Welcome
|
You have to register before you can post on our site.
|
|
(UEFI) Dell XPS 15z L511z modded BIOS - and HOWTO
|
Posts: 472
Threads: 1
Joined: Sep 2012
Reputation:
38
11-16-2012, 08:22 AM
(This post was last modified: 11-16-2012, 08:25 AM by TimeWalker.)
No it appears to be dumping empty (0xFF) chunks of data at random places (BIOS region has these missing chunks in different places in all 3 dumps, but it must be dumped properly because it can be done even by software - also please do the universal bios dump and upload it for reference).. so the length should be reduced.
When you disconnect the coin-cell battery it resets the CMOS.. which is a memory that has to be supplied voltage in order to keep the data.. otherwise it's wiped. Password is stored as NVRAM variable and not in CMOS for security measures. Same with Intel Anti-Theft and Computrace ..
I don't really know if this is taking us anywhere, really .. since judging by the bad dumps we have at the moment there's no way Intel ME v8 firmware will fit on this chip.. we have only 8 Kb free between ME and BIOS regions.
Posts: 523
Threads: 0
Joined: Aug 2011
Reputation:
23
11-16-2012, 08:35 AM
(This post was last modified: 11-16-2012, 08:35 AM by kasar.)
well, but for example it backed up the entire descriptor properly, so I supose the wire size is ok, anyway other sections got corrupted in the dump because the laptop was turned on and maybe it was trying something. I noticed that the whole chip is unable even to detect the ID after a while, looks something more like time than size, idk.
will try to reduce a little the size, but I cant reduce it much anyway.
maybe when I get rid of the vcc leg, things will change ^^
a backup using the universal bios dump software we used before?
ok, here it is:
http://www.mediafire.com/?6xn3p85o03qbkmd
Posts: 472
Threads: 1
Joined: Sep 2012
Reputation:
38
11-16-2012, 08:41 AM
(This post was last modified: 11-16-2012, 09:11 AM by TimeWalker.)
Thanks .. will compare it against the 3 dumps you have provided earlier.
By the way now we know why is there a 180000h padding layer of 0xFFs before the actual BIOS region in our capsules.. to make it write the BIOS region and nothing else ..
And this can sort of hint how the other regions should be "included" to be able to be updated and for WF to understand the respective flag (/GBE /DESC /FD)
Wonder if writing an unlocked FD (with 00 00 FF FF 00 00 FF FF 18 01 08 08 at 0x60h) into F33E367F-41D2-4201-9CB7-AFA63DCCEEC9 from 000h to FFFh, packing it into BIOS.WPH and specifying /DESC flag to WinFlash (version 1.5.65.0 or later .. because of the "flash tool can not update descriptor region on HuronRiver platform" changelog) will make it flash the FD region and unlock it .. or it will just unpack the padding layer as if it was blank...
Posts: 397
Threads: 1
Joined: Nov 2011
Reputation:
23
only one way to find out...
does anyone have the latest winflash.rar for me to try?
Posts: 523
Threads: 0
Joined: Aug 2011
Reputation:
23
11-16-2012, 09:22 AM
(This post was last modified: 11-16-2012, 09:30 AM by kasar.)
@timewalker
well, if you manage to unlock the fd by software, tell me asap plz, so I stop messing with all this dangerous stuff
for some reason I think I am lucky,I think I had killed my laptop over 9000 times with bad flashes or electronical damages while doing all those blind tests
looks like I have a guardian angel or something, lol!
@jkbuha, well, I started including the new version of winflash with the bioses relases for the people requesting voltage changes, they aparently had no issues with the flashing process ^^
Posts: 472
Threads: 1
Joined: Sep 2012
Reputation:
38
11-16-2012, 09:43 AM
(This post was last modified: 11-16-2012, 10:02 AM by TimeWalker.)
Tried with 1.5.2.0 (found in A13) .. it indeed doesn't update anything, just updated BIOS region and programs EC.
We can't use Windows WinFlash of later version to actually flash since all it does is only passes the arguments to Slp20.pfae which invokes the corresponding efi module (OemSlp20.efi) to run PFlash.efi C8AB0F4E-26FE-40F1-9579-EA8D30D503A4_x_x.ROM with the arguments we have passed to WinFlash. It essentially acts as a bridge between Windows (make it restart, go to S3 and start the flasher) and the actual SHELL Flasher inside the capsule. We need to be packing a newer v1.5.66.0 version of PFlash.efi found on the Store Terminal Panel's FTP
ftp://ftp.icg.eu/Drivers/Printers/.../Dr...ol/Phoenix
...but the standalone module is different structurally to what's packed inside the capsule. And I've yet to figure how to pack a newer one in. Also I'm not sure if after all this hassle it will actually update FD using the method I have proposed above - by replacing 000h to FFFh in the 180000h byte padding section.
Posts: 472
Threads: 1
Joined: Sep 2012
Reputation:
38
11-16-2012, 11:16 AM
(This post was last modified: 11-16-2012, 11:24 AM by TimeWalker.)
Tried adding both the header (before MZ):
Code: 64 05 11 02 B0 CD 1B FC 31 7D AA 49 93 6A A4 60 0D 9D D0 83 1C 00 02 00 06 19 93 0E 04 05 11 10
And the footer:
Code: 00 00 00 00 42 00 00 15 53 00 79 00 73 00 74 00 65 00 6D 00 46 00 6C 00 61 00 73 00 68 00 55 00 70 00 64 00 61 00 74 00 65 00 44 00 72 00 69 00 76 00 65 00 72 00 44 00 78 00 65 00 2E 00 65 00 66 00 69 00 00 00 00 00
(SystemFlashUpdateDriverDxe.efi)
1. Both together - system restarted, entered S3, resumed from S3, scanned the DVD drive, showed the Dell splash logo with 640x480 resolution and hung
2. Just the header - system started, entered S3, resumed from S3, scanned the DVD drive, showed the same stretched Dell splash and proceeded to boot windows successfully
3. Just the footer - same as (1).
Man, Dell is so behind with the versioning .. using 1.5.2 when 1.5.66 is out .. the [censored] is wrong with this company ?
Any thoughts ?
P.S. F*ck, why in the world won't Phoenix Tool unpack L502x BIOSes for me. Someone try loading up the backup2.rom (seems least corrupted) that @kasar has posted in his backups.rar archive. Try and see if it's any different structure wise from our regular F33 capsule.. I would like to know where do padding layers go in such a case.
Posts: 523
Threads: 0
Joined: Aug 2011
Reputation:
23
11-16-2012, 12:23 PM
(This post was last modified: 11-16-2012, 12:27 PM by kasar.)
this evening I will be a little busy taking apart the whole laptop again and doing the mentionated modifications , and I can say this kind of stuff take its time, so I will be away for some hours.
as for the bios disasembly, I think I uploaded and posted it to some other part of this topic, but I will upload it again anyway.
I attached also the original l502x A12 wph file , not sure what is the point you are stuck at:
here is the link: http://www.mediafire.com/?wd22jqn3u2z4ngi
Posts: 472
Threads: 1
Joined: Sep 2012
Reputation:
38
I tried on my Acer Aspire 751h which runs Windows 7 Home Basic and it didn't unpack the L502x bios either..
What is the PhoenixTool version you are using?
I actually wanted you to unpack the backup2.rom which you have posted .. the one you took with a programmer ...
Posts: 523
Threads: 0
Joined: Aug 2011
Reputation:
23
11-16-2012, 12:47 PM
(This post was last modified: 11-16-2012, 12:51 PM by kasar.)
I used v1.93 and now I switched to v2.02
no issues with anything related with it.
well, there is something weird I noticed when it open the l502x files.
I have installed HXD hex editor, and it is asociated with rom files, when I open a file with phoenix tool, it automatically open the rom files with hex editor too, if I close the hxd window, it get error, and if I leave the window opened and dont interact with it (for example I keep doing another stuff on windows), it open it without issues and automatically closes the hxd window when the phoenix tool ends opening the file, weid I know, but well, give a try to that
ah, ok, I see, well I attached the backup2.rom and the dumpfolder from phoenixtool
http://www.mediafire.com/?j77gmq19m3x5jhg
|
Users browsing this thread: 85 Guest(s)
|