Forum RSS Feed Follow @ Twitter Follow On Facebook

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[-]
Welcome
You have to register before you can post on our site.

Username:


Password:





[-]
Latest Threads
Unlocked BIOS for Zephyrus M16 2023
Last Post: nir1213
Yesterday 08:56 PM
» Replies: 0
» Views: 46
[REQUEST] Lenovo IdeaPad U330, U430 & U5...
Last Post: Dudu2002
Yesterday 02:36 PM
» Replies: 413
» Views: 140816
[REQUEST] Acer Predator Helios 300 PH315...
Last Post: Dudu2002
Yesterday 02:33 PM
» Replies: 40
» Views: 13623
lenovo z570 Advanced Menu Unlocked
Last Post: Brunobox99
Yesterday 10:02 AM
» Replies: 9
» Views: 6122
[REQUEST] Lenovo IdeaPad U310 & U410 (65...
Last Post: djcostyro
Yesterday 06:48 AM
» Replies: 1783
» Views: 500725
Lenovo ThinkCentre M700 10GS - Kaby Lake...
Last Post: tommi22012
Yesterday 04:42 AM
» Replies: 11
» Views: 3811
[Request] Lenovo T550 Whitelist removal
Last Post: Dudu2002
Yesterday 04:37 AM
» Replies: 5
» Views: 1181
[REQUEST] Acer PT715-51 (Triton 700) ins...
Last Post: Dudu2002
11-27-2024 10:49 AM
» Replies: 24
» Views: 12425
[REQUEST] Acer Aspire 9300 BIOS Unlock
Last Post: Geortor
11-26-2024 04:01 PM
» Replies: 10
» Views: 2250
[Request] Asus H110M-R Mainboard - Xeon ...
Last Post: kusslegyen
11-26-2024 02:04 PM
» Replies: 14
» Views: 6787
LGA771 Bios Microcode for HP dc7800 sff
Last Post: Netuser232
11-26-2024 01:27 PM
» Replies: 136
» Views: 92141
Dell Vostro 3500 full unlocked
Last Post: kamilchno
11-26-2024 10:51 AM
» Replies: 0
» Views: 120
Bios logo
Last Post: Nkosenhle
11-26-2024 10:43 AM
» Replies: 0
» Views: 118
Gigabyte AORUS 5 (KB/SB/MB) BIOS Unlock
Last Post: Dudu2002
11-26-2024 10:41 AM
» Replies: 18
» Views: 4841
[REQUEST] Lenovo G580 (5ECNxxWW) Whiteli...
Last Post: Dudu2002
11-26-2024 09:09 AM
» Replies: 1730
» Views: 673377
[REQUEST] Lenovo Thinkpad X230(i) (G2ETx...
Last Post: willow25565
11-26-2024 02:06 AM
» Replies: 1090
» Views: 452018
[REQUEST] Lenovo Thinkpad Edge E430 & E5...
Last Post: RuryGame
11-25-2024 06:23 PM
» Replies: 494
» Views: 171791
2x CPU Dell Workstation BIOS modding
Last Post: William P
11-25-2024 03:30 PM
» Replies: 0
» Views: 151
[REQUEST] Lenovo T440(S) (GJETxxWW) Whit...
Last Post: Dudu2002
11-25-2024 01:28 PM
» Replies: 492
» Views: 186420
[Request] ECS P6LX-A bios mod for HDD si...
Last Post: pdesrosiers
11-24-2024 11:20 PM
» Replies: 0
» Views: 394

HP Pavilion g4-1012tx [UNLOCK ADVANCED OPTIONS]
#1
Hi,
I have tried to find the procedure as to how to unlock advanced options but with not much luck.
The bios itself is F.66 Rev 3.5 
The original link of the above bios is sp60864.exe and older sp55717.exe
I managed to use phoenix tool to decrypt the bios inside which is named 01666F66.BIN after looking at some log files
The logs 
______________________
Code:
--- Log started: 2018/10/06 02:15:29
Initializing...
Log file       : C:\SwSetup\sp60864\InsydeFlash.Log
Settings file  : C:\SwSetup\sp60864\platform.ini (found)
Executable     : C:\SwSetup\sp60864\InsydeFlash.exe
   Version    : 4.1.1.0    Build      : InsydeFlash
   Date       : Wed Apr 13 20:03:54 2011

Resource file  : C:\SwSetup\sp60864\iscflash.dll (loaded)
App name       : InsydesFlash
OS Information :  - supported

Preparation stage

IHISI Version  : 195
M-FD: 0 0 0 2C Not match FFFFFFFF & 1667103C != 166C103C
M-FD: 0 0 0 2C Not match FFFFFFFF & 1667103C != 166D103C
M-FD: 0 0 0 2C Not match FFFFFFFF & 1667103C != 166E103C
M-FD: 0 0 0 2C Not match FFFFFFFF & 1667103C != 166F103C
M-FD: 0 0 0 2C Not match FFFFFFFF & 1667103C != 1670103C
M-FD: 0 0 0 2C Not match FFFFFFFF & 1667103C != 1671103C
M-FD: 0 0 0 2C Not match FFFFFFFF & 1667103C != 1672103C
M-FD: 0 0 0 2C Not match FFFFFFFF & 1667103C != 1666103C
M-FD: Match!
M-FD: FD name 01666F66.BIN
Device Name:\Device\HarddiskVolume2
SearchVolumeFileAndCreateDirectory
Device Name:\Device\HarddiskVolume1
SearchVolumeFileAndCreateDirectory
Device Name:\Device\HarddiskVolume5
SearchVolumeFileAndCreateDirectory
Device Name:\Device\HarddiskVolume9
SearchVolumeFileAndCreateDirectory
Device Name:\Device\CdRom0
M-FD got:
01666F66.BINAllow Version: 000, Dex: 0
Current Version: F.66, Dex: 3942
Current BIOS version is bigger than the version setted in Ini.
Partition : 0 WMI 0x0D: 0
Check Package: 1
BIOS sign: 0
Decrypt sign File: 1
   Processing parameters...
M-FD got:
01666F66.BIN        Image file     : C:\SwSetup\sp60864\01666F66.BIN

______________________
There were a couple of other bin files there I suppose from other mobos
Any help will be greatly appreciated.
EDIT: Attached is the bios . Unpacked and decrypted with phoenixtool


Attached Files
.zip   01666F66.BIN.zip (Size: 1.9 MB / Downloads: 9)
find
quote
#2
This is RSA Encrypted BIOS, so you probably wont be able to flash modified BIOS unless you do pinmod and unlock your FD, or have a flash programmer. However, you may be able to edit the platform.ini to ignore security/signature checks etc.

Can you currently see the advanced tab/section, and stuff is grayed out, or you cannot see advanced at all? Please add an image that shows all current tab/sections, so we can see what main sections are visible to you now.
find
quote
#3
I cannot see anything about advanced settings. However after decompiling the file I managed to see that it is there.
Attached is the ifr file.
Also since I'm a programmer,I was wondering. Instead of having to rely on the efi prompt to access the advanced settings on encrypted bioses.
Couldn't we just make a tool that utilizes the efi prompt. Basically it should request the user for the ifr file parse it and display an alternative menu to users.  User will be able to access all the options that are locked away through our alternative menu. It should be safer since no bios flashing will take place.


Attached Files
.txt   FE3542FE-C1D3-4EF8-657C-8048606FF670_769 IFR.txt (Size: 194.47 KB / Downloads: 4)
find
quote
#4
Something like an opensource bios setup menu that utilizes the users ifr file.
It should be part of grub where user places his ifr file in the root dir. Then the our custom menu program parses the file and retrieves all possible commands, then displays all the options for the user.
In the background it runs the commands when the user changes settings.
find
quote
#5
Anything you can change in IFR, you can set permanently in the BIOS, that is why I was asking if you can see advanced or not because if you can I only needed to make rest visible, if not I need to try to make advanced visible for you. IFR file cannot be used in any manner like you mentioned, it's only useable to use as a reference source of what to modify where in hex or assembly etc. You may be able to make something similar to that since you are a programmer, but you would only use variables from the IFR, not the IFR itself, used along with Setup_Var via EFI Shell Grub

Do you have a flash programmer (hardware)? Or, have you already flashed modified BIOS to this board before in the past?
If no to either of those, you may need to do the pinmod to unlock FD (and then immediately reflash a unlocked FD), then you will be able to flash BIOS any way you want.

Here is mod BIOS, with full access enabled and Advanced Menu's enabled hopefully.
This may take a few different attempts on the advanced menu enable, until I can find right method to enable this for your BIOS.
https://www.sendspace.com/file/eske2e

Section E here shows several method on how to possibly unlock your FD
https://www.win-raid.com/t3553f39-Guide-...icing.html

First thing to check is for FD/FDO/ME/Service jumpers on the board, if you have that then we'll be good to go easy, set the jumper and reflash the FD. To do that, first you will dump the BIOS on the board, then upload to me unless you know how to extract the FD and edit, or edit the FD per the guide below and then reflash using FPT. It's contained in your stock BIOS download (Starting at 2000h), but not at proper location, so best to use a dump to do this once you unlock the FD. I unlocked it in the BIOS below, but it wont get flashed in, unless you unlock the FD first and then use FPT to flash the entire BIOS at once. If you can do via pinmod unlock and then flash entire BIOS, that then you wont need to dump, edit etc.

For the general mod BIOS for now, you may be able to flash using FPT from Intel System Tools Package for ME Version 6. Intel ME drivers will need to be installed I believe.
Try >> FPTw.exe -bios -f -01666F66M2.BIN

https://mega.nz/#!rVt3jJCC!-l2IP-MnuK993...z78XBCXfwU

Please add image of your current BIOS, so I can see all visible main sections, just so I can see the name of each section currently shown.
find
quote
#6
That opened up a whole new level of complexities. I didn't know there were more levels to locking bios firmware.
I have not attempted to dump the chip. But the image I last installed is the one I had uploaded.
I suppose the easiest solution is to remove the chip and flash it off-board. I've manage to flash a couple of bios chips before using a hardware programmer I built from scratch. But I don't like messing with the mobo since it's quite easy to mess things up.
EDIT:I found the schematic http://www.s-manuals.com/pdf/motherboard...matics.pdf for the board. Since the model and parts are like mine I suppose it's the same board.
Now all I need to do is short the two pins [page 25] on the audio controller, then flash the mega link file you sent through intel flash tool ?
find
quote
#7
Btw about ifr parsing. I didn't mean to modify it and flash it back to the system.
What I meant was a way to view the ifr file from grub efi shell then when the user sets his options it can e.g build a script with the modified options when the user is done the script would contain the variables that would be set using the setup_var command.
find
quote
#8
With the new info, i've been snooping around this is what I have managed to find.
It seems I'll go the audio controller hack.
This is the meinfo output

Code:
Intel(R) MEInfo Version: 6.0.0.1184
Copyright(C) 2005 - 2009, Intel Corporation. All rights reserved.

GBE Region does not exist.
Intel(R) ME code versions:

BIOS Version:                           F.02
MEBx Version:                           6.0.3.19
Gbe Version:                            Unknown
VendorID:                               8086
PCH Version:                            400006
FW Version:                             6.1.1.1045
UNS Version:                            Not Available
LMS Version:                            Not Available
MEI Driver Version:                     6.0.0.1179
Wireless Hardware Version:              Not Available
Wireless Driver Version:                Not Available

FW Capabilities:                        7264

   Intel(R) Anti-Theft Technology PC Protection
   Intel(R) Capability Licensing Service
   Protect Audio Video Path

Cryptography Support:                   Disabled
Last ME reset reason:                   Power up
BIOS and GbE Config Lock:               Enabled
SPI Flash ID #1:                        EF4016
SPI Flash ID VSCC #1:                   20052005
BIOS boot State:                        Post Boot
FWU Override Counter:                   Always
FWU Override Qualifier:                 Always
Local FWUpdate:                         Enabled
OEM Id:                                 00000000-0000-0000-0000-000000000000
FW behavior on Flash Descriptor Override Pin-Strap: Halt
find
quote
#9
Here is fpt dump for bios region. I have not unlocked the registers yet


Attached Files
.zip   bios_region.zip (Size: 1.38 MB / Downloads: 2)
find
quote
#10
More infos
Code:
Platform: Intel(R) HM55 Express Chipset Revision: B2
Reading HSFSTS register... Flash Descriptor: Valid

       --- Flash Devices Found ---
       W25Q32BV        ID:0xEF4016     Size: 4096KB (32768Kb)

       --- Flash Image Information --
       Signature: VALID
       Number of Flash Components: 1
               Component 1 - 4096KB (32768Kb)
       Regions:
               Descriptor - Base: 0x000000, Limit: 0x000FFF
               BIOS       - Base: 0x180000, Limit: 0x3FFFFF
               ME         - Base: 0x001000, Limit: 0x17FFFF
               GbE        - Not present
               PDR        - Not present
       Master Region Access:
               CPU/BIOS - ID: 0x0000, Read: 0x0B, Write: 0x0A
               ME       - ID: 0x0000, Read: 0x0D, Write: 0x0C
               GbE      - ID: 0x0118, Read: 0x08, Write: 0x08

Used Space: 4096KB, Actual Space: 4096KB

FPT Operation Passed
find
quote


Forum Jump:


Users browsing this thread: 2 Guest(s)