Bios Mods -The Best BIOS Update and Modification Source

Full Version: General method to remove whitelist from Insyde BIOS
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
I have figured out how to remove the whitelist from most (all) Insyde BIOSes. I used the F.34 BIOS for a Compaq Presario C700 series for this how to. You will need the EzH2O and WinHex tools. Using these tools I was able to figure out the byte that needed to be changed to ignore the PCIe wireless whitelist altogether. After not being able to find my subsys codes, I started looking around a bit. I found the 104 - Unsupported wireless network device detected string in the memory dump and the Microsoft EXE signature just above which lead to the breakthrough (at least for me). What follows is a general procedure to allow you to modify your own BIOS safely (I hope).

1. obtain your bios.fd file obtained from HP (or whatever manufacturer)
2. use Insyde BIOS editor - EZH2O (I used EZH20 2.1.0.4)
3. run exh2o.exe, open the file bios.fd
4. run WINHEX
5. Tools -> OpenRAM -> Ezh2o -> Entire Memory
6. Find HEX Values -> «31 00 30 00 34 00 2d 00 55», this should be the be the first part of the '104-U...' error string in wide character format (2 bytes/char) see step1.jpg.
[attachment=1050]
7. from here search up and find HEX values «4d 5a», you can just scroll up a few pages till you see 'MZ' in the ASCII pane. This is the code that MS uses for start of an EXE. Somewhere between here and the 104 string is where we need to find and modify the JNZ (byte code 75)
8. You will notice that there is a lot of blank space around and below the 'MZ', this is header information and is of no interest. Scroll down till the ASCII pane no longer is mostly blanks, about a page, you should see «55 8b ec», this is the start of the program and is setting up the stack
9. Now click on the 55 and drag the mouse down to the next 'MZ' code about 1-2 pages on my BIOS, and then click Edit -> Copy Block -> Into New File and name the file Something.com. The .com is important as we will load it with debug. Refer to step2.jpg.
[attachment=1051]
10. Open a command prompt and navigate to where you saved the file and type debug something.com, you should get a '-' prompt, type u and hit enter and you should see something like this. See step3.jpg.
[attachment=1052]
The first column is memory addresses, the 2nd column is instruction bytes and the rest are Intel mnemonics.
11. Now we need some elementary assembly skills to find what we are looking for. Debug will show the mnemonics for the instructions. Debug doesn't handle 386 instructions well so you may see a few ??? but we should be able to find what we need. Look for a test al,al followed by a jnz {address}. The unassemble should have addresses on the left and they should correspond to the addresses in the debug so you can then -u {address} to see what happens at the jump to locations. See step4.jpg.
[attachment=1053]
12. Now that we know what to change write down a about 6 or so of the bytes ending with the 75 and the following byte (27 in the step 4 example) and go back to WinHex and from the start of our program (the «55 8b ec» bytes) search for the bytes you recorded. Make sure everything around matches your debug window and replace 75 (JNZ short) with eb (JMP short). eb is an unconditional jump and will exit the routine so we don't get to the infinite loop. See step5.jpg.
[attachment=1054]
13. In WinHex save your change by clicking on the disk icon
14. Switch to EzH2O, File -> Save AS
15. Put your modified BIOS (and only that BIOS) where the flash utility can find it and start InsydeFlash and let it do it's thing.
16. Sometimes after flashing the machine may appear bricked but turn it off remove power and battery and then reapply power and turn it on. If it still doesn't come up Google for the procedure to use a USB memory stick to get your computer back. Might be a good idea to prepare the flash drive before you flash your BIOS.

Mark
Hey man,

This is a wonderful guide and you demonstrated a great load of knowledge. Thanks for sharing. If you'd like, I think this would be a great article in the Wiki.

Thanks!
TheWiz
Thanks and you can put it in the Wiki if you like. However please note the following as well.

It appears that there are two sizes of Insyde BIOS (1MB & 2MB). The 2MB is a completely different animal and I'm currently looking into it to see if I can find where it does the test for the wireless cards. It may take awhile as the tools aren't great. I could use a good 80x86 disassembler one where I can save the mnemonics to a file so I can use search tools. Any one know of a good one (free would be good).
IDA Pro Free version 4.9 will do the trick Smile
Will this guide work for amd laptops?
(08-10-2010 08:35 PM)dedo Wrote: [ -> ]Will this guide work for amd laptops?

this guide is not cpu manufacturer specific its BIOS manufacturer specfic. If you have an Insyde BIOS then you can follow this guide.

Regards
Admin
Hi,

Many thanks for this guide. It’s cool. I tried this method on my HP 2530p (bios 68PSU) and unfortunately I need more help. I have un2420 3g modem. When I install it in my laptop and I start it I get “105 - Unsupported WWAN Device Detected System Halted. Remove device and restart.” error.

For updating my bios I use EzH2O v2.1.0.4 and WinHex 15.6 SR-11.

There are steps which I made to make the un2420 supported with 2530p. Till now without success.

1) I located two modules in my inside bios which are in some way related with the whitelist and “105-…” error. In the module 8EEE35BE-AEDE-40D4-ADA2-B6FE089BE1B8 I found “105-…” strings (in many languages). In the module 1124113F-2F8F-4973-BC82-2E505256B9D7 there are VEN_ID for network cards – whitelist???. I tried to remove each of this module and after saving the bios and flashing from the USB stick I got error “Error in file content read from disk. Please try recreating file or disk.” and the bios can’t be flashed. I use erompaq 3.0F.

2) In the next step I tried to change VEN_ID for my un2420 3G card (in the offset according to the 1124113F-2F8F-4973-BC82-2E505256B9D7 module). In this case I also couldn’t flash the bios after the modification because of the “Error in file content read from disk. Please try recreating file or disk.”

3) Then I analyzed my bios according to the hspumanti’s guide and I found few jump instruction. I tried to modify them into JMP and JZ but after this I couldn’t flash bios. Error the same as in the step 1 and 2.


What I also registered is that when I open bios with WinHex (doesn’t matter if from entire or primary memory) and I look i.e. for “105 – Unsupported…” string, this string starts one time at the 4B17AE offset and when I open it again it starts at i.e. 4957EA. There is no rule at which offset it starts. Also sometimes I get popup in the WinHex that “memory has changed”. Is it normal, these two situations?

I suppose that after making the modification in the bios the checksum is wrong. That’s why I’m getting error during the flashing. Do you have any idea what elso I can try and how to correct the checksum?

Raptor2
Dear hspumanti,

I have not enough words to express how much I thank you for your help. I'm owner of an HP Pavillion dv4-2112br and your method just worked flawlessly on it!

If anyone with the same problem and same machine finds this topic, just register the forum, message me, and I'll be glad to send my modded BIOS.
Raptor2, please start a new thread for that issue.

thyte.sts, if you are interested in being a support member for whitelists in the forum, please PM me.

TheWiz
(08-06-2010 08:15 AM)hspumanti Wrote: [ -> ]Thanks and you can put it in the Wiki if you like. However please note the following as well.

It appears that there are two sizes of Insyde BIOS (1MB & 2MB). The 2MB is a completely different animal and I'm currently looking into it to see if I can find where it does the test for the wireless cards. It may take awhile as the tools aren't great. I could use a good 80x86 disassembler one where I can save the mnemonics to a file so I can use search tools. Any one know of a good one (free would be good).

I guess the 2530p BIOS is a 2MB BIOS? Because your guide is nice, but the "55 8b ec" part is not between the MZ and the 104 parts in my BIOS.

Here are my offsets:
MZ @ 018C6670
104 @ 018C7A30
"55 8b ec" @ 01928520

Can you confirm that and does this mean that we have to wait for the 2MB Tutorial?
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
Reference URL's