Forum RSS Feed Follow @ Twitter Follow On Facebook

Thread Rating:
  • 2 Vote(s) - 4 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[-]
Welcome
You have to register before you can post on our site.

Username:


Password:





[-]
Latest Threads
[REQUEST] HP Pavilion G42-272BR Whitelis...
Last Post: eepromm
Today 01:55 AM
» Replies: 0
» Views: 52
[REQUEST] Lenovo G710 BIOS Whitelist Rem...
Last Post: voyageur
Yesterday 04:33 PM
» Replies: 475
» Views: 167140
[REQUEST] Acer Aspire 5738(G,Z): CPU Upg...
Last Post: DeathBringer
Yesterday 03:44 PM
» Replies: 49
» Views: 32839
[REQUEST] HP Mini 110-4100 BIOS Unlock
Last Post: DSI INF
Yesterday 09:24 AM
» Replies: 7
» Views: 225
[REQUEST] Lenovo IdeaPad U310 & U410 (65...
Last Post: Dudu2002
Yesterday 03:11 AM
» Replies: 1780
» Views: 494134
Lenovo ThinkCentre M715q 2nd Gen & AMD R...
Last Post: Elmurley
11-20-2024 09:37 PM
» Replies: 2
» Views: 1279
[REQUEST] Lenovo Y50-70 (9ECNxxWW) White...
Last Post: SWZSSR
11-20-2024 09:34 PM
» Replies: 1775
» Views: 553493
[REQUEST] Lenovo Thinkpad X240 (GIETxxWW...
Last Post: Dudu2002
11-20-2024 04:58 PM
» Replies: 337
» Views: 143055
Unlock bios insyde
Last Post: Matox3140
11-19-2024 03:40 PM
» Replies: 0
» Views: 194
Whitelist WIFI card removal Lenovo Yoga ...
Last Post: Dudu2002
11-19-2024 12:58 PM
» Replies: 1
» Views: 201
[REQUEST] H310 MSI Gaming Infinite S (MS...
Last Post: awittyusername
11-19-2024 09:21 AM
» Replies: 10
» Views: 126
[REQUEST] Gigabyte GA-B85M-HD3 Rev 2.0 u...
Last Post: Maduli
11-19-2024 02:22 AM
» Replies: 0
» Views: 146
[REQUEST] Lenovo Ideapad 330-15ICH BIOS ...
Last Post: Dudu2002
11-18-2024 01:25 PM
» Replies: 8
» Views: 1899
[REQUEST] Lenovo ThinkPad Edge E330 (H3E...
Last Post: Dudu2002
11-18-2024 01:23 PM
» Replies: 640
» Views: 220821
[Request] Unlocked Bios for Asus TUF FX5...
Last Post: FlT4ever
11-18-2024 01:05 PM
» Replies: 1
» Views: 419
[REQUEST] Lenovo ThinkPad Edge E125(v1.1...
Last Post: kamome74
11-18-2024 10:43 AM
» Replies: 0
» Views: 189
[REQUEST] Xpg 15g 4070 2023ver InsydeH20...
Last Post: MireVelli
11-18-2024 07:26 AM
» Replies: 2
» Views: 188
Please help me recover my bios
Last Post: FuryOP
11-17-2024 12:37 PM
» Replies: 0
» Views: 205
[Request-Camilo] Sony Vaio SA/SB/SC/SD/S...
Last Post: edit
11-17-2024 12:13 PM
» Replies: 107
» Views: 136942
[REQUEST] Lenovo Thinkpad Edge E440 & E5...
Last Post: Dudu2002
11-17-2024 06:50 AM
» Replies: 196
» Views: 91933

[REQUEST] Lenovo Thinkpad T430 (G1ETxxWW) Whitelist Removal
#91
(04-09-2014, 12:23 PM)devasish Wrote: sovem please help me for e420 at my post http://www.bios-mods.com/forum/Thread-le...-whitelist posted this here bcoz no one replied so far Sad

I replied on your original post.
Regards

[size=undefined]Your Brain [/size]. . . . It's the best tool U can use ! Wink
[size=undefined]Don't FLASH the Bios Mod if You get a Size Alert, You risk a Brick !!! [/size]
Donate to me for my work, click here BDM
find
quote
#92
BDMaster,
these are what i changed:
- 75 2B at offset C7D into 90 90
- 75 16 at offset C92 into 90 90
- 74 1B at offset CA8 into EB 1B
below is how i remove the whitelist check using some tools.
i had difficulties when dealing with softwares for the first time.
so i try to put the instruction that way. hope it helps anyone want to learn removing whitelist and how to use of IDA and HxD.
removing whitelist check on T430 bios
i'll post more on how i use my True GQ 4X to flash the BIOS when i get back home.

regards.
(04-09-2014, 12:12 PM)BDMaster Wrote:
(04-09-2014, 11:30 AM)ucupsz Wrote: wohoooo...!!!!
we've made it.... Smile)

based on your explanation, i changed the two jnz to nop, and one jz to jmp.
and it works!
i type this from T430 with broadcomm wifi card. Smile)

i'll post more detail steps tomorrow.
getting late here, need to drive early morning tomorrow.

zillion thanks BDmaster!! you're my hero!

Finally thanks for your reply !
I think these would be the mods :

unlock infinite loop :
0BEB : 75 F5 to 75 00 or 90 90 jnz short loc_BE2 to jnz $+2

unlock whitelist :
0C7D : 75 2B to 75 00 or 90 90 jnz short loc_CAA to jnz $+2

0C92 : 75 16 to 75 00 or 90 90 jnz short loc_CAA to jnz $+2

0CA8 : 74 1B to EB 1B jz short loc_CC5 to jmp short loc_CC5

Let me know, if It's right !

Can You explain how to flash and setting to use Soic Clamp Adapter ? as You said You will
write a new Tutorial detailed about use of SPI Programmer and I am interesting to it !
Regards
find
quote
#93
Ok Thanks, and I will wait Your tutorial about using SPI programmer
without desoldering chips ! (I will buy SPIPGM so iwould be shure I will use on-board as You done).
Regards

[size=undefined]Your Brain [/size]. . . . It's the best tool U can use ! Wink
[size=undefined]Don't FLASH the Bios Mod if You get a Size Alert, You risk a Brick !!! [/size]
Donate to me for my work, click here BDM
find
quote
#94
BDMaster,
sure... will do it.
btw, another issue with Thinkpad starting T430 and next release is the keyboard.
thinkpad veteran like old keyboard.
do you know how to find which .ROM module contains keyboard command/mapping?

i'm thinking of swapping .rom module in T420 BIOS with .rom module in T430.
want to see if that might enable all T420 keyboard in T430 hardware.

(04-11-2014, 01:20 AM)BDMaster Wrote: Ok Thanks, and I will wait Your tutorial about using SPI programmer
without desoldering chips ! (I will buy SPIPGM so iwould be shure I will use on-board as You done).
Regards
find
quote
#95
Ok We can try, but explain to me better the keyboard problem, I will find all I can
about the control keyboard module.
Regards

[size=undefined]Your Brain [/size]. . . . It's the best tool U can use ! Wink
[size=undefined]Don't FLASH the Bios Mod if You get a Size Alert, You risk a Brick !!! [/size]
Donate to me for my work, click here BDM
find
quote
#96
BDMaster,
i documented my learning process of removing whitelist and flashing the bios in following document. hope it helps you and others in learning how to remove whitelist and flashing the bios in T430.
http://rg.to/file/3dd7839752dc2a42442cc8....docx.html

regards.
(04-11-2014, 04:29 PM)BDMaster Wrote: Ok We can try, but explain to me better the keyboard problem, I will find all I can
about the control keyboard module.
Regards
find
quote
#97
(04-13-2014, 02:19 AM)ucupsz Wrote: BDMaster,
i documented my learning process of removing whitelist and flashing the bios in following document. hope it helps you and others in learning how to remove whitelist and flashing the bios in T430.
http://rg.to/file/3dd7839752dc2a42442cc8....docx.html

regards.
(04-11-2014, 04:29 PM)BDMaster Wrote: Ok We can try, but explain to me better the keyboard problem, I will find all I can
about the control keyboard module.
Regards

Thanks friend,
It's a superb tutorial and shown all I need to know about SPIPGM to use on-board (only missing your experiences with timing problems ?!?) !
So now We can try to mod module keyboard driver . . .
Regards

[size=undefined]Your Brain [/size]. . . . It's the best tool U can use ! Wink
[size=undefined]Don't FLASH the Bios Mod if You get a Size Alert, You risk a Brick !!! [/size]
Donate to me for my work, click here BDM
find
quote
#98
BDMaster, Rehabman, and others who must use hardware solution for T430 (and perhaps other series??),
i have tried to see how lenovo's official bios update works, looks like the authentification for secure capsule is in winflash64.exe.
(i used win7 64bit).
it's in the oem check section.
kind a hard to understand all of the assembly. IMO, this is much more complicated than removing whitelist.
i will write how i setup my system to be able to debug and patch the winflash64.exe in .docx format.
hope someone with better understanding of assembly language and programming than me can fix the oem check.
Then hardware based flash update for T430, x230 (and perhaps other lenovo series) is not necessary anymore.
------------------------------------
this is the file.
find
quote
#99
(05-05-2014, 10:03 AM)ucupsz Wrote: BDMaster, Rehabman, and others who must use hardware solution for T430 (and perhaps other series??),
i have tried to see how lenovo's official bios update works, looks like the authentification for secure capsule is in winflash64.exe.
(i used win7 64bit).
it's in the oem check section.
kind a hard to understand all of the assembly. IMO, this is much more complicated than removing whitelist.
i will write how i setup my system to be able to debug and patch the winflash64.exe in .docx format.
hope someone with better understanding of assembly language and programming than me can fix the oem check.
Then hardware based flash update for T430, x230 (and perhaps other lenovo series) is not necessary anymore.
------------------------------------
this is the file.

Hi Ucupsz,
The Big expert in Insyde Reversing is Donovan6000 and He tried to bypass Secure Flash check in his experiments,
so I would to ask to Donovan for contribute at this study !
I will write to him about your research and I will push this link to this discussion with the hope He could partecipate too.
Many thanks for your efforts.
Regards

[size=undefined]Your Brain [/size]. . . . It's the best tool U can use ! Wink
[size=undefined]Don't FLASH the Bios Mod if You get a Size Alert, You risk a Brick !!! [/size]
Donate to me for my work, click here BDM
find
quote
Insyde secure flash is certainly annoying lol Tongue

I guess I'll contribute a little bit. Get ready for a long post! When a new rom is flashed via Insyde's programs, it is flashed to a reserved space on the bios chip which is 20MB ( according to the source code). Then immedialey after the computer restarts, then old bios verifies the new bios before overwiriting itself with it. Then the new bios is fully in place.

Since it is the old bios which is verifying the new bios, we can't modify the secure flash verification process since it would require modifying the old rom somehow. Here's some of the code that the old rom preforms at the end of the verifccation process.
Code:
if (*ErrorStatus == EFI_ACCESS_DENIED) {
do {
IfrLibCreatePopUp (8,
&Key,
L"",
L" InsydeH2O - Secure Flash ",
L"",
L" Error : Invalid firmware image!!! ",
L"",
L"",
L" Please press any key to reset system...... ",
L""
);
} while (Key.UnicodeChar == CHAR_NULL);
} else if (*ErrorStatus == EFI_SUCCESS) {
do {
IfrLibCreatePopUp (8,
&Key,
L"",
L" InsydeH2O - Secure Flash ",
L"",
L" Status : Finish!!! ",
L"",
L"",
L" Please press any key to reset system...... ",
L""
);
} while (Key.UnicodeChar == CHAR_NULL);
} else {
do {
IfrLibCreatePopUp (8,
&Key,
L"",
L" InsydeH2O - Secure Flash ",
L"",
L" Error : Firmware update failed!!! ",
L"",
L"",
L" Please press any key to reset system...... ",
L""
);
} while (Key.UnicodeChar == CHAR_NULL);
}

The digital signature for the new rom isn't limited to a fixed hash algorithm. It can be any of the following. Most manufacturers go with one of the asymmetric encryption algorithms, so it's something we can easily change accuratley Undecided
Code:
Sha1
Sha224
Sha245
Sha384
Sha512
Md5
Tdes
Aes
Rsa
Pkcs7
X509

This digital signature is stored in the extra space in the bios rom. You'll notice that the Insyde secure roms are slightly bigger than what they should be. They are also PE32 programs, which you can verify by looking at their header. This program is run by Insyde's flasher programs and it will usually overwrite platforms.ini with an unmodified version to make modifying platforms.ini useless. However my tests have shown that any modifications to platforms.ini's secure flash settings is useless anyway.

So what if we extract the pure rom from the securre flash rom and try to flash that? Thanks to the research done by BDMaster, this is simple Big Grin Unfortunatley InsydeFlash.exe will make sure the rom is secure before flashing it. Special thanks to the person who was willing to test out my ideas on their computer lol
[Image: 4pus9tyemw1jsj8fg.jpg]

So lets bypass that error to make it flash the pure rom.
[Image: d61fv5xyx8yetd3fg.jpg]

So we look up what that error message corresponds to in Iscflash.dll, and we find out that it is a write permission error. And here's where I'm stuck lol Tongue The region of the bios chip that contains the current bios is locked. So we can't directly overwrite it with InsydeFlash.exe. I have some more ideas, but nothing I want to make public right now Wink If I ever buy a laptop that has Insyde Secure bios, then I'll be able to experiment more Sleepy
find
quote


Forum Jump:


Users browsing this thread: 14 Guest(s)