Sony has a line of laptops ("Vaio") which compete mainly in the high value market segments. They implemented a master password bypass which is rather sane in comparison to the rest of the bunch:
- The randomly generated master password is only stored in RAM, e.g. it's lost after the next reboot ("one time password").
- RSA is used for encrypting the password which is then converted to a human-readable form (4x4 characters/8 bytes/64 bits).
- Their customer support apparently allows for one free password generation per device which is pretty decent by the industry standard.
python pwgen-sony.py
Master Password Generator for Sony laptops (16 characters otp)
Copyright (C) 2009-2010 dogbert
After entering the wrong password for the third time, you will receive a code from which the password can be calculated,
e.g. 73KR-3FP9-PVKH-K29R
Please enter the code:
D63K-XFVF-TK7H-RJKX
The password is: 43878945
I'm not the first one who discovered this: hpgl also reversed this scheme quite a while back. There are even some idiots on eBay who sell these master passwords. Given that my stuff has been exploited by so many greedy idiots in the past, I decided against releasing it. This will hopefully also help to reduce the influx of stupid emails from *@hotmail.com users.
Update: Since I still get a substantial amount of email concerning pwgen-sony.py, let me be perfectly clear: I will neither send you the generator nor generate codes for you. I am not interested in selling the script nor am I a substitute for the Sony support or the lack thereof. Also, I do not endorse nor am I affiliated to any shady service that sells passwords or generators. In fact, I'm in the sole possession of the script so anyone claiming to sell the script to you is clearly attempting to defraud you.
