Mobile Development – Reset Device password

Some times ago, I got a device locked with a password. As I needed to access the device using ActiveSync I did some research and found the registry keys responsible for the device password:
HKLM\Security\SIM\6fb7
HKCU\ControlPanel\Owner\PowrPass

So I wrote a small application which resets the device password.

You can use the code in your application to remove the password protection of your device.

But how can you start the app, as you cannot unlock it? If your device supports a memory card, you can use the OS feature that start an app called AutoRun.exe in a special dir of the memory card. The special dir for ARM processor based devices is 2577. If you place the PassReset.exe as AutoRun.exe in \2577 of the memory card and then place the mem card in the device and reboot the device, the OS will automatically start the app. So you can start ResetPass without having access to file explorer etc.

// PassReset.cpp : Defines the entry point for the application.
//

#include "stdafx.h"

int resetPassworkLock(){
    int iRet=0;
    HKEY hKey;
    byte *pBuf= new byte[255];
    HRESULT hRes=0;
    DWORD dwType=REG_BINARY;
    DWORD dwCount=0;

    hRes = RegOpenKeyEx(HKEY_LOCAL_MACHINE, L"Security\\SIM", 0, 0, &hKey);

    if(hRes == ERROR_SUCCESS){
        hRes = RegSetValueEx(hKey, L"6fb7", 0, dwType, NULL, dwCount);
        if(hRes==ERROR_SUCCESS){
            RegCloseKey(hKey);
            hRes = RegOpenKeyEx(HKEY_CURRENT_USER, L"ControlPanel\\Owner", 0, 0, &hKey);
            if(hRes == ERROR_SUCCESS){
                pBuf[0]=0x00;
                dwCount=1;
                hRes = RegSetValueEx(hKey, L"PowrPass", 0, dwType, pBuf, dwCount);
                if(hRes==ERROR_SUCCESS){
                    RegCloseKey(hKey);
                }
                else
                    iRet=-4; //error in setValue for PowrPass
            }
            else
                iRet=-3; //error in OpenKey for ControlPanel/Owner?
        }
        else
            iRet=-2; //error in setValue for 6fb7
        RegCloseKey(hKey);
    }
    else
        iRet=-1; //error in openKey for Security/SIM

    return iRet;
}

int WINAPI WinMain( HINSTANCE hInstance,
                    HINSTANCE hPrevInstance,
                    LPTSTR    lpCmdLine,
                    int       nCmdShow)
{
    // TODO: Place code here.
    TCHAR *errStr[5];
    errStr[0]=new TCHAR[]=L"No error";
    errStr[1]=new TCHAR[]=L"error in openKey for Security/SIM";
    errStr[2]=new TCHAR[]=L"error in setValue for 6fb7";
    errStr[3]=new TCHAR[]=L"error in OpenKey for ControlPanel/Owner";
    errStr[4]=new TCHAR[]=L"error in setValue for PowrPass";

    int iRet = resetPassworkLock();
    MessageBox(GetDesktopWindow(), errStr[abs(iRet)], L"PassReset", MB_OK);
    return iRet;
}

Download:
[Download not found]
[Download not found]

2 Comments

  1. bar says:

    Hello
    When I run the code I get a message
    error in Openkey for controlpanel/owner
    Please Help

  2. admin says:

    Hello

    I cannot help with this without knowing more background (OS Version, device security settings, …).

    Possibly issues:
    a) the device is locked down and the code is not allowed to open the reg key
    b) you have a special device where the key does not exist

    for a) you may try the Device Security Manager
    for b) use remote registry viewer and check the reg key

    This is a developer blog, be creative.

    regards

    Josef

Leave a Reply