![[-]](https://www.bios-mods.com/forum/images/black/collapse.png "[-]")
12-09-2016, 02:53 PM
(This post was last modified: 12-23-2016, 07:06 PM by Nephiel.
Edit Reason: Formatting
)
I updated my ThinkPad X131e (Intel Core i3-3227U) to the latest BIOS version (2.92, G8ETA5WW as of Dec 9, 2016) and then successfully removed the whitelist. I'm sharing the process here so I can refer back to it for future updates, and so it may help others as well.
Disclaimer: I am not responsible for any loss or damages that may result of following these instructions.
Most of the required tools must be run as administrator and I had to disable the antivirus to be able to run some of them, so again, do this at your own risk.
Tools I used:
1b. I dumped my current BIOS again, this time using Universal BIOS Backup. This produced a larger dump (12MiB) named LENOVO-G8ET99WW(2.59).rom. I assume this is a complete dump of all ROMs (8MiB+4MiB), hence the bigger size. I did not need this dump after all, but it can't hurt to have more options in case anything goes wrong and you need to flash the BIOS using an external programmer.
2. Copy result.rar to a safe place.
2b. Copy LENOVO-G8ET99WW(2.59).rom to a safe place as well.
3. Run PhoenixTool 2.66 as administrator. It probably requires turning off the antivirus as well.
Click the [..] button next to Original BIOS and open the x64_bios-region_8.1.10.1286.bin file from folder 1-OLD.
Status text should change to WORKING... Wait until it loads and a popup appears.
![[Image: GMkJkfA.png]](http://i.imgur.com/GMkJkfA.png)
Click OK to dismiss the popup. Status should then display EFI / Insyde BIOS.
![[Image: RVA1W07.png]](http://i.imgur.com/RVA1W07.png)
Click Structure button and wait until it loads the EFI Structure.
Then Click the [+] box and browse the structure to locate this module:
Once found, select the P32+ image section within, and click Extract.
![[Image: ucTadlC.png]](http://i.imgur.com/ucTadlC.png)
I did not need to tick any of the Decompress.../Compress... checkboxes, so I assume the module is not compressed (though one of its parents in the structure might be. YMMV).
This will extract the module to a file named 79E0EDD7-9D1D-4F41-AE1A-F896169E5216.MOD in the 1-OLD folder.
Exit and close PhoenixTool.
4. Update BIOS to the latest version using the official updater provided by Lenovo.
In my case, I updated to G8ETA5WW (2.92) using Lenovo ThinkVantage System Update.
5. Power off and remove any non-authorized wireless card (not in the whitelist) to be able to boot.
6. Repeat step 1 to dump the new BIOS version, and copy the resulting x64_bios-region_8.1.10.1286.bin to folder 2-NEW.
6b. Again, I made a second dump using Universal BIOS Backup. Its name was LENOVO-G8ETA5WW(2.92).rom
7. Copy the new result.rar to a safe place.
7b. Copy LENOVO-G8ETA5WW(2.92).rom to a safe place as well.
8. Repeat step 3 with the x64_bios-region_8.1.10.1286.bin file from folder 2-NEW.
At this point you can compare both 79E0EDD7-9D1D-4F41-AE1A-F896169E5216.MOD files in 1-OLD and 2-NEW using HxD. The differences should be minimal or non-existent.
9. Copy x64_bios-region_8.1.10.1286.bin and 79E0EDD7-9D1D-4F41-AE1A-F896169E5216.MOD files from 2-NEW to 3-NEW-NWL.
10. Using PhoenixTool, open the x64_bios-region_8.1.10.1286.bin file from 3-NEW-NWL.
Browse to the LenovoWmaPolicyDxe module like before, but do not extract it this time.
Leave PhoenixTool open.
11. Using HxD, open the 79E0EDD7-9D1D-4F41-AE1A-F896169E5216.MOD file from 3-NEW-NWL.
Edit the following hex values to disable the whitelist. Double-check the offsets and the values.
The values that need to be changed are:
offset(intel) offset(amd,untested!) original no-whitelist
00000AFE 00000AAE 0F 90
00000AFF 00000AAF 84 E9
00000B07 00000AB7 0F 90
00000B08 00000AB8 84 E9
00000B9B 00000B4B 74 EB
00000BB5 00000B65 OF 90
00000BB6 00000B66 84 90
00000BB7 00000B67 6C 90
00000BB8 00000B68 FF 90
00000BB9 00000B69 FF 90
00000BBA 00000B6A FF 90
00000BBB 00000B6B EB 90
00000BBC 00000B6C AF 90
These are the result of comparing two dumps of the same BIOS version (2.59): a stock dump, and the no-whitelist dump that BDMaster sent me.
The module is identical between stock versions 2.59 and 2.92, so the 2.59 mod works with the 2.92 BIOS.
Do not continue if you don't find the expected values in consistent offsets; in that case you will probably have to resort to editing the code in assembly to skip the whitelist check.
Original values (Intel version):
![[Image: hhEiEyV.png]](http://i.imgur.com/hhEiEyV.png)
After modification (Intel version):
![[Image: qKBwkQz.png]](http://i.imgur.com/qKBwkQz.png)
Original values (AMD version) (UNTESTED!):
![[Image: FpiawcQ.png]](http://i.imgur.com/FpiawcQ.png)
After modification (AMD version) (UNTESTED!):
![[Image: fjCoC6W.png]](http://i.imgur.com/fjCoC6W.png)
Save the changes to 79E0EDD7-9D1D-4F41-AE1A-F896169E5216.MOD file in 3-NEW-NWL folder.
12. Go back to PhoenixTool, select the P32+ image section and click Replace (not Insert!)
Select the 79E0EDD7-9D1D-4F41-AE1A-F896169E5216.MOD file from 3-NEW-NWL folder. Wait for it to load.
Then, click Exit button and reply Yes to save the changes to x64_bios-region_8.1.10.1286.bin in 3-NEW-NWL.
13. Usually, at this point you would have to click Advanced in PhoenixTool, click Yes to accept the risks, tick Always allow user modification of modules and No SLIC, and then click Go to write the changes to x64_bios-region_8.1.10.1286_SLIC.bin in 3-NEW-NWL folder.
However, in my case the resulting x64_bios-region_8.1.10.1286_SLIC.bin file was identical to the x64_bios-region_8.1.10.1286.bin from the previous step, so this could be skipped. Again, YMMV.
14. Create a pure DOS boot disk and copy pflash files (pflash.exe, Efildr16) to this disk.
Copy x64_bios-region_8.1.10.1286.bin from the 3-NEW-NWL folder to the disk.
Rename the x64_bios-region_8.1.10.1286.bin in the disk to something shorter, such as NWL2.92.
Create a batch file flash.bat in the disk:
15. Boot the laptop with the DOS disk and run flash.bat from the command prompt.
In my case, pflash complained about the checksum, but flashed anyway.
If this fails, you will have to resort to a hardware programmer to flash.
Hope this helps!
Disclaimer: I am not responsible for any loss or damages that may result of following these instructions.
Most of the required tools must be run as administrator and I had to disable the antivirus to be able to run some of them, so again, do this at your own risk.
Tools I used:
- TestBack to dump BIOS
- Andy's PhoenixTool 2.66 to explore the contents
- HxD to edit and compare the modules
- PFlash to write back to BIOS
- Universal BIOS Backup to backup whole BIOS, just to be sure
- 1-OLD (files from the old BIOS version, 2.59)
- 2-NEW (files from the new BIOS version, 2.92)
- 3-NEW-NWL (files from the new BIOS version, 2.92, with no whitelist)
1b. I dumped my current BIOS again, this time using Universal BIOS Backup. This produced a larger dump (12MiB) named LENOVO-G8ET99WW(2.59).rom. I assume this is a complete dump of all ROMs (8MiB+4MiB), hence the bigger size. I did not need this dump after all, but it can't hurt to have more options in case anything goes wrong and you need to flash the BIOS using an external programmer.
2. Copy result.rar to a safe place.
2b. Copy LENOVO-G8ET99WW(2.59).rom to a safe place as well.
3. Run PhoenixTool 2.66 as administrator. It probably requires turning off the antivirus as well.
Click the [..] button next to Original BIOS and open the x64_bios-region_8.1.10.1286.bin file from folder 1-OLD.
Status text should change to WORKING... Wait until it loads and a popup appears.
Click OK to dismiss the popup. Status should then display EFI / Insyde BIOS.
Click Structure button and wait until it loads the EFI Structure.
Then Click the [+] box and browse the structure to locate this module:
Code:
DXE Driver {79E0EDD7-9D1D-4F41-AE1A-F896169E5216} - LenovoWmaPolicyDxe.efiI did not need to tick any of the Decompress.../Compress... checkboxes, so I assume the module is not compressed (though one of its parents in the structure might be. YMMV).
This will extract the module to a file named 79E0EDD7-9D1D-4F41-AE1A-F896169E5216.MOD in the 1-OLD folder.
Exit and close PhoenixTool.
4. Update BIOS to the latest version using the official updater provided by Lenovo.
In my case, I updated to G8ETA5WW (2.92) using Lenovo ThinkVantage System Update.
5. Power off and remove any non-authorized wireless card (not in the whitelist) to be able to boot.
6. Repeat step 1 to dump the new BIOS version, and copy the resulting x64_bios-region_8.1.10.1286.bin to folder 2-NEW.
6b. Again, I made a second dump using Universal BIOS Backup. Its name was LENOVO-G8ETA5WW(2.92).rom
7. Copy the new result.rar to a safe place.
7b. Copy LENOVO-G8ETA5WW(2.92).rom to a safe place as well.
8. Repeat step 3 with the x64_bios-region_8.1.10.1286.bin file from folder 2-NEW.
At this point you can compare both 79E0EDD7-9D1D-4F41-AE1A-F896169E5216.MOD files in 1-OLD and 2-NEW using HxD. The differences should be minimal or non-existent.
9. Copy x64_bios-region_8.1.10.1286.bin and 79E0EDD7-9D1D-4F41-AE1A-F896169E5216.MOD files from 2-NEW to 3-NEW-NWL.
10. Using PhoenixTool, open the x64_bios-region_8.1.10.1286.bin file from 3-NEW-NWL.
Browse to the LenovoWmaPolicyDxe module like before, but do not extract it this time.
Leave PhoenixTool open.
11. Using HxD, open the 79E0EDD7-9D1D-4F41-AE1A-F896169E5216.MOD file from 3-NEW-NWL.
Edit the following hex values to disable the whitelist. Double-check the offsets and the values.
The values that need to be changed are:
offset(intel) offset(amd,untested!) original no-whitelist
00000AFE 00000AAE 0F 90
00000AFF 00000AAF 84 E9
00000B07 00000AB7 0F 90
00000B08 00000AB8 84 E9
00000B9B 00000B4B 74 EB
00000BB5 00000B65 OF 90
00000BB6 00000B66 84 90
00000BB7 00000B67 6C 90
00000BB8 00000B68 FF 90
00000BB9 00000B69 FF 90
00000BBA 00000B6A FF 90
00000BBB 00000B6B EB 90
00000BBC 00000B6C AF 90
These are the result of comparing two dumps of the same BIOS version (2.59): a stock dump, and the no-whitelist dump that BDMaster sent me.
The module is identical between stock versions 2.59 and 2.92, so the 2.59 mod works with the 2.92 BIOS.
Do not continue if you don't find the expected values in consistent offsets; in that case you will probably have to resort to editing the code in assembly to skip the whitelist check.
Original values (Intel version):
After modification (Intel version):
Original values (AMD version) (UNTESTED!):
After modification (AMD version) (UNTESTED!):
Save the changes to 79E0EDD7-9D1D-4F41-AE1A-F896169E5216.MOD file in 3-NEW-NWL folder.
12. Go back to PhoenixTool, select the P32+ image section and click Replace (not Insert!)
Select the 79E0EDD7-9D1D-4F41-AE1A-F896169E5216.MOD file from 3-NEW-NWL folder. Wait for it to load.
Then, click Exit button and reply Yes to save the changes to x64_bios-region_8.1.10.1286.bin in 3-NEW-NWL.
13. Usually, at this point you would have to click Advanced in PhoenixTool, click Yes to accept the risks, tick Always allow user modification of modules and No SLIC, and then click Go to write the changes to x64_bios-region_8.1.10.1286_SLIC.bin in 3-NEW-NWL folder.
However, in my case the resulting x64_bios-region_8.1.10.1286_SLIC.bin file was identical to the x64_bios-region_8.1.10.1286.bin from the previous step, so this could be skipped. Again, YMMV.
14. Create a pure DOS boot disk and copy pflash files (pflash.exe, Efildr16) to this disk.
Copy x64_bios-region_8.1.10.1286.bin from the 3-NEW-NWL folder to the disk.
Rename the x64_bios-region_8.1.10.1286.bin in the disk to something shorter, such as NWL2.92.
Create a batch file flash.bat in the disk:
Code:
@echo off
@pflash.exe /sa NWL2.9215. Boot the laptop with the DOS disk and run flash.bat from the command prompt.
In my case, pflash complained about the checksum, but flashed anyway.
If this fails, you will have to resort to a hardware programmer to flash.
Hope this helps!
![[Valid RSS]](valid-rss.png "Validate my RSS feed")