Forum RSS Feed Follow @ Twitter Follow On Facebook

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[-]
Welcome
You have to register before you can post on our site.

Username:


Password:





[-]
Latest Threads
[REQUEST] Acer Aspire 9300 BIOS Unlock
Last Post: Geortor
Today 04:01 PM
» Replies: 10
» Views: 2194
Lenovo ThinkCentre M700 10GS - Kaby Lake...
Last Post: DeathBringer
Today 02:55 PM
» Replies: 10
» Views: 3751
[Request] Asus H110M-R Mainboard - Xeon ...
Last Post: kusslegyen
Today 02:04 PM
» Replies: 14
» Views: 6718
LGA771 Bios Microcode for HP dc7800 sff
Last Post: Netuser232
Today 01:27 PM
» Replies: 136
» Views: 92027
Dell Vostro 3500 full unlocked
Last Post: kamilchno
Today 10:51 AM
» Replies: 0
» Views: 32
Bios logo
Last Post: Nkosenhle
Today 10:43 AM
» Replies: 0
» Views: 38
Gigabyte AORUS 5 (KB/SB/MB) BIOS Unlock
Last Post: Dudu2002
Today 10:41 AM
» Replies: 18
» Views: 4759
[REQUEST] Lenovo G580 (5ECNxxWW) Whiteli...
Last Post: Dudu2002
Today 09:09 AM
» Replies: 1730
» Views: 671537
[REQUEST] Lenovo Thinkpad X230(i) (G2ETx...
Last Post: willow25565
Today 02:06 AM
» Replies: 1090
» Views: 450793
[REQUEST] Lenovo Thinkpad Edge E430 & E5...
Last Post: RuryGame
Yesterday 06:23 PM
» Replies: 494
» Views: 171125
2x CPU Dell Workstation BIOS modding
Last Post: William P
Yesterday 03:30 PM
» Replies: 0
» Views: 75
[REQUEST] Lenovo T440(S) (GJETxxWW) Whit...
Last Post: Dudu2002
Yesterday 01:28 PM
» Replies: 492
» Views: 185988
[Request] ECS P6LX-A bios mod for HDD si...
Last Post: pdesrosiers
11-24-2024 11:20 PM
» Replies: 0
» Views: 343
Sony Vaio AW11Z - Support for Quad CPU -...
Last Post: lala2025
11-24-2024 08:19 PM
» Replies: 12
» Views: 3860
[REQUEST] HP Pavilion G42-272BR Whitelis...
Last Post: eepromm
11-24-2024 06:14 PM
» Replies: 1
» Views: 190
[REQUEST] Bios for packard bell tj65 wit...
Last Post: THECAIDA
11-24-2024 03:49 PM
» Replies: 2
» Views: 146
[REQUEST] Lenovo G710 BIOS Whitelist Rem...
Last Post: Dudu2002
11-24-2024 02:47 PM
» Replies: 476
» Views: 168682
[REQUEST] Lenovo G50-70 (9ACNxxWW) White...
Last Post: tarikyeter
11-24-2024 02:44 PM
» Replies: 236
» Views: 89327
[REQUEST] Remove whitelist in a Panasoni...
Last Post: coco62
11-24-2024 11:20 AM
» Replies: 2
» Views: 1611
Lenovo ThinkPad SL510 Whitelist Removal....
Last Post: deepTeNk
11-23-2024 03:32 PM
» Replies: 5
» Views: 6415

[Requests]HP Pavilion g4-1000 Series For UEFI
#21
All I did was unlock what was hidden. If it looks weird, then it's how the manufacturers made it.
find
quote
#22
Quote:Insyde and HP decided to remove a lot of EFI functionality.

Indeed,but.
CryptRSA.efi is running fine as efi.
Open in IDA and I see there is one export, named InitializeDriver
If this can be extracted modded to launch bootloaders instead SystemDiagnostics and have this inserted into BIOS.
There is in BDS code that check 7E offset in NV area.
Add some code (don't know in what module) to check that 7E and if EFI enabled then call or launch this.

As already probably see in one of my message,changing a conditional jump in BDS module I get listed (if EFI enabled in BIOS) Internal EFI shell as boot option,but error on booting.
Since that function check offset 7E I was thinking that is one of that who create boot options.
Can be decoded info from dmpstore Variable Boot000X to see what is linked to EFI shell?


Looking at dumps from ram I see that BDS module call a functions inside MonitorKey module and one in OemOdmDriver or something like that (not on laptop now,and may be wrong name from memory)

Don't remember where and now I can't find it again I read about a something that return code is something LegacyBios and then all go legacy and EFI disabled but don't remember what source code was.

Also what is that VideoMem.udm,I ignored until now but opened in IDA and I see that is not related to Videomem only ,found inside functions that looks like or related to boot options

@ gujiangjiang
Something similar I encountered when I was using another SetupUtility module (FE354 ....) from other BIOS.
Some blocks of squares in some area.
Could be strings missing or in other language or wrong address for string and can't display that characters

gujiangjiang what is set as language in BIOS,switch to english if is something else.
Also that strings doesn't look right,there are strings from help area assigned to parameters name look like.
find
quote
#23
(05-23-2014, 02:24 PM)gabiz_ro Wrote:
Quote:Insyde and HP decided to remove a lot of EFI functionality.

Indeed,but.
CryptRSA.efi is running fine as efi.
Open in IDA and I see there is one export, named InitializeDriver
If this can be extracted modded to launch bootloaders instead SystemDiagnostics and have this inserted into BIOS.
There is in BDS code that check 7E offset in NV area.
Add some code (don't know in what module) to check that 7E and if EFI enabled then call or launch this.

As already probably see in one of my message,changing a conditional jump in BDS module I get listed (if EFI enabled in BIOS) Internal EFI shell as boot option,but error on booting.
Since that function check offset 7E I was thinking that is one of that who create boot options.
Can be decoded info from dmpstore Variable Boot000X to see what is linked to EFI shell?


Looking at dumps from ram I see that BDS module call a functions inside MonitorKey module and one in OemOdmDriver or something like that (not on laptop now,and may be wrong name from memory)

Don't remember where and now I can't find it again I read about a something that return code is something LegacyBios and then all go legacy and EFI disabled but don't remember what source code was.

Also what is that VideoMem.udm,I ignored until now but opened in IDA and I see that is not related to Videomem only ,found inside functions that looks like or related to boot options

@ gujiangjiang
Something similar I encountered when I was using another SetupUtility module (FE354 ....) from other BIOS.
Some blocks of squares in some area.
Could be strings missing or in other language or wrong address for string and can't display that characters

gujiangjiang what is set as language in BIOS,switch to english if is something else.
Also that strings doesn't look right,there are strings from help area assigned to parameters name look like.

Does this means hp laptop have chance to be boot var EFI ?


Sent from my iPhone using Tapatalk

Intel Core i5 2410M @ 2.30GHz
Sandy Bridge 32nm Technology
6.00 GB Dual-Channel DDR3 @ 665MHz (9-9-9-24)
Hewlett-Packard 166D (CPU1)
Intel HD Graphics 3000
119GB ATA PLEXTOR PX-128M5 SCSI Disk Device (SSD)
find
quote
#24
Don't know sure.
But looking at Bds module from HP and from others that are EFI boot capable I see they are very similar.

Used some diff tools,zynamic bindiff if I remember right and I see that some functions are identical,some are little different and some are very different or don't exist or missing compared to others.
But changes of BDS module are very risky,I bricked many times my laptop,and when Bds is modified sometimes,very often recovery does not work,needt to program BIOS externally.
I solved problem with efiutils,was incompatible with ida python that came with ida.Updated list of guids,still have many that can't find any info about them,maybe are HP only.But for some reason update structures don't work as expected,need to manually declare structures like [rax+48h] is in fact Boot_services.freepool by example.
Also noticed something last night,I see something about install protocol,that must have some guid and other parameters usual passed in some registers but in few functions registers are xor'ed before,need to check on others laptop if that is right or wrong.
Is something like
xor registers
xor other register
call boot services install protocol

Other thing that I encountered mostly on HP modules efiutils complain about cannot rename x guid because that name is already defined and indeed same sequence of bytes exist twice in module.
find
quote
#25
I get Internal efi shell in F9 menu,is loading now but drivers Ps2Mouse,DiskIo,Fat and Partition doesn't get loaded as result no device are accessible.
Replaced with other drivers,Partition and Fat are loaded but no DiskIo so still no device are accessible.
find
quote
#26
(05-27-2014, 09:47 PM)gabiz_ro Wrote: I get Internal efi shell in F9 menu,is loading now but drivers Ps2Mouse,DiskIo,Fat and Partition doesn't get loaded as result no device are accessible.
Replaced with other drivers,Partition and Fat are loaded but no DiskIo so still no device are accessible.

It's a big step for EFI.
You can try Clover bootloader ,and try to boot from internal efi shell.


Sent from my iPhone using Tapatalk

Intel Core i5 2410M @ 2.30GHz
Sandy Bridge 32nm Technology
6.00 GB Dual-Channel DDR3 @ 665MHz (9-9-9-24)
Hewlett-Packard 166D (CPU1)
Intel HD Graphics 3000
119GB ATA PLEXTOR PX-128M5 SCSI Disk Device (SSD)
find
quote
#27
Hey gujiangjiang,

Can you test out this rom and let me know it if bricks. This is just to test out some RSA stuff, so there's nothing unlocked. Thanks Big Grin
find
quote
#28
(05-29-2014, 05:23 PM)donovan6000 Wrote: Hey gujiangjiang,

Can you test out this rom and let me know it if bricks. This is just to test out some RSA stuff, so there's nothing unlocked. Thanks Big Grin

Ok ,i will try and give you q feedback.


Sent from my iPhone using Tapatalk

Intel Core i5 2410M @ 2.30GHz
Sandy Bridge 32nm Technology
6.00 GB Dual-Channel DDR3 @ 665MHz (9-9-9-24)
Hewlett-Packard 166D (CPU1)
Intel HD Graphics 3000
119GB ATA PLEXTOR PX-128M5 SCSI Disk Device (SSD)
find
quote
#29
(05-29-2014, 05:23 PM)donovan6000 Wrote: Hey gujiangjiang,

Can you test out this rom and let me know it if bricks. This is just to test out some RSA stuff, so there's nothing unlocked. Thanks Big Grin
Hello,donovan6K,

My friend had just test this BIOS ,But sadly bricked.

Sad

Intel Core i5 2410M @ 2.30GHz
Sandy Bridge 32nm Technology
6.00 GB Dual-Channel DDR3 @ 665MHz (9-9-9-24)
Hewlett-Packard 166D (CPU1)
Intel HD Graphics 3000
119GB ATA PLEXTOR PX-128M5 SCSI Disk Device (SSD)
find
quote
#30
(05-29-2014, 05:23 PM)donovan6000 Wrote: Hey gujiangjiang,

Can you test out this rom and let me know it if bricks. This is just to test out some RSA stuff, so there's nothing unlocked. Thanks Big Grin

Hello ,Any other progress?

Regards


Sent from my iPhone using Tapatalk

Intel Core i5 2410M @ 2.30GHz
Sandy Bridge 32nm Technology
6.00 GB Dual-Channel DDR3 @ 665MHz (9-9-9-24)
Hewlett-Packard 166D (CPU1)
Intel HD Graphics 3000
119GB ATA PLEXTOR PX-128M5 SCSI Disk Device (SSD)
find
quote


Forum Jump:


Users browsing this thread: 5 Guest(s)