Login

Z500T · 02-22-2014, 01:59 PM

(02-21-2014, 01:03 PM)BDMaster Wrote: It not happen often that someone explain . . . but prayers are answered !

General steps to mod, no matter what bios:

-decompose the bios into its modules and decompressing, at least one module.
PMTool or UEFI Tool

-search through the modules for the bytes sequence of your currently used card.
XSearch

Note it’s stored like that (I used Lenovo IdeaPad G480 data to be concrete) :
PCI\VEN_14E4&DEV_4727&SUBSYS_058714E4&REV_01

Here Sovem have done an error when show his data 8086 . . .
You can check the numbers sequence for Sovem data is not Little Endian (some error)

Means:
Vendor: 14E4
Device: 4727
SUBSYS: 058714E4

Stored at whitelist like:

E41487052747E414
(This is Little Endian Intel Format E4 14 87 05 27 47 E4 14 inverted numbers LIFO) (Starting from right to left rewrite numbers E4 14 87 . . . . )

Ok and other important fact is the error messages that bios give when stop to work !

-search through the modules for string sequence of error messages :

“Unauthorized Wireless network card is plugged in Power off and remove it”
“Unauthorized WWAN network card is plugged in Power off and remove it”

So We have two data to work on :

PCI\VEN + Error Strings, We have to go to search them, use XSearch !!!!
run it and find half numbers sequence of PCI ID Vendor and Device :

2747E414
Select Hexadecimal and go It will find this module :

4082D1D0-1744-4EE3-803E-B8EE3F07B2FE_1869.ROM
GUID module name You can find in Slic.Log file generated from PMTool or opening
Structure function ! It is "OEM NVS Driver"

Now we have to search the eeror string and We have to know that strings are wrote as Unicode, any char is separated with an 00 !!!
e.g. Unauthorized = U 00 n 00 a 00 u 00 . . . . so choice Unicode form in XSearch (what useful tool WOW !!!!)
and You'll find this module :
11D378C2-B472-412F-AD87-1BE4CD8B33A6_1953.ROM UEFI L05 BIOS Lock

So now We have enough to do "much and much more than this" (Frank Sinatra)

Save these modules from DUMP folder and than or we try to change by HDEdit (HexEditor) the PCI VENDOR Data this is a way or we can try to patch
in assembly code the Module Assembler Code (It's the mod !).

Now we have to Start another chapter "IDA Pro" Hip Hip Hurra . . .

To be continued . . . .

P.S. look here I done mod working for WiFi and Bluetooth (working ???!!!! but It wasn't impossible !)
http://forums.mydigitallife.info/threads...s?p=877428&viewfull=1#post877428

Observation:
The search for the modules where the hardware id and error text strings can be found are quite improved by the use of XSearch instead of the built-in search tool in the hex editor.

**BDMaster** · (This post was last modified: 02-22-2014, 03:56 PM by BDMaster.)

Yes I know It's all easier !

But now We have to introduce the master of mods IDA Pro . . .

It's a russian program then sold in all around world and inaitable to get it.

It can desassemble or reassemble code binary in hex opcode and memonics as

0362 test dil, dil
0365 jnz short loc_18000036C
0367 call sub_1800002C0

where prog is doing a bit test of two registers dil with itself then there is
a deciosinal jmp if Z=1 (Status register) It compare with itself and if dil is
different than 0 set Z=1 then jnz analize Z status and if Z=1 go to a sub_routine
(is a piece of code that is executed and at the end let prog return from where it was called) sub_1800002C0 . . .

So to understand assembler You have to study assbly i32 and i64 bit to learn all mnemonics and how to use them, the numeric operations and logical operations, the CPU structure as Registers etc etc. not so easy, but to do some tricks It will be enough to understand the basical instructions.

To patch the most favorite module "SetupUtility.pe" where all preferences and settings are chosen and where Menu Tabs Locked prevent to modify the most important Variables Store of pc, We need find it (e.g. FE3542FE-C1D3-4EF8-657C-8048606FF670_743.ROM ) and then open it in IDA Pro !

To be continued . . .

Z500T · (This post was last modified: 02-22-2014, 07:11 PM by Z500T.)

(02-22-2014, 03:54 PM)BDMaster Wrote: Yes I know It's all easier !

But now We have to introduce the master of mods IDA Pro . . .

It's a russian program then sold in all around world and inaitable to get it.

It can desassemble or reassemble code binary in hex opcode and memonics as

0362 test dil, dil
0365 jnz short loc_18000036C
0367 call sub_1800002C0

where prog is doing a bit test of two registers dil with itself then there is
a deciosinal jmp if Z=1 (Status register) It compare with itself and if dil is
different than 0 set Z=1 then jnz analize Z status and if Z=1 go to a sub_routine
(is a piece of code that is executed and at the end let prog return from where it was called) sub_1800002C0 . . .

So to understand assembler You have to study assbly i32 and i64 bit to learn all mnemonics and how to use them, the numeric operations and logical operations, the CPU structure as Registers etc etc. not so easy, but to do some tricks It will be enough to understand the basical instructions.

To patch the most favorite module "SetupUtility.pe" where all preferences and settings are chosen and where Menu Tabs Locked prevent to modify the most important Variables Store of pc, We need find it (e.g. FE3542FE-C1D3-4EF8-657C-8048606FF670_743.ROM ) and then open it in IDA Pro !

To be continued . . .

My memory tells me that Z is the zero flag register. I'm not sure thou if it's correct since my assembly language is almost four decades ago. I hope I can manage to understand. Big Grin

Re: IDA PRO I can only get the free version which is 32 bit.

Z500T · (This post was last modified: 02-23-2014, 07:27 AM by Z500T.)

@BDMaster:
When are you going to begin with IDA PRO? Or Are you in vacation?

Z500T

Z500T · 02-23-2014, 09:28 AM

(02-18-2014, 07:23 AM)hamoodaslam Wrote: Hello Z500T,

First of, Thank You for replying, secondly my questions -

1- After replacing the HEX string with that of the new card, and saving it how do I recompile the BIOS.ROM file, or does the PHOENIX tool takes care of that automatically?
2- When I initally run the Andys BIOS TOOL it creates a BIOS-SLIC.ROM file (even though I select NO SLIC in advanced options), is this normal, and is this the file I need to flash with?
3- After getting the Modded BIOS ROM file how do I flash with it, is there a software I need to update the BIOS? which one?
4- How to correctly Identify what kind my BIOS is? Because when I check the BIOS information using SIW (Hardware Information Utility) it shows it to be a Toshiba BIOS, Using Andy's tool, opening the downloaded .ROM Bios file reports the BIOS to be EFI Insyde, Reading into some of .ROM files there is a mention of Phoenix a number of times - so which one is it?

Thanks
Hamood

As what I have stated earlier I am not an expert on modding but was force to learn due to a problem in my modded bios. But I can answer some of your query as follows:

Question 1: The Phoenix tool will recompile after you have made changes. How? It's a little bit tricky: Do not press the OK button in the message box that says that you can now make changes to the modules if you have not made the changes yet.

Question 2: The bios_SLIC.rom file is the modded bios. You can confirm this by deleting the original bios file and rename the bios_SLIC.ROM file to the original file. Then run Phoenix Tool again and let it create the dump files (you may have to delete the previous files to be sure). Use XSearch to search for the string or hex values that you made for the changes. You should be able to find it.

Question 3: If your bios file is from the Universal Backup Tool or from the other backup tools IMHO you can use the Dos base usb flash program in the site. If your bios file is from the unpack manufacturer's file IMHO just repack the modded bios (change the name to conform to the original name).

I'm sorry I do not know the answer to question 4.

I hope you will find the answers to your satisfaction.

Z500T

Login
Username:
Password:	Lost Password?
	Remember me