Forum RSS Feed Follow @ Twitter Follow On Facebook

Thread Rating:
  • 3 Vote(s) - 3.67 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[-]
Welcome
You have to register before you can post on our site.

Username:


Password:





[-]
Latest Threads
[REQUEST] Lenovo Yoga 2 Pro (76CNxxWW) W...
Last Post: Dudu2002
Yesterday 09:37 PM
» Replies: 720
» Views: 384841
Acer Veriton X6640G
Last Post: Hooper
Yesterday 03:11 PM
» Replies: 6
» Views: 192
[REQUEST] MSI B85-G43 Gaming Unlock Poss...
Last Post: Eririri
Yesterday 08:47 AM
» Replies: 19
» Views: 7708
Request to unlock the UEFI startup metho...
Last Post: Same
Yesterday 06:03 AM
» Replies: 0
» Views: 80
Modded bios for Thinkpad R32 (2658-MNG)
Last Post: drhse
Yesterday 02:01 AM
» Replies: 0
» Views: 85
[REQUEST] Acer Aspire E1-570G BIOS Unloc...
Last Post: Dudu2002
12-16-2024 07:31 PM
» Replies: 76
» Views: 49748
[REQUEST] Lenovo IdeaPad L340 (BGCNxxWW)...
Last Post: iNatsu
12-16-2024 07:24 PM
» Replies: 84
» Views: 28870
[Request] ASUS Q170M-C w/ XEON E3-1270 V...
Last Post: RYGUYMI
12-16-2024 06:41 PM
» Replies: 3
» Views: 338
[Request] Dell Inspiron M5010 full unloc...
Last Post: DarkInterloper
12-16-2024 06:14 PM
» Replies: 7
» Views: 4205
HP Elitedesk 800 G3 SFF & Xeon E3-1245 v...
Last Post: pepelillo
12-16-2024 05:59 PM
» Replies: 9
» Views: 478
Need help with extracting vbios option r...
Last Post: eazyblack
12-16-2024 03:29 PM
» Replies: 0
» Views: 104
[REQUEST] Lenovo Thinkpad W540 & W541 (G...
Last Post: within1915
12-16-2024 05:46 AM
» Replies: 50
» Views: 22728
ZOTAC ZBOX MI551 7th Generation Intel Su...
Last Post: jbm11208
12-15-2024 04:25 PM
» Replies: 11
» Views: 462
[REQUEST] HP Pavilion g6-1216st Unlock
Last Post: 1nikolas1
12-15-2024 04:20 PM
» Replies: 2
» Views: 1339
Toshiba Satellite L40 (PSL48x & PSL4Cx):...
Last Post: DeathBringer
12-15-2024 01:55 PM
» Replies: 25
» Views: 11294
HP Pro 3400 (Foxconn 2ABF): New GPU Supp...
Last Post: DeathBringer
12-15-2024 07:49 AM
» Replies: 28
» Views: 12281
Changing the boot logo of Asrock j5040
Last Post: Security_Opa
12-14-2024 07:36 PM
» Replies: 0
» Views: 186
[REQUEST] Lenovo Z410 & Z510 (8DCNxxWW) ...
Last Post: Dudu2002
12-14-2024 04:11 PM
» Replies: 489
» Views: 167426
No Bios Password
Last Post: Asphaltgeier
12-14-2024 06:58 AM
» Replies: 0
» Views: 209
[request] Update microcode in HP BIOS fo...
Last Post: Starrynight
12-13-2024 04:46 PM
» Replies: 84
» Views: 67068

[Request] ROG Strix G15 Advantage Edition G513 (AMD)
#61
We know this but the problem is to get an bios dump the chip is unknown for the software and i tested some "compatible" chips but no chance so far. it looks like that this bios chip has some authentification security features.
I hope that our big player are abel to help us Smile Smile
find
quote
#62
Welcome to this growing thread XBlaster & Shadowdane and hello all,

I found the documentation for this BIOS chip again. Here is a link for all to reference: https://static6.arrow.com/aropdfconversi...20reva.pdf . It is 31 pages, but we'll probably mostly be looking at the authentication section, as jeanlegi has noted.

The pins section would be a good reference so that we are sure we are connecting the right pins together (BIOS SPI pinouts tend to be pretty standardized, so this probably isn't an issue but it would be great if someone could compare the CH341A pins to the BIOS chip pins).

For reference, from post #22, we know that the BIOS chip model number is Winbond 74M12JWPIQ/2111/6108/M0058 .

Right now, we need to familiarize ourselves with the authentication method that this chip uses. Maybe we can brainstorm (or Google search) a way to bypass this protection. I've never done this before, so this should be interesting.

Not sure if we'll get it in the end, but we are getting closer everyone (6 people now!!). Let's do this!

!!!!!PLEASE READ!!!!!! Our Ukrainian friends are undergoing atrocities right now and need support. There are two things you can do for starters:

1.) Donate to one of various organizations offering medical, military, and psychological support to those impacted: Support Organizations

2.) Combat misinformation on social media. 

Also, please feel free to PM me if I have not replied again about your BIOS mod request after 5 days.
www find
quote
#63
Okay, so the authentication process seems pretty complete and difficult to bypass (speaking as someone with security knowledge but zero experience attempting to bypass these types of mechanisms). I've read articles about people bypassing similar but less complete kinds of security mechanisms before to bypass laptop battery whitelists (yes, they exist unfortunately), but I lack the skills to do so by myself.

However, there are two different cases that the authenticate requirements could apply to:
1.) Microprocessor/CPU attempts to read/write the BIOS chip. This almost certainly makes use of the authentication procedure, with Asus providing any relevant signing of BIOS updates.
2.) Hardware programmer attempts to read/write the BIOS chip. I know the documentation says "SPI device" but I think this could refer to the CPU as well if it uses the "SPI interface" to interact with the BIOS chip. If the authentication procedure does not apply here, then I think I know how to read/write the BIOS.

This is from Winbond's documentation for this chip:
Code:
- 5 -
PIN DESCRIPTIONS
Chip Select (/CS)
The  SPI  Chip  Select  (/CS)  pin  enables  and  disables  device  operation.  When  /CS  is  high  the  device  is
deselected  and  the  Serial  Data  Output  (DO,  or  IO0,  IO1,  IO2,  IO3)  pins  are  at  high  impedance.  When
deselected, the devices power consumption will be at standby levels unless an internal erase, program or
write  status  register  cycle  is  in  progress.  When  /CS  is  brought  low  the  device  will  be  selected,  power
consumption will increase to active levels and instructions can be written to and data read from the device.
After  power-up, /CS  must transition from high to low  before a new  instruction  will  be accepted. The /CS
input must track the VCC supply level at power-up and power-down (see “Write Protection” and Figure 10a
& 10b). If needed a pull-up resister on the /CS pin can be used to accomplish this.

I found a page about pull-up and pull-down resistors: https://learn.sparkfun.com/tutorials/pul...istors/all

It seems that resistors can modify the voltage on the /CS pin to meet the requirements for reading from/writing to the device. Regardless of authentication requirements, this is going to be one of our requirements (crossing fingers that this is all we have to do). Please see page 5 of the BIOS chip documentation for a BIOS chip pinout. Descriptions of the pins are on the next page if you are curious.

I imagine we will be using a pull-up resistor. The resistor will have a button on it. When this button is not pressed, the resistor connects the /CS pin to the VCC pin, bringing up /CS's voltage to near VCC's (in other words, putting it in a "high" state). When the button is pressed, the resistor connects the /CS pin to the GND (ground) pin, which lowers the voltage on the /CS pin (in other words, putting it in a "low" state). When the voltage goes from a high state to a low state after power up (whatever "power up" means in this case - probably connecting the flash programmer or plugging in the computer), then read/write operations are allowed because the internal mechanisms in the BIOS chip allow it to use enough power to work properly.

I believe this is the way we read/write data from the BIOS chip in any useful manner. I'm going to continue doing research on this. Hopefully this is the only thing we have to do.

If anyone is a regular hardware modifier/specialist/electrician and/or knows about this stuff, any input would be greatly appreciated!

!!!!!PLEASE READ!!!!!! Our Ukrainian friends are undergoing atrocities right now and need support. There are two things you can do for starters:

1.) Donate to one of various organizations offering medical, military, and psychological support to those impacted: Support Organizations

2.) Combat misinformation on social media. 

Also, please feel free to PM me if I have not replied again about your BIOS mod request after 5 days.
www find
quote
#64
Cant we use IDA pro to disassemble the installer for the bios?, or the bios itself?, maybe we could try and sign it so it runs modified

or find a leaked version of the most recent amibcp?

i heard gigabyte servers got hacked, and there were some AMI leaked stuff, maybe we could find something there
find
quote
#65
(10-06-2021, 12:29 AM)XBlaster Wrote: Cant we use IDA pro to disassemble the installer for the bios?, or the bios itself?, maybe we could try and sign it so it runs modified

or find a leaked version of the most recent amibcp?

i heard gigabyte servers got hacked, and there were some AMI leaked stuff, maybe we could find something there

Wow, 112GB of documents. That's wild. Assuming accuracy of the article I read, that data is in the hands of those who stole it, so we can't use it.

The problem that we are facing right now is that we will not be able to flash any BIOS mods without a hardware programmer. Only unlike all other cases I've seen, the hardware programmer cannot properly read the BIOS chip (we get some version of garbage each time we attempt it). If we can't read the chip, I certainly wouldn't trust the programmer to write to it without a brick occurring. Once we can reliably read the BIOS chips and I have good BIOS dumps, I will immediately provide mods for all 6 requesters in this thread.

Thanks to the Winbond document, we know of 1 or 2 protection mechanisms that are preventing us from reading from/writing to the BIOS chip properly - the first being that we need to modulate the voltage from high to low on the /CS pin and the second possibly being an authentication mechanism (hopefully for our purposes Asus did not make use of this mechanism). I am going to continue doing research on the pull-up resistor and how we might use it in tandem with the CH341A setup before suggesting next steps for obtaining BIOS backups.

It would be awesome if we could simply sign a BIOS update ourselves, but as far as I know, to do that we would need to have Asus's private key, which is probably at least 256 bits in length, making it prohibitively difficult to brute force. All computer security systems have vulnerabilities - without exception - but I do not presently know how to bypass anything involving private key cryptography - so hopefully we aren't dealing with this.

!!!!!PLEASE READ!!!!!! Our Ukrainian friends are undergoing atrocities right now and need support. There are two things you can do for starters:

1.) Donate to one of various organizations offering medical, military, and psychological support to those impacted: Support Organizations

2.) Combat misinformation on social media. 

Also, please feel free to PM me if I have not replied again about your BIOS mod request after 5 days.
www find
quote
#66
we would need to analize how the key is used, where it could be stored, maybe use rainbow tables, its worth a try, maybe it's 256, maybe it's not, and if it is, we could set up a multiple setupt to crack that hash, given time.

there is a forum where the leaked data is being distributed, i could attempt and download it, but i need to make a virtual machine or something cuz i don't really trust the leaks
find
quote
#67
(10-07-2021, 05:10 PM)XBlaster Wrote: we would need to analize how the key is used, where it could be stored, maybe use rainbow tables, its worth a try, maybe it's 256, maybe it's not, and if it is, we could set up a multiple setupt to crack that hash, given time.

there is a forum where the leaked data is being distributed, i could attempt and download it, but i need to make a virtual machine or something cuz i don't really trust the leaks

Yeah, if we are going to have to crack authentication, I think a great place to start would be to very seriously study how it works in the documentation - learn it inside and out. I don't know how much I can contribute here, but if it comes down to it, I will do what I can even if that is just summing up the info in the document concisely and pointing to areas that I think could be attacked.

But before we get into that, we should experiment with a pull-up resistor that has a button. In the next few days, I will get to actually looking up examples of their use, examples that could help guide us in modulating the voltage on the /CS pin from high to low to allow the BIOS chip to use the voltage it needs for properly reading from/writing to the chip.

The backups that I have gotten thus far are indeed the proper 16MB in size but seem to have very little actual data in them. They consist primarily of large sequences of contiguous FF bytes, intermittently interrupted by small, contiguous, non-FF regions of data or garbage - either of which is probably indicative of a lack of necessary power (or an inconsistently adequate supply of power) for a read operation.

Once we get a backup with the proper setup, I imagine we will have a lot more insight into if/how encryption is working against us here. Hopefully it isn't. I'll post more info in the next day or two, but please feel free to post examples of pull-up resistors being used in the manor I described in Post #63.

!!!!!PLEASE READ!!!!!! Our Ukrainian friends are undergoing atrocities right now and need support. There are two things you can do for starters:

1.) Donate to one of various organizations offering medical, military, and psychological support to those impacted: Support Organizations

2.) Combat misinformation on social media. 

Also, please feel free to PM me if I have not replied again about your BIOS mod request after 5 days.
www find
quote
#68
Hello everyone,

Apologies for the delays.

For those still interested in this BIOS mod, the first (and hopefully only) thing we are going to need to do is to modulate the voltage on the /CS pin from a high state to a low state during power on using a pull-up resister to cause the BIOS chip to draw enough voltage to enable read/write operations via an SPI flash programmer (the CH341A).

At first, I thought that it might be difficult to do this as the pins are small (not tiny like many other chips on the motherboard, but still very little wiggle room). Fortunately, the 3 pins we need to connect together are on 3 of the edges of the BIOS chip.

The pull up resister, which has a button, will be attached to a breadboard, as will the resister, to simplify things. The resister - without the button pressed - will initially connect the /VCC (power) pin to the /CS (let's call it the "input" pin to match up with diagrams from guides) to put the /CS pin in a high voltage state. On power up, the button will be pressed to connect the /CS pin to the /GND (ground) pin instead. This will bring the /CS pin to a low voltage state, which is the parameter required for allowing read/write operations to take place.

I will post more information this week, hopefully sooner rather than later. Please let me know if you are still interested. I am still learning this stuff myself.

!!!!!PLEASE READ!!!!!! Our Ukrainian friends are undergoing atrocities right now and need support. There are two things you can do for starters:

1.) Donate to one of various organizations offering medical, military, and psychological support to those impacted: Support Organizations

2.) Combat misinformation on social media. 

Also, please feel free to PM me if I have not replied again about your BIOS mod request after 5 days.
www find
quote
#69
(11-30-2021, 01:06 AM)Sml6397 Wrote: Hello everyone,

Apologies for the delays.

For those still interested in this BIOS mod, the first (and hopefully only) thing we are going to need to do is to modulate the voltage on the /CS pin from a high state to a low state during power on using a pull-up resister to cause the BIOS chip to draw enough voltage to enable read/write operations via an SPI flash programmer (the CH341A).

At first, I thought that it might be difficult to do this as the pins are small (not tiny like many other chips on the motherboard, but still very little wiggle room). Fortunately, the 3 pins we need to connect together are on 3 of the edges of the BIOS chip.

The pull up resister, which has a button, will be attached to a breadboard, as will the resister, to simplify things. The resister - without the button pressed - will initially connect the /VCC (power) pin to the /CS (let's call it the "input" pin to match up with diagrams from guides) to put the /CS pin in a high voltage state. On power up, the button will be pressed to connect the /CS pin to the /GND (ground) pin instead. This will bring the /CS pin to a low voltage state, which is the parameter required for allowing read/write operations to take place.

I will post more information this week, hopefully sooner rather than later. Please let me know if you are still interested. I am still learning this stuff myself.
Hello, I know im kinda late to this thread, but I have a G513IM(4800H 3060) and I wanted to tweak the memory and CPU a little bit. I opened the laptop and found the bios chip(W25Q16JWNIQ) but I was only able to get info on the W25Q16JW chip, I think it souldnt matter so much, thankfully there is no HMEC so I
sould be good with a 1.8V logic level shifter right?
find
quote
#70
Hello bios-mods, I just wanted to tell you that I have found a program that is acutally able to read the G15 Advantage Edition BIOS file.
It is called UefiTool and can be found here: https://m.majorgeeks.com/mg/getmirror/uefitool,1.html

The fun part is in 8C8CE578-8A3D-4F1C-9935-896185C32DD3 there are DXE drivers and SMM modules listed.
I hope this information provides you some usefull help Smile
find
quote


Forum Jump:


Users browsing this thread: 1 Guest(s)