Forum RSS Feed Follow @ Twitter Follow On Facebook

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[-]
Welcome
You have to register before you can post on our site.

Username:


Password:





[-]
Latest Threads
[REQUEST] Lenovo G710 BIOS Whitelist Rem...
Last Post: voyageur
Today 04:33 PM
» Replies: 475
» Views: 167066
[REQUEST] Acer Aspire 5738(G,Z): CPU Upg...
Last Post: DeathBringer
Today 03:44 PM
» Replies: 49
» Views: 32826
[REQUEST] HP Mini 110-4100 BIOS Unlock
Last Post: DSI INF
Today 09:24 AM
» Replies: 7
» Views: 200
[REQUEST] Lenovo IdeaPad U310 & U410 (65...
Last Post: Dudu2002
Today 03:11 AM
» Replies: 1780
» Views: 493909
Lenovo ThinkCentre M715q 2nd Gen & AMD R...
Last Post: Elmurley
Yesterday 09:37 PM
» Replies: 2
» Views: 1273
[REQUEST] Lenovo Y50-70 (9ECNxxWW) White...
Last Post: SWZSSR
Yesterday 09:34 PM
» Replies: 1775
» Views: 553220
[REQUEST] Lenovo Thinkpad X240 (GIETxxWW...
Last Post: Dudu2002
Yesterday 04:58 PM
» Replies: 337
» Views: 142690
Unlock bios insyde
Last Post: Matox3140
11-19-2024 03:40 PM
» Replies: 0
» Views: 166
Whitelist WIFI card removal Lenovo Yoga ...
Last Post: Dudu2002
11-19-2024 12:58 PM
» Replies: 1
» Views: 179
[REQUEST] H310 MSI Gaming Infinite S (MS...
Last Post: awittyusername
11-19-2024 09:21 AM
» Replies: 10
» Views: 107
[REQUEST] Gigabyte GA-B85M-HD3 Rev 2.0 u...
Last Post: Maduli
11-19-2024 02:22 AM
» Replies: 0
» Views: 123
[REQUEST] Lenovo Ideapad 330-15ICH BIOS ...
Last Post: Dudu2002
11-18-2024 01:25 PM
» Replies: 8
» Views: 1893
[REQUEST] Lenovo ThinkPad Edge E330 (H3E...
Last Post: Dudu2002
11-18-2024 01:23 PM
» Replies: 640
» Views: 220744
[Request] Unlocked Bios for Asus TUF FX5...
Last Post: FlT4ever
11-18-2024 01:05 PM
» Replies: 1
» Views: 412
[REQUEST] Lenovo ThinkPad Edge E125(v1.1...
Last Post: kamome74
11-18-2024 10:43 AM
» Replies: 0
» Views: 161
[REQUEST] Xpg 15g 4070 2023ver InsydeH20...
Last Post: MireVelli
11-18-2024 07:26 AM
» Replies: 2
» Views: 171
Please help me recover my bios
Last Post: FuryOP
11-17-2024 12:37 PM
» Replies: 0
» Views: 188
[Request-Camilo] Sony Vaio SA/SB/SC/SD/S...
Last Post: edit
11-17-2024 12:13 PM
» Replies: 107
» Views: 136885
[REQUEST] Lenovo Thinkpad Edge E440 & E5...
Last Post: Dudu2002
11-17-2024 06:50 AM
» Replies: 196
» Views: 91873
Lenovo Z580 BIOS Mod V3.1 FINAL [02/07] ...
Last Post: h1mm3r
11-17-2024 05:36 AM
» Replies: 252
» Views: 257797

samsung 900x3c 900x3d 900x4c 900x4d
#1
Hi there,

I was wondering if someone could guide me or point me in the right direction.
I want to modify the bios for my series 9 samsung 900x3d so that it allows me to access the AES-NI instructions in the cpu.

http://sbuservice.samsungmobile.com/uplo...P11ABK.exe


I know that AESNI it's locked from bios because CrystalCPUID(0x13c) said so:

MSR : 63-32 31-0 
----------------------------
0000013C : 00000000 00000003

I have tried to unpack the exe with some tools but the only one with a bit of success is 7zip and then PhoenixTool
leaving me with 2 rom files

6C60EE00-C316-4C95-A684-CDC7E7033311_0_4.ROM   ~3MB size
C8AB0F4E-26FE-40F1-9579-EA8D30D503A4_0_5.ROM   ~500K size

Am I on the right track ?
PhoenixTool states that status = EFI / Insyde Bios but I thought that it's a Pheonix(as stated in CrystalCPUID).
If I post-it in the wrong thread pls. move it.

The second issue is that this notebook no longer has a battery. It got so big(swollen) that it did not fit inside anymore.
Can I do the bios update somehow without the battery. It does not allow me to update unless I have 30% or more .
Otherwise I could borrow one from another just for the bios updates.
   


Thanks in advance.
find
quote
#2
ok, it looks like I was digging in the wrong direction.

I have now managed to get the inside contents of ITEM_20150902_21507_WIN_P11ABK.exe by setting the 
C:\Users\%username%\AppData\Local\Temp\__Samsung_Update folder without delete(read/write) parameters.

P11ABK.cap
P11ABK.cap.gz
SBIOSIO32.sys
SBIOSIO32.sys.gz
SBIOSIO64.sys
SBIOSIO64.sys.gz
SFlash32.exe
SFlash32.exe.gz
SFlash64.exe
SFlash64.exe.gz
WinUpV01_10.exe
WinUpV01_10.exe.gz
WinUpV10_ENE.exe
WinUpV10_ENE.exe.gz
xmllite.dll
xmllite.dll.gz

Now I need to dig in that P11ABK.cap to see how can I allow the AES-NI instructions
Any help is really appreciated since
find
quote
#3
ok, the next step is to have a look inside the capsule
by working with phoenixtool version 266 and following this guide http://forum.notebookreview.com/threads/...28/page-15

am I suppose to find this 0x13c and somehow change it? hmm, since my assembly skills are a bit rusty I hope that someone can hand me hand.
Perhaps at least a suggestion on the file that I should have a look in. Since there are a handful below containing the msr string. I have attached the first and last that look more promising.

Code:
for i in `cat interesting_files.txt`; do echo $i; grep -i 0x13c[^0-9a-f] $i; done
./C8AB0F4E-26FE-40F1-9579-EA8D30D503A4_2930.ROM.asm
  2d919:    81 c1 3c 01 00 00        add    $0x13c,%ecx
  35c5a:    ba 3c 01 00 00       mov    $0x13c,%edx
  3cdb6:    8d 95 c4 fe ff ff        lea    -0x13c(%ebp),%edx
  3cdd5:    8b 85 c4 fe ff ff        mov    -0x13c(%ebp),%eax
  3ce06:    8b 85 c4 fe ff ff        mov    -0x13c(%ebp),%eax
  3cec3:    8b 85 c4 fe ff ff        mov    -0x13c(%ebp),%eax
  3cefa:    8b 85 c4 fe ff ff        mov    -0x13c(%ebp),%eax
  3d038:    8b 85 c4 fe ff ff        mov    -0x13c(%ebp),%eax
  3d127:    8b 85 c4 fe ff ff        mov    -0x13c(%ebp),%eax
./4F6258FC-EBAD-4A76-BD76-16C6F208327C_2186.ROM.asm
   6e1c:    8d 86 3c 01 00 00        lea    0x13c(%esi),%eax
   72ba:    8d 83 3c 01 00 00        lea    0x13c(%ebx),%eax
   72db:    8d b3 3c 01 00 00        lea    0x13c(%ebx),%esi
   72e8:    8d 83 3c 01 00 00        lea    0x13c(%ebx),%eax
   7373:    8d 8b 3c 01 00 00        lea    0x13c(%ebx),%ecx
./91C08812-2520-4A80-898E-86F1B13DDB0B_2838.ROM.asm
    af9:    88 88 3c 01 00 00        mov    %cl,0x13c(%eax)
./5BDDE605-B107-419E-9510-AA3C434EBBE4_2534.ROM.asm
   258f:    c6 84 24 3c 01 00 00 movb   $0x43,0x13c(%esp)
./CFEF94C4-4167-466A-8893-8779459DFA86_2543.ROM.asm
  51855:    88 88 3c 01 00 00        mov    %cl,0x13c(%eax)
./2D6F37BF-9AFC-4AA5-A026-32B2FCF30FB9_2453.ROM.asm
   4be7:    88 93 3c 01 00 00        mov    %dl,0x13c(%ebx)
./793CBEA0-DA56-47F2-8264-24310CB75196_2444.ROM.asm
   571f:    88 8a 3c 01 00 00        mov    %cl,0x13c(%edx)
   5a11:    38 9b 3c 01 00 00        cmp    %bl,0x13c(%ebx)
./9FA2F805-3D86-42BC-A9C3-2B26A5DF09F9_1340.ROM.asm
   109b:    88 93 3c 01 00 00        mov    %dl,0x13c(%ebx)
   1cd1:    8a 87 3c 01 00 00        mov    0x13c(%edi),%al
./233DF097-3218-47B2-9E09-FE58C2B20D22_2898.ROM.asm
   13d1:    88 88 3c 01 00 00        mov    %cl,0x13c(%eax)
./400B4476-3081-11D6-87ED-00062945C3B9_213.ROM.asm
456:    8b 05 3c 01 00 00        mov    0x13c,%eax
./1213FD4A-9CB8-11DC-8314-0800200C9A66_1845.ROM.asm
726:    8b 05 3c 01 00 00        mov    0x13c,%eax
./1504BA7B-58F8-4D12-9638-B494A7044376_508.ROM.asm
    fc6:    8b 05 3c 01 00 00        mov    0x13c,%eax
./52F934EE-7F15-4723-90CF-4E37127718A5_2719.ROM.asm
   13af:    81 ff 3c 01 00 00        cmp    $0x13c,%edi
./EDA39402-F375-4496-92D3-83B43CB8A76A_1234.ROM.asm
    cc5:    89 a3 c4 fe ff ff        mov    %esp,-0x13c(%ebx)
./5B60CCFD-1011-4BCF-B7D1-BB99CA96A603_2711.ROM.asm
    889:    89 8e 3c 01 00 00        mov    %ecx,0x13c(%esi)
./ABAA46B8-84A3-4E74-882F-6368F6EDC9B8_2355.ROM.asm
   3a7b:    83 a0 3c 01 00 00 00 andl   $0x0,0x13c(%eax)
   49d4:    8b a9 3c 01 00 00        mov    0x13c(%ecx),%ebp
./62D171CB-78CD-4480-8678-C6A2A797A8DE_1058.ROM.asm
   4623:    b9 3c 01 00 00       mov    $0x13c,%ecx
   4643:    b9 3c 01 00 00       mov    $0x13c,%ecx
   5920:    83 bc 01 3c 01 00 00 cmpl   $0x5,0x13c(%ecx,%eax,1)
   592c:    83 bc 01 3c 01 00 00 cmpl   $0x5,0x13c(%ecx,%eax,1)
   59dc:    83 bc 10 3c 01 00 00 cmpl   $0x5,0x13c(%eax,%edx,1)
   5f9b:    c7 84 37 3c 01 00 00 movl   $0x5,0x13c(%edi,%esi,1)
   5ff4:    83 a4 37 3c 01 00 00 andl   $0x0,0x13c(%edi,%esi,1)
   611d:    8b 9c 37 3c 01 00 00 mov    0x13c(%edi,%esi,1),%ebx
   616e:    83 a4 37 3c 01 00 00 andl   $0x0,0x13c(%edi,%esi,1)
   624b:    8b 9c 2b 3c 01 00 00 mov    0x13c(%ebx,%ebp,1),%ebx
   63b2:    81 c1 3c 01 00 00        add    $0x13c,%ecx
   666f:    83 bc 2f 3c 01 00 00 cmpl   $0x0,0x13c(%edi,%ebp,1)
   6694:    89 b4 2f 3c 01 00 00 mov    %esi,0x13c(%edi,%ebp,1)
   677d:    c7 84 3e 3c 01 00 00 movl   $0x2,0x13c(%esi,%edi,1)
   69dd:    8b 9c 2f 3c 01 00 00 mov    0x13c(%edi,%ebp,1),%ebx
   6bb5:    83 a4 3b 3c 01 00 00 andl   $0x0,0x13c(%ebx,%edi,1)
   6c09:    c7 84 3b 3c 01 00 00 movl   $0x5,0x13c(%ebx,%edi,1)
   7cf6:    83 bc 02 3c 01 00 00 cmpl   $0x5,0x13c(%edx,%eax,1)
   8b10:    83 a4 3e 3c 01 00 00 andl   $0x0,0x13c(%esi,%edi,1)
   8bb8:    8b 9c 2f 3c 01 00 00 mov    0x13c(%edi,%ebp,1),%ebx
   8bf5:    89 ac 2f 3c 01 00 00 mov    %ebp,0x13c(%edi,%ebp,1)
   8db9:    8b 9c 37 3c 01 00 00 mov    0x13c(%edi,%esi,1),%ebx
   8dd5:    83 a4 37 3c 01 00 00 andl   $0x0,0x13c(%edi,%esi,1)
   9508:    8b 8c 18 3c 01 00 00 mov    0x13c(%eax,%ebx,1),%ecx

p.s. I am still unsure if the bios has an rsa signature or something like that. Does anybody know ?


Attached Files
.txt   C8AB0F4E...ROM.asm.7z.txt (Size: 829.34 KB / Downloads: 1)
.txt   62D171CB...ROM.asm.txt (Size: 816.34 KB / Downloads: 6)
find
quote
#4
So it seems that I got finally a bit ahead with this mod.

I hopefully found the place to modify inside 62D171CB-78CD-4480-8678-C6A2A797A8DE_1058.ROM
at 463d:           83 c8 03             or     $0x3,%eax
from that string I change it to 83 c8 01

then click-ed done inside PhoenixTool and tried to write it to my flash. I even solved my missing battery problem by using the /ips parameter.

Code:
D:\ITEM_20150902_21507_WIN_P11ABK>SFlash64.exe -help

Samsung-Phoenix SCT Flash for Windows V1.3.25.13-1.2, Build 120901
Copyright (c) 2011-2012 Phoenix Technologies Ltd.

Usage: SFlash [COMMAND]

bak      [filename]       Backup BIOS ROM before flash.
bbl                       Flash boot block.
bcp      [EVSA binary]    Overwrite BCP data.
cvar                      Clear variables.
dat      string           Specify the asset tag DMI string.
dmc      string           Specify the chassis manufacturer DMI string.
dmm      string           Specify the motherboard manufacturer DMI string.
dks      string           Specify the SKU number DMI string.
dms      string           Specify the system manufacturer DMI string.
dpc      string           Specify the chassis asset tag number DMI string.
dpm      string           Specify the motherboard product ID DMI string.
dps      string           Specify the system product ID DMI string.
dsc      string           Specify the chassis serial number DMI string.
dsm      string           Specify the motherboard serial number DMI string.
dss      string           Specify the system serial number DMI string.
dus      [uuid]           Specify the UUID DMI string.
dvc      string           Specify the chassis version DMI string.
dvm      string           Specify the motherboard version DMI string.
dvs      string           Specify the system version DMI string.
exit                      Exit program after flash completed.
file     filename         Indicate BIOS image file for flash.
help                      Show command list.
ipf      [region name]|all Flash specific region
logo     filename [ImageId] [filename] [ImageId] ... Replace logo.
ls       [ImageId] ...    Reserve logo in BIOS ROM.
mod      filename         Replace a FFS module.
noerror                   Do not display error messages.
nowarn                    Do not display warning messages.
oc       string           Specify the OEM command line.
p                         Production mode. Disable simple text output.
prog     start size       Flash specific area. Both parameters in hexadecimal.
patch                     Patch mode. To patch particular data to current BIOS.
raw      GUID filename [Index] Replace raw section of FFS module.
rsbr     GUID1 GUID2 ...  Reserve sub-regions with specified GUIDs.
sd                        Skip BIOS build date time checking.
slp      filename         Replace SLP marker or MSDM key.
spu      filename 20|21   Replace SLP public key.
ss                        Skip all SLP sub-regions.
sn                        Skip part number checking.
v                         Enable flash verification.
vbl                       Enable Microsoft Bit-locker check.
vcpu     [filename]       Update variable size CPU microcode.
write    filename start [fdla] Write a binary file to specific physical address
or FDLA.
wsbr     GUID filename    Write a binary file to specific sub-region.
n                         Flash boot block and clear variables
sforce                    Force to perform whole BIOS flash.
s                         Silent operation (no beeps).
sa                        Skip all check.
ips                       Ignore Power Source.
mfg                       System reboot automatically after flashing.
nomicomreset                  Skip sending Micom reset command.
pwd                       Verifiy password
quiet                     Do not display anything on screen

D:\ITEM_20150902_21507_WIN_P11ABK>SFlash64.exe /file P11ABK.cap /bak old_one.cap
/ips

Samsung-Phoenix SCT Flash for Windows V1.3.25.13-1.2, Build 120901
Copyright (c) 2011-2012 Phoenix Technologies Ltd.

SecureFlash BIOS detected.
Read BIOS image from file.
Initialize Flash module.
Read current BIOS.
Backup current BIOS (old_one.cap).

ERROR 234 - SecureFlash verification fail!

So now it looks like I need to solve the rsa signature problem that I asked a post earlier about.  Sad
find
quote
#5
Also need the same BIOS unlocked for my NP900X4D. Any progress unlocking this?
find
quote
#6
(07-24-2016, 11:38 AM)G-Trix Wrote: Also need the same BIOS unlocked for my NP900X4D. Any progress unlocking this?

Unfortunately no. It seems that this requires some more time that I do not have at the moment.
Perhaps some of the guys here could help. If they are willing to.
In the mean time I found some interesting post from donovan
http://donovan6000.blogspot.ch/2014/05/n...-bios.html


" Update: Day 135: Was able to modify the PEI so that it doesn't verify the DXE. Now all that's left it to determine what is verifying the PEI and remove that check. Then RSA bios will be moddable.
"
So someone has to check the PEI to DXE area.
As you can see it also took Donovan some time. Since my last attempt I had zero time for this. It's [censored] ugly that the manufacturer did not enabled this or at least leave this option open in bios but I guess that they had a reason which I do not comprehend yet.
Could be some license or legal issues with Intel. Perhaps someone would be good enough to enlighten us.
find
quote
#7
(07-25-2016, 03:06 PM)zez3 Wrote:
(07-24-2016, 11:38 AM)G-Trix Wrote: Also need the same BIOS unlocked for my NP900X4D. Any progress unlocking this?

Unfortunately no. It seems that this requires some more time that I do not have at the moment.
Perhaps some of the guys here could help. If they are willing to.
In the mean time I found some interesting post from donovan
http://donovan6000.blogspot.ch/2014/05/n...-bios.html


" Update: Day 135: Was able to modify the PEI so that it doesn't verify the DXE. Now all that's left it to determine what is verifying the PEI and remove that check. Then RSA bios will be moddable.
"
So someone has to check the PEI to DXE area.
As you can see it also took Donovan some time. Since my last attempt I had zero time for this. It's [censored] ugly that the manufacturer did not enabled this or at least leave this option open in bios but I guess that they had a reason which I do not comprehend yet.
Could be some license or legal issues with Intel. Perhaps someone would be good enough to enlighten us.

Sorry for bringing this thread back from the dead, but I have a NP900X4D and would like to enable AES-NI. I've scoured the internet and it seems you have gone the farthest with modifying this BIOS/UEFI image. Any luck finishing? I can pay if someone can do it.
find
quote
#8
(11-24-2017, 12:52 AM)cashchow Wrote: Sorry for bringing this thread back from the dead, but I have a NP900X4D and would like to enable AES-NI. I've scoured the internet and it seems you have gone the farthest with modifying this BIOS/UEFI image. Any luck finishing? I can pay if someone can do it.
No time,
I kind of gave up on this and decided it was time anyway to upgrade to some i7 with nvme  Wink instead of that old i5 cpu which at the moment it's just gathering dust somewhere.
But if you got some time you can dig further. I think that the next step was to get an BIOS chip reader/writer so that you don't actually brick your real bios and start discovering what's inside that PEI section.

otherwise perhaps donovan it self can give us some hints

Try sending him an PM
https://www.bios-mods.com/forum/User-donovan6000
or his mentor
https://www.bios-mods.com/forum/User-BDMaster
find
quote


Forum Jump:


Users browsing this thread: 1 Guest(s)