Login

**ucupsz** · 04-06-2014, 04:03 AM

hi friend...
i flash the BIOSBAKK_64_Cutted_NWL.ROM using my flash programmer.
unfortunately, it generate the same 1802 error.
any other idea?

(04-05-2014, 05:26 PM)BDMaster Wrote:
(04-05-2014, 08:34 AM)SheepReaper Wrote: Thank you BDMaster, your explanation does make it clearer. I have a T430 laptop, which explains my interest in the subject. I am also just a beginner with assembly code so my understanding of the loop was unclear until you explained it.

I modified the module but got an error when trying to insert it into the new bios. I need to retrace my steps and try again. Spent almost the entire day yesterday learning how to do this and how to use the tools.

Hi thanks for reply,
I uploaded in post before Bios modded and Module Modded too, It needs to replace Module modded to original only and repack bios by PMTool and that's it.
Let me know what and where You got error i can help You
(I am happy when can help someone)
Regards

**BDMaster** · 04-06-2014, 06:56 AM

It's normal that display error 1802: etc., but laptop have not stop in an infinite loop and have to continue to work normaly bypassing whitelist lock !
let me know
Regards

**ucupsz** · 04-06-2014, 08:49 AM

nope...

it behave like before.
- showing 1802 error,
- then just stop there. asking to it stopped, just like prior flashing the modified bios.
[Image: 13666736685_f0c7e79b06.jpg]

(04-06-2014, 06:56 AM)BDMaster Wrote: It's normal that display error 1802: etc., but laptop have not stop in an infinite loop and have to continue to work normaly bypassing whitelist lock !
let me know
Regards

**BDMaster** · (This post was last modified: 04-06-2014, 09:02 AM by BDMaster.)

(04-06-2014, 08:49 AM)ucupsz Wrote: nope...

it behave like before.
- showing 1802 error,
- then just stop there. asking to it stopped, just like prior flashing the modified bios.

(04-06-2014, 06:56 AM)BDMaster Wrote: It's normal that display error 1802: etc., but laptop have not stop in an infinite loop and have to continue to work normaly bypassing whitelist lock !
let me know
Regards

Ok I will check the mod and if it's all ok there will be another infinite loop into 1660 subroutine and I will check all code as in your picture
there is a longer string than which I found "System is halted" I haven't see before !
I will reply here the news
Regards

**ucupsz** · (This post was last modified: 04-06-2014, 10:33 AM by ucupsz.)

(04-06-2014, 08:58 AM)BDMaster Wrote:
(04-06-2014, 08:49 AM)ucupsz Wrote: nope...

it behave like before.
- showing 1802 error,
- then just stop there. asking to it stopped, just like prior flashing the modified bios.

(04-06-2014, 06:56 AM)BDMaster Wrote: It's normal that display error 1802: etc., but laptop have not stop in an infinite loop and have to continue to work normaly bypassing whitelist lock !
let me know
Regards

Ok I will check the mod and if it's all ok there will be another infinite loop into 1660 subroutine and I will check all code as in your picture
there is a longer string than which I found "System is halted" I haven't see before !
I will reply here the news
Regards

how about tracking which part calling the loc_BCD (the one that content message generator), and modify the logic so it won't directed there??
please see this pdf file below.
http://rghost.net/53821428
i put the big picture below:
here
tried to delete the 'jnz' in the hex to 0000, turns out to be disaster. Big Grin

**BDMaster** · 04-07-2014, 01:15 AM

(04-06-2014, 09:06 AM)ucupsz Wrote:
(04-06-2014, 08:58 AM)BDMaster Wrote:
(04-06-2014, 08:49 AM)ucupsz Wrote: nope...

it behave like before.
- showing 1802 error,
- then just stop there. asking to it stopped, just like prior flashing the modified bios.

(04-06-2014, 06:56 AM)BDMaster Wrote: It's normal that display error 1802: etc., but laptop have not stop in an infinite loop and have to continue to work normaly bypassing whitelist lock !
let me know
Regards

Ok I will check the mod and if it's all ok there will be another infinite loop into 1660 subroutine and I will check all code as in your picture
there is a longer string than which I found "System is halted" I haven't see before !
I will reply here the news
Regards

how about tracking which part calling the loc_BCD (the one that content message generator), and modify the logic so it won't directed there??
please see this pdf file below.
http://rghost.net/53821428
i put the big picture below:
here
tried to delete the 'jnz' in the hex to 0000, turns out to be disaster.

Ok I will lokk your pdf to mod use nop istruction = hex Code 0x90 so 90 90 !
will reply here
regards

**BDMaster** · (This post was last modified: 04-08-2014, 03:03 AM by BDMaster.)

Whitelist Table :

00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

00 00 00 00 86 80 89 00 86 80 11 13 01 00 00 00
05 00 00 00 86 80 87 01 00 00 00 00 00 00 00 00
00 00 00 00 86 80 38 42 86 80 11 11 01 00 00 00
00 00 00 00 86 80 38 42 86 80 18 11 01 00 00 00
00 00 00 00 86 80 85 00 86 80 11 13 01 00 00 00
00 00 00 00 86 80 85 00 86 80 18 13 01 00 00 00
00 00 00 00 EC 10 76 81 EC 10 95 81 00 00 00 00
00 00 00 00 86 80 91 08 86 80 22 42 00 00 00 00
00 00 00 00 E4 14 58 43 E4 14 43 05 00 00 00 00
00 00 00 00 8C 16 2B 00 AA 17 A1 30 00 00 00 00
00 00 00 00 95 17 20 07 00 00 00 00 00 00 00 00
00 00 00 00 95 17 15 07 00 00 00 00 00 00 00 00
00 00 00 00 95 17 22 00 00 00 00 00 00 00 00 00
00 00 00 00 EE 10 12 20 EE 10 09 00 00 00 00 00
00 00 00 00 EE 10 13 20 EE 10 09 00 00 00 00 00
00 00 00 00 86 80 8F 08 86 80 60 42 01 00 00 00
01 00 00 00 99 11 12 90 00 00 00 00 00 00 00 00
01 00 00 00 99 11 13 90 00 00 00 00 00 00 00 00
01 00 00 00 DB 0B 27 19 00 00 00 00 00 00 00 00
01 00 00 00 DB 0B 26 19 00 00 00 00 00 00 00 00
01 00 00 00 4F 11 A2 68 00 00 00 00 00 00 00 00
01 00 00 00 3D 0F A2 68 00 00 00 00 00 00 00 00
01 00 00 00 99 11 A2 68 00 00 00 00 00 00 00 00
06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

.text:0000000000000C74 lea rdx, byte_270
.text:0000000000000C7B
.text:0000000000000C7B loc_C7B: ; CODE XREF: sub_B10+1B3j
.text:0000000000000C7B test eax, eax
.text:0000000000000C7D jnz short loc_CAA
.text:0000000000000C7F movzx ecx, word ptr [r8+rdx+6]
.text:0000000000000C85 movzx eax, word ptr [r8+rdx+4]
.text:0000000000000C8B shl ecx, 10h
.text:0000000000000C8E or ecx, eax
.text:0000000000000C90 cmp [rdi], ecx
.text:0000000000000C92 jnz short loc_CAA
.text:0000000000000C94 movzx ecx, word ptr [r8+rdx+0Ah]
.text:0000000000000C9A movzx eax, word ptr [r8+rdx+8]
.text:0000000000000CA0 shl ecx, 10h
.text:0000000000000CA3 or ecx, eax
.text:0000000000000CA5 cmp [rdi+4], ecx
.text:0000000000000CA8 jz short loc_CC5
.text:0000000000000CAA

00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

00 00 00 00 86 80 89 00 86 80 11 13 01 00 00 00

.text:0000000000000C7F movzx ecx, word ptr [r8+rdx+6]
.text:0000000000000C85 movzx eax, word ptr [r8+rdx+4]

00 00 00 00 86 80 89 00 ---> ecx = 89 00

00 00 00 00 86 80 ---> eax = 86 80

.text:0000000000000C8B shl ecx, 10h

ecx = 89 00 00 00

or ecx, eax

ecx = 89 00 86 80 (PCI/VEN to check)

cmp [rdi], ecx ; check the PCI/VEN first part is wrong ? go to . . . is right continue to 2nd part

.text:0000000000000C94 movzx ecx, word ptr [r8+rdx+0Ah]
.text:0000000000000C9A movzx eax, word ptr [r8+rdx+8]
.text:0000000000000CA0 shl ecx, 10h
.text:0000000000000CA3 or ecx, eax
.text:0000000000000CA5 cmp [rdi+4], ecx
.text:0000000000000CA8 jz short loc_CC5

00 00 00 00 86 80 89 00 86 80 11 13

ecx = 11 13

eax = 86 80

Ecx = 11 13 00 00

ecx = 11 13 86 80

cmp [rdi+4], ecx ; check the next PCI/VEN part +4 is right go to loc_CC5 otherwise continue

Here is where is going to check hex Wwan Card number (PCI/VEN) so here We have to mod . . .

Regards

**ucupsz** · 04-09-2014, 11:30 AM

wohoooo...!!!!
we've made it.... Smile

)

based on your explanation, i changed the two jnz to nop, and one jz to jmp.
and it works!
i type this from T430 with broadcomm wifi card. Smile

)

i'll post more detail steps tomorrow.
getting late here, need to drive early morning tomorrow.

zillion thanks BDmaster!! you're my hero!

**BDMaster** · (This post was last modified: 04-10-2014, 11:35 AM by BDMaster.)

(04-09-2014, 11:30 AM)ucupsz Wrote: wohoooo...!!!!
we've made it.... )

based on your explanation, i changed the two jnz to nop, and one jz to jmp.
and it works!
i type this from T430 with broadcomm wifi card. )

i'll post more detail steps tomorrow.
getting late here, need to drive early morning tomorrow.

zillion thanks BDmaster!! you're my hero!

Finally thanks for your reply !
I think these would be the mods :

unlock infinite loop :
0BEB : 75 F5 to 75 00 or 90 90 jnz short loc_BE2 to jnz $+2

unlock whitelist :
0C7D : 75 2B to 75 00 or 90 90 jnz short loc_CAA to jnz $+2

0C92 : 75 16 to 75 00 or 90 90 jnz short loc_CAA to jnz $+2

0CA8 : 74 1B to EB 1B jz short loc_CC5 to jmp short loc_CC5

Let me know, if It's right !

Can You explain how to flash and setting to use Soic Clamp Adapter ? as You said You will
write a new Tutorial detailed about use of SPI Programmer and I am interesting to it !
Regards

devasish · 04-09-2014, 12:23 PM

sovem please help me for e420 at my post http://www.bios-mods.com/forum/Thread-le...-whitelist posted this here bcoz no one replied so far Sad

Login
Username:
Password:	Lost Password?
	Remember me