Forum RSS Feed Follow @ Twitter Follow On Facebook

Thread Rating:
  • 2 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[-]
Welcome
You have to register before you can post on our site.

Username:


Password:





[-]
Latest Threads
[REQUEST] Lenovo Yoga 2 Pro (76CNxxWW) W...
Last Post: Dudu2002
Today 10:53 AM
» Replies: 845
» Views: 317071
[REQUEST] Lenovo Thinkpad E130 (H4ETxxWW...
Last Post: Dudu2002
Today 10:51 AM
» Replies: 509
» Views: 101052
[REQUEST] Lenovo Yoga 11E (N15ETxxW) Whi...
Last Post: Dudu2002
Today 08:15 AM
» Replies: 5
» Views: 2517
[REQUEST] Lenovo G50-70 (9ACNxxWW) BIOS ...
Last Post: Dudu2002
Today 07:23 AM
» Replies: 139
» Views: 40959
[REQUEST] CPU Support for Ryzen 5 3600 o...
Last Post: flexpavillion
Today 04:32 AM
» Replies: 1
» Views: 335
Clevo P775TM1-G BIOS
Last Post: ActivatedNut
Today 01:36 AM
» Replies: 145
» Views: 55304
ASUS P5G41T-M LX2/GB Unlocked Hidden Ove...
Last Post: GangsteR23
Yesterday 04:58 PM
» Replies: 25
» Views: 64129
lenovo z570 Advanced Menu Unlocked
Last Post: Kaluva12345
Yesterday 04:58 PM
» Replies: 7
» Views: 4095
[Request] HP Elitebook 6930P WLAN Whitel...
Last Post: Maxinator500
Yesterday 02:25 PM
» Replies: 15
» Views: 6566
Lenovo ThinkCentre M715q 2nd Gen & AMD R...
Last Post: RedfieldHUN1987
Yesterday 09:23 AM
» Replies: 2
» Views: 143
L14 Gen 3 AMD , Need UEFI unlock advance...
Last Post: frankeinstein2532555
Yesterday 04:08 AM
» Replies: 0
» Views: 89
[REQUEST] Lenovo Y400 & Y500 (6BCNxxWW) ...
Last Post: freedome
03-26-2024 11:00 PM
» Replies: 188
» Views: 52171
[REQUEST] Lenovo G510 (79CNxxWW) Whiteli...
Last Post: ghostinoss
03-26-2024 09:21 PM
» Replies: 655
» Views: 167140
[Request] CPU support for Lenovo IQ57I
Last Post: DeathBringer
03-26-2024 10:02 AM
» Replies: 5
» Views: 237
unlocked Bios for Machenike s16
Last Post: Dudu2002
03-26-2024 09:06 AM
» Replies: 5
» Views: 325
[REQUEST] Bios Unlock Whitelist HP DV6-6...
Last Post: DimanTLT63
03-26-2024 03:03 AM
» Replies: 0
» Views: 139
[REQUEST] HP Pavilion G6-1252ss Whitelis...
Last Post: joseefitness
03-26-2024 01:40 AM
» Replies: 0
» Views: 125
[REQUEST] Lenovo S310 & S410 (8BCNxxWW) ...
Last Post: morgley
03-25-2024 10:43 PM
» Replies: 14
» Views: 6331
Acer Nitro ANV15-51 Bios Bin File Reques...
Last Post: Papethzkie23
03-25-2024 06:04 PM
» Replies: 0
» Views: 137
[REQUEST] Lenovo G710 BIOS Whitelist Rem...
Last Post: si1975
03-25-2024 01:28 PM
» Replies: 468
» Views: 125407

[REQUEST] ASUS TUF A15 FA506IV BIOS Unlock
#41
(06-28-2021, 12:25 PM)Sml6397 Wrote: Hello KnoxMe,

Thank you for your continued patience with this! Hopefully soon you'll have access to not only the CBS Menu, but also the Chipset Menu.

I have prepared another mod for the Chipset Menu. This mod involves edits to the AMITSESetupData module that change the required access level for the chipset menu to "USER" instead of "DEFAULT". Let me know how this flash goes!


The rest of this post is an informational reference containing the details of the mod. You can skip over this if you wish or read it if you want to know what is going on behind the scenes. Smile

0x19921 Form: Chipset, Form ID: 0x2713 {01 86 13 27 1E 00}

The last two bracketed bytes (1E 00) in the line above appear in AMISESetupData for each menu and sub-menu (these bytes will be different for different menus and sub-menus, of course). This line was taken from the IFR text given from Donovon6000's Universal IFR Extractor run on the Setup module extracted from the UEFI image using UEFITool.


1E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
04 00 00 00 00 00 00 00 01 00 01 00 31 00 00 00
01 00 00 00 02 00 00 00 04 00 01 00 66 07 00 00

The code segment above is 0x30 bytes long and occurs at offset 0x2120 in the extracted AMITSESetupData module. As you can see, "1E 00" are the first two bytes. This code segment corresponds to the Chipset Menu. The first byte in the third row "01" controls which access level is assigned to the menu/sub-menu defined by the first two bytes "1E 00" (in this case, the Chipset Menu).

"01" represents an access level of "Default". I think the "Default" access level is defined someplace elsewhere in the BIOS image. I'm not sure how to edit that, but that is unnecessary (in theory). We can change "01" to "05" to set the access level to "User", which I believe is the access level you have when you enter your BIOS Setup Utility.

Based on what shows up in the AMITSE and Setup modules I believe that, unless there is some lock hidden somewhere I haven't yet looked, this access level lock is the only thing hiding the Chipset Menu.
Report about the latest BIOS, Nothing being exposed again, just like a stock BIOS, do you need a dumped BIOS of flashed modded BIOS to check something?
find
quote
#42
That's a good idea, actually. Could you upload a dump of the modded BIOS? If the BIOS chip isn't being erased properly before the modded BIOS flash, then unerased regions could be skipped in programming.

!!!!!PLEASE READ!!!!!! Our Ukrainian friends are undergoing atrocities right now and need support. There are two things you can do for starters:

1.) Donate to one of various organizations offering medical, military, and psychological support to those impacted: Support Organizations

2.) Combat misinformation on social media. 

Also, please feel free to PM me if I have not replied again about your BIOS mod request after 5 days.
www find
quote
#43
(06-28-2021, 02:18 PM)Sml6397 Wrote: That's a good idea, actually. Could you upload a dump of the modded BIOS? If the BIOS chip isn't being erased properly before the modded BIOS flash, then unerased regions could be skipped in programming.
I would like to, but my crappy clipper doesn't allow it now. I can't get a good grip on chip now.
find
quote
#44
(06-28-2021, 02:18 PM)Sml6397 Wrote: That's a good idea, actually. Could you upload a dump of the modded BIOS? If the BIOS chip isn't being erased properly before the modded BIOS flash, then unerased regions could be skipped in programming.
Is there a command in AFUWin that allow unsecured BIOS (Modded) to be flashed?
find
quote
#45
I had this same issue. I eventually had to purchase the Pomona 5250 clip. It gets a really good connection to the chip every time in my experience and is the one BDMaster recommended to me. This is the one I purchased: https://www.amazon.com/CPT-063-Test-Clip...w?dchild=1&keywords=CPT-063+Test+Clip+SOIC8+Pomona+5250&qid=1624914166&s=industrial&sbo=RZvfv%2F%2FHxDF%2BO5021pAnSA%3D%3D&sr=1-3

You may be able to find it elsewhere for less or even with a neat ribbon cable already attached.

Note that you will either need to solder the old wires to the new clip or you will need to purchase 8 female-to-female jumper cables (I recommend 40+ cm). They often come in pack of 40, 80, or more. I didn't have the proper number of these cables, so I had to improvise, as can be seen in the attachment to this post.


Could you try getting a backup from AFUWIN or AFUDOS? This would work too and would allow me to verify that the flashes are working correctly (I imagine they are but you bring up a good point that would be nice to clarify).

Until then, I will go back to the drawing board. I may have to disassemble some of the modules and figure out what is happening. My experience with this is somewhat limited and I am not even sure if my Ghidra disassembler is configured correctly right now, so the next mod might take a little longer than the others.


--Reference info that you can skip over if you wish--

There are many repeated lists of the BIOS menu IDs in the AMITSE module. Maybe some of those lists are subject to certain checks that are elsewhere in the image that might disable certain menus. This differs from a lot of other AMI Aptio V images, however, as normally I would expect there to be one or more lists of exclusively disabled menus and one or more lists of exclusively enabled menus, not a bunch of copies of lists containing all menus... If by exploring the assembly language code I can figure out which of these lists are subject to checks - if any - I can simply remove the Form ID of the Chipset Menu from that list.

Here's an example of one such listing:
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 *11 27* 00 00 07 10 00 00
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 *12 27* 00 00 08 10 00 00
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 *13 27* 00 00 09 10 00 00
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 *15 27* 00 00 0A 10 00 00
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 *14 27* 00 00 0B 10 00 00
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 *16 27* 00 00 0C 10 00 00

11 27 = Main, 12 27 = Advanced, 13 37 = Chipset, 15 57 = Boot, 14 27 = Security, 16 27 = Save & Exit

Offsets that may be of interest to disassemble in AMITSE are 0x373B8 (starts with 11 27 - may be useful figuring out what visible menu code looks like) and 0xF02F5 (starts with 13 27 - might help figure out what the hidden Chipset menu code looks like).

!!!!!PLEASE READ!!!!!! Our Ukrainian friends are undergoing atrocities right now and need support. There are two things you can do for starters:

1.) Donate to one of various organizations offering medical, military, and psychological support to those impacted: Support Organizations

2.) Combat misinformation on social media. 

Also, please feel free to PM me if I have not replied again about your BIOS mod request after 5 days.
www find
quote
#46
(06-28-2021, 03:55 PM)KnoxMe Wrote:
(06-28-2021, 02:18 PM)Sml6397 Wrote: That's a good idea, actually. Could you upload a dump of the modded BIOS? If the BIOS chip isn't being erased properly before the modded BIOS flash, then unerased regions could be skipped in programming.
Is there a command in AFUWin that allow unsecured BIOS (Modded) to be flashed?

Didn't see this post before my previous reply. This goes into territory I am less experienced in, but if you can try it and give me the error code, we may be able to remove flash locks in the way through RU.EFI. First try getting a backup though. That way we can verify that the hardware programmer is working properly (ie: it is erasing first then writing).

I cannot guarantee that an AFU flash will not result in a brick. The AFU flash would probably fail to even execute if the BIOS image is not in the right format. I'm not sure if your notebook expects BIOS updates to be delivered through an AMI Aptio Capsule yet.

With the SPI programmer, we can directly write to the chip, so we can write whatever we want to it as long as long as it is exactly 16MB.

!!!!!PLEASE READ!!!!!! Our Ukrainian friends are undergoing atrocities right now and need support. There are two things you can do for starters:

1.) Donate to one of various organizations offering medical, military, and psychological support to those impacted: Support Organizations

2.) Combat misinformation on social media. 

Also, please feel free to PM me if I have not replied again about your BIOS mod request after 5 days.
www find
quote
#47
(06-28-2021, 04:09 PM)Sml6397 Wrote:
(06-28-2021, 03:55 PM)KnoxMe Wrote:
(06-28-2021, 02:18 PM)Sml6397 Wrote: That's a good idea, actually. Could you upload a dump of the modded BIOS? If the BIOS chip isn't being erased properly before the modded BIOS flash, then unerased regions could be skipped in programming.
Is there a command in AFUWin that allow unsecured BIOS (Modded) to be flashed?

Didn't see this post before my previous reply. This goes into territory I am less experienced in, but if you can try it and give me the error code, we may be able to remove flash locks in the way through RU.EFI. First try getting a backup though. That way we can verify that the hardware programmer is working properly (ie: it is erasing first then writing).

I cannot guarantee that an AFU flash will not result in a brick. The AFU flash would probably fail to even execute if the BIOS image is not in the right format. I'm not sure if your notebook expects BIOS updates to be delivered through an AMI Aptio Capsule yet.

With the SPI programmer, we can directly write to the chip, so we can write whatever we want to it as long as long as it is exactly 16MB.
Finally, I use brute strength to keep the clipper on the chip (quite a pain). The file is uploaded in the google drive, file name is dxd.rom
find
quote
#48
(06-28-2021, 04:18 PM)KnoxMe Wrote: Finally, I use brute strength to keep the clipper on the chip (quite a pain). The file is uploaded in the google drive, file name is dxd.rom

Thanks! I can say for sure that the SPI flash is working properly. This comparison allowed me to discover that there is only one module that changes between reboots (or at least between reboots with no OS re-installations or BIOS setting changes occurring). In this image, the GUID of this module is CEF5B9A3-476D-497F-9FDC-E98143E0422C. More importantly, the name of it is "NVAR Store". It looks like this might be the table that contains some or all of the UEFI variables that can be edited in RU.EFI to change settings without a BIOS mod (see the attachment). I still need to investigate this before I can say for sure that this module stores the UEFI variables. I will check this on my test machine at a later time.

Anyways, I will go back to the drawing board and see if I can get my disassembler working properly and then figure out what is going on in the image that could be hiding the Chipset Menu.


Attached Files Thumbnail(s)
   

!!!!!PLEASE READ!!!!!! Our Ukrainian friends are undergoing atrocities right now and need support. There are two things you can do for starters:

1.) Donate to one of various organizations offering medical, military, and psychological support to those impacted: Support Organizations

2.) Combat misinformation on social media. 

Also, please feel free to PM me if I have not replied again about your BIOS mod request after 5 days.
www find
quote
#49
Here is a preview of the Chipset Menu to give you something to look forward to! Smile

The left pane contains the sub-menus in the Chipset Menu. The right pane contains the settings just in the Graphics Configuration sub-menu.


Attached Files Thumbnail(s)
   

!!!!!PLEASE READ!!!!!! Our Ukrainian friends are undergoing atrocities right now and need support. There are two things you can do for starters:

1.) Donate to one of various organizations offering medical, military, and psychological support to those impacted: Support Organizations

2.) Combat misinformation on social media. 

Also, please feel free to PM me if I have not replied again about your BIOS mod request after 5 days.
www find
quote
#50
(06-28-2021, 04:38 PM)Sml6397 Wrote:
(06-28-2021, 04:18 PM)KnoxMe Wrote: Finally, I use brute strength to keep the clipper on the chip (quite a pain). The file is uploaded in the google drive, file name is dxd.rom

Thanks! I can say for sure that the SPI flash is working properly. This comparison allowed me to discover that there is only one module that changes between reboots (or at least between reboots with no OS re-installations or BIOS setting changes occurring). In this image, the GUID of this module is CEF5B9A3-476D-497F-9FDC-E98143E0422C. More importantly, the name of it is "NVAR Store". It looks like this might be the table that contains some or all of the UEFI variables that can be edited in RU.EFI to change settings without a BIOS mod (see the attachment). I still need to investigate this before I can say for sure that this module stores the UEFI variables. I will check this on my test machine at a later time.

Anyways, I will go back to the drawing board and see if I can get my disassembler working properly and then figure out what is going on in the image that could be hiding the Chipset Menu.

Thanks, It'll be long for sure, for me to receive the Pomona clipper.

I've ordered one in Aliexpress.
find
quote


Forum Jump:


Users browsing this thread: 5 Guest(s)