Forum RSS Feed Follow @ Twitter Follow On Facebook

Thread Rating:
  • 11 Vote(s) - 4.64 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[-]
Welcome
You have to register before you can post on our site.

Username:


Password:





[-]
Latest Threads
Lenovo ThinkPad SL510 Whitelist Removal....
Last Post: deepTeNk
Today 03:32 PM
» Replies: 5
» Views: 6352
[REQUEST] HP Pavilion G42-272BR Whitelis...
Last Post: eepromm
Yesterday 01:55 AM
» Replies: 0
» Views: 101
[REQUEST] Lenovo G710 BIOS Whitelist Rem...
Last Post: voyageur
11-21-2024 04:33 PM
» Replies: 475
» Views: 167275
[REQUEST] Acer Aspire 5738(G,Z): CPU Upg...
Last Post: DeathBringer
11-21-2024 03:44 PM
» Replies: 49
» Views: 32881
[REQUEST] HP Mini 110-4100 BIOS Unlock
Last Post: DSI INF
11-21-2024 09:24 AM
» Replies: 7
» Views: 247
[REQUEST] Lenovo IdeaPad U310 & U410 (65...
Last Post: Dudu2002
11-21-2024 03:11 AM
» Replies: 1780
» Views: 494871
Lenovo ThinkCentre M715q 2nd Gen & AMD R...
Last Post: Elmurley
11-20-2024 09:37 PM
» Replies: 2
» Views: 1292
[REQUEST] Lenovo Y50-70 (9ECNxxWW) White...
Last Post: SWZSSR
11-20-2024 09:34 PM
» Replies: 1775
» Views: 553903
[REQUEST] Lenovo Thinkpad X240 (GIETxxWW...
Last Post: Dudu2002
11-20-2024 04:58 PM
» Replies: 337
» Views: 143567
Unlock bios insyde
Last Post: Matox3140
11-19-2024 03:40 PM
» Replies: 0
» Views: 216
Whitelist WIFI card removal Lenovo Yoga ...
Last Post: Dudu2002
11-19-2024 12:58 PM
» Replies: 1
» Views: 224
[REQUEST] H310 MSI Gaming Infinite S (MS...
Last Post: awittyusername
11-19-2024 09:21 AM
» Replies: 10
» Views: 137
[REQUEST] Gigabyte GA-B85M-HD3 Rev 2.0 u...
Last Post: Maduli
11-19-2024 02:22 AM
» Replies: 0
» Views: 167
[REQUEST] Lenovo Ideapad 330-15ICH BIOS ...
Last Post: Dudu2002
11-18-2024 01:25 PM
» Replies: 8
» Views: 1908
[REQUEST] Lenovo ThinkPad Edge E330 (H3E...
Last Post: Dudu2002
11-18-2024 01:23 PM
» Replies: 640
» Views: 221245
[Request] Unlocked Bios for Asus TUF FX5...
Last Post: FlT4ever
11-18-2024 01:05 PM
» Replies: 1
» Views: 428
[REQUEST] Lenovo ThinkPad Edge E125(v1.1...
Last Post: kamome74
11-18-2024 10:43 AM
» Replies: 0
» Views: 211
[REQUEST] Xpg 15g 4070 2023ver InsydeH20...
Last Post: MireVelli
11-18-2024 07:26 AM
» Replies: 2
» Views: 207
Please help me recover my bios
Last Post: FuryOP
11-17-2024 12:37 PM
» Replies: 0
» Views: 223
[Request-Camilo] Sony Vaio SA/SB/SC/SD/S...
Last Post: edit
11-17-2024 12:13 PM
» Replies: 107
» Views: 136968

(UEFI) Dell XPS 15z L511z modded BIOS - and HOWTO
jkbuha: still no response this afternoon, i asked again and he said tomorrow he will ask his phoenix colleagues again.

someone said there is only nt32, no nt64 at present and no plan.
find
quote
(05-08-2012, 11:44 AM)marstone Wrote: jkbuha: still no response this afternoon, i asked again and he said tomorrow he will ask his phoenix colleagues again.

someone said there is only nt32, no nt64 at present and no plan.

hmmm - if that were the case, can we use x86 mode in some way to debug DXE?

ArthurianX: Download the latest BIOS of your vendor and run it (but dont flash) - look into your temp folder and you'll find the executable for your system Smile
find
quote
Sad 
The Phoenixer said to my firend he has signed contract to not disclosure the source - -#
I will try to ask if he can give us some hints about the menu data structure in the future.

I think the source code can be compiled to either x64 or x86,
however, the ROMs we disassembled are x64, so i do not know how to convert it to x86 or any other methods to let it run in 32 bit environment.

BTW, I think if there are bits to control the menu hidden or not,
there must has some code like this:

if (menu.isHidden == false) // or if (menu->flags & HIDDEN_MASK == true)
{
// showTheMenu...
}

are there any way to let us "nop" the "if" instead?
I also guess, the code is not in the PlatformMenuAdvancedDxe.efi
because other menu tabs also follow this logic to display menus,
so the "if" must locates in some common utilities other than PlatformMenuAdvancedDxe.efi, SystemMenuMainDxe.efi...


(05-08-2012, 12:11 PM)jkbuha Wrote:
(05-08-2012, 11:44 AM)marstone Wrote: jkbuha: still no response this afternoon, i asked again and he said tomorrow he will ask his phoenix colleagues again.

someone said there is only nt32, no nt64 at present and no plan.

hmmm - if that were the case, can we use x86 mode in some way to debug DXE?

ArthurianX: Download the latest BIOS of your vendor and run it (but dont flash) - look into your temp folder and you'll find the executable for your system Smile
find
quote
(05-09-2012, 04:51 AM)marstone Wrote: BTW, I think if there are bits to control the menu hidden or not,
there must has some code like this:

if (menu.isHidden == false) // or if (menu->flags & HIDDEN_MASK == true)
{
// showTheMenu...
}

are there any way to let us "nop" the "if" instead?

That's exactly what I tried to do - nop all ifs, jump conditionally, and approximately 50 flashes later - no progress.

In reality I think the menu is structured more as follows:

Menu Item 1 && Menu Bitmask 1 (Language, default setting, hidden/visible etc)
Menu Item 2 && Menu Bitmask 2
...
Menu Item n && Menu Bitmask n

The biggest issue is trying to find where Bitmask is - as in theory if we find it all we need to do is just enable all the bits (bytes?) for the items we wish to view. Sadly just changing one conditional jump statement doesn't enable the advanced settings, as with the former EFI bioses.

With regards to the NDA your phoenixer signed - that is fair enough. All we need is just a helpful hint about how the menu bitmasks are embedded in the files, so then we can play around with them ourselves.
find
quote
(05-08-2012, 12:11 PM)jkbuha Wrote:
(05-08-2012, 11:44 AM)marstone Wrote: jkbuha: still no response this afternoon, i asked again and he said tomorrow he will ask his phoenix colleagues again.

someone said there is only nt32, no nt64 at present and no plan.

hmmm - if that were the case, can we use x86 mode in some way to debug DXE?

ArthurianX: Download the latest BIOS of your vendor and run it (but dont flash) - look into your temp folder and you'll find the executable for your system Smile

Ahhhh, I thought that step was for getting the BIOS file if we wanted to customize it ourselves.

Thanks a bunch!!!!

What I wanted to ask:

"UPDATE 18/03: Added New (unofficial) Dell A10 BIOS for the 15z. Current - and best performing - BIOS mod is the 0.83V/0.85V"

Is this the untouched A10 BIOS, or is it modded? I'm asking this because I updated to A10 a month ago.
find
quote
The A10 Bios is untouched. It's just the graphics bios which has been changed. So you can mod away Smile

DoiX from another forum pointed out this potential solution for EFI simulation: http://sourceforge.net/projects/cloverefiboot/

Looks interesting...
find
quote
Hi All ,

We already knew before that its like an if statements checking for flags or bytes , we haven`t any thing new after this .
noping the if statement will not work as this will brick the routine and may also brick the whole setup modules , we should modify the byte or flag to make the condition true to show the menus and options .
its programmed like this :-

if statement ------ language ----- menu offset in string table ----- default setting ------

the code doing this is not found in the routines in the start of the file , it found far away after the strings table , its inside the menus itself not something in the code which initialize the whole menus .
you should knew these facts :-
1) the codes and routines in the end of the setup module ( like dll entry point and others ) are responsible for showing or hiding TABS NOT MENUS AND OPTIONS .
thats why when i have modified the code , i could hide the advanced menu ..... and could show it in another UEFI bios where the advanced tab was hidden .
this is easy in assembly and could be noticed clearly .

2) the module is divided into sections :

a: the code and routines in the end of the file which is responsible for strings and TABS initialization and calling the menus routines ..... etc .this section can show the tabs ( if its hidden ) but can`t do anything with options or menus inside tabs .

b: the strings itself in the start of the file .

c: after this , we should find the strings table which works as a pointer to the strings , every 2 bytes refer to the address of a specified string .

d: after this we should find the bytes of the menus it self , inside this you can find bytes which are calling addresses in the strings table , when its called , it calls the required string ............... and we find the if statement responsible for hiding options or menus , also the bytes ( or flags ) responsible for indicating what language is this string and some other bytes which i don`t knew about yet .


so , for Marstone , we already knew about these information and i expected some interesting news from you Big Grin just kidding , i knew about NDA for all great companies and expected that your friend tell you this , we just need phoenix to release an emulator for UEFI , just like the PBE for normal phoenix BIOS ............. we can knew where menus are but we can`t knew what condition it checks to make the menu hidden , thats why i asked for emulator not the source code as i knew its impossible to get source code Smile Smile


"Many of life's failures are people who did not realize how close they were to success when they gave up." Smile
find
quote
Sad 
The phoenixer gives no help. :-( and I was busy working these days and made no progress.

I read something here:
http://www.phoenix.com/pages/phoenix-sec...e-tiano-tm
It mentions something about its "moduler" & "object oriented" source code architecture
but no ANY information about tools for OEM development
I think maybe phoenix securecore tiano is still to young and leak of tools /debug/emulation support.

to jkbuha: I take a glance at Clover EFI bootloader
It mentions DUET, I think it is some kind of UEFI "simulation",
which simulates UEFI based on BIOS, and provide interface for higher level OS & apps to run above.

but what we need is some kind of UEFI "simulator",
which simulate Hardware based on OSes (may be a user space process)
and provide interfaces for higher level UEFI to run above

to ahmed: I am wondering whether the utilities in the end of the ROMs can invoke any other utilities in another ROMs?
If it can,
I think maybe "DrawTheMenuItem" or "CheckTheHiddenBit" or etc are "common" utilities in some common ROM, not in the PlatformSetupAdvancedDxe.efi(CFEF94C4....ROM) itself.
I also find in the beginning of PlatformSetupAdvancedDxe.efi, the strings are not the menu itself. it is the Helps for the menu items in different languages, which can be show be press F1.
the hint of "Press F1 for help" is in the bottom of the Setup Program, and the string "F1" and etc in the bottom is found in another ROM.

That's to say, there must be some way to call utilities or read data between different dumped ROM files. then I will ask, is there something special in the utilities which can be invoked (such as DLL entry declarations)? it so, we can identify the location of the menu data/menu render utilities easier.
find
quote
see if it heps anyway:
http://www.osxbook.com/book/bonus/misc/legacyboot/

and this:
http://blog.fpmurphy.com/2011/01/edk2-ue...ra-14.html
find
quote
Interesting links - guys we're making some progress here!
@marstone - what do you think on dkinsano's links? I've had a look and there seems there's a lot of potential...
find
quote


Forum Jump:


Users browsing this thread: 54 Guest(s)