05-12-2013, 03:17 AM
THIS TOPIC mostly for newest notebooks (2012-2013 years) ONLY with RSA signed BIOSes, when Phoenix tool can't open your rom file.
3 weeks ago, when I came to this forums I was a newbie for BIOS modding or accessing it's hidden options.
But I searched a lot of information over internet and found some smart hints.
Having a huge programming skills in disassembling and ASN.1 data reading/parsing I realized a good way to change bios settings without modding.
I have HP Pavillion dv7 7171er with Insyde H2O RSA signed bios.
I found the way how to get it decrypted but all attempts to flash modded bios with patched DLL was unsuccessful. Each time I had to recover my Laptop with Win+B restoring.
On 15th time when by laptop was bricked again I decided to disassemble Setup Menu and found where needed options for me are hidden and how to access them for changes.
So here is small part of decompiled Setup Menu.
As you can see, it is realy represent's what we see in reality.
So now I need 2-3 BIOSes to proof my concept.
If you need to enable AHCI for example of change something else. please post you BIOS links here.
I will test and after 100% success I will write GUIDE and provide source code.
IMPORTANT: This is related only newest BIOSes which are not encrypted.
If it is RSA signed, you will need additional steps. I will inform you in this case.
Moderators, please pin this topic for some time.
You can always unpin in the feature.
3 weeks ago, when I came to this forums I was a newbie for BIOS modding or accessing it's hidden options.
But I searched a lot of information over internet and found some smart hints.
Having a huge programming skills in disassembling and ASN.1 data reading/parsing I realized a good way to change bios settings without modding.
I have HP Pavillion dv7 7171er with Insyde H2O RSA signed bios.
I found the way how to get it decrypted but all attempts to flash modded bios with patched DLL was unsuccessful. Each time I had to recover my Laptop with Win+B restoring.
On 15th time when by laptop was bricked again I decided to disassemble Setup Menu and found where needed options for me are hidden and how to access them for changes.
So here is small part of decompiled Setup Menu.
As you can see, it is realy represent's what we see in reality.
Code:
╔════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗
║ FormSet: 'Main' GUID: a04a27f4-df00-4d42-b552-39511302113d ║
╟────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╢
║ VarStore Id: '0x1234', Size: '900', Name: 'SystemConfig' GUID: a04a27f4-df00-4d42-b552-39511302113d ║
╚════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝
┌────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
│ Form Name: 'Main' [ ID: '0x0001' ]│
└────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
┌- Grayout IF:
| Question [ ID: 0x08 ] == 0x02
| Question [ ID: 0x07 ] == 0x01
| AND expression
└- END IF Grayout;
Time: 'System Time' [ QId: '0x01', VarStoreId: '0x00', Help: '<Enter> selects field.' ]
Default value: '00:00:00', Type: 0x05
Date: 'System Date' [ QId: '0x02', VarStoreId: '0x00', Help: '<Enter> selects field.' ]
Default value: '2010/05/01', Type: 0x06
┌- Grayout IF:
| EQ == TRUE
| Text: 'Notebook Model' Default: '[Not Detected]' Help: ' '
| Text: 'Product Number' Default: '[Not Detected]' Help: ' '
| Text: 'System Board ID' Default: '[Not Detected]' Help: ' '
| Text: 'Born On Date' Default: '[Not Detected]' Help: ' '
| Text: 'Processor Type' Default: '[Not Detected]' Help: ' '
| ┌- Suppress IF:
| | Question [ ID: 0x06 ] == 0x00
| | Text: 'Processor Speed' Default: '[Not Detected]' Help: ' '
| └- END IF Suppress;
| Text: 'Total Memory' Default: '[Not Detected]' Help: ' '
| Text: 'BIOS Version' Default: 'Fake Data' Help: ' '
| Text: 'BIOS Vendor' Default: 'Insyde' Help: ' '
| Text: 'Serial Number' Default: '[Not Detected]' Help: ' '
| Text: 'UUID Number' Default: '[Not Detected]' Help: ' '
| Text: 'Product configuration ID' Default: '[Not Detected]' Help: ' '
| Text: 'System Board CT Number' Default: 'C AAAA RR SS WW X X X' Help: ' '
| Text: 'Factory installed OS' Default: '[Not Detected]' Help: ' '
| ┌- Suppress IF:
| | Question [ ID: 0x05 ] == 0x00
| | Text: 'Primary Battery SN' Default: 'N/A' Help: ' '
| └- END IF Suppress;
| ┌- Suppress IF:
| | Question [ ID: 0x04 ] == 0x00
| | Text: 'Secondary Battery SN' Default: '' Help: ' '
| └- END IF Suppress;
└- END IF Grayout;
Reference: 'System Log' [ ID: '0x0540' ]
┌────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
│ Form Name: 'System Log' [ ID: '0x0540' ]│
└────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
Subtitle: 'System Log'
Action: Help: View the system diagnostic failure results.
Text: 'Result:' Default: 'Time:' Help: 'View the system diagnostic failure results.'
┌- Grayout IF:
| EQ == TRUE
| Text: ' ' Default: '- No Data -' Help: 'View the system diagnostic failure results.'
| Text: ' ' Default: '- No Data -' Help: 'View the system diagnostic failure results.'
| Text: ' ' Default: '- No Data -' Help: 'View the system diagnostic failure results.'
| Text: ' ' Default: '- No Data -' Help: 'View the system diagnostic failure results.'
| Text: ' ' Default: '- No Data -' Help: 'View the system diagnostic failure results.'
| Text: ' ' Default: '- No Data -' Help: 'View the system diagnostic failure results.'
| Text: ' ' Default: '- No Data -' Help: 'View the system diagnostic failure results.'
| Text: ' ' Default: '- No Data -' Help: 'View the system diagnostic failure results.'
| Text: ' ' Default: '- No Data -' Help: 'View the system diagnostic failure results.'
| Text: ' ' Default: '- No Data -' Help: 'View the system diagnostic failure results.'
| Text: ' ' Default: '- No Data -' Help: 'View the system diagnostic failure results.'
| Text: ' ' Default: '- No Data -' Help: 'View the system diagnostic failure results.'
| Text: ' ' Default: '- No Data -' Help: 'View the system diagnostic failure results.'
| Text: ' ' Default: '- No Data -' Help: 'View the system diagnostic failure results.'
| Text: ' ' Default: '- No Data -' Help: 'View the system diagnostic failure results.'
| Text: ' ' Default: '- No Data -' Help: 'View the system diagnostic failure results.'
| Text: ' ' Default: '- No Data -' Help: 'View the system diagnostic failure results.'
| Text: ' ' Default: '- No Data -' Help: 'View the system diagnostic failure results.'
| Text: ' ' Default: '- No Data -' Help: 'View the system diagnostic failure results.'
| Text: ' ' Default: '- No Data -' Help: 'View the system diagnostic failure results.'
└- END IF Grayout;
So now I need 2-3 BIOSes to proof my concept.
If you need to enable AHCI for example of change something else. please post you BIOS links here.
I will test and after 100% success I will write GUIDE and provide source code.
IMPORTANT: This is related only newest BIOSes which are not encrypted.
If it is RSA signed, you will need additional steps. I will inform you in this case.
Moderators, please pin this topic for some time.
You can always unpin in the feature.