[REQUEST] Lenovo Thinkpad X240 (GIETxxWW) Whitelist Removal

[ucupsz]

hi friends,
interesting discussion you got here..
btw, i try to disassemble wintpup.exe and debug the process, found that process for reading bios image and bios in the chip was done by winflash64.exe (i use win7 64bit). in winflash64.exe, there's section that commented as 'oem check'.
when i debug the winflash64.exe with parameter using modified *.fl1, then change the status flag to the value when i run using lenovo's *.fl1, i manage to produce the same message as if i did the flash using proper procedure.
but after restart/reboot, i still got authenticaation failed.
i suspect that the authentication check is also done after reboot.
perhaps you want to also tried to reverse the process, you can check my thread (about T430). i record my process there.

[BDMaster]

hi friends,
interesting discussion you got here..
btw, i try to disassemble wintpup.exe and debug the process, found that process for reading bios image and bios in the chip was done by winflash64.exe (i use win7 64bit). in winflash64.exe, there's section that commented as 'oem check'.
when i debug the winflash64.exe with parameter using modified *.fl1, then change the status flag to the value when i run using lenovo's *.fl1, i manage to produce the same message as if i did the flash using proper procedure.
but after restart/reboot, i still got authenticaation failed.
i suspect that the authentication check is also done after reboot.
perhaps you want to also tried to reverse the process, you can check my thread (about T430). i record my process there.

Hi friend,
As I said Donovan has done many experiment so He is big expert, but
I remember that when I was studying Secure Flash Protection, i found that on UEFI Bios It is done by InsydeFlash which
Decapsule Bios and pass It to UEFI module to flash it after reboot, so there are many checks before flashing it
(the same as HP do on his laptop using HP_TOOLS Partition).
So if Original Bios is been modded has an incorrect Signature !
Only two ways to reflash Bios are :

1. Intel FPT Bios Region flashing
2. Recovery Mode Bios Decapsulated (so Generalized)

These is true only for Bios without Write Memory Protections (error 280)
Regards

[rozker]

Yep, it's not possible to flash a changed bios via any means using just WINTPUP, because it just checks the bios image and than creates a capsule to be flashed on the next reboot.

here's the diagram
http://forum.techinferno.com/general-not...flash.html

and intel FPT cannot flash it, cause the flash chip is protected, probably using some undocumented chipset registers. prr and prr2 cannot unprotect it. we need prr3

ucupz, you could disassembly and check the DXE/PEI module in UEFI that does the actual flashing after reboot. after checking for the correct bios signature it must unprotect the flash chip to do the flashing. if it's known how it does it, we could write our own prr3 to unprotect the bios and use Intel FPT

BDMaster, what is Recovery Mode Bios Decapsulated and Generalized you mentioned? any link or info?

[BDMaster]

Yep, it's not possible to flash a changed bios via any means using just WINTPUP, because it just checks the bios image and than creates a capsule to be flashed on the next reboot.

here's the diagram
http://forum.techinferno.com/general-not...flash.html

and intel FPT cannot flash it, cause the flash chip is protected, probably using some undocumented chipset registers. prr and prr2 cannot unprotect it. we need prr3

ucupz, you could disassembly and check the DXE/PEI module in UEFI that does the actual flashing after reboot. after checking for the correct bios signature it must unprotect the flash chip to do the flashing. if it's known how it does it, we could write our own prr3 to unprotect the bios and use Intel FPT

BDMaster, what is Recovery Mode Bios Decapsulated and Generalized you mentioned? any link or info?

The Recovery Mode is Procedure to Recover a Bios when flash goes bad !
Before all Bioses were Pure (not Capsulatedas in UEFI) and the procedure was simply.
Actualy to Recover Bios It needs to Decapsulate Bios to get It Pure or Generalized (It is base to make a mod for all same models laptop without a bios backup for any user).
If You try to Recovery Bios with a capsulated Bios You'll get a brick !
Regards

Here is mine old Dirty Guide How to get Decapsulated Bios :

http://rghost.net/52544682

[ucupsz]

yeah... just as what i guessed.
thanks for the pict.

Yep, it's not possible to flash a changed bios via any means using just WINTPUP, because it just checks the bios image and than creates a capsule to be flashed on the next reboot.

here's the diagram
http://forum.techinferno.com/general-not...flash.html

and intel FPT cannot flash it, cause the flash chip is protected, probably using some undocumented chipset registers. prr and prr2 cannot unprotect it. we need prr3

ucupz, you could disassembly and check the DXE/PEI module in UEFI that does the actual flashing after reboot. after checking for the correct bios signature it must unprotect the flash chip to do the flashing. if it's known how it does it, we could write our own prr3 to unprotect the bios and use Intel FPT

BDMaster, what is Recovery Mode Bios Decapsulated and Generalized you mentioned? any link or info?

---

is there any tools to debug .pei module or .dxe driver?
afaik, we can only dissassemble those things and manually analyze the assembly.

Yep, it's not possible to flash a changed bios via any means using just WINTPUP, because it just checks the bios image and than creates a capsule to be flashed on the next reboot.

here's the diagram
http://forum.techinferno.com/general-not...flash.html

and intel FPT cannot flash it, cause the flash chip is protected, probably using some undocumented chipset registers. prr and prr2 cannot unprotect it. we need prr3

ucupz, you could disassembly and check the DXE/PEI module in UEFI that does the actual flashing after reboot. after checking for the correct bios signature it must unprotect the flash chip to do the flashing. if it's known how it does it, we could write our own prr3 to unprotect the bios and use Intel FPT

BDMaster, what is Recovery Mode Bios Decapsulated and Generalized you mentioned? any link or info?

The Recovery Mode is Procedure to Recover a Bios when flash goes bad !
Before all Bioses were Pure (not Capsulatedas in UEFI) and the procedure was simply.
Actualy to Recover Bios It needs to Decapsulate Bios to get It Pure or Generalized (It is base to make a mod for all same models laptop without a bios backup for any user).
If You try to Recovery Bios with a capsulated Bios You'll get a brick !
Regards

Here is mine old Dirty Guide How to get Decapsulated Bios :

http://rghost.net/52544682

[BDMaster]

Look here Donovan reply for You, so can ask to him :

http://www.bios-mods.com/forum/Thread-RE...mer?page=5

Regards

[rozker]

something about patching the UEFI flasher module:

http://www.insanelymac.com/forum/topic/2...try1993117

And yes, live debugging of UEFI is not easily possible. We can only analyze static assembly in our case I guess.

[xsmile]

@rozker:
The Bios Lock Enable (BLE) bit setting popped up some time ago when Haswell motherboards were released and prevented any BIOS modifications. The bit is set according to a preference in the BIOS and is write protected until a platform reset is performed, which usually happens when after you flash a new BIOS. You see the problem ..

CodeRush's patch will bypass the setting of the Bios Lock Enable (BLE) bit after! you flash the patched BIOS, so further modifications are easily possible.
It won't help you flash a modified BIOS, if you already have this kind of lock.

I'm not familiar with the protection used in these notebooks. Most probably it is something else anyway.
If you want to check, if you have the BLE bit set, refer to these two posts: 1, 2.

[ucupsz]

wohoo...
thanks for the info.
.efi mentioned by coderush if found also inside T430's bios.
(PchBiosWriteProtect.efi)

looks like we had 2 problems here:
1. passing the authentification check
2. pass the bios write protect mechanism

IMO, if we can make the flasher think that modified bios is coming from manufacturer, then passing the bios write protect will be automatically done by the flasher.
looking at the structure, i get SystemFlashUpdateDriverDxe.efi
opening it in the IDA, i get same 'oem check' like the one in winflash64.exe




but even if we able to modify that file or other, we still need to be able to hardware flashing first. once our modified code reside in the bios, then next update gonna be easier, no need hardware flashing. cmiiw.

something about patching the UEFI flasher module:

http://www.insanelymac.com/forum/topic/2...try1993117

And yes, live debugging of UEFI is not easily possible. We can only analyze static assembly in our case I guess.

---

in thinkpad T4x0 case,
the authentification check and bios write protect is starting in T430.
(ivy bridge, prior haswell)

@rozker:
The Bios Lock Enable (BLE) bit setting popped up some time ago when Haswell motherboards were released and prevented any BIOS modifications. The bit is set according to a preference in the BIOS and is write protected until a platform reset is performed, which usually happens when after you flash a new BIOS. You see the problem ..

CodeRush's patch will bypass the setting of the Bios Lock Enable (BLE) bit after! you flash the patched BIOS, so further modifications are easily possible.
It won't help you flash a modified BIOS, if you already have this kind of lock.

I'm not familiar with the protection used in these notebooks. Most probably it is something else anyway.
If you want to check, if you have the BLE bit set, refer to these two posts: 1, 2.

[xsmile]

In the latest BIOS versions of both X240 and T440 module PlatformHiiAdvancedDxe (CFEF94C4-4167-466A-8893-8779459DFA86) contains settings "BIOS Lock" and "SMM Lock". BIOS Lock is disabled by default, so you don't need to worry about it.