Forum RSS Feed Follow @ Twitter Follow On Facebook

Thread Rating:
  • 9 Vote(s) - 4.22 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[-]
Welcome
You have to register before you can post on our site.

Username:


Password:





[-]
Latest Threads
[REQUEST] Lenovo ThinkPad Edge E420 & E5...
Last Post: Kmwww123
Today 05:49 AM
» Replies: 80
» Views: 42529
[REQUEST] Lenovo Z50-70 & Z40-70 (9BCNxx...
Last Post: Dudu2002
Yesterday 07:57 PM
» Replies: 737
» Views: 257208
[REQUEST] Lenovo Z410 & Z510 (8DCNxxWW) ...
Last Post: Dudu2002
Yesterday 11:27 AM
» Replies: 491
» Views: 168206
Request for Latest BIOS Update for Toshi...
Last Post: DeathBringer
Yesterday 02:58 AM
» Replies: 7
» Views: 298
Asus K8v-MX Socket 754 Bios
Last Post: Maxinator500
12-21-2024 10:12 AM
» Replies: 6
» Views: 568
Does my Packard Bell Easy Note TV44HC su...
Last Post: -=LTi=-
12-20-2024 08:48 AM
» Replies: 0
» Views: 107
[REQUEST] Alienware M16 R1 AMD 7745HX RT...
Last Post: arabcian
12-20-2024 04:11 AM
» Replies: 1
» Views: 666
[REQUEST] Lenovo G780 (5ECNxxWW) Whiteli...
Last Post: Tompson
12-19-2024 04:15 PM
» Replies: 878
» Views: 353960
HP Pro 3400 (Foxconn 2ABF): New GPU Supp...
Last Post: DeathBringer
12-19-2024 12:44 PM
» Replies: 30
» Views: 12691
Need help with extracting vbios option r...
Last Post: eazyblack
12-19-2024 11:45 AM
» Replies: 1
» Views: 280
[REQUEST] Lenovo Ideapad Z710 (7FCNxxWW)...
Last Post: KuroiHoshi
12-18-2024 04:12 PM
» Replies: 214
» Views: 101709
[REQUEST] BIOS Unlock for Gigabyte G5-KD...
Last Post: Dudu2002
12-18-2024 03:25 PM
» Replies: 8
» Views: 1697
[REQUEST] Insyde Bios unlock Acer aspire...
Last Post: FuryOP
12-18-2024 11:48 AM
» Replies: 0
» Views: 268
[REQUEST] Lenovo Yoga 2 Pro (76CNxxWW) W...
Last Post: Dudu2002
12-17-2024 09:37 PM
» Replies: 720
» Views: 386919
Acer Veriton X6640G
Last Post: Hooper
12-17-2024 03:11 PM
» Replies: 6
» Views: 323
[REQUEST] MSI B85-G43 Gaming Unlock Poss...
Last Post: Eririri
12-17-2024 08:47 AM
» Replies: 19
» Views: 7797
Request to unlock the UEFI startup metho...
Last Post: Same
12-17-2024 06:03 AM
» Replies: 0
» Views: 314
Modded bios for Thinkpad R32 (2658-MNG)
Last Post: drhse
12-17-2024 02:01 AM
» Replies: 0
» Views: 225
[REQUEST] Acer Aspire E1-570G BIOS Unloc...
Last Post: Dudu2002
12-16-2024 07:31 PM
» Replies: 76
» Views: 50188
[REQUEST] Lenovo IdeaPad L340 (BGCNxxWW)...
Last Post: iNatsu
12-16-2024 07:24 PM
» Replies: 84
» Views: 29092

General method to remove whitelist from Insyde BIOS
what is JNZ? can someone help me with that im am new to bios hacking
im having a hard time i have bios f.15 can anyone help me because i cannot find 55 8b ec
find
quote
I'm trying for a couple of days to remove the whitelist but with no luck. Could one of you give it a try?

http://db.tt/tkZl06Q1

find
quote
I don't want to remember this is not a requests thread.

BIOS REPOSITORY.Please consider donating (me or forum) if you like my work.
Please remember to come back and leave feedback. I hate leech and disappear thing.

Nice day.
Camilo.
find
quote
(10-02-2011, 07:07 PM)kbhaze Wrote: 8. The code for the 2 MB bios is somewhat obfuscated, and no longer uses a
JNZ jump, but rather uses a JS jump. This calls a signed integer from the
ZF register to determine the result of the test as opposed to calling a test
result directly. The JS Hex value is <<0F 88>>, and the exact instance we
are looking for is the first instance in the module.
9. Replace the 88 with 89 (this changes the jump condition to switch the true and
false paths).

Does anybody know what I've got to do in step 8? I've found the HEX value in step 7, but I'm not sure what to do next. Where do I need to change the value of the HEX 0F 88, from 88 in 89? I don't have the faintest idea...
Help would be really appreciated.
Regards,
Simania

find
quote
(01-06-2012, 11:18 AM)Simania Wrote:
(10-02-2011, 07:07 PM)kbhaze Wrote: 8. The code for the 2 MB bios is somewhat obfuscated, and no longer uses a
JNZ jump, but rather uses a JS jump. This calls a signed integer from the
ZF register to determine the result of the test as opposed to calling a test
result directly. The JS Hex value is <<0F 88>>, and the exact instance we
are looking for is the first instance in the module.
9. Replace the 88 with 89 (this changes the jump condition to switch the true and
false paths).

Does anybody know what I've got to do in step 8? I've found the HEX value in step 7, but I'm not sure what to do next. Where do I need to change the value of the HEX 0F 88, from 88 in 89? I don't have the faintest idea...
Help would be really appreciated.
Regards,
Simania

You need to go to the beginning of the file in your hex editor. When you search for those, you want the 1st result. In your hex editor you want to change the 88 with 89 (Highlight the 88 with your cursor, type in 89) and then save your file. Some hex editors show the bytes in a box, and you just select the box and type in the characters.
find
quote
Mrkmpn thanks for your help, but still I'm not able to make it.
I've found the file in step 7. If I search this file for <<0F 88>> this HEX value is not found. Strange because the file I've found in step 7, clearly has the text value 'WLAN adapter not supported' etc. next to the HEX value, so I'm under the impression I've found the right file.

(10-02-2011, 07:07 PM)kbhaze Wrote: 7a. This can be a very time consuming process as you have to search each
ROM. The string is different than the original guide, and I searched for
the hex string <<6D 00 6F 00 64 00 75 00 6C 00 65 00>> until I found
the exact error message in the text pane of HxD.
7b. The exact ROM file for me was
91472655-50E0-4D81-9AF6-239E6F431B8C_2_614.ROM.
8. The code for the 2 MB bios is somewhat obfuscated, and no longer uses a
JNZ jump, but rather uses a JS jump. This calls a signed integer from the
ZF register to determine the result of the test as opposed to calling a test
result directly. The JS Hex value is <<0F 88>>, and the exact instance we
are looking for is the first instance in the module.
9. Replace the 88 with 89 (this changes the jump condition to switch the true and
false paths).


find
quote
I finally got my hands on a 2MB ROM I could work with. I used the NAWA1110 (v1.10) ROM which is for a Lenovo G455/G555 laptop for this effort. The string to search for in this case was "Unauthorized Wireless network card is plugged in. Power off and remove it". So after loading up the .ROM file in EZH2O, I brought up WinHex (which keeps crashing so it takes longer than it would otherwise) and searched for the Unicode string. Finding that I then searched UP for the Hex Values '4d5a'. Finding this I copied from here to the end of the data region where the string was found and saved it to 'something.exe'. Since I'm on a 64 bit system I can't use debug.exe, so I used PEBrowser64, which worked fine for what I was needing. Using PEBrowser64, I opened 'something.exe' and then opened the sections list on the left pane and dbl-clicked the '.text' section which brings up a limited disassembly window. This allowed me to get the starting address and then going to the View->Disassemble At... and putting in the address '180000260' I get a disassembly of the main routine for checking the wifi card Ven/Dev ids (see fig1 and 2).

Disassembly 1 The device checking routine
Disassembly 2 The rest of the story

A quick inspection of this showed that to get out of this routine we need to get to the address '3d0' which quickly leads to the ret statement. We want to make as few changes as possible since we don't know what might happen with any of the returned values. Seeing the 'jne 305' looks like it could cause an endless loop since nothing that is tested would be changing (unless another thread was running that had access to the memory at SP+40). Also notice the 'lea cx, 960' at address 2eb, this is the address of the 'unauthorized' string. Changing the 'jne 2f9 at address 2c0 to a jmp 2f9 gets us past the string output and changing 'je 30d' at address 2fb to 'jmp 30d' gets us out no questions asked. See fig. 3 for the disassembly with the final modifications.

Disassembly 3 The Fix

I hope this helps in dealing with the 2mb version of the Insyde BIOS. Here is a link to the modded ROM:

Modded BIOS zipped
find
quote
(08-06-2010, 09:12 AM)TheWiz Wrote: IDA Pro Free version 4.9 will do the trick Smile

I tried this but it doesn't seem to work (win7x64). I get "Failed to set data for ".

Do you know how to fix it or do you know of a good disassembler for win7x64?

Thanks,
find
quote
I was hoping someone would be able to help us.

Basically we have 40 HP Probook 4310s at a school that we have attempted installation of Intel 633AN wireless cards and naturally failed (epic!), frustraightingly no problem with the other model - 4320s.

After many hours yesterday I attempted to mod the bios, but dont quite have the knowledge at the final hurdle to make the change I need to make, and with the recompiling to flash. These are 2MB.

The unicode error which I have decompiled and you can see in win hex (thanks to this thread/hspumanti)

104 - Unsupported wireless network device detected

My understanding is that the 4310s has multiple checks going on in the routine that is checking for the wireless cards such as hard drive smart status and mouse status etc.

I wouldnt mind skipping these checks like smart status etc assuming it didnt have any adverse effects once in windows - Windows 7 seams to be able read that smart status itself these days anyway?

I wonder if we could employee anyones services/assistance to help us out ?

HP Probook 4310s - VQ491EA

This is the link to the bios

http://h20000.www2.hp.com/bizsupport/Tec...sp?lang=en&cc=uk&prodNameId=3974410&prodTypeId=321957&prodSeriesId=3974409&swLang=13&taskId=135&swEnvOID=4054#120

If anyone has any pointers on what I need to change and where, and then how to recpile to a .bin again.
Any help would be greatly appreciated!

Feel free to PM/Email

Many Thanks,
Greg
find
quote
I was able to perform the mod to the latest BIOS (as of this writing) to my DV5-1235DX
and I would like to share it so the next person has an easier time.

(this bios shares with allot of the DV5-1xxxx laptops but make sure before hand.
this firmware also enables the internal bluetooth plug. (HP did this not me)

Let me know where I can post it for people to make sure im not shamming anyone
and to actually use.

Thank allot for this great thread.
find
quote


Forum Jump:


Users browsing this thread: 1 Guest(s)