Welcome
|
You have to register before you can post on our site.
|
|
[REQUEST] Acer Aspire VN7-592G BIOS Unlock
|
Posts: 7
Threads: 0
Joined: Jan 2012
Reputation:
0
07-31-2016, 06:48 AM
(This post was last modified: 07-31-2016, 06:52 AM by Mhelkir.)
Hi All,
Have new VN7-592G with hidden Adevenced Options and Power Options pages.
Followed vodek instruction for older Acer: https://www.bios-mods.com/forum/Thread-R...7#pid90017
Trying to modify bios 1.11, found:
Code: 0xB45EA Suppress If: {0A 82}
0xB45EC True {46 02}
0xB45EE Setting: i-Page:, Variable: 0x258 {05 91 42 14 43 14 0B 00 34 12 58 02 00 10 00 01 00}
0xB45FF Option: Disabled, Value: 0x0 (default) {09 07 B0 12 10 00 00}
0xB4606 Option: Enabled, Value: 0x1 {09 07 B1 12 00 00 01}
0xB460D End of Options {29 02}
0xB460F End If {29 02}
Used EFI shell to boot laptop but couldn't modify 0x258, by setup_var, got msg that it can't change variable.
Tried also setup_var2 which list 2 values for 0x258 instead of one, one named "Setup" second named "Custom", and it modify only"Custom" value, which don't do anything. Couldn't change this custom back to 0x0 so flashed back whole bios by Acer tool.
Now wondering:
1. Why some ppl have yellowe letters in efi shell, I had white, wrong efi shell?
2. What software would allow me to manually change variable in .fd file, so I will alter use Acer tool to flash bios instead changing in it one value?
3. Any other options?
P.S. Please could mod move topic to Insyde subforum, sorry for mistake.
Best Regards
Posts: 7
Threads: 0
Joined: Jan 2012
Reputation:
0
Espionage724,
could you please check for me if instead of flashing with changed bios, just installing by Acer tool v1.11 and changing in EFI shell 0x259 to 0 and after restart changing 0x258 to 1 will work or brick pc? because after brick I will not have any option to flash it back.
Have the same laptop, posted recently post (in wrong subforum) https://www.bios-mods.com/forum/Thread-F...apprecited
wondered about modifying just fd file and using Acer flasher to bypass lock.
Best Regards
Posts: 70
Threads: 5
Joined: Nov 2009
Reputation:
0
(07-31-2016, 05:44 AM)Da Vinci Code Wrote: We can try last way:
Create list of some needed options with needed values,
after that i'll make it as default so you can use laptop with new settings even bios lock disabled.
I'm not sure what options are available to change, but here's what I was interested in:
- Toggle to enable and disable CSM/Legacy (I believe it's enabled by default; if so, I would like it disabled)
- Ability to set power mode for PCI devices (I can't recall what it was exactly but my old Acer laptop with its BIOS unlocked gained an option to set the PCI-E power mode to Performance instead of the default Balanced-Low)
- Ability to set NVIDIA GPU to primary (no idea if this would work; I basically want to disable Optimus but only use the NVIDIA GPU)
- UEFI option ROM for AHCI (my old Acer defaulted to a Legacy ROM even with UEFI boot set; no idea if this really makes a difference)
- Disable Secure Virtual Machine mode (I don't do virtualization or really plan to)
(07-31-2016, 10:09 AM)Mhelkir Wrote: Espionage724,
could you please check for me if instead of flashing with changed bios, just installing by Acer tool v1.11 and changing in EFI shell 0x259 to 0 and after restart changing 0x258 to 1 will work or brick pc? because after brick I will not have any option to flash it back.
Have the same laptop, posted recently post (in wrong subforum) https://www.bios-mods.com/forum/Thread-F...apprecited
wondered about modifying just fd file and using Acer flasher to bypass lock.
Best Regards
Hmm, where can I find Acer tool v1.11? Do you mean the flash tool that comes with the BIOS flash archive Acer provides? If so, I believe it'll only flash unmodified BIOS files (it complained about a non-signed BIOS file last I checked), but I wonder if it would be possible to bypass that check with the platform.ini somehow.
Posts: 7
Threads: 0
Joined: Jan 2012
Reputation:
0
(07-31-2016, 04:53 PM)espionage724 Wrote: (07-31-2016, 05:44 AM)Da Vinci Code Wrote: We can try last way:
Create list of some needed options with needed values,
after that i'll make it as default so you can use laptop with new settings even bios lock disabled.
I'm not sure what options are available to change, but here's what I was interested in:
- Toggle to enable and disable CSM/Legacy (I believe it's enabled by default; if so, I would like it disabled)
- Ability to set power mode for PCI devices (I can't recall what it was exactly but my old Acer laptop with its BIOS unlocked gained an option to set the PCI-E power mode to Performance instead of the default Balanced-Low)
- Ability to set NVIDIA GPU to primary (no idea if this would work; I basically want to disable Optimus but only use the NVIDIA GPU)
- UEFI option ROM for AHCI (my old Acer defaulted to a Legacy ROM even with UEFI boot set; no idea if this really makes a difference)
- Disable Secure Virtual Machine mode (I don't do virtualization or really plan to)
(07-31-2016, 10:09 AM)Mhelkir Wrote: Espionage724,
could you please check for me if instead of flashing with changed bios, just installing by Acer tool v1.11 and changing in EFI shell 0x259 to 0 and after restart changing 0x258 to 1 will work or brick pc? because after brick I will not have any option to flash it back.
Have the same laptop, posted recently post (in wrong subforum) https://www.bios-mods.com/forum/Thread-F...apprecited
wondered about modifying just fd file and using Acer flasher to bypass lock.
Best Regards
Hmm, where can I find Acer tool v1.11? Do you mean the flash tool that comes with the BIOS flash archive Acer provides? If so, I believe it'll only flash unmodified BIOS files (it complained about a non-signed BIOS file last I checked), but I wonder if it would be possible to bypass that check with the platform.ini somehow.
Yes, about this tool, there are many changeable flags there in platform.ini, maybe some bring more freedom,
I for sure show there flag that enable "options" without any information what options
Maybe it would help and this is enough to change bits.
Also I would like (if you could) you to check could you flash Acer bios 1.11. by this tool, original one, and then boot from usb with EFI shell to change first 0x259 and after 0x258 by setup_var - would check myself but I'm worry of brick, not have programmer.
This is different approach than flashing whole bios like you did, so maybe it will work.
Posts: 70
Threads: 5
Joined: Nov 2009
Reputation:
0
Hmm, I'm not really sure what options specifically to mess with in platform.ini or if it would really help (I can't imagine it being that easy to bypass SecureFlash :p), but I'm not too sure.
As for your request, you would want me to flash the stock latest Acer BIOS to my laptop and then try to use EFI shell to change those variables? Unfortunately that doesn't work either (both are unable to be changed).
I wonder if https://github.com/Cr4sh/ThinkPwn might be of some kind of help. I'm not sure if my laptop is exploitable with that (didn't really feel like compiling the EFI Shell to check but i'll look into it).
I'm open to any more ideas.
Posts: 70
Threads: 5
Joined: Nov 2009
Reputation:
0
08-05-2016, 12:01 AM
(This post was last modified: 08-06-2016, 01:43 AM by espionage724.)
So it looks like ThinkPwn doesn't work as-is (claims it can't find image or something like that).
I'm experimenting with changing EFI variables now. I can boot into EDK EFI Shell (v2) and change variables through there, and they look to carry over to both whatever EFI file I boot from that shell, and the OS (I can see the changed variable through efivar in Linux). They don't seem to stick after a reboot though.
This is a list of all the variables I can change along with their GUIDs:
Code: 8be4df61-93ca-11d2-aa0d-00e098032b8c-dbxDefault
8be4df61-93ca-11d2-aa0d-00e098032b8c-dbDefault
8be4df61-93ca-11d2-aa0d-00e098032b8c-KEKDefault
8be4df61-93ca-11d2-aa0d-00e098032b8c-PKDefault
5bce4c83-6a97-444b-63b4-672c014742ff-IrsiInfo
8be4df61-93ca-11d2-aa0d-00e098032b8c-BootCurrent
59d1c24f-50f1-401a-b101-f33e0daed443-BootPrev
39473de5-df3b-49a1-9fa6-41b35b36fa39-DynamicBar
39473de5-df3b-49a1-9fa6-41b35b36fa39-FixedBar
8be4df61-93ca-11d2-aa0d-00e098032b8c-ErrOutDev
8be4df61-93ca-11d2-aa0d-00e098032b8c-ConInDev
59d1c24f-50f1-401a-b101-f33e0daed443-ActiveVgaDev
59d1c24f-50f1-401a-b101-f33e0daed443-ConOutCandidateDev
8be4df61-93ca-11d2-aa0d-00e098032b8c-ConOutDev
59d1c24f-50f1-401a-b101-f33e0daed443-ConInCandidateDev
8be4df61-93ca-11d2-aa0d-00e098032b8c-PlatformLangCodes
8be4df61-93ca-11d2-aa0d-00e098032b8c-LangCodes
8be4df61-93ca-11d2-aa0d-00e098032b8c-VendorKeys
8be4df61-93ca-11d2-aa0d-00e098032b8c-SignatureSupport
8be4df61-93ca-11d2-aa0d-00e098032b8c-OsIndicationsSupported
8be4df61-93ca-11d2-aa0d-00e098032b8c-BootOrder
b2b7c21f-1786-4a64-be69-16cef7647331-SwitchableGraphicsVariable
59d1c24f-50f1-401a-b101-f33e0daed443-PhysicalBootOrder
89cb0e8d-393c-4830-bfff-65d9147e8c3b-AACV
a04a27f4-df00-4d42-b552-39511302113d-Custom
89cb0e8d-393c-4830-bfff-65d9147e8c3b-ASSN
a04a27f4-df00-4d42-b552-39511302113d-Setup
59d1c24f-50f1-401a-b101-f33e0daed443-SecureBootEnforce
8be4df61-93ca-11d2-aa0d-00e098032b8c-Boot0001
89cb0e8d-393c-4830-bfff-65d9147e8c3b-AFBD
89cb0e8d-393c-4830-bfff-65d9147e8c3b-SMAB
8be4df61-93ca-11d2-aa0d-00e098032b8c-Boot0003
8be4df61-93ca-11d2-aa0d-00e098032b8c-Boot0000
89cb0e8d-393c-4830-bfff-65d9147e8c3b-ACUB
8be4df61-93ca-11d2-aa0d-00e098032b8c-Boot0002
89cb0e8d-393c-4830-bfff-65d9147e8c3b-AEBT
d719b2cb-3d3a-4596-a3bc-dad00e67656f-db
d719b2cb-3d3a-4596-a3bc-dad00e67656f-dbx
8be4df61-93ca-11d2-aa0d-00e098032b8c-SetupMode
8be4df61-93ca-11d2-aa0d-00e098032b8c-Boot2003
8be4df61-93ca-11d2-aa0d-00e098032b8c-Boot2002
8be4df61-93ca-11d2-aa0d-00e098032b8c-Boot2001
711c703f-c285-4b10-a3b0-36ecbd3c8be2-CapsuleLongModeBuffer
973218b9-1697-432a-8b34-4884b5dfb359-S3MemVariable
8be4df61-93ca-11d2-aa0d-00e098032b8c-ConOut
a04a27f4-df00-4d42-b552-39511302113d-BootType
a56074db-65fe-45f7-bd21-2d2bdd8e9652-LegacyDevOrder
0a4cd120-ea2d-4aef-a4b0-b0c08cbbdbbe-BootDevice
bbd1fd65-5668-4fb2-8999-231095717a07-VBiosInfo
e20939be-32d4-41be-a150-897f85d49829-MemoryOverwriteRequestControl
8be4df61-93ca-11d2-aa0d-00e098032b8c-SecureBoot
59d1c24f-50f1-401a-b101-f33e0daed443-CustomSecurity
a9b5f8d2-cb6d-42c2-bc01-b5ffaae4335e-PBRDevicePath
59d1c24f-50f1-401a-b101-f33e0daed443-RestoreFactoryDefault
89cb0e8d-393c-4830-bfff-65d9147e8c3b-ACFB
16233f3e-d2bf-4de4-9b83-3bb0a581ca4d-SetupDefault
4c19049f-4137-4dd3-9c10-8b97a83ffdfa-MemoeryTypeUpdateInfo
f24643c2-c622-494e-8a0d-4632579c2d5b-TrEEPhysicalPresence
9c57c6e2-4c78-42d9-9051-96b9d80c9c92-BiosGuardStatus
382af2bb-ffff-abcd-aaee-cce099338877-SecureFlashInfo
4c19049f-4137-4dd3-9c10-8b97a83ffdfa-MemoryTypeInformation
89cb0e8d-393c-4830-bfff-65d9147e8c3b-WBSN
89cb0e8d-393c-4830-bfff-65d9147e8c3b-WBMN
89cb0e8d-393c-4830-bfff-65d9147e8c3b-AHPL
89cb0e8d-393c-4830-bfff-65d9147e8c3b-SMAC
89cb0e8d-393c-4830-bfff-65d9147e8c3b-SMAA
04b37fe8-f6ae-480b-bdd5-37d98c5e89aa-VarErrorFlag
8be4df61-93ca-11d2-aa0d-00e098032b8c-ConIn
89cb0e8d-393c-4830-bfff-65d9147e8c3b-A01LastSataPortPresent
f24643c2-c622-494e-8a0d-4632579c2d5b-TrEEPhysicalPresenceFlags
c60aa7f6-e8d6-4956-8ba1-fe26298f5e87-EPCBIOS
89cb0e8d-393c-4830-bfff-65d9147e8c3b-ADTC
89cb0e8d-393c-4830-bfff-65d9147e8c3b-ASTM
89cb0e8d-393c-4830-bfff-65d9147e8c3b-ABRV
45b5acb9-0359-49be-adb1-49377bd607f7-SgxSetupDefaultVariable
45b5acb9-0359-49be-adb1-49377bd607f7-SgxSetupVariable
8be4df61-93ca-11d2-aa0d-00e098032b8c-Timeout
59d1c24f-50f1-401a-b101-f33e0daed443-CustomPlatformLang
8be4df61-93ca-11d2-aa0d-00e098032b8c-SyncSetup
aeb9c5c1-94f1-4d02-bfd9-4602db2d3c54-Tcg2PhysicalPresence
aeb9c5c1-94f1-4d02-bfd9-4602db2d3c54-Tcg2PhysicalPresenceFlags
bb983ccf-151d-40e1-a07b-4a17be168292-MemoryOverwriteRequestControlLock
28cf6d27-0694-45d0-a06a-15266f1e8346-PegDataVar
14ef381c-9721-434e-be09-192ab97e781f-MrcS3RestoreVariable
8be4df61-93ca-11d2-aa0d-00e098032b8c-PlatformLang
8be4df61-93ca-11d2-aa0d-00e098032b8c-Lang
c020489e-6db2-4ef2-9aa5-ca06fc11d36a-AcpiGlobalVariable
eb704011-1402-11d3-8e77-00a0c969723b-MTC
89cb0e8d-393c-4830-bfff-65d9147e8c3b-AT2D0
59d1c24f-50f1-401a-b101-f33e0daed443-AdministerSecureBoot
59d1c24f-50f1-401a-b101-f33e0daed443-certdb
aaf32c78-947b-439a-a180-2e144ec37792-AuthVarKeyDatabase
I can show the data for some of those variables and alter them with setvar from EDK Shell V2. I can also show the data (but not modify it; can't quite figure it out) from Linux.
I'm working on playing with some settings and i'll edit this post with whatever I find out.
EDK EFI Shells V1 and V2: https://superuser.com/questions/1057446/...94#1057594
Command syntax for setvar: setvar VARIABLENAME -guid GUID-NAME =DATA
List variables and GUIDs: Boot into the setup_var modified EFI Shell and use lsefivar to show variables (this shows a lot more variables than both setvar from EDK Shell and efivar from Linux)
Hmm, so if I'm understanding correctly, my BIOS has two different layouts to determine what is shown for options. One is called Setup and the other is Custom. Custom appears to be the locked-down setup Acer is enforcing currently, and the other is the unlocked and/or editable one. Using the Insyde EFI Shell's setup_var2 command can freely edit variables on the Setup layout, but not the Custom one. So if I can get the BIOS to load up the Setup page instead of the Custom page, awesome things may happen :p
Can't seem to edit anything within /sys/firmware/efi/efivars either (it's mounted as rw and paranoid efi disabled). Was thinking the trick to edit some BIOS settings from there would work but unfortunately it doesn't.
Posts: 70
Threads: 5
Joined: Nov 2009
Reputation:
0
Bump; any more suggestions or ideas?
Not sure if it's applicable on my laptop, but apparently one method some people used to unlocked their descriptors was an official method from Intel involving shorting pins on the audio chip (HDA_SDO). No idea if this is still possible on newer hardware.
Posts: 1,594
Threads: 3
Joined: Jan 2015
Reputation:
70
Ok, we found new version of modding tool, it uses new algorithms of checksum calculating (perharps old version is reason of bricked laptop).
I'll prepare new mod quickly.Stay tuned
Please,do not post requests me in PM.Bios modding is very dangerous work.If i provide you confirmed modded bios, please donate for my dangerous work https://goo.gl/98BgtO.Thank you!
Posts: 1,594
Threads: 3
Joined: Jan 2015
Reputation:
70
Check your PM!
Please,do not post requests me in PM.Bios modding is very dangerous work.If i provide you confirmed modded bios, please donate for my dangerous work https://goo.gl/98BgtO.Thank you!
Posts: 70
Threads: 5
Joined: Nov 2009
Reputation:
0
Alright, got around to trying it a little bit ago. My laptop was able to boot
However, the initial boot was a little weird (it claimed the default boot device was missing and didn't want to boot any other device until I rebooted twice), and I was also unable to access the setup utility (pressing F2 at boot flashed the screen and rebooted. I was eventually able to boot my OS, but when I shut it down, I was unable to boot it again (laptop stayed powered off). Re-flashing my previous BIOS worked fine.
Here's another more-recent chip backup: https://drive.google.com/file/d/0B9CekGW...sp=sharing (the only real differences should be different boot devices and updated Intel ME firmware).
|
Users browsing this thread: 16 Guest(s)
|