Forum RSS Feed Follow @ Twitter Follow On Facebook

Thread Rating:
  • 2 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[-]
Welcome
You have to register before you can post on our site.

Username:


Password:





[-]
Latest Threads
[REQUEST] Acer PT715-51 (Triton 700) ins...
Last Post: curlycopland
Yesterday 07:22 PM
» Replies: 23
» Views: 12288
[REQUEST] Acer Aspire 9300 BIOS Unlock
Last Post: Geortor
Yesterday 04:01 PM
» Replies: 10
» Views: 2223
Lenovo ThinkCentre M700 10GS - Kaby Lake...
Last Post: DeathBringer
Yesterday 02:55 PM
» Replies: 10
» Views: 3769
[Request] Asus H110M-R Mainboard - Xeon ...
Last Post: kusslegyen
Yesterday 02:04 PM
» Replies: 14
» Views: 6735
LGA771 Bios Microcode for HP dc7800 sff
Last Post: Netuser232
Yesterday 01:27 PM
» Replies: 136
» Views: 92060
Dell Vostro 3500 full unlocked
Last Post: kamilchno
Yesterday 10:51 AM
» Replies: 0
» Views: 49
Bios logo
Last Post: Nkosenhle
Yesterday 10:43 AM
» Replies: 0
» Views: 57
Gigabyte AORUS 5 (KB/SB/MB) BIOS Unlock
Last Post: Dudu2002
Yesterday 10:41 AM
» Replies: 18
» Views: 4773
[REQUEST] Lenovo G580 (5ECNxxWW) Whiteli...
Last Post: Dudu2002
Yesterday 09:09 AM
» Replies: 1730
» Views: 672073
[REQUEST] Lenovo Thinkpad X230(i) (G2ETx...
Last Post: willow25565
Yesterday 02:06 AM
» Replies: 1090
» Views: 451228
[REQUEST] Lenovo Thinkpad Edge E430 & E5...
Last Post: RuryGame
11-25-2024 06:23 PM
» Replies: 494
» Views: 171170
2x CPU Dell Workstation BIOS modding
Last Post: William P
11-25-2024 03:30 PM
» Replies: 0
» Views: 89
[REQUEST] Lenovo T440(S) (GJETxxWW) Whit...
Last Post: Dudu2002
11-25-2024 01:28 PM
» Replies: 492
» Views: 186039
[Request] ECS P6LX-A bios mod for HDD si...
Last Post: pdesrosiers
11-24-2024 11:20 PM
» Replies: 0
» Views: 353
Sony Vaio AW11Z - Support for Quad CPU -...
Last Post: lala2025
11-24-2024 08:19 PM
» Replies: 12
» Views: 3879
[REQUEST] HP Pavilion G42-272BR Whitelis...
Last Post: eepromm
11-24-2024 06:14 PM
» Replies: 1
» Views: 203
[REQUEST] Bios for packard bell tj65 wit...
Last Post: THECAIDA
11-24-2024 03:49 PM
» Replies: 2
» Views: 160
[REQUEST] Lenovo G710 BIOS Whitelist Rem...
Last Post: Dudu2002
11-24-2024 02:47 PM
» Replies: 476
» Views: 168752
[REQUEST] Lenovo G50-70 (9ACNxxWW) White...
Last Post: tarikyeter
11-24-2024 02:44 PM
» Replies: 236
» Views: 89341
[REQUEST] Remove whitelist in a Panasoni...
Last Post: coco62
11-24-2024 11:20 AM
» Replies: 2
» Views: 1612

[REQUEST] ASUS TUF A15 FA506IV BIOS Unlock
#41
(06-28-2021, 12:25 PM)Sml6397 Wrote: Hello KnoxMe,

Thank you for your continued patience with this! Hopefully soon you'll have access to not only the CBS Menu, but also the Chipset Menu.

I have prepared another mod for the Chipset Menu. This mod involves edits to the AMITSESetupData module that change the required access level for the chipset menu to "USER" instead of "DEFAULT". Let me know how this flash goes!


The rest of this post is an informational reference containing the details of the mod. You can skip over this if you wish or read it if you want to know what is going on behind the scenes. Smile

0x19921 Form: Chipset, Form ID: 0x2713 {01 86 13 27 1E 00}

The last two bracketed bytes (1E 00) in the line above appear in AMISESetupData for each menu and sub-menu (these bytes will be different for different menus and sub-menus, of course). This line was taken from the IFR text given from Donovon6000's Universal IFR Extractor run on the Setup module extracted from the UEFI image using UEFITool.


1E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
04 00 00 00 00 00 00 00 01 00 01 00 31 00 00 00
01 00 00 00 02 00 00 00 04 00 01 00 66 07 00 00

The code segment above is 0x30 bytes long and occurs at offset 0x2120 in the extracted AMITSESetupData module. As you can see, "1E 00" are the first two bytes. This code segment corresponds to the Chipset Menu. The first byte in the third row "01" controls which access level is assigned to the menu/sub-menu defined by the first two bytes "1E 00" (in this case, the Chipset Menu).

"01" represents an access level of "Default". I think the "Default" access level is defined someplace elsewhere in the BIOS image. I'm not sure how to edit that, but that is unnecessary (in theory). We can change "01" to "05" to set the access level to "User", which I believe is the access level you have when you enter your BIOS Setup Utility.

Based on what shows up in the AMITSE and Setup modules I believe that, unless there is some lock hidden somewhere I haven't yet looked, this access level lock is the only thing hiding the Chipset Menu.
Report about the latest BIOS, Nothing being exposed again, just like a stock BIOS, do you need a dumped BIOS of flashed modded BIOS to check something?
find
quote
#42
That's a good idea, actually. Could you upload a dump of the modded BIOS? If the BIOS chip isn't being erased properly before the modded BIOS flash, then unerased regions could be skipped in programming.

!!!!!PLEASE READ!!!!!! Our Ukrainian friends are undergoing atrocities right now and need support. There are two things you can do for starters:

1.) Donate to one of various organizations offering medical, military, and psychological support to those impacted: Support Organizations

2.) Combat misinformation on social media. 

Also, please feel free to PM me if I have not replied again about your BIOS mod request after 5 days.
www find
quote
#43
(06-28-2021, 02:18 PM)Sml6397 Wrote: That's a good idea, actually. Could you upload a dump of the modded BIOS? If the BIOS chip isn't being erased properly before the modded BIOS flash, then unerased regions could be skipped in programming.
I would like to, but my crappy clipper doesn't allow it now. I can't get a good grip on chip now.
find
quote
#44
(06-28-2021, 02:18 PM)Sml6397 Wrote: That's a good idea, actually. Could you upload a dump of the modded BIOS? If the BIOS chip isn't being erased properly before the modded BIOS flash, then unerased regions could be skipped in programming.
Is there a command in AFUWin that allow unsecured BIOS (Modded) to be flashed?
find
quote
#45
I had this same issue. I eventually had to purchase the Pomona 5250 clip. It gets a really good connection to the chip every time in my experience and is the one BDMaster recommended to me. This is the one I purchased: https://www.amazon.com/CPT-063-Test-Clip...w?dchild=1&keywords=CPT-063+Test+Clip+SOIC8+Pomona+5250&qid=1624914166&s=industrial&sbo=RZvfv%2F%2FHxDF%2BO5021pAnSA%3D%3D&sr=1-3

You may be able to find it elsewhere for less or even with a neat ribbon cable already attached.

Note that you will either need to solder the old wires to the new clip or you will need to purchase 8 female-to-female jumper cables (I recommend 40+ cm). They often come in pack of 40, 80, or more. I didn't have the proper number of these cables, so I had to improvise, as can be seen in the attachment to this post.


Could you try getting a backup from AFUWIN or AFUDOS? This would work too and would allow me to verify that the flashes are working correctly (I imagine they are but you bring up a good point that would be nice to clarify).

Until then, I will go back to the drawing board. I may have to disassemble some of the modules and figure out what is happening. My experience with this is somewhat limited and I am not even sure if my Ghidra disassembler is configured correctly right now, so the next mod might take a little longer than the others.


--Reference info that you can skip over if you wish--

There are many repeated lists of the BIOS menu IDs in the AMITSE module. Maybe some of those lists are subject to certain checks that are elsewhere in the image that might disable certain menus. This differs from a lot of other AMI Aptio V images, however, as normally I would expect there to be one or more lists of exclusively disabled menus and one or more lists of exclusively enabled menus, not a bunch of copies of lists containing all menus... If by exploring the assembly language code I can figure out which of these lists are subject to checks - if any - I can simply remove the Form ID of the Chipset Menu from that list.

Here's an example of one such listing:
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 *11 27* 00 00 07 10 00 00
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 *12 27* 00 00 08 10 00 00
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 *13 27* 00 00 09 10 00 00
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 *15 27* 00 00 0A 10 00 00
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 *14 27* 00 00 0B 10 00 00
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 *16 27* 00 00 0C 10 00 00

11 27 = Main, 12 27 = Advanced, 13 37 = Chipset, 15 57 = Boot, 14 27 = Security, 16 27 = Save & Exit

Offsets that may be of interest to disassemble in AMITSE are 0x373B8 (starts with 11 27 - may be useful figuring out what visible menu code looks like) and 0xF02F5 (starts with 13 27 - might help figure out what the hidden Chipset menu code looks like).

!!!!!PLEASE READ!!!!!! Our Ukrainian friends are undergoing atrocities right now and need support. There are two things you can do for starters:

1.) Donate to one of various organizations offering medical, military, and psychological support to those impacted: Support Organizations

2.) Combat misinformation on social media. 

Also, please feel free to PM me if I have not replied again about your BIOS mod request after 5 days.
www find
quote
#46
(06-28-2021, 03:55 PM)KnoxMe Wrote:
(06-28-2021, 02:18 PM)Sml6397 Wrote: That's a good idea, actually. Could you upload a dump of the modded BIOS? If the BIOS chip isn't being erased properly before the modded BIOS flash, then unerased regions could be skipped in programming.
Is there a command in AFUWin that allow unsecured BIOS (Modded) to be flashed?

Didn't see this post before my previous reply. This goes into territory I am less experienced in, but if you can try it and give me the error code, we may be able to remove flash locks in the way through RU.EFI. First try getting a backup though. That way we can verify that the hardware programmer is working properly (ie: it is erasing first then writing).

I cannot guarantee that an AFU flash will not result in a brick. The AFU flash would probably fail to even execute if the BIOS image is not in the right format. I'm not sure if your notebook expects BIOS updates to be delivered through an AMI Aptio Capsule yet.

With the SPI programmer, we can directly write to the chip, so we can write whatever we want to it as long as long as it is exactly 16MB.

!!!!!PLEASE READ!!!!!! Our Ukrainian friends are undergoing atrocities right now and need support. There are two things you can do for starters:

1.) Donate to one of various organizations offering medical, military, and psychological support to those impacted: Support Organizations

2.) Combat misinformation on social media. 

Also, please feel free to PM me if I have not replied again about your BIOS mod request after 5 days.
www find
quote
#47
(06-28-2021, 04:09 PM)Sml6397 Wrote:
(06-28-2021, 03:55 PM)KnoxMe Wrote:
(06-28-2021, 02:18 PM)Sml6397 Wrote: That's a good idea, actually. Could you upload a dump of the modded BIOS? If the BIOS chip isn't being erased properly before the modded BIOS flash, then unerased regions could be skipped in programming.
Is there a command in AFUWin that allow unsecured BIOS (Modded) to be flashed?

Didn't see this post before my previous reply. This goes into territory I am less experienced in, but if you can try it and give me the error code, we may be able to remove flash locks in the way through RU.EFI. First try getting a backup though. That way we can verify that the hardware programmer is working properly (ie: it is erasing first then writing).

I cannot guarantee that an AFU flash will not result in a brick. The AFU flash would probably fail to even execute if the BIOS image is not in the right format. I'm not sure if your notebook expects BIOS updates to be delivered through an AMI Aptio Capsule yet.

With the SPI programmer, we can directly write to the chip, so we can write whatever we want to it as long as long as it is exactly 16MB.
Finally, I use brute strength to keep the clipper on the chip (quite a pain). The file is uploaded in the google drive, file name is dxd.rom
find
quote
#48
(06-28-2021, 04:18 PM)KnoxMe Wrote: Finally, I use brute strength to keep the clipper on the chip (quite a pain). The file is uploaded in the google drive, file name is dxd.rom

Thanks! I can say for sure that the SPI flash is working properly. This comparison allowed me to discover that there is only one module that changes between reboots (or at least between reboots with no OS re-installations or BIOS setting changes occurring). In this image, the GUID of this module is CEF5B9A3-476D-497F-9FDC-E98143E0422C. More importantly, the name of it is "NVAR Store". It looks like this might be the table that contains some or all of the UEFI variables that can be edited in RU.EFI to change settings without a BIOS mod (see the attachment). I still need to investigate this before I can say for sure that this module stores the UEFI variables. I will check this on my test machine at a later time.

Anyways, I will go back to the drawing board and see if I can get my disassembler working properly and then figure out what is going on in the image that could be hiding the Chipset Menu.


Attached Files Thumbnail(s)
   

!!!!!PLEASE READ!!!!!! Our Ukrainian friends are undergoing atrocities right now and need support. There are two things you can do for starters:

1.) Donate to one of various organizations offering medical, military, and psychological support to those impacted: Support Organizations

2.) Combat misinformation on social media. 

Also, please feel free to PM me if I have not replied again about your BIOS mod request after 5 days.
www find
quote
#49
Here is a preview of the Chipset Menu to give you something to look forward to! Smile

The left pane contains the sub-menus in the Chipset Menu. The right pane contains the settings just in the Graphics Configuration sub-menu.


Attached Files Thumbnail(s)
   

!!!!!PLEASE READ!!!!!! Our Ukrainian friends are undergoing atrocities right now and need support. There are two things you can do for starters:

1.) Donate to one of various organizations offering medical, military, and psychological support to those impacted: Support Organizations

2.) Combat misinformation on social media. 

Also, please feel free to PM me if I have not replied again about your BIOS mod request after 5 days.
www find
quote
#50
(06-28-2021, 04:38 PM)Sml6397 Wrote:
(06-28-2021, 04:18 PM)KnoxMe Wrote: Finally, I use brute strength to keep the clipper on the chip (quite a pain). The file is uploaded in the google drive, file name is dxd.rom

Thanks! I can say for sure that the SPI flash is working properly. This comparison allowed me to discover that there is only one module that changes between reboots (or at least between reboots with no OS re-installations or BIOS setting changes occurring). In this image, the GUID of this module is CEF5B9A3-476D-497F-9FDC-E98143E0422C. More importantly, the name of it is "NVAR Store". It looks like this might be the table that contains some or all of the UEFI variables that can be edited in RU.EFI to change settings without a BIOS mod (see the attachment). I still need to investigate this before I can say for sure that this module stores the UEFI variables. I will check this on my test machine at a later time.

Anyways, I will go back to the drawing board and see if I can get my disassembler working properly and then figure out what is going on in the image that could be hiding the Chipset Menu.

Thanks, It'll be long for sure, for me to receive the Pomona clipper.

I've ordered one in Aliexpress.
find
quote


Forum Jump:


Users browsing this thread: 8 Guest(s)