Login

**AHMED HOSSAM** · 01-08-2012, 12:27 PM

Hi All ,

I'm waiting the day to finish my exams to begin working again in this project Smile

Here is some information would help you :-
I was intending to do this for recovery procedure :-
the bootblock normally have routines for recovery ,,,, if you triggered the correct key combination and have the correct files in the usb , then the recovery process will start automatically ,,,,,,, some cases the drivet and bios files shoukd be named ,, for example ,, insyde hp bios . To begin recovery , the usb drive should be named hp_tools and the bios file should be named too with another name i don't remember and then trigger fn+b to begin recovery .
When fn+b triggered , it calls the recoverymodule which search for the hp_tools drive and the required files inside and let them start recovery .
so , when disassembling the bootblock youcan notice a call to the recovery module with the lea instruction ,,,,,, if you found this call , then you are in the correct routine for recovery , just knew what the rest of routine do and disassemble the recovery module as well to knew what is needed for recovery .
There were some instructions checking for click on keyboard keys and then decides what to do ,,,,,,,,, you will find this for the diagnostic mode , setup module , recovery module and others .
I really have no time to do this now as my exam will be the day after tomorrow and have to study ... if someone can do this , it will be great ,,,,,, or wait till i finish exams Smile

Thank you ,
Ahmed

**jkbuha** · 01-08-2012, 01:19 PM

(01-08-2012, 12:27 PM)AHMED HOSSAM Wrote: Hi All ,

I'm waiting the day to finish my exams to begin working again in this project
Here is some information would help you :-
I was intending to do this for recovery procedure :-
the bootblock normally have routines for recovery ,,,, if you triggered the correct key combination and have the correct files in the usb , then the recovery process will start automatically ,,,,,,, some cases the drivet and bios files shoukd be named ,, for example ,, insyde hp bios . To begin recovery , the usb drive should be named hp_tools and the bios file should be named too with another name i don't remember and then trigger fn+b to begin recovery .
When fn+b triggered , it calls the recoverymodule which search for the hp_tools drive and the required files inside and let them start recovery .
so , when disassembling the bootblock youcan notice a call to the recovery module with the lea instruction ,,,,,, if you found this call , then you are in the correct routine for recovery , just knew what the rest of routine do and disassemble the recovery module as well to knew what is needed for recovery .
There were some instructions checking for click on keyboard keys and then decides what to do ,,,,,,,,, you will find this for the diagnostic mode , setup module , recovery module and others .
I really have no time to do this now as my exam will be the day after tomorrow and have to study ... if someone can do this , it will be great ,,,,,, or wait till i finish exams

Thank you ,
Ahmed

Hey Ahmed - good to hear from you but sorry to have disturbed your studying! Smile

You're right - this is what I've found so far:

73DAB30F-3F9C-4160-B064-439CE16C3EDE_1_1065.ROM:
en-USEnglishF2 = BIOS Setup Entering BIOS Setup F5 = Boot Menu Entering Boot MenuESC = Diagnostic SplashShow Diagnostic Splash F11 = Internal Shell Entering
00011: Internal Shell F12 = Legacy PXE Boot from Legacy PXEATA HDD Boot from ATA HDDF9 = USB HDD Boot from USB HDD F10 = USB FLOPPY Boot from USB FLOPPYF3 = CD-ROM Boot from CD-ROM

So in theory we can enter UEFI shell from F11 if we unlock it properly Smile

I can't seem to find a reference to HP_TOOLS in the code though. Ideally I'd scan for the key combo Fn+F3 (Fn+B) in the bios code to see where it's being referenced. The other ROM dump I posted is indeed a recovery process though it's to create a master+recovery combo for RAID volumes. Interesting though - so Phoenix actually allows the creation of RAID + recovery volumes through BIOS.

Most/All the interesting configurable options (and I mean *really* interesting ones) seem to be in CFEF94C4-4167-466A-8893-8779459DFA86_1_1048.ROM, at least their textual descriptions. So it may be in fact that one of these files references the other... Anyway I'll await your return from the exams.

Good luck for your next exam!

Cheers
jkbuha

**AHMED HOSSAM** · (This post was last modified: 01-08-2012, 02:01 PM by AHMED HOSSAM.)

Hi jkbuha ,

Hp_tools was just example from a hp notebook with insyde bios ,,,,,,, tiano core bios should be like it but not the same ,,,,,, so you won't find any hp_tools string for sure .
another thing , all you have found is strings , but the routine should contain something like this ( don't remember ) :-
lea , crisis recovery
Lea ecx , 443
This means call crisis recovery module and start from offest 443 in it .
I don't remembet exactly butt its something like this .
Every module contain its own strings , sothat strings ( text ) not collected in one module .
You can't search for what happen when pressing f10 or something like that except you knew what means checking for f10 in assembly .
You will not find it as a string for sure but you will find instructions meaning checking for click then if yes , it calls module and if no , it completes the rest of routine .
tryy googling the instruction checking for keyclick and then use ida to disassemble bootblock .
I will check this after exams Smile

Thank you,
Ahmed

**jkbuha** · (This post was last modified: 01-08-2012, 02:34 PM by jkbuha.)

(01-08-2012, 01:57 PM)AHMED HOSSAM Wrote: Hp_tools was just example from a hp notebook with insyde bios ,,,,,,, tiano core bios should be like it but not the same ,,,,,, so you won't find any hp_tools string for sure .

D'Oh!

I actually thought we'd have HP recovery code in a Dell BIOS!

I just thought of something else - would it make sense to search for the references to the (known) Fn+Function key extended scancodes (double byte pairs)? If thats the case then all we need to do is search for all ROMs which have, say the scancode for Fn+F3 (Fn+B) and we'd be getting closer to the main module?

Cheers
jkbuha

**AHMED HOSSAM** · 01-08-2012, 02:47 PM

Why searching all roms ! Smile

it should be in bootblock Wink

Just find routine in bootblock and it will lead you to everything Wink

**jkbuha** · 01-09-2012, 05:29 AM

(01-08-2012, 02:47 PM)AHMED HOSSAM Wrote: Why searching all roms ! it should be in bootblock
Just find routine in bootblock and it will lead you to everything

Yes but that's assuming I know where the bootblock is Wink

which I don't at the moment.

I'll wait for you to get back from your exams - don't worry.

Good luck!

Cheers
jkbuha

**kasar** · (This post was last modified: 01-09-2012, 07:03 AM by kasar.)

I assume the recovery procedure will be really similar from the 15z to the xps 15 r2 (L502X).
I also will await for your return ahmed : 3

**jkbuha** · 01-11-2012, 08:25 AM

Hi all

Added undervolted GT-550M Bios to first post. Testers let me know how you go with this high performance mod!

Cheers
jkbuha

**gamerX1990** · 01-15-2012, 02:54 PM

So this is a successful UEFI mod? Could the methods used here just be applied to other UEFI notebooks then UEFI modding can start to pick up?

**kasar** · (This post was last modified: 01-15-2012, 03:32 PM by kasar.)

(01-15-2012, 02:54 PM)gamerX1990 Wrote: So this is a successful UEFI mod? Could the methods used here just be applied to other UEFI notebooks then UEFI modding can start to pick up?

thank to those methods I sucesfully modded a some XPS 15 (L502X) bioses , changing the voltages of the nvidia video bios and changing some text at the SETUP app.

http://forum.notebookreview.com/dell-xps...-more.html

them has been already tested by me and other users

so yes, I supose It should work for another UEFI bioses ^_^

Login
Username:
Password:	Lost Password?
	Remember me