Get a USB floppy drive and a floppy disk - format the disk to FAT16.
  2. Copy the BIOS file (pi1505, pi1536, pi1556, pa2510) as "bios.wph" to the root directory of the floppy.
  3. Remove the battery and power cord from the laptop.
  4. Connect the USB floppy drive to the laptop, then insert the battery, then the power cord.
  5. Press both Ctrl+Home keys while actuating the power button. Keep Ctrl+Home  pressed for another 2-3 minutes.
  6. The BIOS is being reflashed - after that, the machine should reboot on its own.
  7. When it boots up, go to setup and set new passwords. If you get asked for a password, just enter a few random characters.
  8. Boot the laptop up again, re-flash the vendor BIOS.
  9. Go to the BIOS, reset all passwords.
That should unbrick your laptop.

mtmarco has posted alternative instructions on