Supervisor password recovery (reset) on Novell NetWare 3.x (3.0, 3.1, 3.11, 3.12).


In case you need to login to a NetWare 3.x server as a SUPERVISOR, but you don't have the password.
This method goes into the internal debugger of the NetWare server - which needs to be done on the server's console -, also due to the server stopping any work while in the debugger, this should be done when nobody is logged in and/or not doing any important work on the server.


Step 0)
Log out users and go to the server console


Step 1)
On the NetWare server keyboard, hold down "right shift", "left shift" and "left alt", then press "Esc" (so ALL four keys simultaneously).

You will enter to the NetWare debugger and see a similar text:
Novell 386 Debugger
(C) Copyright 1987, 1992 Novell, Inc.
All Rights Reserved.
Break at 00188F37 because of Keyboard request
EAX = 00095538 EBX = 001CF1E4 ECX = 001CD588 EDX = 001CD5B8
ESI = 00000000 EDI = 001D4CB4 EBP = 00000000 ESP = 00097534
EIP = 00188F37 FLAGS = 00007206 (PF IF NT)
00188F37 FA             CLI

Step 2)
Enter "c VerifyPassword" at the # prompt. Note the capitals, this is case sensitive

You shall see something like this:
# c VerifyPassword
Enter a '.' to terminate
00117AF2 (53)=
 The 00117AF2 is the address which might differ at your server, but "53" has to be the displayed value.
Then:
Enter the value "31" and press enter.
Then enter value "C0" and press enter.
Then enter value "C3" and press enter.
Then enter a dot (".") and press enter.

So at the end of all the four entries you should see something like this: 
# c VerifyPassword
Enter a '.' to terminate
00117AF2 (53)=31   00117AF3 (56)=C0   00117AF4 (57)=C3   00117AF5 (55)=.
This will change the "VerifyPassword" routine to always return zero (success), so will allow anyone to log in with any password.
(For the ones who care, this changes the routine's first two instructions to "XOR EAX,EAX" and "RET"
Since this is a patch only in the memory, the "change" is temporary, restarting the server will bring up the server "unpatched".



Step 3)
Enter "g" and press "enter", this will resume the server's operation from where it was left off.


Step 4)
You can log in now as SUPERVISOR from any workstation and copy the files you need and/or change the password to anything else. Password will be changed permanently, eg. it will stay what set after restart.
Until the server is restarted, any user can log in with any password, so the server should be down-ed and restarted to "work as before".
(Actually one can restore the "old" code in the memory if server restart is not convenient with the "c VerifyPassword" and typing 53, 56, 57, and the dot.)




Comments, suggestion, flame, praise to:

version - yyyy.mm.ddDescription
v1.00 - 2010.04.27First version. Should have published earlier, but still might help