Login

vvd214 · (This post was last modified: 09-24-2014, 03:11 AM by vvd214.)

My system
-Manufacturer: HP Compaq 610
Bios file using BIOS file from http://forums.mydigitallife.info/threads...post333358 with version F0B (HP Compaq 510/610 Notebook PC (INTEL) . It work great, after I try upgrade to F20 from
http://ftp.hp.com/pub/softpaq/sp55501-56000/sp55870.exe
My laptop refuse wifi card with error 104. I try to flash back to F08 bios mod but I cant flash because the system say" cant downgrade.

Please help me mod F20 version. Thanks

**BDMaster** · 09-24-2014, 05:08 PM

(09-24-2014, 03:11 AM)vvd214 Wrote: My system
-Manufacturer: HP Compaq 610
Bios file using BIOS file from http://forums.mydigitallife.info/threads...post333358 with version F0B (HP Compaq 510/610 Notebook PC (INTEL) . It work great, after I try upgrade to F20 from
http://ftp.hp.com/pub/softpaq/sp55501-56000/sp55870.exe
My laptop refuse wifi card with error 104. I try to flash back to F08 bios mod but I cant flash because the system say" cant downgrade.

Please help me mod F20 version. Thanks

Hi friend,
I asked about the Original and New PCI/VEN as ADDCC Tool permit to replace Cards IDs only, so I cannot remove Whitelist, but replace your IDs into Bios to bypass the lock !
As I said your It's an old Bios and It's possible to modify only in ths way.
I haven't done yet this Mod and for me is a bit difficult.
Let me know
Regards

vvd214 · 09-25-2014, 07:42 AM

Thanks for your help.
IDs of Original: Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC with PCI\VEN_10EC&DEV_8171

I got 2 cards for repalce, you can use one of them
1 : BCM94321MC with PCI\VEN_14E4& DEV_4328
2: BCM94312MCG with PCI\VEN_14E4&DEV_4315

(09-24-2014, 05:08 PM)BDMaster Wrote: Hi friend,
I asked about the Original and New PCI/VEN as ADDCC Tool permit to replace Cards IDs only, so I cannot remove Whitelist, but replace your IDs into Bios to bypass the lock !
As I said your It's an old Bios and It's possible to modify only in ths way.
I haven't done yet this Mod and for me is a bit difficult.
Let me know
Regards

**BDMaster** · 09-25-2014, 10:22 AM

Hi friend,
can You use this tool to get a Bios Backup as I would examine the Bios
Decompressed (or Decrypted), then upload It on RGhost or Sendspace servers :

http://rghost.net/53128665

let me know

vvd214 · (This post was last modified: 09-25-2014, 11:05 AM by vvd214.)

Here it is: http://rghost.net/58201737 or you can download attached file

(09-25-2014, 10:22 AM)BDMaster Wrote: Hi friend,
can You use this tool to get a Bios Backup as I would examine the Bios
Decompressed (or Decrypted), then upload It on RGhost or Sendspace servers :

http://rghost.net/53128665

let me know

**donovan6000** · 09-25-2014, 12:35 PM

Hey BDMaster! The rom(s) are in the cab packages. They are just standard Insyde roms, so the same methods apply when modding them. I tried modifying one of these cab bios a few months back, but they person never confirmed if it worked. Some good information on it comes from TTAV134 Big Grin

**BDMaster** · 09-25-2014, 03:32 PM

(09-25-2014, 12:35 PM)donovan6000 Wrote: Hey BDMaster! The rom(s) are in the cab packages. They are just standard Insyde roms, so the same methods apply when modding them. I tried modifying one of these cab bios a few months back, but they person never confirmed if it worked. Some good information on it comes from TTAV134

Hi Donovan,
I cannot open this file like normal Bios Insyde as PMTool doesn't know this format !
Would You give a look, please, my friend ?
I am confused as I got his Bios Backup and I got same problem ?!?
It's not openable . . .
Thanks for your help.
I will wait your reply.

**donovan6000** · 09-26-2014, 05:54 PM

Wow, these bios have me stumped. I compared the modded F.08 to the original to see the modifications that TTAV134 did, and it doesn't look like the bios are compressed in any way like normal EFI/UEFI is with Tiano core and/or LMZA compression. However I can't seem to dissassemble the rom though, so it's difficult to accuratley modify it. Are these really Insyde bios?? Confused

@vvd214 What's the exact error it gives yuo when you try to downgrade to the F.08 bios. It might be possible to modify the flasher to bypass this.

vvd214 · (This post was last modified: 09-27-2014, 09:37 AM by vvd214.)

(09-26-2014, 05:54 PM)donovan6000 Wrote: Wow, these bios have me stumped. I compared the modded F.08 to the original to see the modifications that TTAV134 did, and it doesn't look like the bios are compressed in any way like normal EFI/UEFI is with Tiano core and/or LMZA compression. However I can't seem to dissassemble the rom though, so it's difficult to accuratley modify it. Are these really Insyde bios??

@vvd214 What's the exact error it gives yuo when you try to downgrade to the F.08 bios. It might be possible to modify the flasher to bypass this.

I use HPQ Flash Tools to flash in Windows. It say: the firmware file is older version and cant be downgrade. that file I used before update to F20 version. I did try to flash in DOS but no success with same error. Maybe, can you help me to modify F0B version to remove version check

**BDMaster** · (This post was last modified: 09-28-2014, 07:58 AM by BDMaster.)

(09-25-2014, 07:42 AM)vvd214 Wrote: Thanks for your help.
IDs of Original: Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC with PCI\VEN_10EC&DEV_8171

I got 2 cards for repalce, you can use one of them
1 : BCM94321MC with PCI\VEN_14E4& DEV_4328
2: BCM94312MCG with PCI\VEN_14E4&DEV_4315

(09-24-2014, 05:08 PM)BDMaster Wrote: Hi friend,
I asked about the Original and New PCI/VEN as ADDCC Tool permit to replace Cards IDs only, so I cannot remove Whitelist, but replace your IDs into Bios to bypass the lock !
As I said your It's an old Bios and It's possible to modify only in ths way.
I haven't done yet this Mod and for me is a bit difficult.
Let me know
Regards

Can You check the format as ADDCCV say that format have to be longer so like this :

Original :
1: PCI\VEN_10EC&DEV_8171&SUBSYS_11071A3B&REV_10

Replaced :
1 : PCI\VEN_14E4&DEV_4328&SUBSYS_000A1028&REV_03
2 : PCI\VEN_14E4&DEV_4315&SUBSYS_137D103C&REV_01

So I will have something like this :

Original :
1: PCI\VEN_10EC&DEV_8171&SUBSYS_11071A3B&REV_10 -------> EC1071813B1A0711

Replaced :
1 : PCI\VEN_14E4&DEV_4328&SUBSYS_000A1028&REV_03 -------> E414284328100A00
2 : PCI\VEN_14E4&DEV_4315&SUBSYS_137D103C&REV_01 -------> E41415433C107D13

Getting the Short Block for Whitelist Searching !

Let me know, please
Regards

Ok this is your Bios F.20 Whitelist at offset 0x0A30h :

868022423C105B13
868022423C105C13
868022423C105D13
868022423C105F13
868022423C105E13
8680224286800010
8680224286800110
8680224286800210
8680224286800310
8680224286800410
8680224286800510
8680224286803410
8680294286800010
8680294286800110
8680294286800210
8680294286800310
8680294286800011
8680294286800111
8680294286800211
8680294286800311
8680294286800411
E41415433C107C13
E41415433C107D13
E4142B433C107F13
E4142B433C108013
66505351525657BB
6400688BEF9ABA1E
00

And your PCI WiFi Card EC107181 there isn't !!!
There are only these Cards with E414. . .

E41415433C107C13
E41415433C107D13
E4142B433C107F13
E4142B433C108013

E41415433C107C13 -------> PCI\VEN_14E4&DEV_4315&SUBSYS_137C103C

Device Name: Broadcom 802.11b/g WLAN
Hardware ID
PCI\VEN_14E4&DEV_4315&SUBSYS_137C103C&REV_01
PCI\VEN_14E4&DEV_4315&SUBSYS_137C103C <---- Device ID matches with our database
PCI\VEN_14E4&DEV_4315&CC_028000
PCI\VEN_14E4&DEV_4315&CC_0280

Compatible ID:
PCI\VEN_14E4&DEV_4315&REV_01
PCI\VEN_14E4&DEV_4315
PCI\VEN_14E4&CC_028000
PCI\VEN_14E4&CC_0280
PCI\VEN_14E4
PCI\CC_028000
PCI\CC_0280
Version 5.10.79.5,2009-01-22

Now a good mode to Remove Whitelist could be this :

1. Get Whitelist Offset = 0x0A30 and search for It into Module Code
2. Disasm Module Code at Offset chunck where is the 0x0A30 Instructions (LEA or MOV or CMP this Address),
there are two mode to write address normal 0x0A30 (Big Endian) or 0x300A (Little Endian) and this is our case.
So look for 0x300Ah into IDAPro or and HexEditor to find the instruction offset (0xAC97h) look there or few bytes before . . .

seg000:AC93 loc_AC93: ; CODE XREF: sub_AC47+63j
seg000:AC93 cmp cs:[bx+0A30h], edx
seg000:AC99 jnz short loc_ACA3
seg000:AC9B cmp cs:[bx+0A34h], ecx
seg000:ACA1 jz short loc_AD06 ; when ID is in WList - jump to OK

3. Find the STC or CLC instrucion (F9 / F8), normaly in this kind of Bios is realized using these instructions
4. Modify STC to CLC and exit
5. Use ADDCC v.3 to recompress Bios and correct Checksum
6. Repack ROM.Cab and patch HPQFlash.exe
7. End

So I found this Module 02_POST_00020100_patched_Rom.bin.dec for Whitelist (I know that ADDCC is a German
Tool and TTAV134 was first using It may be TTAV134 is the author and He is German ?!?)
So now We can Disasm this Module 02_POST_00020100_patched_Rom.bin.dec and try to get more Infos.
I found Whitelist Block and know what to do, but I cannot disasm correctly this Module so I asked help to
the one older and Super Modder Serg008 from MDL and He done the modify giving to me some explainations.
Many Thanks to Serg008 and jis knowledgemnts !!!
So I got the right address where is the Whtelist checks :

seg000:AD12 loc_AD12: ; CODE XREF: sub_AC47+A0j
seg000:AD12 ; sub_AC47+A9j ...
seg000:AD12 stc ; error
seg000:AD12 ; patch1(1) : F9 -->F8 (stc to clc)
seg000:AD13 pop di
seg000:AD14 pop edx
seg000:AD16 pop ecx
seg000:AD18 pop ebx
seg000:AD1A pop eax
seg000:AD1C leave
seg000:AD1D retn

Now this instruction STC have to become CLC, then 0xF9 to 0xF8 and that's It !!!

Regards

Login
Username:
Password:	Lost Password?
	Remember me