Forum RSS Feed Follow @ Twitter Follow On Facebook

Thread Rating:
  • 11 Vote(s) - 4.64 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[-]
Welcome
You have to register before you can post on our site.

Username:


Password:





[-]
Latest Threads
Unlocked BIOS for Zephyrus M16 2023
Last Post: nir1213
Today 10:18 PM
» Replies: 1
» Views: 30
[REQUEST] Lenovo IdeaPad U330, U430 & U5...
Last Post: Dudu2002
Today 02:36 PM
» Replies: 413
» Views: 140775
[REQUEST] Acer Predator Helios 300 PH315...
Last Post: Dudu2002
Today 02:33 PM
» Replies: 40
» Views: 13554
lenovo z570 Advanced Menu Unlocked
Last Post: Brunobox99
Today 10:02 AM
» Replies: 9
» Views: 6116
[REQUEST] Lenovo IdeaPad U310 & U410 (65...
Last Post: djcostyro
Today 06:48 AM
» Replies: 1783
» Views: 500473
Lenovo ThinkCentre M700 10GS - Kaby Lake...
Last Post: tommi22012
Today 04:42 AM
» Replies: 11
» Views: 3806
[Request] Lenovo T550 Whitelist removal
Last Post: Dudu2002
Today 04:37 AM
» Replies: 5
» Views: 1166
[REQUEST] Acer PT715-51 (Triton 700) ins...
Last Post: Dudu2002
Yesterday 10:49 AM
» Replies: 24
» Views: 12420
[REQUEST] Acer Aspire 9300 BIOS Unlock
Last Post: Geortor
11-26-2024 04:01 PM
» Replies: 10
» Views: 2246
[Request] Asus H110M-R Mainboard - Xeon ...
Last Post: kusslegyen
11-26-2024 02:04 PM
» Replies: 14
» Views: 6784
LGA771 Bios Microcode for HP dc7800 sff
Last Post: Netuser232
11-26-2024 01:27 PM
» Replies: 136
» Views: 92119
Dell Vostro 3500 full unlocked
Last Post: kamilchno
11-26-2024 10:51 AM
» Replies: 0
» Views: 110
Bios logo
Last Post: Nkosenhle
11-26-2024 10:43 AM
» Replies: 0
» Views: 107
Gigabyte AORUS 5 (KB/SB/MB) BIOS Unlock
Last Post: Dudu2002
11-26-2024 10:41 AM
» Replies: 18
» Views: 4839
[REQUEST] Lenovo G580 (5ECNxxWW) Whiteli...
Last Post: Dudu2002
11-26-2024 09:09 AM
» Replies: 1730
» Views: 673158
[REQUEST] Lenovo Thinkpad X230(i) (G2ETx...
Last Post: willow25565
11-26-2024 02:06 AM
» Replies: 1090
» Views: 451936
[REQUEST] Lenovo Thinkpad Edge E430 & E5...
Last Post: RuryGame
11-25-2024 06:23 PM
» Replies: 494
» Views: 171719
2x CPU Dell Workstation BIOS modding
Last Post: William P
11-25-2024 03:30 PM
» Replies: 0
» Views: 137
[REQUEST] Lenovo T440(S) (GJETxxWW) Whit...
Last Post: Dudu2002
11-25-2024 01:28 PM
» Replies: 492
» Views: 186333
[Request] ECS P6LX-A bios mod for HDD si...
Last Post: pdesrosiers
11-24-2024 11:20 PM
» Replies: 0
» Views: 387

(UEFI) Dell XPS 15z L511z modded BIOS - and HOWTO
@Brabbelbla

well, then yeah, the question is what flash controller lock option does if the flash still locked to software.

another guess, is that, with a locked descriptor,I think you are not able to flash anything to bios either, but, if you use the uefi flasher, it boot into a mode and is able to flash stuff from there.

there would be some options maybe in order to unlock descriptor:

- rework our current bios wph files, and include a modded descriptor , and then force winflash to flash it by adding some parameter?
- getting another software different than winflash to reboot the machine in flashing mode, and flash from there.
- flash from uefi shell, I noticed timewalker said he was able to flash the bios from the uefi shell, dont know exactly how but he did.

If we can find a "software" way to unlock or flash a modded descriptor, it would be nice, because not all users like to pick a soldering iron and bridge pins or desolder chips and program them externally Big Grin

mmm, as far I undestood in the post you linked, you edited one of the options, ATA, to be "RAI"D (the D were removed due original ATA had only 3 characters and the file size would differ.)

so ide is value 0, ahci is 1, and raid is 2, nice find Smile


in my case I cant test the raid setting with disks because I just have two disks on my laptop, and one is OS and other works as DATA, this is my main machine and I cant [censored] the data on those hard disks, so even RAID can be usefull, I would not be interested for myself, but having the option to enable it would be nice and other users would have the benefict of get it working Smile (they keep asking for it at the nbr forums hehe)

well, my last question is:

how we can add the raid option without [censored] the ATA option?

I mean, to have 3 options and also have RAID instead just "RAI", something like:

0x30743 Option: ATA, Value: 0x0 {09 0E 10 00 00 00 00 00 00 00 00 00 00 00}
0x30751 Option: AHCI, Value: 0x1 {09 0E 11 00 00 00 01 00 00 00 00 00 00 00}
0x307?? Option: RAID, Value: 0x2 {09 0E 10 00 00 00 02 00 00 00 00 00 00 00}

by modifiing that directly, that would change of course the module size, wich is not allways good, I know the tool we use to extract it have an option to replace modules with bigger ones, using blank or unused space from the bigger package but even getting that to work, not sure if the rest of the module would get messed by having different addresses and stuff.

anyone know how that can be made?

we can try that meanwhile we wait for @follow_me input Smile

edit:

this is the whole afected hex part

05 A6 0E 00 0F 00 25 27 01 00 64 00 04 10 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
5B 0D 00 00 00 01 00 00 00 00 00 00 00
5B 0D 01 00 00 01 00 00 00 00 00 00 00
09 0E 10 00 00 00 00 00 00 00 00 00 00 00
09 0E 11 00 00 00 01 00 00 00 00 00 00 00
29 02

should it be changed to

05 A6 0E 00 0F 00 25 27 01 00 64 00 04 10 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
5B 0D 00 00 00 01 00 00 00 00 00 00 00
5B 0D 01 00 00 01 00 00 00 00 00 00 00
5B 0D 02 00 00 01 00 00 00 00 00 00 00
09 0E 10 00 00 00 00 00 00 00 00 00 00 00
09 0E 11 00 00 00 01 00 00 00 00 00 00 00
09 0E 11 00 00 00 02 00 00 00 00 00 00 00
29 02

would be that correct??

however now I woulnt know about the strings part correct

edit: well, I know it will probably not work, but well, I have enough recovery options Big Grin, yesterday the system bricked itself even not touchng anything related bios modding in months, and the system refused to power on by getting black screen and making loud fan noises, the fix were reprogram externally the chip with the programer and it got fixed, the funny part is that it screwed itself, I was just playing games on dolphin emulator before restart Big Grin lol

well, I will try flashing that modded module now and report results.

EDIT2: nope, didnt worked, the entire advanced tab dissapeared from the setup menus Big Grin


Attached Files
.rom   CFEF94C4-4167-466A-8893-8779459DFA86_1_1073.ROM (Size: 277.62 KB / Downloads: 0)
find
quote
I think inserting another option goes beyond our knowledge at the moment. Probably this is what jkbuha once meant, but I haven't seen it being done anywhere. So I don't know. I guess there will be many places where the size of some part of the module is stated. The PE header, maaany other different places.

What you could do relatively easily is sacrifice some other useless option (to me ATA mode is, but maybe people want to use some really old OS). For instance... adapter warnings. Then you can't disable those anymore, cry cry. Or maybe even more useless... express charge. Hidden by default and why the heck would anyone want to disable it? Anyway, as long it is on the same form, this is easy. I don't believe there are any size checks to bother you within the same form or even within the formset, only for individual statements and the formset a whole. So you just move the option to SATA Operation, give it the correct value and change the text string belonging to the original option.

Btw, the IFR extractor doesn't like zeroes being inserted in the IFR part. Haven't tested such a module but guess it doesn't work. So you have to make sure the IFR structure has the same size while not containing zeroes.

EDIT: Alright, that works. I moved RPB Baudrate option 9600 (pretty useless) to SATA Operation and edited the text string accordingly. So, as long as you are on the same formset, you are free to move anything.
   
find
quote
Is there any way to load custom uefi driver (replace some existing one) at system boot ?
I've tried to replace some unsed drivers like the one for flash chip I dont have , but driver isn't loaded at starup

My idea is to load ffs driver and/or, if possible, add a custom proxy driver that would be loaded at boot time and will provide features like autoadd boot menu entries, load fs drivers, patch acpi tables etc
find
quote
@follow_me
Sounds cool, and pretty difficult.

Actually maybe... it may not be the way you intend, but at least it's something. bcfg can configure driver loading, too. If you can load an FFS driver you can create a driver entry for an FV file (even assign a keycode to force loading?), like Setup and Diagnostics are boot options for FV files. There already is some DellFfs driver (GUID 12345...) present in the firmware. When I loaded it nothing happened but maybe you can get it to work.

Sorry for bringing this up, but you are probably the only one ever to test the RAID OROM with a dual SSD setup. Any progress on RAID/TRIM?

EDIT: It seems that pretty much every if not every FV file is attached to a driver handle, so I guess DellFfs does do something and is loaded by default. You can then use bcfg driver addh. Not ideal, but necessary only once. You could even create a .nsh file to automate it.
find
quote
@Brabbelblaneed couple more days to test, for now rolled back to non-raid firmware

I have a ffs driver which makes rom image mountable and addressable from shell and I wonder is it possible to implant it

All my experimets are ended with no luck for now
find
quote
thanks for all the help, i managed somewhat to make it work with this bios i have so ill just leave as it is for now, to much hassle trying to revert back, as it seems its not even possible.



(04-12-2014, 02:31 PM)kasar Wrote: @forsaken123

so, they switched from wph to cap after some updates, not sure if rename the file will work, so its better keep with its original software and method per each version for now.

well, relating the parameters, I wasnt just talking about the ones inside the rsp files.

I was more talking about this

http://forum.notebookreview.com/dell-xps...oject.html

that post describes the very first step for bios the L502X, first steps were obiusly extract the flasher and bios out from the exe package, and also get the flashing parameters, I acomplished this by tweak the taskmgr settings and watching the paths and folders.

its posible that it start the app with hidden or custom parameters. keep an eye on task manager after doing stuff.


@Brabbelbla

this is how mine looks

Code:
Intel (R) Flash Programming Tool. Version: 8.1.10.1286
Copyright (c) 2007 - 2012, Intel Corporation. All rights reserved.

Platform: Intel(R) HM67 Express Chipset
Reading HSFSTS register... Flash Descriptor: Valid

--- Flash Devices Found ---
W25Q32BV ID:0xEF4016 Size: 4096KB (32768Kb)

--- Flash Image Information --
Signature: VALID
Number of Flash Components: 1
Component 1 - 4096KB (32768Kb)
Regions:
Descriptor - Base: 0x000000, Limit: 0x000FFF
BIOS - Base: 0x180000, Limit: 0x3FFFFF
ME - Base: 0x001000, Limit: 0x17FFFF
GbE - Not present
PDR - Not present
Master Region Access:
CPU/BIOS - ID: 0x0000, Read: 0xFF, Write: 0xFF
ME - ID: 0x0000, Read: 0xFF, Write: 0xFF
GbE - ID: 0x0118, Read: 0x08, Write: 0x08

Total Accessable SPI Memory: 4096KB, Total Installed SPI Memory : 4096KB

FPT Operation Passed

take a look specially to this part

Code:
CPU/BIOS - ID: 0x0000, Read: 0xFF, Write: 0xFF
ME - ID: 0x0000, Read: 0xFF, Write: 0xFF

they became 0xFF when I did the descriptor mod when desoldering the chip, changing those bytes, and soldering back, that allowed software read and write.

I was expecting that option you unlocked would also unlock those settings.

sadly it didnt worked as expected >.<

well, I dont know how those values should look after just bypass the descriptor, maybe bypassing the descriptor just bypass those settings, and even they still the same, you are able to dump or flash stuff. idk

in my case I didnt bypassed the descritor, I just altered the settings to let me do stuff.

what is also this command output for you?

Code:
fptw64.exe -D total_backup.rom

the -D parameter specify to create a dump, since no -ME or other flash part specified, it will backup the whole chip into the total_backup.rom file.

try also dump the ME region to a file

Code:
fptw64.exe -ME -D ME_backup.rom

and the descriptor

Code:
fptw64.exe -DESC -D descriptor.rom

if you are able to get a descriptor dump, then just get a hex editor, and look for this HEX string

00 00 0B 0A 00 00 0D 0C 18 01 08

then change it to

00 00 FF FF 00 00 FF FF 18 01 08

that should unlock your settings.

now the tricky part would be flash your modded descriptor.


Code:
fptw64.exe -DESC -F modded_descriptor.rom

with a normal locked descriptor this command would get some kind of access denied reply.

however, there would be a chance it would work with that bios option enabled. who knows if maybe that works .. ^^


@all

I has been away for some time on other projects, but I plan to relase a newer bios mod for the L502X wich all the new researchs that has been made here.

did you guys hex modded more the bios after this?
[Image: 2TRAzhd.jpg]

that is the last I did relating raid options, not sure if those options work anyway.

I also made some more unlocks at the advanced security menus, unlocking asset tag edit and the ability to disable or enable computrace after the initial settings.


however didnt touched any raid stuff, what would be the list of changes needed in order to get raid working?

I noticed lot of people interested in raid option at the NBR forums, so it would be another nice addon to the modded bios Smile
find
quote
(04-13-2014, 09:48 AM)Brabbelbla Wrote: I think inserting another option goes beyond our knowledge at the moment. Probably this is what jkbuha once meant, but I haven't seen it being done anywhere. So I don't know. I guess there will be many places where the size of some part of the module is stated. The PE header, maaany other different places.

What you could do relatively easily is sacrifice some other useless option (to me ATA mode is, but maybe people want to use some really old OS). For instance... adapter warnings. Then you can't disable those anymore, cry cry. Or maybe even more useless... express charge. Hidden by default and why the heck would anyone want to disable it? Anyway, as long it is on the same form, this is easy. I don't believe there are any size checks to bother you within the same form or even within the formset, only for individual statements and the formset a whole. So you just move the option to SATA Operation, give it the correct value and change the text string belonging to the original option.

Btw, the IFR extractor doesn't like zeroes being inserted in the IFR part. Haven't tested such a module but guess it doesn't work. So you have to make sure the IFR structure has the same size while not containing zeroes.

EDIT: Alright, that works. I moved RPB Baudrate option 9600 (pretty useless) to SATA Operation and edited the text string accordingly. So, as long as you are on the same formset, you are free to move anything.


oh, awesome, you got it working Smile

can you give me more details about how to do the trick?

I really want to replicate that on mine too Smile
find
quote
@kasar
Yes. That works. I am now slowly working through the entire module, there are many useless expressions present. For instance, now every entry under Boot Configuration is suppressed if ever 0 equals 1 and is grayed out if you are not a supervisor. One single grayout statement for the entire form does the same. That creates quite some space to fill without removing things. However, as I don't know how to resize the entire IFR block all reclaimed space that I can't fill with useful things has to be filled with useless operators. But at least it will look pretty, I can move stuff around and I can try out some weird settings that are connected to others. There is one setting that controls the Intel AMT menu showing up and maybe more but it has no options now, no defaults and no text. But now I can go try. It really is a shame the IFR Extractor doesn't work for you.

On your question now, just take
Quote:09 0E 95 00 00 00 00 00 00 00 00 00 00 00
from where it is to the position after
Quote:09 0E 11 00 00 00 01 00 00 00 00 00 00 00

Then modify
Quote:09 0E 95 00 00 00 00 00 00 00 00 00 00 00
to
Quote:09 0E 95 00 00 00 02 00 00 00 00 00 00 00

Then look for the unicode string 9600 and change it to RAID.
find
quote
thank you a lot Smile +1 rep

I will follow your steps and flash the modified module.

let us to know if you unlock or find anything else Smile

mmm, there is something I didnt understand at all

Quote:On your question now, just take
Code:
09 0E 95 00 00 00 00 00 00 00 00 00 00 00
from where it is to the position after
Code:
09 0E 11 00 00 00 01 00 00 00 00 00 00 00


not sure if you mean:

* cut that part out of the code, and insert it after 09 0E 11 00 00 00 01 00 00 00 00 00 00 00

or

* replace the part after 09 0E 11 00 00 00 01 00 00 00 00 00 00 00 wich is 29 02 05 A6 14 00 15 00 06 00 05 00 06 00, with the 09 0E 95 00 00 00 00 00 00 00 00 00 00 00 part

I supose it is the first option, but just wanted to be sure ^^


about the 9600 unicode string , there are several finds, should I replace all of them? or just a particular one?
find
quote
ok, managed to get it working.

[Image: eiF7u2C.jpg]

just replaced all the strings and did the first guess
Quote:* cut that part out of the code, and insert it after 09 0E 11 00 00 00 01 00 00 00 00 00 00 00


however I noticed something weird at this HDD configuration sub menu
[Image: N7U4Iad.jpg]


this is what appear with ahci config

[Image: iHMuc2O.jpg]

and this with raid config

[Image: b8Vf5cs.jpg]


mmm, if raid option is suposed to do raid configurations, why the raid options got dissapear while I selected Raid?

shouldnt it be the oposite? while ata or ahci options selected they are invisible and while raid is selected they appear?

maybe we altered something wrong in previous unlocks?

do you get the same result guys? ¿
find
quote


Forum Jump:


Users browsing this thread: 69 Guest(s)