10-25-2017, 10:29 AM (This post was last modified: 10-25-2017, 10:41 AM by Aaron.)
Hey Friends here,
I got a ThinkPad T470 recently and I found it's unlike the one my friends has sale in America,the AES-NI has been locked by BIOS,though some search on search engine and offical site of Intel I know that I5 6300u support AES-NI,but it was disabled by BIOS,when we power on the machine,at Init period,BIOS will writes 11b to MSR register:
But,I got a BIOS backup from my friend,since he has a America version of T470,and Flash it into the one I have,it doesn't work(runs perfectly but no AES enabled).So I guess there was some check in BIOS,if they found this is a sale in restrict area,they disable the AES,mostly I think they check model number,serial number,though compare with my friend's one,easily found that his model number is 20JM000SUS,mine are 20JMA00CCD(mine is Chinese version).So at first I tried use offical flash tool running on system to change the model number(with US BIOS),the tool told me successful changed model number,but when I reboot it I found it only changed the model number which OS got,at first page of BIOS setting it still showed orignal 20JMA00CCD,then I found if we flash with iso image(flash without OS)we have a choice to change the model number,but T470 doesn't has a CD or DVD ROM,so we need to "burn" that iso image into some capable usb stick,unfortunately I don't have one handy now.So back to extract bios,I found the Andy's SLC tool could successful extract the BIOS,but with days of search and check by using IDA and http://www.jakobheinemann.de/en/projects/j-asm.html jasm tool I cannot make sure the right one file and location to modify,So can you help on this?It's my honor and there will be a lot people got help from here.
The BIOS file with flash tool on OS: https://pcsupport.lenovo.com/us/en/produ...s/DS120429
10-26-2017, 12:04 PM (This post was last modified: 10-26-2017, 12:07 PM by DeathBringer.)
Well. Post a screenshot of regedit with expanded key HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Ask your friend for such screenshot too.
Posts: 5
Threads: 1
Joined: Oct 2017
Reputation:
0
(10-26-2017, 12:04 PM)DeathBringer Wrote: Well. Post a screenshot of regedit with expanded key HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Ask your friend for such screenshot too.
Hi,mine regedit info here:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0]
"Component Information"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Identifier"="Intel64 Family 6 Model 78 Stepping 3"
"Configuration Data"=hex(9):ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00
"ProcessorNameString"="Intel® Core™ i5-6300U CPU @ 2.40GHz"
"VendorIdentifier"="GenuineIntel"
"FeatureSet"=dword:21193ffe
"~MHz"=dword:000009c0
"Update Signature"=hex:00,00,00,00,be,00,00,00
"Update Status"=dword:00000002
"Previous Update Signature"=hex:00,00,00,00,be,00,00,00
"Platform ID"=dword:00000080
I'll post his regedit info once he reply me on skype
10-29-2017, 08:44 AM (This post was last modified: 10-29-2017, 09:39 AM by Aaron.)
(10-29-2017, 03:44 AM)DeathBringer Wrote:
(10-28-2017, 02:59 AM)Aaron Wrote: I'll post his regedit info once he reply me on skype
OK.
I need also current dump of your BIOS.
Hi DeathBringer,
Sorry for reply so late,I'm trying to reverse rom file these days too,and bios backup file is here: https://file.io/z1mQca
password:bios-mod
file: officaltool-directory.7z offical flash tool on windows.
directory: Extracted-by-Andy-Tool-from-offical-biosfile there are lot file extracted by Andy's tool before,but that makes a big zip file hard to upload,so I deleted it finally,you can extract it again by Andy's tool.
The current-BIOS isn't easy to backup,I tried a lot tool and Universal BIOS Backup Toolkit is the only one works,but I checked the author of Universal BIOS Backup Toolkit's posts and he said:
"Some of PC can reflash back directlly , but the Pheonix BIOS can't reflash back directlly use phflash tools for backup bios is not include "Tail" (flsah CFG ), so you need to add the "Tail" to the backup file for reflash. Other way is use a Programmer to burn chip Directly." at https://forums.mydigitallife.net/threads...t.9856/,so maybe modified bios may not easy to flash back,if any need I'll buy a "burn" programmer to flash it.
So I add the orignal offical file in the zip file too,named $0AN1Q00.FL1,which we can also extract by Andy's tool may help in some situation.
And one thing I want to explain is that,the picture in main posts may not adapted to i5 6300u,documents on https://www.intel.com/content/www/us/en/...urces.html didn't mention about AES-NI keyword.I'll keep search and try to find any further info for this unlock.Recently I'm trying to use BITS(BIOS-Implementation-Test-Suite-from-Intel) to test it https://downloadcenter.intel.com/downloa...Suite-BITS-
Another compare to offical bios update file's sha1 and crc32 showed all 20JM series(T470) share the same bios file,no matter it's sale in America,China,Russia or any country.(I download from different country's support offical site of lenovo).
And,I got the regedit info from my friend,looks exactly the same without the name and frequency:
"Component Information"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Identifier"="Intel64 Family 6 Model 78 Stepping 3"
"Configuration Data"=hex(9):ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00
"ProcessorNameString"="Intel® Core™ i5-6200U CPU @ 2.30GHz"
"VendorIdentifier"="GenuineIntel"
"FeatureSet"=dword:21193ffe
"~MHz"=dword:000008fc
"Update Signature"=hex:00,00,00,00,be,00,00,00
"Update Status"=dword:00000002
"Previous Update Signature"=hex:00,00,00,00,be,00,00,00
"Platform ID"=dword:00000080
And,Lenovo has makes a lot restriction here to prevent user do any kind of modify on BIOS,I know this is not a easy work for anyone even for most expert here,but no matter it will success or not,I'll keep try and provide any info you need.
I think I've found the reason why your friend has AES but you haven't. But I need some bytes from laptops memory.
You should use RWEverything for it. Try portable version.
Run it and press third button (Memory Dump), change address to FF89D000 and make a screenshot.
Posts: 5
Threads: 1
Joined: Oct 2017
Reputation:
0
(10-29-2017, 02:55 PM)DeathBringer Wrote: I think I've found the reason why your friend has AES but you haven't. But I need some bytes from laptops memory.
You should use RWEverything for it. Try portable version.
Run it and press third button (Memory Dump), change address to FF89D000 and make a screenshot.
![[-]](https://www.bios-mods.com/forum/images/black/collapse.png "[-]")
![[Image: intel-doc.jpg]](https://www.imageupload.co.uk/images/2017/10/25/intel-doc.jpg)
![[MVP] Top Contributor](images/badges/english/team-top-dog.gif "[MVP] Top Contributor")
,the text report of CPU-Z is here 
![[Image: www.png]](https://www.imageupload.co.uk/images/2017/10/30/www.png)
![[Valid RSS]](valid-rss.png "Validate my RSS feed")