Forum RSS Feed Follow @ Twitter Follow On Facebook

Thread Rating:
  • 11 Vote(s) - 4.64 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[-]
Welcome
You have to register before you can post on our site.

Username:


Password:





[-]
Latest Threads
Lenovo ThinkPad SL510 Whitelist Removal....
Last Post: deepTeNk
Today 03:32 PM
» Replies: 5
» Views: 6350
[REQUEST] HP Pavilion G42-272BR Whitelis...
Last Post: eepromm
Yesterday 01:55 AM
» Replies: 0
» Views: 100
[REQUEST] Lenovo G710 BIOS Whitelist Rem...
Last Post: voyageur
11-21-2024 04:33 PM
» Replies: 475
» Views: 167265
[REQUEST] Acer Aspire 5738(G,Z): CPU Upg...
Last Post: DeathBringer
11-21-2024 03:44 PM
» Replies: 49
» Views: 32880
[REQUEST] HP Mini 110-4100 BIOS Unlock
Last Post: DSI INF
11-21-2024 09:24 AM
» Replies: 7
» Views: 247
[REQUEST] Lenovo IdeaPad U310 & U410 (65...
Last Post: Dudu2002
11-21-2024 03:11 AM
» Replies: 1780
» Views: 494833
Lenovo ThinkCentre M715q 2nd Gen & AMD R...
Last Post: Elmurley
11-20-2024 09:37 PM
» Replies: 2
» Views: 1292
[REQUEST] Lenovo Y50-70 (9ECNxxWW) White...
Last Post: SWZSSR
11-20-2024 09:34 PM
» Replies: 1775
» Views: 553898
[REQUEST] Lenovo Thinkpad X240 (GIETxxWW...
Last Post: Dudu2002
11-20-2024 04:58 PM
» Replies: 337
» Views: 143556
Unlock bios insyde
Last Post: Matox3140
11-19-2024 03:40 PM
» Replies: 0
» Views: 216
Whitelist WIFI card removal Lenovo Yoga ...
Last Post: Dudu2002
11-19-2024 12:58 PM
» Replies: 1
» Views: 223
[REQUEST] H310 MSI Gaming Infinite S (MS...
Last Post: awittyusername
11-19-2024 09:21 AM
» Replies: 10
» Views: 137
[REQUEST] Gigabyte GA-B85M-HD3 Rev 2.0 u...
Last Post: Maduli
11-19-2024 02:22 AM
» Replies: 0
» Views: 166
[REQUEST] Lenovo Ideapad 330-15ICH BIOS ...
Last Post: Dudu2002
11-18-2024 01:25 PM
» Replies: 8
» Views: 1908
[REQUEST] Lenovo ThinkPad Edge E330 (H3E...
Last Post: Dudu2002
11-18-2024 01:23 PM
» Replies: 640
» Views: 221230
[Request] Unlocked Bios for Asus TUF FX5...
Last Post: FlT4ever
11-18-2024 01:05 PM
» Replies: 1
» Views: 428
[REQUEST] Lenovo ThinkPad Edge E125(v1.1...
Last Post: kamome74
11-18-2024 10:43 AM
» Replies: 0
» Views: 211
[REQUEST] Xpg 15g 4070 2023ver InsydeH20...
Last Post: MireVelli
11-18-2024 07:26 AM
» Replies: 2
» Views: 207
Please help me recover my bios
Last Post: FuryOP
11-17-2024 12:37 PM
» Replies: 0
» Views: 223
[Request-Camilo] Sony Vaio SA/SB/SC/SD/S...
Last Post: edit
11-17-2024 12:13 PM
» Replies: 107
» Views: 136968

(UEFI) Dell XPS 15z L511z modded BIOS - and HOWTO
(02-07-2012, 08:53 AM)ScruffyITA Wrote: hi, im the owner of a l502x that is mentioned on ur topic so i picked up the 550 bios mod and flashed. all was ok under windows. pc rebooted and the flash program popped up normally, so the programming process was all quite good. after 5 seconds pc rebooted and nothing happened. the caps led is on, screen is off and the fan speed is stuck at 100% and pc is frozen. any suggestion on how to rcover it?

Scruffy - the files in the first post are currently only for the 15z (L511z) so I think you may have flashed an incorrect BIOS!!

Try this. Disconnect your battery from the laptop, and leave it unplugged for 5 minutes. Reconnect everything, and power on (and pray).

Good luck!
jkbuha

find
quote
a good idead is to write 15z or l511x in the files download link or some red code with that little observation.


however in the phoenix tools ive foun that the crisisrecovery is preent or should be available also for my notebook, but cant know if i made a wrong usb stick or i press the wrong botton combination.
find
quote
(02-07-2012, 09:40 AM)ScruffyITA Wrote: a good idead is to write 15z or l511x in the files download link or some red code with that little observation.


however in the phoenix tools ive foun that the crisisrecovery is preent or should be available also for my notebook, but cant know if i made a wrong usb stick or i press the wrong botton combination.

Actually the few lines preceding the files did say that they were for the 15z only, but I've taken your point and added a red note on the first line to make sure everyone is aware that these files are for the 15z only.

Yes in theory there is a crisis recovery option present, but we've never fully tested it. What is required in theory is a FAT-formatted USB stick with PHLASH.EXE, MINIDOS.SYS and the correct BIOS.WPH file on it. You can google around for "CRISIS UEFI Recovery" for more info. Suggest you have a USB stick that flashes when active (so you'll know if/when the stick is being read by the BIOS).

Please keep us posted on this.

jkbuha
find
quote
(02-07-2012, 07:25 AM)AHMED HOSSAM Wrote: Hmmmm, seems more complex than i have expected.
I will look into this when I'm back home in 2 days.
Another thing , try noping the other call for the offest you are using.
For example, you replaced advanced with another qword, this qword was called from another routine, nop this call and make it only called from one routine .

Tried nopping the call from the previous routine, but same result.
I'm starting to suspect the hidden menus are nested in the Advanced Menu - could this be the case?

@kasar - I don't think PBE has been updated to support UEFI, and/or simulation of BIOS images. Can someone verify this and get back to us please?
find
quote
Hey Ahmed

Hope you're having a good weekend.
I've had some time to play around with modifying some of the code, and I've listed the work I've done so far:

1) I've backtraced all the calls to the 'interesting' routines - and it appears that they seem to originate (as you correctly indicated) from sub_41488. In fact, the smoking gun is at offset_4150b: lea r8,off_3e0 (where all the advanced menu text beings)

2) So far so good. So in my normal BIOS, under the Advanced Menu I get to see all the text (and options obviously) from off_3e0 to about off_2470. From off_2478 (Charger Behaviour, etc) this text is hidden from my 15z standard BIOS.

3) Maybe I haven't figured IDA out properly yet, or maybe there is a strong clue in what I'm going to point out now. If you switch to text view mode when xrefing the code at off_3e0, the code is automatically segmented as follows:

1) .text: 03e0 off_3e0 (xref from sub_41488)
2) .text: 0410 qword_410 (start of Unhidden BIOS menu options: Speedstep, Virtualization etc)
3) .text: 1458 (Unhidden BIOS options: Powershare, 1394 etc)
4) .text: 2478 (Hidden options: Charger Behaviour, Express Charge, Wireless Config)
5) .text: 34a0 (Unhidden options: Battery Health, Misc Devices (USB Ports, eSata)
5a) .text: 3900 (Hidden option: Express Card Slot) <- prob because the 15z does not have a express card slot
5b) Note: at offset 3960 there are hidden options: Modem, Microphone, Camera, 1394, Media Card, Optical, FingerPrint
6) .text: 44a8 (Unhidden options: Diagnostic Screen)
6a) Note at offset 4600 there are hidden options: lots of interesting stuff
7) .text: 54a8 (Hidden options. Really good stuff)
etc etc

Why does IDA automatically group 410, 1458, 2478, 34a0?

4) So what I modded in sub_41488 was to nop or jmp my way sequentially through all the module without prematurely ending at loc_415eb. I've attached my handiwork. Result: Advanced Menu comes back, but no hidden menus or options unlocked. At this point I'm thinking that the routine checks against some mask (r9, rdx, ecx?) to identify the available hardware and/or allowed menu options before jumping to various parts of the code. Or I've reached the limits of what I can do today Smile

Anyway it's Friday night, and I need to go out to clear my head. If you have some time to look at the file and let me know if you've picked up on something it would be greatly appreciated!

Cheers
jkbuha


Attached Files
.rar   CFEF94C4-4167-466A-8893-8779459DFA86_1_1048 - Copy.rar (Size: 55.93 KB / Downloads: 5)
find
quote
If you want to nop the jumps to the SUB_415EB , So why noping jumps inside the INT_64 routine ......... nop it in the first routine ( SUB_41488 ) and see the result if anything is unlocked .

i looked before inside strings and it seems like its hidden inside the ADVANCED tab ....... i guess no hidden tabs but its hidden menus inside the ADVANCED tab .
i will look deeply into this today .......... and try noping the SUB_415EB calls inside the SUB_41488 .


"Many of life's failures are people who did not realize how close they were to success when they gave up." Smile
find
quote
(02-11-2012, 08:48 PM)AHMED HOSSAM Wrote: If you want to nop the jumps to the SUB_415EB , So why noping jumps inside the INT_64 routine ......... nop it in the first routine ( SUB_41488 ) and see the result if anything is unlocked .

i looked before inside strings and it seems like its hidden inside the ADVANCED tab ....... i guess no hidden tabs but its hidden menus inside the ADVANCED tab .
i will look deeply into this today .......... and try noping the SUB_415EB calls inside the SUB_41488 .

The reason why I've nopped the routine (just before) the int64 code is because that's where the reference to off_3e0 happens (ie: that routine is definitely in use), but have a look and let me know what you think Smile

find
quote
EDIT: In fact I tried it just now. Nopped all premature jumps to sub_415eb in routine sub_41488. No change in result. Advanced Menu is back, but with standard options.

EDIT EDIT: I've even nopped the premature jumps in DllEntryPoint and sub_40e48, before the code gets to sub_41488 (attached). Same result.

I'm suspecting that the "allowed options" are defined as bitmasks in qword_sections between qword_280 and qword_2f0. @Ahmed have you ever come across something like this in other bios mods?


Attached Files
.rar   CFEF94C4-4167-466A-8893-8779459DFA86_1_1048 - Copy - Copy - Copy.rar (Size: 55.94 KB / Downloads: 4)
find
quote
Ok , i made this the latest possibility but there is no hidden tabs in the BIOS and its only menus inside the advanced tab .......... as these are menus not tabs , its not controlled through routines but its controlled by control bits .
the strings are connected to the strings table and the strings table is connected to the menus structure which controls what is shown or hidden .
for example ( its not true , its just example ) :-

72 0f 00 00 01 00 02 00 93 95 85 41 32 85 78

72 0f is the menu ID and 01 is the language bits ( 01 for english ) 02 means hidden while the rest of bits points to the menu name and the bits is the strings table which leads to the strings itself .

i made it the latest possibility as its complicated to knew how to find and analyse the menus structure and strings table ....... but it seems we must do this .... i will begin today but this will take sometime .


"Many of life's failures are people who did not realize how close they were to success when they gave up." Smile
find
quote
Hi guys, I'm back. I had a lot of things going on, so no time for bios modding. Smile
I see that you made great progress, that's really good. I'll try to keep up with you doing the same modding for the Vostro 3750 series. Dell just released a brand new version (A11) so it's a perfect time for modding. Smile
find
quote


Forum Jump:


Users browsing this thread: 35 Guest(s)