How to dump RSA signed Insyde BIOS

From Bios Mods -The Best BIOS Update and Modification Source Wik
Revision as of 03:14, 17 August 2013 by Brainsucker (talk | contribs)
Jump to: navigation, search

Starting from 2012 Insyde Corp. implemented RSA algorithm to crypt their BIOSs to avoid modding. To unpack such BIOS with Phoenix tool is impossible. However, we are 100% certain that the BIOS rom stored in the motherboard is a decrypted variant. The easiest way to get it - make a backup of current BIOS before flashing with the new one. But we can also flash with a modded BIOS version over the same BIOS version number.


Here are the instructions:

Flasher (platform.ini) way

1. Take your current executable BIOS flasher.
2. Unpack with any unzip software
3. Find "platform.ini" file
4. Edit following lines with Notepad

[BackupROM]
Flag=1
FilePath=c:
FileName=<put bios name here>.BIN

5. Flash the same BIOS again with the modified platform.ini
6. After reboot you will find dumped current BIOS on C drive

UEFI way (EFI system partition)

On some new platforms (for example HP Envy 17 (17-j005tx) '2013) BIOS reading (backup) feature is disabled. In such case flasher will show the following error message IHISI: flash read error in SMI! and the system will hang (on some notebooks you might even need to unplug power and remove battery to shutdown system). Flash read error small.jpg It doesn't seem to depend on Windows version or type (x64/x86), even WinPE recovery disks won't help.

However in most such cases flasher won't update BIOS directly, but will use UEFI BIOS update procedure (after rebooting). New BIOS is copied (in unencrypted form) to UEFI partition, so we just need to find it there. EFI System Partition is not normally visible in Windows and you won't be able to assign a disk letter to it using standard Disk Manager. However the following command in console under Administrator account (Run as Administrator - elevated command prompt is required) will help (mounting EFI partition as disk X:):
mountvol X: /S
You might want to run this command from some console file manager (like FAR, http://farmanager.com/) or run your file manager side-by-side under Administrator account, since X: disk won't be visible/accessible otherwise. Then walk through disk X: (just don't delete or modify anything) looking for copies of your unencrypted BIOS, for HP Envy 17 they were found in X:\EFI\HP\BIOS\Current folder, in form of 01966.bin file (instead of original encrypted 01966.fd).