Forum RSS Feed Follow @ Twitter Follow On Facebook

Thread Rating:
  • 11 Vote(s) - 4.64 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[-]
Welcome
You have to register before you can post on our site.

Username:


Password:





[-]
Latest Threads
[REQUEST + BOUNTY] Lenovo Thinkpad P14s ...
Last Post: loadit
Today 02:23 PM
» Replies: 3
» Views: 74
[REQUEST] Lenovo Yoga 2 Pro (76CNxxWW) W...
Last Post: Dudu2002
Today 10:53 AM
» Replies: 845
» Views: 317111
[REQUEST] Lenovo Thinkpad E130 (H4ETxxWW...
Last Post: Dudu2002
Today 10:51 AM
» Replies: 509
» Views: 101062
[REQUEST] Lenovo Yoga 11E (N15ETxxW) Whi...
Last Post: Dudu2002
Today 08:15 AM
» Replies: 5
» Views: 2522
[REQUEST] Lenovo G50-70 (9ACNxxWW) BIOS ...
Last Post: Dudu2002
Today 07:23 AM
» Replies: 139
» Views: 40965
[REQUEST] CPU Support for Ryzen 5 3600 o...
Last Post: flexpavillion
Today 04:32 AM
» Replies: 1
» Views: 337
Clevo P775TM1-G BIOS
Last Post: ActivatedNut
Today 01:36 AM
» Replies: 145
» Views: 55311
ASUS P5G41T-M LX2/GB Unlocked Hidden Ove...
Last Post: GangsteR23
Yesterday 04:58 PM
» Replies: 25
» Views: 64130
lenovo z570 Advanced Menu Unlocked
Last Post: Kaluva12345
Yesterday 04:58 PM
» Replies: 7
» Views: 4101
[Request] HP Elitebook 6930P WLAN Whitel...
Last Post: Maxinator500
Yesterday 02:25 PM
» Replies: 15
» Views: 6568
Lenovo ThinkCentre M715q 2nd Gen & AMD R...
Last Post: RedfieldHUN1987
Yesterday 09:23 AM
» Replies: 2
» Views: 146
L14 Gen 3 AMD , Need UEFI unlock advance...
Last Post: frankeinstein2532555
Yesterday 04:08 AM
» Replies: 0
» Views: 95
[REQUEST] Lenovo Y400 & Y500 (6BCNxxWW) ...
Last Post: freedome
03-26-2024 11:00 PM
» Replies: 188
» Views: 52215
[REQUEST] Lenovo G510 (79CNxxWW) Whiteli...
Last Post: ghostinoss
03-26-2024 09:21 PM
» Replies: 655
» Views: 167183
[Request] CPU support for Lenovo IQ57I
Last Post: DeathBringer
03-26-2024 10:02 AM
» Replies: 5
» Views: 239
unlocked Bios for Machenike s16
Last Post: Dudu2002
03-26-2024 09:06 AM
» Replies: 5
» Views: 328
[REQUEST] Bios Unlock Whitelist HP DV6-6...
Last Post: DimanTLT63
03-26-2024 03:03 AM
» Replies: 0
» Views: 145
[REQUEST] HP Pavilion G6-1252ss Whitelis...
Last Post: joseefitness
03-26-2024 01:40 AM
» Replies: 0
» Views: 126
[REQUEST] Lenovo S310 & S410 (8BCNxxWW) ...
Last Post: morgley
03-25-2024 10:43 PM
» Replies: 14
» Views: 6333
Acer Nitro ANV15-51 Bios Bin File Reques...
Last Post: Papethzkie23
03-25-2024 06:04 PM
» Replies: 0
» Views: 138

(UEFI) Dell XPS 15z L511z modded BIOS - and HOWTO
(02-07-2012, 08:53 AM)ScruffyITA Wrote: hi, im the owner of a l502x that is mentioned on ur topic so i picked up the 550 bios mod and flashed. all was ok under windows. pc rebooted and the flash program popped up normally, so the programming process was all quite good. after 5 seconds pc rebooted and nothing happened. the caps led is on, screen is off and the fan speed is stuck at 100% and pc is frozen. any suggestion on how to rcover it?

Scruffy - the files in the first post are currently only for the 15z (L511z) so I think you may have flashed an incorrect BIOS!!

Try this. Disconnect your battery from the laptop, and leave it unplugged for 5 minutes. Reconnect everything, and power on (and pray).

Good luck!
jkbuha

find
quote
a good idead is to write 15z or l511x in the files download link or some red code with that little observation.


however in the phoenix tools ive foun that the crisisrecovery is preent or should be available also for my notebook, but cant know if i made a wrong usb stick or i press the wrong botton combination.
find
quote
(02-07-2012, 09:40 AM)ScruffyITA Wrote: a good idead is to write 15z or l511x in the files download link or some red code with that little observation.


however in the phoenix tools ive foun that the crisisrecovery is preent or should be available also for my notebook, but cant know if i made a wrong usb stick or i press the wrong botton combination.

Actually the few lines preceding the files did say that they were for the 15z only, but I've taken your point and added a red note on the first line to make sure everyone is aware that these files are for the 15z only.

Yes in theory there is a crisis recovery option present, but we've never fully tested it. What is required in theory is a FAT-formatted USB stick with PHLASH.EXE, MINIDOS.SYS and the correct BIOS.WPH file on it. You can google around for "CRISIS UEFI Recovery" for more info. Suggest you have a USB stick that flashes when active (so you'll know if/when the stick is being read by the BIOS).

Please keep us posted on this.

jkbuha
find
quote
(02-07-2012, 07:25 AM)AHMED HOSSAM Wrote: Hmmmm, seems more complex than i have expected.
I will look into this when I'm back home in 2 days.
Another thing , try noping the other call for the offest you are using.
For example, you replaced advanced with another qword, this qword was called from another routine, nop this call and make it only called from one routine .

Tried nopping the call from the previous routine, but same result.
I'm starting to suspect the hidden menus are nested in the Advanced Menu - could this be the case?

@kasar - I don't think PBE has been updated to support UEFI, and/or simulation of BIOS images. Can someone verify this and get back to us please?
find
quote
Hey Ahmed

Hope you're having a good weekend.
I've had some time to play around with modifying some of the code, and I've listed the work I've done so far:

1) I've backtraced all the calls to the 'interesting' routines - and it appears that they seem to originate (as you correctly indicated) from sub_41488. In fact, the smoking gun is at offset_4150b: lea r8,off_3e0 (where all the advanced menu text beings)

2) So far so good. So in my normal BIOS, under the Advanced Menu I get to see all the text (and options obviously) from off_3e0 to about off_2470. From off_2478 (Charger Behaviour, etc) this text is hidden from my 15z standard BIOS.

3) Maybe I haven't figured IDA out properly yet, or maybe there is a strong clue in what I'm going to point out now. If you switch to text view mode when xrefing the code at off_3e0, the code is automatically segmented as follows:

1) .text: 03e0 off_3e0 (xref from sub_41488)
2) .text: 0410 qword_410 (start of Unhidden BIOS menu options: Speedstep, Virtualization etc)
3) .text: 1458 (Unhidden BIOS options: Powershare, 1394 etc)
4) .text: 2478 (Hidden options: Charger Behaviour, Express Charge, Wireless Config)
5) .text: 34a0 (Unhidden options: Battery Health, Misc Devices (USB Ports, eSata)
5a) .text: 3900 (Hidden option: Express Card Slot) <- prob because the 15z does not have a express card slot
5b) Note: at offset 3960 there are hidden options: Modem, Microphone, Camera, 1394, Media Card, Optical, FingerPrint
6) .text: 44a8 (Unhidden options: Diagnostic Screen)
6a) Note at offset 4600 there are hidden options: lots of interesting stuff
7) .text: 54a8 (Hidden options. Really good stuff)
etc etc

Why does IDA automatically group 410, 1458, 2478, 34a0?

4) So what I modded in sub_41488 was to nop or jmp my way sequentially through all the module without prematurely ending at loc_415eb. I've attached my handiwork. Result: Advanced Menu comes back, but no hidden menus or options unlocked. At this point I'm thinking that the routine checks against some mask (r9, rdx, ecx?) to identify the available hardware and/or allowed menu options before jumping to various parts of the code. Or I've reached the limits of what I can do today Smile

Anyway it's Friday night, and I need to go out to clear my head. If you have some time to look at the file and let me know if you've picked up on something it would be greatly appreciated!

Cheers
jkbuha


Attached Files
.rar   CFEF94C4-4167-466A-8893-8779459DFA86_1_1048 - Copy.rar (Size: 55.93 KB / Downloads: 2)
find
quote
If you want to nop the jumps to the SUB_415EB , So why noping jumps inside the INT_64 routine ......... nop it in the first routine ( SUB_41488 ) and see the result if anything is unlocked .

i looked before inside strings and it seems like its hidden inside the ADVANCED tab ....... i guess no hidden tabs but its hidden menus inside the ADVANCED tab .
i will look deeply into this today .......... and try noping the SUB_415EB calls inside the SUB_41488 .


"Many of life's failures are people who did not realize how close they were to success when they gave up." Smile
find
quote
(02-11-2012, 08:48 PM)AHMED HOSSAM Wrote: If you want to nop the jumps to the SUB_415EB , So why noping jumps inside the INT_64 routine ......... nop it in the first routine ( SUB_41488 ) and see the result if anything is unlocked .

i looked before inside strings and it seems like its hidden inside the ADVANCED tab ....... i guess no hidden tabs but its hidden menus inside the ADVANCED tab .
i will look deeply into this today .......... and try noping the SUB_415EB calls inside the SUB_41488 .

The reason why I've nopped the routine (just before) the int64 code is because that's where the reference to off_3e0 happens (ie: that routine is definitely in use), but have a look and let me know what you think Smile

find
quote
EDIT: In fact I tried it just now. Nopped all premature jumps to sub_415eb in routine sub_41488. No change in result. Advanced Menu is back, but with standard options.

EDIT EDIT: I've even nopped the premature jumps in DllEntryPoint and sub_40e48, before the code gets to sub_41488 (attached). Same result.

I'm suspecting that the "allowed options" are defined as bitmasks in qword_sections between qword_280 and qword_2f0. @Ahmed have you ever come across something like this in other bios mods?


Attached Files
.rar   CFEF94C4-4167-466A-8893-8779459DFA86_1_1048 - Copy - Copy - Copy.rar (Size: 55.94 KB / Downloads: 3)
find
quote
Ok , i made this the latest possibility but there is no hidden tabs in the BIOS and its only menus inside the advanced tab .......... as these are menus not tabs , its not controlled through routines but its controlled by control bits .
the strings are connected to the strings table and the strings table is connected to the menus structure which controls what is shown or hidden .
for example ( its not true , its just example ) :-

72 0f 00 00 01 00 02 00 93 95 85 41 32 85 78

72 0f is the menu ID and 01 is the language bits ( 01 for english ) 02 means hidden while the rest of bits points to the menu name and the bits is the strings table which leads to the strings itself .

i made it the latest possibility as its complicated to knew how to find and analyse the menus structure and strings table ....... but it seems we must do this .... i will begin today but this will take sometime .


"Many of life's failures are people who did not realize how close they were to success when they gave up." Smile
find
quote
Hi guys, I'm back. I had a lot of things going on, so no time for bios modding. Smile
I see that you made great progress, that's really good. I'll try to keep up with you doing the same modding for the Vostro 3750 series. Dell just released a brand new version (A11) so it's a perfect time for modding. Smile
find
quote


Forum Jump:


Users browsing this thread: flashmaniak, 14 Guest(s)