Forum RSS Feed Follow @ Twitter Follow On Facebook

Thread Rating:
  • 9 Vote(s) - 4.22 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[-]
Welcome
You have to register before you can post on our site.

Username:


Password:





[-]
Latest Threads
[REQUEST] Acer Predator Helios 500 PH517...
Last Post: MaksaMax
Today 06:11 PM
» Replies: 46
» Views: 23725
[Request] Mod JGINYUE X99-M D4 BIOS
Last Post: polmzqwe
Today 11:54 AM
» Replies: 0
» Views: 85
2x CPU Dell Workstation BIOS modding
Last Post: amyleon
Today 06:59 AM
» Replies: 1
» Views: 1505
[REQUEST] Acer Nitro 5 AN515-54 BIOS Unl...
Last Post: Dudu2002
Today 02:39 AM
» Replies: 135
» Views: 94586
Lenovo X250 WAN whitelist remove
Last Post: rahimali
Yesterday 11:59 AM
» Replies: 12
» Views: 4100
[REQUEST] HP Elitebook 8560w Whitelist R...
Last Post: daedaluus
Yesterday 11:16 AM
» Replies: 26
» Views: 16870
How to peek inside a bios that comes as ...
Last Post: amyleon
Yesterday 10:46 AM
» Replies: 1
» Views: 1461
BTC79X9 Core unlock
Last Post: Stahan
Yesterday 05:27 AM
» Replies: 0
» Views: 178
UNLOCKED BIOS S3810 WITH LIMIT 8GB RAM
Last Post: DeathBringer
Yesterday 03:26 AM
» Replies: 9
» Views: 853
Biostar N68S3B to disable TDP check
Last Post: DeathBringer
Yesterday 03:24 AM
» Replies: 3
» Views: 279
[REQUEST] Lenovo Thinkpad T420s (8CETxxW...
Last Post: fr4nk
10-19-2025 09:35 PM
» Replies: 196
» Views: 122363
BIOS P09ABE and 32GB RAM with 2 16GB mod...
Last Post: DeathBringer
10-19-2025 11:16 AM
» Replies: 3
» Views: 522
Microcode Update for HP Compaq DC7900 (7...
Last Post: MarkF
10-19-2025 09:53 AM
» Replies: 20
» Views: 11261
[Request] AM3 support for ECS RS485M-M
Last Post: DeathBringer
10-19-2025 02:03 AM
» Replies: 7
» Views: 1093
Intel Xeon E3 1270 V5 for LGA 1151 (ASUS...
Last Post: DeathBringer
10-18-2025 03:26 PM
» Replies: 6
» Views: 621
ASUS M2N4-SLI new cpu
Last Post: Vlad94
10-18-2025 02:52 PM
» Replies: 9
» Views: 2242
[REQUEST] Lenovo Flex 2-14 (A0CNxxWW) Wh...
Last Post: Dudu2002
10-18-2025 11:51 AM
» Replies: 246
» Views: 119425
disabling amd prochot with moded bios.
Last Post: vorajeeah
10-18-2025 07:21 AM
» Replies: 0
» Views: 523
[REQUEST] Lenovo Thinkpad X240 (GIETxxWW...
Last Post: Dudu2002
10-17-2025 11:34 PM
» Replies: 343
» Views: 200025
[REQUEST] Samsung RV520 BIOS Unlock
Last Post: ezikCel
10-17-2025 07:45 PM
» Replies: 9
» Views: 13774

General method to remove whitelist from Insyde BIOS
where is bios.fd file on my computer
find
quote
(01-22-2012, 10:56 AM)hspumanti Wrote: I finally got my hands on a 2MB ROM I could work with. I used the NAWA1110 (v1.10) ROM which is for a Lenovo G455/G555 laptop for this effort. The string to search for in this case was "Unauthorized Wireless network card is plugged in. Power off and remove it". So after loading up the .ROM file in EZH2O, I brought up WinHex (which keeps crashing so it takes longer than it would otherwise) and searched for the Unicode string. Finding that I then searched UP for the Hex Values '4d5a'. Finding this I copied from here to the end of the data region where the string was found and saved it to 'something.exe'. Since I'm on a 64 bit system I can't use debug.exe, so I used PEBrowser64, which worked fine for what I was needing. Using PEBrowser64, I opened 'something.exe' and then opened the sections list on the left pane and dbl-clicked the '.text' section which brings up a limited disassembly window. This allowed me to get the starting address and then going to the View->Disassemble At... and putting in the address '180000260' I get a disassembly of the main routine for checking the wifi card Ven/Dev ids (see fig1 and 2).

Disassembly 1 The device checking routine
Disassembly 2 The rest of the story

A quick inspection of this showed that to get out of this routine we need to get to the address '3d0' which quickly leads to the ret statement. We want to make as few changes as possible since we don't know what might happen with any of the returned values. Seeing the 'jne 305' looks like it could cause an endless loop since nothing that is tested would be changing (unless another thread was running that had access to the memory at SP+40). Also notice the 'lea cx, 960' at address 2eb, this is the address of the 'unauthorized' string. Changing the 'jne 2f9 at address 2c0 to a jmp 2f9 gets us past the string output and changing 'je 30d' at address 2fb to 'jmp 30d' gets us out no questions asked. See fig. 3 for the disassembly with the final modifications.

Disassembly 3 The Fix

I hope this helps in dealing with the 2mb version of the Insyde BIOS. Here is a link to the modded ROM:

Modded BIOS zipped
Hi, please update your link to the modded bios for lenovo g555
find
quote
(03-29-2012, 10:06 AM)-+Bert+- Wrote: [quote='hspumanti' pid='41346' dateline='1327247803']
I finally got my hands on a 2MB ROM I could work with. I used the NAWA1110 (v1.10) ROM which is for a Lenovo G455/G555 laptop for this effort. The string to search for in this case was "Unauthorized Wireless network card is plugged in. Power off and remove it". So after loading up the .ROM file in EZH2O, I brought up WinHex (which keeps crashing so it takes longer than it would otherwise) and searched for the Unicode string. Finding that I then searched UP for the Hex Values '4d5a'. Finding this I copied from here to the end of the data region where the string was found and saved it to 'something.exe'. Since I'm on a 64 bit system I can't use debug.exe, so I used PEBrowser64, which worked fine for what I was needing. Using PEBrowser64, I opened 'something.exe' and then opened the sections list on the left pane and dbl-clicked the '.text' section which brings up a limited disassembly window. This allowed me to get the starting address and then going to the View->Disassemble At... and putting in the address '180000260' I get a disassembly of the main routine for checking the wifi card Ven/Dev ids (see fig1 and 2).

Disassembly 1 The device checking routine
Disassembly 2 The rest of the story

A quick inspection of this showed that to get out of this routine we need to get to the address '3d0' which quickly leads to the ret statement. We want to make as few changes as possible since we don't know what might happen with any of the returned values. Seeing the 'jne 305' looks like it could cause an endless loop since nothing that is tested would be changing (unless another thread was running that had access to the memory at SP+40). Also notice the 'lea cx, 960' at address 2eb, this is the address of the 'unauthorized' string. Changing the 'jne 2f9 at address 2c0 to a jmp 2f9 gets us past the string output and changing 'je 30d' at address 2fb to 'jmp 30d' gets us out no questions asked. See fig. 3 for the disassembly with the final modifications.

Disassembly 3 The Fix

I hope this helps in dealing with the 2mb version of the Insyde BIOS. Here is a link to the modded ROM:

Modded BIOS zipped
Hi, please update your link to the modded bios for lenovo g555
I ordered Atheros-based card. But when I replaced original card with new atheros card I get this message:

"Unauthorized Wireless network card is plugged in. Power off and remove it."

Hi, please update your link to the modded bios for lenovo g455
thank you
find
quote
(01-22-2012, 10:56 AM)hspumanti Wrote: I finally got my hands on a 2MB ROM I could work with. I used the NAWA1110 (v1.10) ROM which is for a Lenovo G455/G555 laptop for this effort. The string to search for in this case was "Unauthorized Wireless network card is plugged in. Power off and remove it". So after loading up the .ROM file in EZH2O, I brought up WinHex (which keeps crashing so it takes longer than it would otherwise) and searched for the Unicode string. Finding that I then searched UP for the Hex Values '4d5a'. Finding this I copied from here to the end of the data region where the string was found and saved it to 'something.exe'. Since I'm on a 64 bit system I can't use debug.exe, so I used PEBrowser64, which worked fine for what I was needing. Using PEBrowser64, I opened 'something.exe' and then opened the sections list on the left pane and dbl-clicked the '.text' section which brings up a limited disassembly window. This allowed me to get the starting address and then going to the View->Disassemble At... and putting in the address '180000260' I get a disassembly of the main routine for checking the wifi card Ven/Dev ids (see fig1 and 2).

Disassembly 1 The device checking routine
Disassembly 2 The rest of the story

A quick inspection of this showed that to get out of this routine we need to get to the address '3d0' which quickly leads to the ret statement. We want to make as few changes as possible since we don't know what might happen with any of the returned values. Seeing the 'jne 305' looks like it could cause an endless loop since nothing that is tested would be changing (unless another thread was running that had access to the memory at SP+40). Also notice the 'lea cx, 960' at address 2eb, this is the address of the 'unauthorized' string. Changing the 'jne 2f9 at address 2c0 to a jmp 2f9 gets us past the string output and changing 'je 30d' at address 2fb to 'jmp 30d' gets us out no questions asked. See fig. 3 for the disassembly with the final modifications.

Disassembly 3 The Fix

I hope this helps in dealing with the 2mb version of the Insyde BIOS. Here is a link to the modded ROM:

Modded BIOS zipped

new link
http://www.mediafire.com/?3u1ejhghbreqet3
find
quote
(01-22-2012, 10:56 AM)hspumanti Wrote: I finally got my hands on a 2MB ROM I could work with. I used the NAWA1110 (v1.10) ROM which is for a Lenovo G455/G555 laptop for this effort. The string to search for in this case was "Unauthorized Wireless network card is plugged in. Power off and remove it". So after loading up the .ROM file in EZH2O, I brought up WinHex (which keeps crashing so it takes longer than it would otherwise) and searched for the Unicode string. Finding that I then searched UP for the Hex Values '4d5a'. Finding this I copied from here to the end of the data region where the string was found and saved it to 'something.exe'. Since I'm on a 64 bit system I can't use debug.exe, so I used PEBrowser64, which worked fine for what I was needing. Using PEBrowser64, I opened 'something.exe' and then opened the sections list on the left pane and dbl-clicked the '.text' section which brings up a limited disassembly window. This allowed me to get the starting address and then going to the View->Disassemble At... and putting in the address '180000260' I get a disassembly of the main routine for checking the wifi card Ven/Dev ids (see fig1 and 2).

Disassembly 1 The device checking routine
Disassembly 2 The rest of the story

A quick inspection of this showed that to get out of this routine we need to get to the address '3d0' which quickly leads to the ret statement. We want to make as few changes as possible since we don't know what might happen with any of the returned values. Seeing the 'jne 305' looks like it could cause an endless loop since nothing that is tested would be changing (unless another thread was running that had access to the memory at SP+40). Also notice the 'lea cx, 960' at address 2eb, this is the address of the 'unauthorized' string. Changing the 'jne 2f9 at address 2c0 to a jmp 2f9 gets us past the string output and changing 'je 30d' at address 2fb to 'jmp 30d' gets us out no questions asked. See fig. 3 for the disassembly with the final modifications.

Disassembly 3 The Fix

I hope this helps in dealing with the 2mb version of the Insyde BIOS. Here is a link to the modded ROM:

Modded BIOS zipped

new link
http://www.mediafire.com/?3u1ejhghbreqet3


Attached Files
.zip   NAWA1110WL.zip (Size: 1.09 MB / Downloads: 25)
find
quote
So, I’m a total newb when it comes to bios and hex editing. I have searched through the forums for over a day now trying to figure out how to get by the whitelist. I have a Motion CL900 and have broken down the bios http://www.motioncomputing.com/drivers/C...A06_RN.htm and found that I use the QEX2GA06.fd. I would like to use the wwan port which has a Sierra Wireless MC8355 card in it, for another wlan slot (intel 3945ABG). I don’t receive an error message on boot but it will simply not register that the card is there. The wwan card has VID 1199 & PID 9011. I played with the hex a little and found 99 11 11 90, but I have no idea what to do with it and would prefer not to brick my system Tongue Any help with this would be greatly appreciated Big Grin
find
quote
(01-22-2012, 10:56 AM)hspumanti Wrote: I finally got my hands on a 2MB ROM I could work with. I used the NAWA1110 (v1.10) ROM which is for a Lenovo G455/G555 laptop for this effort. The string to search for in this case was "Unauthorized Wireless network card is plugged in. Power off and remove it". So after loading up the .ROM file in EZH2O, I brought up WinHex (which keeps crashing so it takes longer than it would otherwise) and searched for the Unicode string. Finding that I then searched UP for the Hex Values '4d5a'. Finding this I copied from here to the end of the data region where the string was found and saved it to 'something.exe'. Since I'm on a 64 bit system I can't use debug.exe, so I used PEBrowser64, which worked fine for what I was needing. Using PEBrowser64, I opened 'something.exe' and then opened the sections list on the left pane and dbl-clicked the '.text' section which brings up a limited disassembly window. This allowed me to get the starting address and then going to the View->Disassemble At... and putting in the address '180000260' I get a disassembly of the main routine for checking the wifi card Ven/Dev ids (see fig1 and 2).

Disassembly 1 The device checking routine
Disassembly 2 The rest of the story

A quick inspection of this showed that to get out of this routine we need to get to the address '3d0' which quickly leads to the ret statement. We want to make as few changes as possible since we don't know what might happen with any of the returned values. Seeing the 'jne 305' looks like it could cause an endless loop since nothing that is tested would be changing (unless another thread was running that had access to the memory at SP+40). Also notice the 'lea cx, 960' at address 2eb, this is the address of the 'unauthorized' string. Changing the 'jne 2f9 at address 2c0 to a jmp 2f9 gets us past the string output and changing 'je 30d' at address 2fb to 'jmp 30d' gets us out no questions asked. See fig. 3 for the disassembly with the final modifications.

Disassembly 3 The Fix

I hope this helps in dealing with the 2mb version of the Insyde BIOS. Here is a link to the modded ROM:

Modded BIOS zipped

Can you please update the Disassembly 1, 2, 3 link?

Thanks,
find
quote
(06-28-2012, 09:52 AM)SST-P Wrote:
(01-22-2012, 10:56 AM)hspumanti Wrote: I finally got my hands on a 2MB ROM I could work with. I used the NAWA1110 (v1.10) ROM which is for a Lenovo G455/G555 laptop for this effort. The string to search for in this case was "Unauthorized Wireless network card is plugged in. Power off and remove it". So after loading up the .ROM file in EZH2O, I brought up WinHex (which keeps crashing so it takes longer than it would otherwise) and searched for the Unicode string. Finding that I then searched UP for the Hex Values '4d5a'. Finding this I copied from here to the end of the data region where the string was found and saved it to 'something.exe'. Since I'm on a 64 bit system I can't use debug.exe, so I used PEBrowser64, which worked fine for what I was needing. Using PEBrowser64, I opened 'something.exe' and then opened the sections list on the left pane and dbl-clicked the '.text' section which brings up a limited disassembly window. This allowed me to get the starting address and then going to the View->Disassemble At... and putting in the address '180000260' I get a disassembly of the main routine for checking the wifi card Ven/Dev ids (see fig1 and 2).



Disassembly 1 The device checking routine
Disassembly 2 The rest of the story

A quick inspection of this showed that to get out of this routine we need to get to the address '3d0' which quickly leads to the ret statement. We want to make as few changes as possible since we don't know what might happen with any of the returned values. Seeing the 'jne 305' looks like it could cause an endless loop since nothing that is tested would be changing (unless another thread was running that had access to the memory at SP+40). Also notice the 'lea cx, 960' at address 2eb, this is the address of the 'unauthorized' string. Changing the 'jne 2f9 at address 2c0 to a jmp 2f9 gets us past the string output and changing 'je 30d' at address 2fb to 'jmp 30d' gets us out no questions asked. See fig. 3 for the disassembly with the final modifications.

Disassembly 3 The Fix

I hope this helps in dealing with the 2mb version of the Insyde BIOS. Here is a link to the modded ROM:

Modded BIOS zipped

Can you please update the Disassembly 1, 2, 3 link?

Thanks,

Disassembly 1
Disassembly 2
Disassembly 3
find
quote
(06-28-2012, 04:01 PM)hspumanti Wrote:
(06-28-2012, 09:52 AM)SST-P Wrote:
(01-22-2012, 10:56 AM)hspumanti Wrote: I finally got my hands on a 2MB ROM I could work with. I used the NAWA1110 (v1.10) ROM which is for a Lenovo G455/G555 laptop for this effort. The string to search for in this case was "Unauthorized Wireless network card is plugged in. Power off and remove it". So after loading up the .ROM file in EZH2O, I brought up WinHex (which keeps crashing so it takes longer than it would otherwise) and searched for the Unicode string. Finding that I then searched UP for the Hex Values '4d5a'. Finding this I copied from here to the end of the data region where the string was found and saved it to 'something.exe'. Since I'm on a 64 bit system I can't use debug.exe, so I used PEBrowser64, which worked fine for what I was needing. Using PEBrowser64, I opened 'something.exe' and then opened the sections list on the left pane and dbl-clicked the '.text' section which brings up a limited disassembly window. This allowed me to get the starting address and then going to the View->Disassemble At... and putting in the address '180000260' I get a disassembly of the main routine for checking the wifi card Ven/Dev ids (see fig1 and 2).



Disassembly 1 The device checking routine
Disassembly 2 The rest of the story

A quick inspection of this showed that to get out of this routine we need to get to the address '3d0' which quickly leads to the ret statement. We want to make as few changes as possible since we don't know what might happen with any of the returned values. Seeing the 'jne 305' looks like it could cause an endless loop since nothing that is tested would be changing (unless another thread was running that had access to the memory at SP+40). Also notice the 'lea cx, 960' at address 2eb, this is the address of the 'unauthorized' string. Changing the 'jne 2f9 at address 2c0 to a jmp 2f9 gets us past the string output and changing 'je 30d' at address 2fb to 'jmp 30d' gets us out no questions asked. See fig. 3 for the disassembly with the final modifications.

Disassembly 3 The Fix

I hope this helps in dealing with the 2mb version of the Insyde BIOS. Here is a link to the modded ROM:

Modded BIOS zipped

Can you please update the Disassembly 1, 2, 3 link?

Thanks,

Disassembly 1
Disassembly 2
Disassembly 3


message I received when try to download.

Sorry, the file link that you requested is not valid.
Reasons for this may include:

Invalid link
The file has been deleted because it was violating our Terms of user
find
quote
(06-28-2012, 04:01 PM)hspumanti Wrote:
(06-28-2012, 09:52 AM)SST-P Wrote:
(01-22-2012, 10:56 AM)hspumanti Wrote: I finally got my hands on a 2MB ROM I could work with. I used the NAWA1110 (v1.10) ROM which is for a Lenovo G455/G555 laptop for this effort. The string to search for in this case was "Unauthorized Wireless network card is plugged in. Power off and remove it". So after loading up the .ROM file in EZH2O, I brought up WinHex (which keeps crashing so it takes longer than it would otherwise) and searched for the Unicode string. Finding that I then searched UP for the Hex Values '4d5a'. Finding this I copied from here to the end of the data region where the string was found and saved it to 'something.exe'. Since I'm on a 64 bit system I can't use debug.exe, so I used PEBrowser64, which worked fine for what I was needing. Using PEBrowser64, I opened 'something.exe' and then opened the sections list on the left pane and dbl-clicked the '.text' section which brings up a limited disassembly window. This allowed me to get the starting address and then going to the View->Disassemble At... and putting in the address '180000260' I get a disassembly of the main routine for checking the wifi card Ven/Dev ids (see fig1 and 2).



Disassembly 1 The device checking routine
Disassembly 2 The rest of the story

A quick inspection of this showed that to get out of this routine we need to get to the address '3d0' which quickly leads to the ret statement. We want to make as few changes as possible since we don't know what might happen with any of the returned values. Seeing the 'jne 305' looks like it could cause an endless loop since nothing that is tested would be changing (unless another thread was running that had access to the memory at SP+40). Also notice the 'lea cx, 960' at address 2eb, this is the address of the 'unauthorized' string. Changing the 'jne 2f9 at address 2c0 to a jmp 2f9 gets us past the string output and changing 'je 30d' at address 2fb to 'jmp 30d' gets us out no questions asked. See fig. 3 for the disassembly with the final modifications.

Disassembly 3 The Fix

I hope this helps in dealing with the 2mb version of the Insyde BIOS. Here is a link to the modded ROM:

Modded BIOS zipped

Can you please update the Disassembly 1, 2, 3 link?

Thanks,

Disassembly 1
Disassembly 2
Disassembly 3

message I received when try to download.

Sorry, the file link that you requested is not valid.
Reasons for this may include:

Invalid link
The file has been deleted because it was violating our Terms of user
find
quote


Forum Jump:


Users browsing this thread: 17 Guest(s)