Forum RSS Feed Follow @ Twitter Follow On Facebook

Thread Rating:
  • 11 Vote(s) - 4.64 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[-]
Welcome
You have to register before you can post on our site.

Username:


Password:





[-]
Latest Threads
[REQUEST] Lenovo Thinkpad X230(i) (G2ETx...
Last Post: willow25565
Today 03:09 AM
» Replies: 1088
» Views: 448611
Lenovo ThinkPad SL510 Whitelist Removal....
Last Post: deepTeNk
Yesterday 03:32 PM
» Replies: 5
» Views: 6359
[REQUEST] HP Pavilion G42-272BR Whitelis...
Last Post: eepromm
11-22-2024 01:55 AM
» Replies: 0
» Views: 115
[REQUEST] Lenovo G710 BIOS Whitelist Rem...
Last Post: voyageur
11-21-2024 04:33 PM
» Replies: 475
» Views: 167491
[REQUEST] Acer Aspire 5738(G,Z): CPU Upg...
Last Post: DeathBringer
11-21-2024 03:44 PM
» Replies: 49
» Views: 32902
[REQUEST] HP Mini 110-4100 BIOS Unlock
Last Post: DSI INF
11-21-2024 09:24 AM
» Replies: 7
» Views: 263
[REQUEST] Lenovo IdeaPad U310 & U410 (65...
Last Post: Dudu2002
11-21-2024 03:11 AM
» Replies: 1780
» Views: 496005
Lenovo ThinkCentre M715q 2nd Gen & AMD R...
Last Post: Elmurley
11-20-2024 09:37 PM
» Replies: 2
» Views: 1297
[REQUEST] Lenovo Y50-70 (9ECNxxWW) White...
Last Post: SWZSSR
11-20-2024 09:34 PM
» Replies: 1775
» Views: 554276
[REQUEST] Lenovo Thinkpad X240 (GIETxxWW...
Last Post: Dudu2002
11-20-2024 04:58 PM
» Replies: 337
» Views: 143772
Unlock bios insyde
Last Post: Matox3140
11-19-2024 03:40 PM
» Replies: 0
» Views: 229
Whitelist WIFI card removal Lenovo Yoga ...
Last Post: Dudu2002
11-19-2024 12:58 PM
» Replies: 1
» Views: 234
[REQUEST] H310 MSI Gaming Infinite S (MS...
Last Post: awittyusername
11-19-2024 09:21 AM
» Replies: 10
» Views: 144
[REQUEST] Gigabyte GA-B85M-HD3 Rev 2.0 u...
Last Post: Maduli
11-19-2024 02:22 AM
» Replies: 0
» Views: 179
[REQUEST] Lenovo Ideapad 330-15ICH BIOS ...
Last Post: Dudu2002
11-18-2024 01:25 PM
» Replies: 8
» Views: 1910
[REQUEST] Lenovo ThinkPad Edge E330 (H3E...
Last Post: Dudu2002
11-18-2024 01:23 PM
» Replies: 640
» Views: 221519
[Request] Unlocked Bios for Asus TUF FX5...
Last Post: FlT4ever
11-18-2024 01:05 PM
» Replies: 1
» Views: 432
[REQUEST] Lenovo ThinkPad Edge E125(v1.1...
Last Post: kamome74
11-18-2024 10:43 AM
» Replies: 0
» Views: 222
[REQUEST] Xpg 15g 4070 2023ver InsydeH20...
Last Post: MireVelli
11-18-2024 07:26 AM
» Replies: 2
» Views: 216
Please help me recover my bios
Last Post: FuryOP
11-17-2024 12:37 PM
» Replies: 0
» Views: 234

(UEFI) Dell XPS 15z L511z modded BIOS - and HOWTO
Yeah, I've figured:
#define S_IRGRP (S_IRUSR >> 3) /* Read by group. */
#define S_IROTH (S_IRGRP >> 3) /* Read by others. */
are missing.

But the tool doesn't actually do anything properly. It needs a fine to save the dump, but won't save the dump and reads the size of the specified file instead.. can't wrap my head around it. Besides I'm bloody tired today..

Also apparently this tool is used by Google to deploy ChromeOS onto Chrome Books ...
Code:
Copyright (C) 2011 The ChromiumOS Authors.  All rights reserved.
Copyright (C) 2011 Google Inc

86/64 .. what the heck is different .. you can run both arch natively.

Code:
>ifdtool -d backup.bin
Could not open file: No such file or directory

>ifdtool -d 7.1.52.1176.bin
File 7.1.52.1176.bin is 1335296 bytes
Could not read file: No error

>ifdtool -x v3450.rom
File v3450.rom is 4096 bytes
Found Flash Descriptor signature at 0x00000010
  Flash Region 0 (Flash Descriptor): 00000000 - 00000fff
  Flash Region 1 (BIOS): 00180000 - 003ffff
   -------------- Crash -----------------

Hopes were waaay up high for this ...
Code:
>ifdtool.exe -u v3450.rom
File v3450.rom is 4096 bytes
Found Flash Descriptor signature at 0x00000010
Writing new image to v3450.rom.new
It just patches the dumped flash descriptor to "unlock" it and reflash (same as Intel's utility I guess), which can't be done since it's locked.
find
quote
I think mine is 64bit and is most likely the debug version.
If I strip out the extra information, it is 32KB but then if it crashes we can't trace it to the line!

I've attached both 32bit and 64bit versions of it.


Attached Files
.zip   ifdtool.zip (Size: 104.53 KB / Downloads: 14)
find
quote
Can't debug it either way:
Unhandled exception at 0x7510c035 in ifdtool.exe: 0xC0000005: Access violation reading location 0x005131e0.
find
quote
You need to run it through gdb:
Code:
> gdb --args ifdtool.exe <args>
.
.
.
> run
...
Access Violation
> bt
find
quote
tried something

Code:
C:\BIOS MOD\A12 PROJECT\modded menus\ME test\Tools\System Tools\ifdtool>ifdtool -u mydumpfile.rom
File mydumpfile.rom is 4096 bytes
Found Flash Descriptor signature at 0x00000010
Writing new image to mydumpfile.rom.new

C:\BIOS MOD\A12 PROJECT\modded menus\ME test\Tools\System Tools\ifdtool>

then hex compared both files, untouched and "patched one"

it changed following

0B 0A 00 00 0D 0C

to

FF FF 00 00 FF FF


Code:
C:\BIOS MOD\A12 PROJECT\modded menus\ME test\Tools\System Tools\ifdtool>ifdtool -u mydumpfile.rom
File mydumpfile.rom is 4096 bytes
Found Flash Descriptor signature at 0x00000010
Writing new image to mydumpfile.rom.new

C:\BIOS MOD\A12 PROJECT\modded menus\ME test\Tools\System Tools\ifdtool>ifdtool -l mydumpfile_unlock.rom
File mydumpfile_unlock.rom is 4096 bytes
Found Flash Descriptor signature at 0x00000010
Writing new image to mydumpfile_unlock.rom.new

mmm, not sure if this tool works properly, tried something

1 unlock
2 relock again

the relock output file is 5 kb instead just 4 kb, and well, there are still many differences

I attacked the files to the post


Attached Files
.zip   output.zip (Size: 852 bytes / Downloads: 2)
find
quote
That's what @CodeRush had to say:
Quote:The only way to unlock flash descriptor for 7-series boards is by writing a sequence of 00 00 FF FF 00 00 FF FF 18 01 into address 0x60 using a hardware flasher/programmer.
And I've already quoted it once .. and that's exactly what the tool has done:
[Image: 1qdKE]
But read the part in bold .. it applies to us since Dell will never release v8 ME as desktop board manufacturers do. (otherwise having the v8 flash would unlock the FD and ME) They have updated EC only once to fix adapter detection interval (re-try 3 times every 500ms to extend detection time for Adapter plug-in). Look at Lenovo ... they update everything even for their baseline laptops .. And not it's like Dell doesn't have problems with their EC .. take the stupid fan noise for example.. it's just they ditch their users.

Look at Dell's support retarded employees .. people ask if SecureBoot is possible on XPS 15/17 L502x/L702x and Vostro 3450/3750 and their consultants say 'UEFI Bios is required to support SecureBoot" - they don't know sh*t ..
Actually new Insipiron 17R and Special Edition (SE) have SecureCore Tiano 2.31 and SecureBoot is enabled from the factory and can't be disabled from the BIOS according to what I had read, so people are struggling to install Windows 8 because it won't let them update the Boot Manager...
find
quote
What if we had to flash the descriptor through winflash alongside the main bios?
find
quote
How do you point WinFlash to update the desciptor? It's not like you have a way of having it as a stanalone file or something .. WinFlash has to load a capusle into memory. How would you know how the descriptor is integrated into the capsule to be able to be recognized in the process of flashing ?

There's an /ALL flag to update everything including the FD region.. as well as /DESC flag .. but.
Since FD signature starts at 0x10 there should be something similar to a sequence of:
5A A5 F0 0F 03 00 04 02 06 02 10 12 20 01 21 00 25 00 00 00 .................... or at least the 'lock' part 00 00 0B 0A 00 00 0D 0C 18 01 08 08
somewhere in the capsule, right? well, too bad the there isn't ...

Actually an interesting link I had stumped upon: ftp://ftp.icg.eu/Drivers/Printers/.../Dr...l/Phoenix/
Quote:1.5.65.0
Bug fix:
Bugzilla 14819 - Windows
(Emerson) flash tool can not update descriptor region on HuronRiver platform.
find
quote
well, if the only viable way of getting that thing unlocked is directly program the flash unit by hardware programer, I think we can go for it.

as for me, I made some electronic projects before.

like turn a cheap RC car into a wireless comtroled robot with camera and more stuff, everything controlled from a wrt54gl router.

while I was flashing modded firmwares into it, it got bricked once.

so I had to build a JTAG cable, then I was able to flash and recover the router by conecting the JTAG cable to the parallel port of a computer and the other side to a custom made conector at the router.

I think I may be able to use the JTAG cable to get access to the motherboard, not sure if when I made the internal usb mods to my xps15 I saw some kind of dev internal port, so I manage the get the correct pinouts from that port, I may get all of this working.

this also have some advantages, like if we get a working hardware programer, then we can made a whole backup of the flash, and by having a whole backup of the flash, I supose there will be no posible way our laptop get bricked ever, because we will allways be able to restore our working backup ^^

we also would be able to unlock the descriptor by hex moding the backup by modifing the values timewalker pointed, and then flash it back ^^

some pics of the JTAG cable I made

[Image: dsc0072tt.jpg]
[Image: dsc0073qk.jpg]
[Image: dsc0074mi.jpg]
[Image: dsc0075lzk.jpg]
[Image: dsc0076bz.jpg]
[Image: dsc0077lc.jpg]
[Image: dsc0078qh.jpg]

also, if I manage to get the correct pinouts, I could put that small conector on the l502x ram expansion door, so when I have to flash anything from that, I woulnt have to take appart the whole laptop, just remove the door.

what do you think about this guys, would be a viable option?



now some images from the net of the jtag cable ussage

[Image: JTAGunbuffered.png]
[Image: wrt54gl_v11_jtagport___.jpg]
[Image: 157327_img_1935.jpg]
[Image: 78454035gx3.jpg]

I hope this will works :3

well, there are also another solutions

this one for example

http://www.embeddedcomputers.net/products/FlashcatUSB/

you can see our SPI Flash device: "W25Q32BV" unit is supported Smile
find
quote
SPI is surface mounted and non-removable, you don't have access to pins on the chip. At least this is the case of my Winbond.

Great project though. I have my ways around basic circuit design and soldering, but I wouldn't dare removing a surface mounted chip ;/

Sent from my LG-P500 using Tapatalk 2
find
quote


Forum Jump:


Users browsing this thread: 64 Guest(s)