Forum RSS Feed Follow @ Twitter Follow On Facebook

Thread Rating:
  • 11 Vote(s) - 4.64 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[-]
Welcome
You have to register before you can post on our site.

Username:


Password:





[-]
Latest Threads
[REQUEST] Bios for packard bell tj65 wit...
Last Post: THECAIDA
Today 10:17 AM
» Replies: 0
» Views: 11
[REQUEST] Lenovo Thinkpad X230(i) (G2ETx...
Last Post: willow25565
Today 03:09 AM
» Replies: 1088
» Views: 448700
Lenovo ThinkPad SL510 Whitelist Removal....
Last Post: deepTeNk
Yesterday 03:32 PM
» Replies: 5
» Views: 6361
[REQUEST] HP Pavilion G42-272BR Whitelis...
Last Post: eepromm
11-22-2024 01:55 AM
» Replies: 0
» Views: 121
[REQUEST] Lenovo G710 BIOS Whitelist Rem...
Last Post: voyageur
11-21-2024 04:33 PM
» Replies: 475
» Views: 167578
[REQUEST] Acer Aspire 5738(G,Z): CPU Upg...
Last Post: DeathBringer
11-21-2024 03:44 PM
» Replies: 49
» Views: 32909
[REQUEST] HP Mini 110-4100 BIOS Unlock
Last Post: DSI INF
11-21-2024 09:24 AM
» Replies: 7
» Views: 268
[REQUEST] Lenovo IdeaPad U310 & U410 (65...
Last Post: Dudu2002
11-21-2024 03:11 AM
» Replies: 1780
» Views: 496369
Lenovo ThinkCentre M715q 2nd Gen & AMD R...
Last Post: Elmurley
11-20-2024 09:37 PM
» Replies: 2
» Views: 1302
[REQUEST] Lenovo Y50-70 (9ECNxxWW) White...
Last Post: SWZSSR
11-20-2024 09:34 PM
» Replies: 1775
» Views: 554536
[REQUEST] Lenovo Thinkpad X240 (GIETxxWW...
Last Post: Dudu2002
11-20-2024 04:58 PM
» Replies: 337
» Views: 143873
Unlock bios insyde
Last Post: Matox3140
11-19-2024 03:40 PM
» Replies: 0
» Views: 242
Whitelist WIFI card removal Lenovo Yoga ...
Last Post: Dudu2002
11-19-2024 12:58 PM
» Replies: 1
» Views: 238
[REQUEST] H310 MSI Gaming Infinite S (MS...
Last Post: awittyusername
11-19-2024 09:21 AM
» Replies: 10
» Views: 145
[REQUEST] Gigabyte GA-B85M-HD3 Rev 2.0 u...
Last Post: Maduli
11-19-2024 02:22 AM
» Replies: 0
» Views: 183
[REQUEST] Lenovo Ideapad 330-15ICH BIOS ...
Last Post: Dudu2002
11-18-2024 01:25 PM
» Replies: 8
» Views: 1910
[REQUEST] Lenovo ThinkPad Edge E330 (H3E...
Last Post: Dudu2002
11-18-2024 01:23 PM
» Replies: 640
» Views: 221579
[Request] Unlocked Bios for Asus TUF FX5...
Last Post: FlT4ever
11-18-2024 01:05 PM
» Replies: 1
» Views: 432
[REQUEST] Lenovo ThinkPad Edge E125(v1.1...
Last Post: kamome74
11-18-2024 10:43 AM
» Replies: 0
» Views: 228
[REQUEST] Xpg 15g 4070 2023ver InsydeH20...
Last Post: MireVelli
11-18-2024 07:26 AM
» Replies: 2
» Views: 222

(UEFI) Dell XPS 15z L511z modded BIOS - and HOWTO
#1
Information 
NOTE: THE ATTACHED FILES ARE FOR THE XPS 15Z (L511Z) ONLY!

Thank you for your generous donations to help replace kasar's motherboard - it has been much appreciated by all the team!

Latest News

UPDATE 20/09/2014: Added new experimental ROM with the following changes:
- Updated Intel VBIOS to latest version v2170 (vanilla); full support for all L511z ports
- Updated Intel Microcode to latest version 0x29; works perfect on Win7/8.1/OSX
- Replaced PXE Boot Manager with the excellent PLOP v5.0 Boot Manager (thanks for the tip @Florin9doi)

UPDATE 12/08: For now I've removed the newer Intel vbios and reverted to v2104 until we get to the bottom of any incompatibility issues.

UPDATE 11/08: Added new (properly patched) VBios 2137 for Intel GPUs. Note this works only for 15z as the deviceid & connector tables have been ported over.

UPDATE 11/04: Added new VBios 2130 for Intel GPUs

UPDATE 10/30: Added New Dell A12 BIOS for the 15z, with the following mods:
1) Unlocked all Advanced Menus
2) Enabled Native Speedstep for OSX
3) New Nvidia low voltage 0.83/0.85V GPU
4) New CPU microcode (0x28, v20121001-v2)

UPDATE 09/29: ADVANCED BIOS MENUS UNLOCKED! Attached BIOS_A11.ZIP file contains undervolted GT-525M, Modded Speedstep and unlocked Advanced Menus.

UPDATE 09/01: Added New Dell A11 BIOS for the 15z. Current - and best performing - BIOS mod is the 0.83V/0.85V. I've also modded the speedstep module for anyone who boots OSX 10.5-10.8 (no need for patched AICPUPM, no changes for anyone who uses Linux/Windows only)

UPDATE 18/03: Added New (unofficial) Dell A10 BIOS for the 15z. Current - and best performing - BIOS mod is the 0.83V/0.85V.

UPDATE 17/01: Added new 550M standard volted (0.95V). The 0.86V wasn't too stable on my machine, this one works better.

UPDATE 11/01: Added new undervolted GT-550M. Low states set to 0.83V, highest state set to 0.86V. Let me know!

UPDATE 02/01: Added new undervolted GT-540M. All states are now set to 0.85V. Overclocking works fine on my machine but please let me know if not!

UPDATE 29/12 BIOS MOD SUCCESSFUL! Added first mods for the 15z: undervolted video-card, and upgraded GT-525M to GT-540M. Now need help to unlock BIOS features!

HOWTO Section

Hi all

After a little bit of research here and there, together with some postings on a number of forums I've managed to modify the DELL 15z BIOS in a number of useful ways.

Here goes:

Objective: To mod existing DELL XPS 15/15z BIOS (UEFI Tiano) for either of the following options:
1) Change existing Video ROM to an undervolted ROM, or mod the Nvidia 525M to a 540/550M by replacing VBIOS
2) Replace/Patch some modules for added functionality (eg: modded SpeedStep in Mac OS X)
3) Unlock Hidden Options in BIOS

HOWTO hack your own BIOS:

1) Obtain the following tools: i) PhoenixDell EFI SLIC MOD
2) Under Windows, download latest BIOS update from DELL. Run it, and copy the BIOS1.WPH file from your temp folder just before you press "Cancel" to flash your BIOS.
3) Run PhoenixDell EFI tool, select above BIOS1.WPH ROM file, and wait for all 4 modules to be extracted. The largest module (F33E3.....ROM) is the file we're after. Load this ROM in the PhoenixDell EFI tool, and over 1000 ROM files will be extracted to a sub-DUMP folder

HOWTO replace the NVIDIA or INTEL video BIOS:

4) Do a HEX search to find the desired files in the DUMP folder to view/patch. In my case I was looking for my VBIOS, so I searched for NVIDIA and voila! my VBIOS rom appears in the file 8C8BAE9C-4AEB-44DF-AB67-1E4D8242E964_1_xxx.ROM. For Intel VBIOS the ROM file for the Dell series is usually: 29206FC2-9EAB-4612-ACA1-1E3D098FB1B3_1_xxx.ROM
5) Select Advanced in PhoenixDell Tool, and tick the modification options under Control Options. That way when you patch your required file the packer will pause to allow you to make the modifications. I also selected 'NO SLIC' as my BIOS already has 2.1.
6) Click Done, and then Go. Replace and/or patch existing file as required when prompted, and click ok when done. Make sure the checksum bit is correct at EOF (Tip: Use NiBiTor to verify!)
7) PhoenixDell should identify the patched file and ask whether you want to include this newer file. Select yes
8) A few more writes later, and voila! New patched F33E3...ROM file.
9) Re-load the BIOS1.WPH file in the PhoenixDell tool, and select Go. This time replace the F33E3 file with your newly created file in (8). You will end up with a new BIOS1_SLIC.WPH ROM file ready for flashing.
10) Flash the file in windows with the following command line:
winflash.exe /BIOS /EC /SA /SV /BBL "BIOS1_GT525M_UV.WPH"

HOWTO Unlock Hidden Menus

This was a really tough nut to crack, but perseverance pays off in the end. Essentially it involves the following:

1) Dump your AdvancedSetup.efi module (IDA, objdump etc) and parse it through the IFR specification provided by UEFI
2) UEFI IFR spec says: EFI_IFR_SUPPRESS_IF_OP: UINT64 0000000000000000
3) In hex, this translates to: 0A 82 45 8A (00) 00 00 00 00 00 00 00 45 0A
3) Change opcode to UNIT64: 0000000000000001 - replace the (00) above with (01). In my case there were two identical hex strings in my file, I just had to patch the second hex string.
4) Save module, repack with PhoenixTool, and voila!

HOWTO create a Recovery Module for USB or CDROM

Tested by myself as well. Respect goes out to TimeWalker and kasar for this!

1a) Open the largest module (F33E3.....ROM) with your favourite hex editor, and remove the first 180000h bytes (all the gunk with FF FFs). Save as BIOS.cap

- OR -

1b) Use Universal BIOS Backup Toolkit under win32/64 and backup your existing bios to a 2560kb file, and save it to a BIOS.cap file as well. Opening the file should reveal the same byte sequence as the method in 1a)

2) Format a USB stick in FAT32, or CDROM in El Torito Mode, and put the BIOS.cap file on either medium.

3) Power down the laptop, and put the USB stick in the left-port, closest to you. Alternatively put the CD in the drive. Remove the power cord.

4) Keep the <hotkey> sequence pressed, plug in the power cord back, and RELEASE THE <hotkey> AFTER APPROX 0.5-1.0sec. The USB drive or CD drive should start whirring/flashing, and very soon you should be presented with a loaded BIOS from the medium.

5) Additional files/OSes (such as Bart's PE etc) can be put on the drive to load up a light OS and flash any recovery BIOSes as required.

Currently the <hotkey> sequence is as follows:

XPS-15 (L502x): End
XPS-15z(L511z): Right Arrow
XPS-17 (L702x): End

Respect goes out to Mikhail, Andy (of PhoenixTool fame!) djjonastybe, TimeWalker, kasar and Ahmed - thank you for the great work done so far! Let's unlock all the potential of our Dell machines!

Cheers
jkbuha


Attached Files
.rar   BIOS1_A12_SPEEDSTEP_UV_FULLMENUS_INTEL.rar (Size: 1.89 MB / Downloads: 1,277)
.rar   BIOS1_A12_SPEEDSTEP_UV_FULLMENUS_INTELv2170_UCODE_029_PLOP.rar (Size: 1.89 MB / Downloads: 612)
find
quote
#2
very usefull info, thank you a lot, this post will make things easier for a lot of people.

i started a topic for ppl interested in modding their l502x bios in notebookreview.com.

we didint went as far as you, but there are some ppl interested there.

consider visit this topic if you want Smile

http://forum.notebookreview.com/dell-xps...oject.html

relating the flashing method, it may work with winflash.exe, I did some research there and flashed the origianl bios file manually (.wph format, but rom format may work too)

however, getting a recovery method would help to keep us away from getting our beloved laptops away from the brick status
find
quote
#3
Hi!

I'm also really interested in this. I'm more or less at the same stage as you are. I have a Dell Vostro 3750 laptop which also has the Phoenix SecureCore Tiano BIOS. Somehow it's unable to boot from GPT disks, so fixing this is my main goal, but i'm interested in the hidden menu part too. Also, enabling the UEFI shell or something like that would be very nice. Let me know if I can help you with anything.
So it looks like there *is* actually an EFI shell embedded in the bios, in the file C57AD6B7-0515-40A8-9D21-551652854E37_*_957.rom (in my version). You can see the original filename (Shell.efi) in C57AD6B7-0515-40A8-9D21-551652854E37_2_957.rom
find
quote
#4
(12-27-2011, 08:39 PM)nextor Wrote: Hi!

I'm also really interested in this. I'm more or less at the same stage as you are. I have a Dell Vostro 3750 laptop which also has the Phoenix SecureCore Tiano BIOS. Somehow it's unable to boot from GPT disks, so fixing this is my main goal, but i'm interested in the hidden menu part too. Also, enabling the UEFI shell or something like that would be very nice. Let me know if I can help you with anything.
So it looks like there *is* actually an EFI shell embedded in the bios, in the file C57AD6B7-0515-40A8-9D21-551652854E37_*_957.rom (in my version). You can see the original filename (Shell.efi) in C57AD6B7-0515-40A8-9D21-551652854E37_2_957.rom

Great - thanks for your input! There's a lot of work going on at the moment in some other forums, so let me try and summarize the work that's been done so far:

1) We are able to directly modify a 15/15z BIOS file (EXE or WPH file) with the PhoenixDell tool, but not using the Universal BIOS Backup program. Although it's the only tool to dump the VBIOS, it seems to be doing it incompletely.

2) The VBIOS can be replaced, but so far we seem to be doing it incorrectly. My suspicion is on the names of the files themselves (eg: F33E367F.....ROM) as they seem to be referencing absolute addresses in ROM. I don't have all the tools at my disposal, but I can do a binary comparison (fc.exe /b old.wph new.wph) of the original+patched ROMs, and in the original locations I get "FF FF FF FF FF..." compared where the patched file VBIOS location is. This almost definitely means we are patching the BIOS in the wrong address.

3) The CRISIS recovery seems to work but if I understand correctly the battery needs to be removed and re-inserted. This presents an added problem for the 15z as the battery is non-removable and so needs to be dismantled!

4) There seem to be a few people in other topics/forums who have clearly achieved more progress though in a slightly different direction. We should probably speak with whomever has worked on the Dell N5110 as this is most closely related to our hardware (even has a GT-525M) and possibly get more insight.

5) It would be really good if we could speak to the Ahmed Hosam (moderator) to share some of his insight on this, as we're definitely close but missing some very basic steps, and I'm sure he'll be able to point us in the right direction!

Cheers
jkbuha

find
quote
#5
Good ideas.
So far I made a list of real file names/dumped file names (attached), it might be useful.
I also started disassembling some of the EFI modules, but haven't found anything interesting yet.


Attached Files
.txt   files.txt (Size: 18.09 KB / Downloads: 74)
find
quote
#6
(12-28-2011, 01:51 PM)nextor Wrote: Good ideas.
So far I made a list of real file names/dumped file names (attached), it might be useful.
I also started disassembling some of the EFI modules, but haven't found anything interesting yet.

oh, thats nice!

what software did you used to get the real filenames?

did you got that list from a dumped bios? or the original one from the wph file?

I think you got it from a dump cause it doesnt match with the ones extracted from the wph file.


edit: got a minute to analyze your list, I am interested on two files for the moment

DellSplashLogoDxe.efi (to edit the splash logo)
ComputraceDxe.efi (to remove it, since it acts a bit like a trojan, send info of your computer as far I know, and I dont want to have it on my bios, I think it is used only used by some companies to trace a stolen computer, however I didnt paid that service, so I dont need to have a trojan running on my computer allways)
find
quote
#7
It's pretty easy: the dumped files are organized in groups, and one of the files has the real filename inside it. Like this:
17B3485F-9B3F-49A5-94BD-EAE249200C06_0_1040 Don't know what this is
17B3485F-9B3F-49A5-94BD-EAE249200C06_1_1040 Contains real executable (Starts with MZ)
17B3485F-9B3F-49A5-94BD-EAE249200C06_2_1040 No idea
17B3485F-9B3F-49A5-94BD-EAE249200C06_3_1040 Contains real filename (ComputraceDxe.efi)

I think there has to be some easier way to edit the logo than disassembling the whole BIOS. WinFlash has a "Replace logo with" field in the advanced menu, not sure if it works though.
find
quote
#8
(12-28-2011, 05:32 PM)nextor Wrote: It's pretty easy: the dumped files are organized in groups, and one of the files has the real filename inside it. Like this:
17B3485F-9B3F-49A5-94BD-EAE249200C06_0_1040 Don't know what this is
17B3485F-9B3F-49A5-94BD-EAE249200C06_1_1040 Contains real executable (Starts with MZ)
17B3485F-9B3F-49A5-94BD-EAE249200C06_2_1040 No idea
17B3485F-9B3F-49A5-94BD-EAE249200C06_3_1040 Contains real filename (ComputraceDxe.efi)

I think there has to be some easier way to edit the logo than disassembling the whole BIOS. WinFlash has a "Replace logo with" field in the advanced menu, not sure if it works though.

thanks for the info, I see now how it works, do you think there is a chance one of those small files per each file group is some kind of hash calculation of the executable file?
I had some issue while modifying the vbios file (there was just two files in its group, the vbios itself 64kb size, and another file with just 1 kb)
I just modified the vbios itself but did not modify the another file

and no, the image replace option from winflash didnt worked for me , maybe I did something wrong

the HASH calc thing on the file groups is just a theory
find
quote
#9
(12-28-2011, 05:45 PM)kasar Wrote: thanks for the info, I see now how it works, do you think there is a chance one of those small files per each file group is some kind of hash calculation of the executable file?
I had some issue while modifying the vbios file (there was just two files in its group, the vbios itself 64kb size, and another file with just 1 kb)
I just modified the vbios itself but did not modify the another file

and no, the image replace option from winflash didnt worked for me , maybe I did something wrong

the HASH calc thing on the file groups is just a theory

So I did the same search, and it seems that my VGA BIOS is in the 5A177E54-7318-4E51-AF0A-05F769ADAF81_0_831.ROM. It starts something like this:
VIDEO
IBM VGA Compatible: 02/23/11
3GF108 E1079 SKU 0006 VGA BIOS
Version 70.08.53.00.08
Copyright © 1996-2011 NVIDIA Corp.
Is this correct?

I just tried to decompress my dumped BIOS with the PhoenixTool, tick the options suggested by jkbuha and recompress the whole thing without any modifications. And this produced the exact same file. This is really really good because it proves that the tool works good so we can start making small modifications without having to worry about badly compressed images.

Also, the tool's logfile has some explanation about the files (this is from SLIC.LOG):
42B930 {0C7F41A9-0A6F-43F6-A0D9-1E2D01DBD7BE} 7 40 Driver Size 95836 (1112)
0 42B948 GUID defined section (Valid CRC32) - Size 28 (1113)
1 42B964 PE32+ image section - Size 5156 (1114)
2 42CD88 DXE Dependecy Expression section - Size 22 (1115)
3 42CDA0 User Interface (DellSplashLogoDxe.efi) - Size 48 (1116)
4 42CDD0 Raw section - Size 90579 (1117)
31C598 {17B3485F-9B3F-49A5-94BD-EAE249200C06} 7 40 Driver Size 3280 (1040)
0 31C5B0 GUID defined section (Valid CRC32) - Size 28 (1041)
1 31C5CC PE32+ image section - Size 3172 (1042)
2 31D230 DXE Dependecy Expression section - Size 40 (1043)
3 31D258 User Interface (ComputraceDxe.efi) - Size 40 (1044)
find
quote
#10
do you have also the board info?

(you can find it by hex editing that 64kb rom file, the board info is located near the begining of the file)

for example:

GF108 Board - 1079df40
GF108 Board - 1079df50

the one ending on df50 is the gt525m and the one ending on df40 is the gt540m

I'm asking cause when I unpacked the bios I saw those two vbios rom files, even we know my laptop just use the one for the gt525m

I also noticed you are working over your bios dump instead of the WPH file from the latest update, I think that is a bad step, cause we already tried, and we were unable to flash the dumped bios, also I noticed almost every dumped bios have different filename for each file (the one with a lot of numbers)

I suggest you start again working with the bios.wph from the latest DELL update file instead keep working on the file you dumped from your laptop.

here you have more info

http://forum.notebookreview.com/dell-xps...oject.html

I unpacked, modified, repacked and flashed sucesfully a modified bios there to the L502X, the changes made are minimal, but the entire procedure worked.
also, the unpacked modules from the bios.wph version should be the same for everyone using the same bios version and laptop model, in this case, the L502X A07 bios.
find
quote


Forum Jump:


Users browsing this thread: 17 Guest(s)