Forum RSS Feed Follow @ Twitter Follow On Facebook

Thread Rating:
  • 11 Vote(s) - 4.64 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[-]
Welcome
You have to register before you can post on our site.

Username:


Password:





[-]
Latest Threads
Lenovo ThinkCentre M700 10GS - Kaby Lake...
Last Post: tommi22012
Today 04:22 PM
» Replies: 9
» Views: 3700
[Request] Asus H110M-R Mainboard - Xeon ...
Last Post: kusslegyen
Today 03:31 PM
» Replies: 14
» Views: 6675
2x CPU Dell Workstation BIOS modding
Last Post: William P
Today 03:30 PM
» Replies: 0
» Views: 30
[REQUEST] Lenovo T440(S) (GJETxxWW) Whit...
Last Post: Dudu2002
Today 01:28 PM
» Replies: 492
» Views: 185545
[Request] ECS P6LX-A bios mod for HDD si...
Last Post: pdesrosiers
Yesterday 11:20 PM
» Replies: 0
» Views: 278
Sony Vaio AW11Z - Support for Quad CPU -...
Last Post: lala2025
Yesterday 08:19 PM
» Replies: 12
» Views: 3840
[REQUEST] HP Pavilion G42-272BR Whitelis...
Last Post: eepromm
Yesterday 06:14 PM
» Replies: 1
» Views: 168
[REQUEST] Bios for packard bell tj65 wit...
Last Post: THECAIDA
Yesterday 03:49 PM
» Replies: 2
» Views: 115
[REQUEST] Lenovo G710 BIOS Whitelist Rem...
Last Post: Dudu2002
Yesterday 02:47 PM
» Replies: 476
» Views: 168146
[REQUEST] Lenovo Thinkpad X230(i) (G2ETx...
Last Post: Dudu2002
Yesterday 02:46 PM
» Replies: 1089
» Views: 450149
[REQUEST] Lenovo G50-70 (9ACNxxWW) White...
Last Post: tarikyeter
Yesterday 02:44 PM
» Replies: 236
» Views: 89142
[REQUEST] Remove whitelist in a Panasoni...
Last Post: coco62
Yesterday 11:20 AM
» Replies: 2
» Views: 1602
Lenovo ThinkPad SL510 Whitelist Removal....
Last Post: deepTeNk
11-23-2024 03:32 PM
» Replies: 5
» Views: 6397
[REQUEST] Acer Aspire 5738(G,Z): CPU Upg...
Last Post: DeathBringer
11-21-2024 03:44 PM
» Replies: 49
» Views: 33029
[REQUEST] HP Mini 110-4100 BIOS Unlock
Last Post: DSI INF
11-21-2024 09:24 AM
» Replies: 7
» Views: 318
[REQUEST] Lenovo IdeaPad U310 & U410 (65...
Last Post: Dudu2002
11-21-2024 03:11 AM
» Replies: 1780
» Views: 496913
Lenovo ThinkCentre M715q 2nd Gen & AMD R...
Last Post: Elmurley
11-20-2024 09:37 PM
» Replies: 2
» Views: 1325
[REQUEST] Lenovo Y50-70 (9ECNxxWW) White...
Last Post: SWZSSR
11-20-2024 09:34 PM
» Replies: 1775
» Views: 555866
[REQUEST] Lenovo Thinkpad X240 (GIETxxWW...
Last Post: Dudu2002
11-20-2024 04:58 PM
» Replies: 337
» Views: 144454
Unlock bios insyde
Last Post: Matox3140
11-19-2024 03:40 PM
» Replies: 0
» Views: 282

(UEFI) Dell XPS 15z L511z modded BIOS - and HOWTO
This just created another layer of confusion. lol
Thank you for clarifying anyway. I don't quiet get how one is supposed to disassemble the module into UEFI IFR ?
I have found a list of UEFI IFR operators, but I guess there must a way to disasm it right away... so far I only found a python script to do this for InsydeH2O.

Also, I have found that Lenovo B570 uses similar Phoenix Secure Core Tiano UEFI: http://support.lenovo.com/en_US/download...D=DS025905
The advanced setup module has a GUID of CFEF94C4-4167-466A-8893-8779459DFA86_1_930
The same HEX string (0A 82 45 8A 01) can be found in the module, it has lots of occurrences . 45 0A 00 00 00 00 00 00 00 00 45 0A can be found as well.
I know for a fact that this laptop has had UEFI mode and some other options like Shell unlocked from the factory, but unfortunately I don't have an access to one of these anymore...
What we could use is find someone with this machine an see what they have enabled by default since our BIOSes are somewhat similar (same Tiano compression used)
find
quote
gave a read to the another topic

and I modified

00 00 00 00 00 00 00 00 45 0A to 01 00 00 00 00 00 00 00 45 0A to enable these options. (three ocurrences)

and sucesfully unlocked two more menus, the third ocurrence made the intel me option selectable (before modify the third ocurrence it was grey out and unselectable)

[Image: dsc0069lu.jpg]
[Image: dsc0071zg.jpg]
[Image: dsc0072fgs.jpg]

I cant really belive this huge progress you are doing guys ^^


here is the total amount of strings I modified at the advanced setup module:

00 29 02 29 02 0A 82 45 8A (00) to -> 00 29 02 29 02 0A 82 45 8A (01) (two ocurrences )

00 20 00 29 02 0A 82 45 8A (00) to -> 00 20 00 29 02 0A 82 45 8A (01) (one ocurrence)

(00) 00 00 00 00 00 00 00 45 0A to -> (01) 00 00 00 00 00 00 00 45 0A (three ocurrences)
find
quote
I wonder if we can ever run out of space for menus like on regular BIOSes Smile

Thanks for confirming, kasar
Have you tried changing bytes in the 4th occurrence that I had mentioned ? while looking for 45 0A 00 00 00 00 00 00 00 00 45 0A
Or you get just 3 on your L502x's Advanced Setup module ?

P.S. Now I'm absolutely positive about UEFI mode and booting from GPT... take a look, Hackintoshers Smile
http://puu.sh/1a6b4
http://puu.sh/1a6bR
GPT-formatted USB flashdrive's EFI partition (which I assume is FAT32) CLOVERX64.efi renamed /EFI/bootx64.efi since UEFI is looking for this file.
I guess with access to a proper shell bcfg there might be a way to create additional boot option for F12 menu.
find
quote
Yes kasar that confirms what I also did earlier.

To summarize all the hacks so far, they are in fact just two, and they are as follows:

In advancedsetup efi module
1) Replace all 02 0A 82 45 8A (00) to (01)
2) Replace all (00) 00 00 00 00 00 00 00 45 0A to (01)

There's also another module to modify if you look for the byte sequence in all your BIOS ROM files... it's the security module if you're interested in all the TPM options.
find
quote
hi i found some code on my dell n5110 may be the one we search

26303: 29 02 sub %eax,(%edx)
26305: 29 02 sub %eax,(%edx)
26307: 0a 82 45 0a 01 00 or 0x10a45(%edx),%al
2630d: 00 00 add %al,(%eax)
2630f: 00 00 add %al,(%eax)
26311: 00 00 add %al,(%eax)
26313: 19 82 12 06 0d 00 sbb %eax,0xd0612(%edx)
find
quote
@TimeWalker

well, In my case, I modified all the ocurrences I had.
that was the thing wich game me more results ^^

the more I modified the more unlocked stuff (:

I didnt had any negative effects while modifing those ocurrences.

the only thing wich worried me was to flash flash, flash and flash.

everytime I flash a new bios I become really worried about the lappy dont boot anymore Big Grin

we need to get the recovery method working! Big Grin

else my head will explode sooner or later hehe ^^


Quote:There's also another module to modify if you look for the byte sequence in all your BIOS ROM files... it's the security module if you're interested in all the TPM options.

can you tell me more about that? Big Grin

I'm also wondering if is posible to unlock the computrace thing so you can enable and disable it all times you want ^^
find
quote
I haven't modded & flashed it yet, but it's the security module to enable all the TPM/Computrace options. Enable it by applying the rules I set above in my previous post.

I don't really need that module enabled for now, (I'm trying to open the overclocking/volting options at the moment) but I'm pretty sure there will be others here who need it.

(09-30-2012, 01:08 PM)Mohamed Khairy Wrote: hi i found some code on my dell n5110 may be the one we search

26303: 29 02 sub %eax,(%edx)
26305: 29 02 sub %eax,(%edx)
26307: 0a 82 45 0a 01 00 or 0x10a45(%edx),%al
2630d: 00 00 add %al,(%eax)
2630f: 00 00 add %al,(%eax)
26311: 00 00 add %al,(%eax)
26313: 19 82 12 06 0d 00 sbb %eax,0xd0612(%edx)

hi mohamed - the code is not x86, but UEFI IFR form decoding, which unfortunately we need to do manually, not through any tool. Here is the spec:

Code:
0A == EFI_IFR_SUPPRESS_IF_OP//{---+
    82:1:0000010 L2  // Scope         |
                                      |
    45 == EFI_IFR_UINT64_OP// {---+   |
    8A:1:0001010 L10 // Scope     |   |
    0000000000000000              |   | 0000000000000001 !! new value !!
    45 == EFI_IFR_UINT64_OP       |   |
    0A:0:0001010 L10 // Scope     |   |
    0000000000000000              |   |

That's why we need a 0A 82 45 8A (00) sequence. It's very strange that your BIOS doesn't have this - I need to research what the 0A opcode is.

Just out of interest, do you have many sequences with 0A 82 45 0A 00?
find
quote
@ jkbuha

UEFI IFR spec says: EFI_IFR_SUPPRESS_IF_OP: UINT64 0000000000000000

how did you find this code ?
find
quote
@jkbudha

nope, I dont have any 0A 82 45 0A 00 secuence now.


all of them are now to 0A 82 45 0A 01 and everything seems to works fine now ^^


how we can know we unlocked all menus?

I'm kinda curius because my bios is full of new options , and I dont even know what some of them does hehe

the computrace option unlock seems also interesting for me.

can you give me a clue about the the module file size in kb or what is the module name? I guess it is something.efi


as for the moment I made some text replacement at some bios title file (156 kb), and also some tweaks to gpu vbios files (64 kb) and the advanced setup file (278 kb)
find
quote
(09-30-2012, 01:34 PM)jkbuha Wrote: I haven't modded & flashed it yet, but it's the security module to enable all the TPM/Computrace options. Enable it by applying the rules I set above in my previous post.

I don't really need that module enabled for now, (I'm trying to open the overclocking/volting options at the moment) but I'm pretty sure there will be others here who need it.

(09-30-2012, 01:08 PM)Mohamed Khairy Wrote: hi i found some code on my dell n5110 may be the one we search

26303: 29 02 sub %eax,(%edx)
26305: 29 02 sub %eax,(%edx)
26307: 0a 82 45 0a 01 00 or 0x10a45(%edx),%al
2630d: 00 00 add %al,(%eax)
2630f: 00 00 add %al,(%eax)
26311: 00 00 add %al,(%eax)
26313: 19 82 12 06 0d 00 sbb %eax,0xd0612(%edx)

hi mohamed - the code is not x86, but UEFI IFR form decoding, which unfortunately we need to do manually, not through any tool. Here is the spec:

Code:
0A == EFI_IFR_SUPPRESS_IF_OP//{---+
82:1:0000010 L2 // Scope |
|
45 == EFI_IFR_UINT64_OP// {---+ |
8A:1:0001010 L10 // Scope | |
0000000000000000 | | 0000000000000001 !! new value !!
45 == EFI_IFR_UINT64_OP | |
0A:0:0001010 L10 // Scope | |
0000000000000000 | |

That's why we need a 0A 82 45 8A (00) sequence. It's very strange that your BIOS doesn't have this - I need to research what the 0A opcode is.

Just out of interest, do you have many sequences with 0A 82 45 0A 00?

nothing Sad

till now the code i posted like what are you patching will try to dump it again and search throw code for binary like you patch or parts like yours
find
quote


Forum Jump:


Users browsing this thread: 32 Guest(s)