Forum RSS Feed Follow @ Twitter Follow On Facebook

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[-]
Welcome
You have to register before you can post on our site.

Username:


Password:





[-]
Latest Threads
[REQUEST] HP Pavilion G42-272BR Whitelis...
Last Post: eepromm
Yesterday 01:55 AM
» Replies: 0
» Views: 82
[REQUEST] Lenovo G710 BIOS Whitelist Rem...
Last Post: voyageur
11-21-2024 04:33 PM
» Replies: 475
» Views: 167189
[REQUEST] Acer Aspire 5738(G,Z): CPU Upg...
Last Post: DeathBringer
11-21-2024 03:44 PM
» Replies: 49
» Views: 32851
[REQUEST] HP Mini 110-4100 BIOS Unlock
Last Post: DSI INF
11-21-2024 09:24 AM
» Replies: 7
» Views: 239
[REQUEST] Lenovo IdeaPad U310 & U410 (65...
Last Post: Dudu2002
11-21-2024 03:11 AM
» Replies: 1780
» Views: 494234
Lenovo ThinkCentre M715q 2nd Gen & AMD R...
Last Post: Elmurley
11-20-2024 09:37 PM
» Replies: 2
» Views: 1290
[REQUEST] Lenovo Y50-70 (9ECNxxWW) White...
Last Post: SWZSSR
11-20-2024 09:34 PM
» Replies: 1775
» Views: 553621
[REQUEST] Lenovo Thinkpad X240 (GIETxxWW...
Last Post: Dudu2002
11-20-2024 04:58 PM
» Replies: 337
» Views: 143315
Unlock bios insyde
Last Post: Matox3140
11-19-2024 03:40 PM
» Replies: 0
» Views: 206
Whitelist WIFI card removal Lenovo Yoga ...
Last Post: Dudu2002
11-19-2024 12:58 PM
» Replies: 1
» Views: 214
[REQUEST] H310 MSI Gaming Infinite S (MS...
Last Post: awittyusername
11-19-2024 09:21 AM
» Replies: 10
» Views: 131
[REQUEST] Gigabyte GA-B85M-HD3 Rev 2.0 u...
Last Post: Maduli
11-19-2024 02:22 AM
» Replies: 0
» Views: 157
[REQUEST] Lenovo Ideapad 330-15ICH BIOS ...
Last Post: Dudu2002
11-18-2024 01:25 PM
» Replies: 8
» Views: 1905
[REQUEST] Lenovo ThinkPad Edge E330 (H3E...
Last Post: Dudu2002
11-18-2024 01:23 PM
» Replies: 640
» Views: 220988
[Request] Unlocked Bios for Asus TUF FX5...
Last Post: FlT4ever
11-18-2024 01:05 PM
» Replies: 1
» Views: 422
[REQUEST] Lenovo ThinkPad Edge E125(v1.1...
Last Post: kamome74
11-18-2024 10:43 AM
» Replies: 0
» Views: 199
[REQUEST] Xpg 15g 4070 2023ver InsydeH20...
Last Post: MireVelli
11-18-2024 07:26 AM
» Replies: 2
» Views: 199
Please help me recover my bios
Last Post: FuryOP
11-17-2024 12:37 PM
» Replies: 0
» Views: 215
[Request-Camilo] Sony Vaio SA/SB/SC/SD/S...
Last Post: edit
11-17-2024 12:13 PM
» Replies: 107
» Views: 136952
[REQUEST] Lenovo Thinkpad Edge E440 & E5...
Last Post: Dudu2002
11-17-2024 06:50 AM
» Replies: 196
» Views: 92012

[Requests]HP Pavilion g4-1000 Series For UEFI
#21
All I did was unlock what was hidden. If it looks weird, then it's how the manufacturers made it.
find
quote
#22
Quote:Insyde and HP decided to remove a lot of EFI functionality.

Indeed,but.
CryptRSA.efi is running fine as efi.
Open in IDA and I see there is one export, named InitializeDriver
If this can be extracted modded to launch bootloaders instead SystemDiagnostics and have this inserted into BIOS.
There is in BDS code that check 7E offset in NV area.
Add some code (don't know in what module) to check that 7E and if EFI enabled then call or launch this.

As already probably see in one of my message,changing a conditional jump in BDS module I get listed (if EFI enabled in BIOS) Internal EFI shell as boot option,but error on booting.
Since that function check offset 7E I was thinking that is one of that who create boot options.
Can be decoded info from dmpstore Variable Boot000X to see what is linked to EFI shell?


Looking at dumps from ram I see that BDS module call a functions inside MonitorKey module and one in OemOdmDriver or something like that (not on laptop now,and may be wrong name from memory)

Don't remember where and now I can't find it again I read about a something that return code is something LegacyBios and then all go legacy and EFI disabled but don't remember what source code was.

Also what is that VideoMem.udm,I ignored until now but opened in IDA and I see that is not related to Videomem only ,found inside functions that looks like or related to boot options

@ gujiangjiang
Something similar I encountered when I was using another SetupUtility module (FE354 ....) from other BIOS.
Some blocks of squares in some area.
Could be strings missing or in other language or wrong address for string and can't display that characters

gujiangjiang what is set as language in BIOS,switch to english if is something else.
Also that strings doesn't look right,there are strings from help area assigned to parameters name look like.
find
quote
#23
(05-23-2014, 02:24 PM)gabiz_ro Wrote:
Quote:Insyde and HP decided to remove a lot of EFI functionality.

Indeed,but.
CryptRSA.efi is running fine as efi.
Open in IDA and I see there is one export, named InitializeDriver
If this can be extracted modded to launch bootloaders instead SystemDiagnostics and have this inserted into BIOS.
There is in BDS code that check 7E offset in NV area.
Add some code (don't know in what module) to check that 7E and if EFI enabled then call or launch this.

As already probably see in one of my message,changing a conditional jump in BDS module I get listed (if EFI enabled in BIOS) Internal EFI shell as boot option,but error on booting.
Since that function check offset 7E I was thinking that is one of that who create boot options.
Can be decoded info from dmpstore Variable Boot000X to see what is linked to EFI shell?


Looking at dumps from ram I see that BDS module call a functions inside MonitorKey module and one in OemOdmDriver or something like that (not on laptop now,and may be wrong name from memory)

Don't remember where and now I can't find it again I read about a something that return code is something LegacyBios and then all go legacy and EFI disabled but don't remember what source code was.

Also what is that VideoMem.udm,I ignored until now but opened in IDA and I see that is not related to Videomem only ,found inside functions that looks like or related to boot options

@ gujiangjiang
Something similar I encountered when I was using another SetupUtility module (FE354 ....) from other BIOS.
Some blocks of squares in some area.
Could be strings missing or in other language or wrong address for string and can't display that characters

gujiangjiang what is set as language in BIOS,switch to english if is something else.
Also that strings doesn't look right,there are strings from help area assigned to parameters name look like.

Does this means hp laptop have chance to be boot var EFI ?


Sent from my iPhone using Tapatalk

Intel Core i5 2410M @ 2.30GHz
Sandy Bridge 32nm Technology
6.00 GB Dual-Channel DDR3 @ 665MHz (9-9-9-24)
Hewlett-Packard 166D (CPU1)
Intel HD Graphics 3000
119GB ATA PLEXTOR PX-128M5 SCSI Disk Device (SSD)
find
quote
#24
Don't know sure.
But looking at Bds module from HP and from others that are EFI boot capable I see they are very similar.

Used some diff tools,zynamic bindiff if I remember right and I see that some functions are identical,some are little different and some are very different or don't exist or missing compared to others.
But changes of BDS module are very risky,I bricked many times my laptop,and when Bds is modified sometimes,very often recovery does not work,needt to program BIOS externally.
I solved problem with efiutils,was incompatible with ida python that came with ida.Updated list of guids,still have many that can't find any info about them,maybe are HP only.But for some reason update structures don't work as expected,need to manually declare structures like [rax+48h] is in fact Boot_services.freepool by example.
Also noticed something last night,I see something about install protocol,that must have some guid and other parameters usual passed in some registers but in few functions registers are xor'ed before,need to check on others laptop if that is right or wrong.
Is something like
xor registers
xor other register
call boot services install protocol

Other thing that I encountered mostly on HP modules efiutils complain about cannot rename x guid because that name is already defined and indeed same sequence of bytes exist twice in module.
find
quote
#25
I get Internal efi shell in F9 menu,is loading now but drivers Ps2Mouse,DiskIo,Fat and Partition doesn't get loaded as result no device are accessible.
Replaced with other drivers,Partition and Fat are loaded but no DiskIo so still no device are accessible.
find
quote
#26
(05-27-2014, 09:47 PM)gabiz_ro Wrote: I get Internal efi shell in F9 menu,is loading now but drivers Ps2Mouse,DiskIo,Fat and Partition doesn't get loaded as result no device are accessible.
Replaced with other drivers,Partition and Fat are loaded but no DiskIo so still no device are accessible.

It's a big step for EFI.
You can try Clover bootloader ,and try to boot from internal efi shell.


Sent from my iPhone using Tapatalk

Intel Core i5 2410M @ 2.30GHz
Sandy Bridge 32nm Technology
6.00 GB Dual-Channel DDR3 @ 665MHz (9-9-9-24)
Hewlett-Packard 166D (CPU1)
Intel HD Graphics 3000
119GB ATA PLEXTOR PX-128M5 SCSI Disk Device (SSD)
find
quote
#27
Hey gujiangjiang,

Can you test out this rom and let me know it if bricks. This is just to test out some RSA stuff, so there's nothing unlocked. Thanks Big Grin
find
quote
#28
(05-29-2014, 05:23 PM)donovan6000 Wrote: Hey gujiangjiang,

Can you test out this rom and let me know it if bricks. This is just to test out some RSA stuff, so there's nothing unlocked. Thanks Big Grin

Ok ,i will try and give you q feedback.


Sent from my iPhone using Tapatalk

Intel Core i5 2410M @ 2.30GHz
Sandy Bridge 32nm Technology
6.00 GB Dual-Channel DDR3 @ 665MHz (9-9-9-24)
Hewlett-Packard 166D (CPU1)
Intel HD Graphics 3000
119GB ATA PLEXTOR PX-128M5 SCSI Disk Device (SSD)
find
quote
#29
(05-29-2014, 05:23 PM)donovan6000 Wrote: Hey gujiangjiang,

Can you test out this rom and let me know it if bricks. This is just to test out some RSA stuff, so there's nothing unlocked. Thanks Big Grin
Hello,donovan6K,

My friend had just test this BIOS ,But sadly bricked.

Sad

Intel Core i5 2410M @ 2.30GHz
Sandy Bridge 32nm Technology
6.00 GB Dual-Channel DDR3 @ 665MHz (9-9-9-24)
Hewlett-Packard 166D (CPU1)
Intel HD Graphics 3000
119GB ATA PLEXTOR PX-128M5 SCSI Disk Device (SSD)
find
quote
#30
(05-29-2014, 05:23 PM)donovan6000 Wrote: Hey gujiangjiang,

Can you test out this rom and let me know it if bricks. This is just to test out some RSA stuff, so there's nothing unlocked. Thanks Big Grin

Hello ,Any other progress?

Regards


Sent from my iPhone using Tapatalk

Intel Core i5 2410M @ 2.30GHz
Sandy Bridge 32nm Technology
6.00 GB Dual-Channel DDR3 @ 665MHz (9-9-9-24)
Hewlett-Packard 166D (CPU1)
Intel HD Graphics 3000
119GB ATA PLEXTOR PX-128M5 SCSI Disk Device (SSD)
find
quote


Forum Jump:


Users browsing this thread: 2 Guest(s)