Locked Surface Pro 4 - BitLocker & UEFI

[silver-bridge]

Looking for help..

Surface Pro 4, BitLocker locked - No more recovery options. UEFI locked and I don’t know the password.

Microsoft Customer Service were helpless. Tried to boot from USB but clearly it is locked.

I am planning to open the Surface and take the SDD out and plug it in another computer using M2 SDD reader.

if I install a fresh recovery image of windows on the SSD and plug it back again in the Surface Pro, will this work? Or the TPM chip will keep the surface locked?

And if this is the scenario, is it possible also to install an additional dual boot windows or any other OS and boot from it instead of the locked BitLocker partition?
I’m also planning to try to use couple of recommended software to extract BitLocker key from the drive, anyone heard any success story of that?

 

[silver-bridge]

Is there no way you can get the bios password from the current or previous owner?

What about recovery mode, from there you might be able to format the partition and copy a wim

the surface pro is stuck at a boot loop between either a UEFI password or BitLocker no more recovery options screen.
I bought Surface Pro as spare/parts , no passwords available. I verified with Microsoft Customer Services that it is not stolen using the serial number.
I don’t have the logistics to extract the dumb of the bios, so was looking for a way around the UEFI, not keen also about the data on the device.
Was trying to figure out if I place a bootable windows on the SSD and plug it back again, Will this work or it will trigger the TPM chip..

 

[silver-bridge]

If it has an actual UEFI password then there is no way to reset it as far as I know without changing the motherboard. If boot from USB had been turned off then you won't be able to use a recovery drive.

Taking the SSD out and manually installing Windows on it via another system may be work, in that the UEFI will try to boot it by default and as you won't enable BitLocker on this install there should be nothing preventing it from booting. That's assuming you are able to take it apart without physically wrecking the system.

Thank you loads for the tip. That is what I thought off, instead of trying to reset the UEFI or the recovery key, I thought of installing a fresh windows on the SSD.
Taking it apart shouldn’t be an issue. Just lots of patience and picked up tons of tips from lots of videos I watched..
will keep you posted if it works.
My main worry is something that was mentioned before about BitLocker Redflag or something similar between the TPM chip and the SSD BitLocker.. will see how it goes

 

[silver-bridge]

Out of interest what model is it and how much did you pay? Interested to see if the risk was worth it.

Surface Pro 4, 128 g SSD, 4 gb RAM.. got it for 90 quid from eBay. In mint condition, no scratches or any damage, with unoriginal charger only..

 

[silver-bridge]

Wow, worth the effort for 90.

Is there no way to trigger the recovery mode? I'm sure on laptops in the past where a bitlocker recovery key was needed you could get in to recovery mode. If you are able to then you could use diskpart to format the partition and apply a wim from a Windows 10 ISO.

If you do open it up check if the recovery files from MS for the surface contain a WIM which you could use.

triggering the recovery mode in surface pro 4 is usually done through pressing combination of volume down+ power button or volume up + power button. Unfortunately neither worked for me, I tried different USB and using RUFUS and windows recovery manager. Checked the recovery image on the USB drive and it has the WIM file on it.
i think the problem is the boot order in the UEFI is not allowing boot from USB, so it is restricted to BitLocker recovery key to enter the recovery mood.
I will have a shot later today or tomorrow and open the surface pro, I bought an M2 SSD reader for 15 quid and will have a shot at it and see..
The other options I read about when I looked the issue up are: extracting BIOS dumb and trying to flash the BIOS with a modified dumb..
There were mention of software that can attempt cracking the BitLocker recovery key, but I doubt it would work and it will need the SSD to be taken out anyway..
I tried default passwords for the UEFI but it didn’t work, found a website that can generate a default password for certain BIOS manufacturer but couldn’t get any luck with that..
I tried draining the battery completely hoping it will reset the BIOS , but it didn’t work
I hope I will get lucky with the SSD ..

 

[silver-bridge]

If you are going to open it up, maybe try disconnecting the battery internally and leaving it for 24 hours?
No idea if this is accurate, but apparently the CMOS has a direct line from the battery and a capacitor to keep it going for a bit if the battery is removed https://www.ifixit.com/Answers/View/453045/CMOS+battery+in+SP4

Maybe if you leave it long enough with no internal battery the capacitor will drain and the cmos will reset. No idea if that resets uefi passwords though.

EDIT: a bit more googling makes me think this won't reset the password, as it looks like you need to resolder a new bios chip to reset it, although I can't find anything conclusive.

Have you tried any default passwords on the bios? There's a reddit thread here that said 123456 worked, or maybe password or something like that.

thank you loads for the tips.
Trying to force the surface to boot from USB by pressing volume down and Power button doesn’t seem to work for me. I end up with BitLocker no more recovery options screen.
I was planning to disconnect the battery and check after 24 hours, if re-installing windows on the SSD directly fails.
I tried a different combination of passwords, I came across a post about UEFI password being “password” and just tried 123456 but unfortunately neither worked.
I recall trying entering the password through a USB keyboard, there was something mentioned about a problem with the on-screen keyboard.
I watched iFixit tutorial, planning on using similar approach using a hairdryer and a pick..
then will take it from there..

 

[silver-bridge]

This is my main concern which delaying my attempt to break the surface apart.

whether the TPM chip will revoke the new OS on the SSD.. I couldn’t find any solid info of anyone who attempted that.
As Django x2 said: my main worry is something mention about BitLocker red flag implemented within the TPM, and once it senses the SSD has been tampered with, it will stop it from booting.

I am trying it this weekend anyway, and will keep you posted..

If anyone comes across any info about any chance of resetting the UEFI or TPM chip on the motherboard, let me know, will keep the surface broken apart till I exhaust every attempt and will be thankful for your help ..

 

[silver-bridge]

Here is the current update..

tried to break it apart, and failed miserably, so sacrificed the screen.

Removed the SSD and inserted another SSD but without any bootable windows on it, and plugged the surface to an external monitor using an HDMI converter.. the only screen that showed up was the UEFI password..

It didn’t show any booting errors or no media , didn’t show the BitLocker recovery options. It went straightforward to UEFI password..

which suggests if the SSD is swapped, it triggers the TPM..

I’m planning to install windows OS on the original SSD and give it a shot.. just having problems with the SSD reader which is not recognising the SSD media..

Will keep you posted..

 

[silver-bridge]

It's not the TPM. If there is no bootloader, it defaults to entering the bios, which obviously has the password. Fingers crossed the new windows install should fix it.

sorry it took me sometime, was waiting for the M-Key SSD reader..

now I can verify and confirm it.
I changed the SSD completely and installed a recovery image of windows, the Surface Pro 4 loaded into the recovery straight ahead and did not show the UEFI password screen at all.

so I reckon reformatting the original SSD will also work..

now time to hunt for a good deal on a surface pro 4 screen and I think I will have a fully functioning neat Surface Pro 4 for around 200 quid, maybe 250.
It was an entertaining project, thank you every one.. much appreciated ..