Forum RSS Feed Follow @ Twitter Follow On Facebook

Thread Rating:
  • 11 Vote(s) - 4.64 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[-]
Welcome
You have to register before you can post on our site.

Username:


Password:





[-]
Latest Threads
[REQUEST] Acer Aspire E1-772(G) BIOS Unl...
Last Post: zbutko
Today 05:49 PM
» Replies: 16
» Views: 7159
Sony Vaio AW11Z - Support for Quad CPU -...
Last Post: BootlegScarce
Today 01:19 PM
» Replies: 13
» Views: 3948
[REQUEST] Acer Aspire 5738(G,Z): CPU Upg...
Last Post: Rehmi
Yesterday 04:00 PM
» Replies: 50
» Views: 33186
[REQUEST] Lenovo B590 (H5ETxxWW) Whiteli...
Last Post: ern
Yesterday 03:38 PM
» Replies: 275
» Views: 85053
Ami Bios/Uefi Notebook "Medion E15302" R...
Last Post: LiveSafe
Yesterday 02:11 PM
» Replies: 0
» Views: 118
[REQUEST] Lenovo IdeaPad U330, U430 & U5...
Last Post: derdbk
Yesterday 08:55 AM
» Replies: 414
» Views: 141066
Unlocked BIOS for Zephyrus M16 2023
Last Post: nir1213
11-28-2024 08:56 PM
» Replies: 0
» Views: 147
[REQUEST] Acer Predator Helios 300 PH315...
Last Post: Dudu2002
11-28-2024 02:33 PM
» Replies: 40
» Views: 13712
lenovo z570 Advanced Menu Unlocked
Last Post: Brunobox99
11-28-2024 10:02 AM
» Replies: 9
» Views: 6148
[REQUEST] Lenovo IdeaPad U310 & U410 (65...
Last Post: djcostyro
11-28-2024 06:48 AM
» Replies: 1783
» Views: 501632
Lenovo ThinkCentre M700 10GS - Kaby Lake...
Last Post: tommi22012
11-28-2024 04:42 AM
» Replies: 11
» Views: 3871
[Request] Lenovo T550 Whitelist removal
Last Post: Dudu2002
11-28-2024 04:37 AM
» Replies: 5
» Views: 1274
[REQUEST] Acer PT715-51 (Triton 700) ins...
Last Post: Dudu2002
11-27-2024 10:49 AM
» Replies: 24
» Views: 12476
[REQUEST] Acer Aspire 9300 BIOS Unlock
Last Post: Geortor
11-26-2024 04:01 PM
» Replies: 10
» Views: 2281
[Request] Asus H110M-R Mainboard - Xeon ...
Last Post: kusslegyen
11-26-2024 02:04 PM
» Replies: 14
» Views: 6854
LGA771 Bios Microcode for HP dc7800 sff
Last Post: Netuser232
11-26-2024 01:27 PM
» Replies: 136
» Views: 92339
Dell Vostro 3500 full unlocked
Last Post: kamilchno
11-26-2024 10:51 AM
» Replies: 0
» Views: 182
Bios logo
Last Post: Nkosenhle
11-26-2024 10:43 AM
» Replies: 0
» Views: 168
Gigabyte AORUS 5 (KB/SB/MB) BIOS Unlock
Last Post: Dudu2002
11-26-2024 10:41 AM
» Replies: 18
» Views: 4894
[REQUEST] Lenovo G580 (5ECNxxWW) Whiteli...
Last Post: Dudu2002
11-26-2024 09:09 AM
» Replies: 1730
» Views: 674753

(UEFI) Dell XPS 15z L511z modded BIOS - and HOWTO
@TimeWalker - check lenovo's module: 17772369-D262-4B90-9F31-BDC41F2663A5_1_759.ROM
It's an ME update, but an old one (7.0.0.x) - looks like it's an executable though?
find
quote
Downloaded an Intel® Server Board S1200KP BIOS KPC2060H and there's indeed
ME 7.1.52.1176 - C43791FC-E05B-4AA0-84B1-F14547885C70_0_21.ROM 1.27 Mb
ME 8.0.13.1502 - 098D0689-4245-4F65-80C9-7F3202C5F44E_0_28.ROM 1.48 Mb
inside the bios capsule ...

@jkbuha, yeah it appears to be ME 7.0.0.0054 .. which explains why the size is so tiny. But this one is actually referenced as MEBx .. which my explain why it starts with an executable header (MZ)
find
quote
@TimeWalker
You said earlier on that you have Clover working. Does that mean you've got your touchpad working in Clover too?

btw, I've uplaoded the new version of my tool. It should extract/inject everything correctly. Make sure though since I compiled it as 32bit this time as it's more stable.
find
quote
@nebster
Clover does not support PS/2 input in GUI, so no.

Cool, thanks! Will give it a go tomorros ..
find
quote
Do you have a list of all the patches we've done so far and what they are actually for?

So far I know about:
Code:
{
Name = "OS X Power Management"
File = "PowerManagement2.efi"
Search = [0x75, 0x08, 0x0F, 0xBA, 0xE8, 0x0F, 0x89, 0x44, 0x24, 0x30]
Replace = [0xEB, 0x08, 0x0F, 0xBA, 0xE8, 0xF, 0x89, 0x44, 0x24, 0x30]
}
What does this actually fix with OS X power management?

Code:
{
Name = "Unlock Advanced Tiano Setup"
File = "PlatformSetupAdvancedDxe.efi"
Search = [0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x45,0x0A]
Replace = [0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x45,0x0A]
}
I'm assuming this is what unlocks all the options in Tiano BIOSes

Code:
{
Name = "Remove Tiano 'Reserved' String"
File = "PlatformSetupAdvancedDxe.efi"
Search = [0x00,0x14,0x42,0x00,0x65,0x00,0x6C,0x00,0x6F,0x00,0x77,0x00,0x20,0x00,0x69,0x00,​
0x73,0x00,0x20,0x00,0x72,0x00,0x65,0x00,0x73,0x00,0x65,0x00,0x72,0x00,0x76,0x00,​
0x65,0x00,0x64,0x00,0x20,0x00,0x66,0x00,0x6F,0x00,0x72,0x00,0x20,0x00,0x52,0x00,​
0x44,0x00,0x2C,0x00,0x20,0x00,0x6E,0x00,0x6F,0x00,0x74,0x00,0x20,0x00,0x44,0x00,​
0x45,0x00,0x4C,0x00,0x4C,0x00,0x4F,0x00,0x49,0x00,0x4C,0x00,0x20,0x00,0x72,0x00,​
0x65,0x00,0x71,0x00,0x75,0x00,0x65,0x00,0x73,0x00,0x74,0x00,0x2E,0x00,0x00,0x00]
Replace = [0x00,0x14,0x20,0x00,0x20,0x00,0x20,0x00,0x20,0x00,0x20,0x00,0x20,0x00,0x20,0x00,​
0x20,0x00,0x20,0x00,0x20,0x00,0x20,0x00,0x20,0x00,0x20,0x00,0x20,0x00,0x20,0x00,​
0x20,0x00,0x20,0x00,0x20,0x00,0x20,0x00,0x20,0x00,0x20,0x00,0x20,0x00,0x20,0x00,​
0x20,0x00,0x20,0x00,0x20,0x00,0x20,0x00,0x20,0x00,0x20,0x00,0x20,0x00,0x20,0x00,​
0x20,0x00,0x20,0x00,0x20,0x00,0x20,0x00,0x20,0x00,0x20,0x00,0x20,0x00,0x20,0x00,​
0x20,0x00,0x20,0x00,0x20,0x00,0x20,0x00,0x20,0x00,0x20,0x00,0x20,0x00,0x00,0x00]
}
Now this I have no idea, was it just a test?

Was there also a new VBIOS? What needs to be modified for this to work?
find
quote
nebster , those are the ones I modified on my xps 15 with good results

jkbuha & timewalker, let me know if I missed something important.

PlatformSetupAdvancedDxe.efi
CFEF94C4-4167-466A-8893-8779459DFA86_1_1073.ROM

00 29 02 29 02 0A 82 45 8A 00 to 00 29 02 29 02 0A 82 45 8A 01 (two ocurrences)
00 20 00 29 02 0A 82 45 8A 00 to 00 20 00 29 02 0A 82 45 8A 01 (one ocurrence)
00 00 00 00 00 00 00 00 45 0A to 01 00 00 00 00 00 00 00 45 0A (four ocurrences)

(to enable all the sub menus)



SystemSetupSecurityDxe.efi
166CD554-8AAE-4617-8FDD-A2E3A5AFD89E_1_1081.ROM

0A 82 45 8A (00) 00 00 00 00 00 00 00 45 0A to 0A 82 45 8A (01) 00 00 00 00 00 00 00 45 0A (two ocurrences)
(to enable password lenght options)



powermanagement2.efi
F7731B4C-58A2-4DF4-8980-5645D39ECE58_1_632.ROM

(75) 08 0F BA E8 0F to (EB) 08 0F BA E8 0F

(to enable native speed steep)
find
quote
hmmm... will try doing something else tomorrow. Thanks to @dmazar's tricks I was able to mount the firmware's file system!
And there are certainly more modules loaded up then I see being unpacked from the capsule.. also there are two file system which I'm not sure what the fsnt0 is ..
[Image: 1p9Zo]
a simple ls in the filesystem's root reveals the following: 243 modules (i'm thinking of passing all of the *.efi modules to an external drive to see if ME fw is there .. and some other stuff possibly?)
[Image: 1pa0r]
and I tried running the Internal Shell from the firmware ..
[Image: 1pa30]

As you can see from the image below- we are still stuck with UEFI version 2.0 (whilst most modern boards are running 2.31 already)
[Image: 1pa3F]

A quick dh shows that shell now has a handle of 1AE ..
[Image: 1pa5T]
If the filesystem was always mounted like that we would be able to do:
bcfg boot addh 1 1AE "Shell 2.0" -opt 0x40000000 0x0015
This would make a new Boot menu entry called "Shell 2.0" and would call for the respective handle's GUID from the fw when key 0x0015 (F11) is pressed. But since I can only mount the fs from a third-party driver .. we have no internal shell ... for now. Sad

Also I quickly checked if the ME from X1 can be run as an application.. nah-uh, it can't.
[Image: 1padm]
find
quote
@nebster

I noticed something on your quote


{
Name = "OS X Power Management"
File = "PowerManagement2.efi"
Search = [0x75, 0x08, 0x0F, 0xBA, 0xE8, 0x0F, 0x89, 0x44, 0x24, 0x30]
Replace = [0xEB, 0x08, 0x0F, 0xBA, 0xE8, 0xF, 0x89, 0x44, 0x24, 0x30]
}

missing 0 at

Replace = [0xEB, 0x08, 0x0F, 0xBA, 0xE8, 0x0F, 0x89, 0x44, 0x24, 0x30]


@timewalker

woah, nice work! o.O
find
quote
0xF and 0x0F is the same thing Smile you can't split a byte in hex
[Image: 1pay8]
here's the module after applying the patchset.

and these were probably my edits ... lemme see ..

yeah they were lol.

The power management patch unlocks write access to MSR Register 0xE2
nebster Wrote:I'm assuming this is what unlocks all the options in Tiano BIOSes
Correct.
nebster Wrote:Now this I have no idea, was it just a test?
This fills the manufacturing unicode string with spaces. The string reads as follows: "Below is reserved for RD, not DELLOIL request."
You can actually see what it says by decoding HEX-> ASCII Smile

For new VBIOS an entire module has to be reintegrated.
There was also a CPU microcode update but it's to big to patch it like that... besides it sometimes differs in size and you have to know what was the binary data for the previous version, so automating this is pretty pointless if you ask me.

I have just one suggestion @nebster ...
don't call the modified file .WPH.mod .. it's annoying to having to go to Folder Options ans removing 'hide extensions for known file types' because VLC threats .mod as a media container ... and I hate Midnight Commander (or TC) -like apps.
find
quote
@TimeWalker
As per your request, I've modified it so that it now asks for a filename as well.
Also, I have implemented patch versioning, compression, checksums, comments and lots of checks just in case the patches become corrupt.

I'll upload a patch in a bit as an example. At some point, I'll add embedding binary files into the patches so we can replace whole files if we want. Maybe I'll even implement a way of copying data from the old file into the new one if it is useful for anything.

------------------
Ooops, forgot to hit "Post Reply"


EDIT: Patch now attached


Attached Files
.zip   TianoPatch.zip (Size: 1.23 KB / Downloads: 7)
find
quote


Forum Jump:


Users browsing this thread: 23 Guest(s)