[This tip requires the reader to be able to operate in a DOS environment. If you cannot operate in a DOS environment you might want to show it someone who can. Suggested logic here is to replace cmd.exe with magnify.exe, so that you can open up the command windows without logging into the Windows (“ease of access” in the left bottom screen will allow you to open magnifier program without logging into the Windows, we are doing swapping!). The purpose of the opening up command windows is to enter a command that can change a user’s password without entering the previous one.]
A couple of days ago, a colleague of mine came to me and told me that he has lost the password for his newly purchased Toshiba Nb505 netbook that has Windows 7 starter installed. His request was kind of casual, he also told me that if I am busy he can find someone from downtown who can do that with some fees.
The only memory that I have of breaking into someone’s Windows system was back in year 2001~2002, when Windows 2000 was released. I was able to break into the system by following a hacking tip from a regional computer geek newspaper. That was easy because you can open up the IE5.5 through “Help function” of Chinese IME. But later the loophole was fixed by a service pack.
I did not let him go downtown because I was not sure what those mercenaries are doing to his system. I agreed that I will take a look at it. After done some searches from both google and baidu, I have found the following tip that does not require rocket-science-level knowledge.
All you need is a bootable media that can boot you into a DOS system. A Windows 98 booting disc was ideal. Since his computer is a CD-Rom less netbook, I had to use a USB thumbnail drive in place of a CD. In this case, all you need are:
- HP USB drive format tool [download from CNet]
- Windows 98 Booting Rom [download from BootDisk]
- NTFS Pro – NTFS support at DOS environment [download from Here]
Use HP USB drive format tool to format your USB drive, in order to make it a bootable media, the HP format tool will ask you the location of booting files. All the booting files are stored in the “Windows 98 Booting Rom”. After the format is done, you need to manually copy contents from the NTFSPro archive. We need the last one, because DOS does not recognize NTFS drive format by default.
Boot your system with the Bootable USB drive you have just created, as soon as the computer is booted, you will be taken into a DOS command line.
Make your Hard Disk partition that installed Windows readable is the first and the foremost task to be completed. So, type following command:
ntfspro[enter] //enabling NTFS files systems.
Then, the DOS should tell you that all your partitions in the NTFS file system are ready to use. Then, what you need to do is to replace cmd.exe with magnify.exe.
d: [enter] //jump to the d drive (I am assuming that you Windows systems is in the d drive in this case.
cd windows //change directory to windows
cd system32 //change directory to windows\system32 where cmd.exe and magnify.exe reside.
ren magnify.exe magnifo.exe // change magnify.exe to magnifo.exe temporarily.
copy cmd.exe magnify.exe //duplicate cmd.exe and make the second copy’s name as magnify.exe
Swapping action concluded!
Then, start the Windows 7, on the log in screen click “ease of access”, select the “magnifier” function second from the top, and then click OK. A command line windows should be pop up in the screen. Then enter following command to change your password.
net user yourName 123456[enter] //You have changed the password of the account “yourName” into “123456”.
You should be able to log into your system with new password!
Let me know for any testimony or confusing part.