Bios Mods -The Best BIOS Update and Modification Source

on my case with T430,
winflash64.exe is the one that done the check and let the computer to reboot to do the real flashing process.
normally, modified phoenix SCT bios can not be flashed. winflash will complain that it failing on verification check.
i've managed to alter the logic of winflash and let it reboot as if the verification check is success.
however, after reboot, there's another message that showing the verification is failed.
i don't know the situation with insyde bios.
hope has an easier way to solve the problem.

(06-10-2014, 08:06 AM)RehabMan Wrote: [ -> ]

(06-10-2014, 05:56 AM)sebold Wrote: [ -> ]This is the best Tutorial i've found: http://donovan6000.blogspot.de/2013/06/i...lists.html

Who of you is in IA64-Assembler and can do this?

Yes, I've been reading Donavan's blog. I'm ok with x86 code, but need to become familiar with the tools. I hope to get started today.

BTW, if you run the BIOS updater, it doesn't even ask for confirmation. Just runs, reboots, flashes, and restarts. Also, no backup is made of the prior BIOS. The whole process is really quick. So... I have updated BIOS now. Of course, attempting to run a second time ... just informs that the same version BIOS is already installed and it aborts. Extracting the files reveals an .INI file for configuration where you can disable the version check, enable backups and other goodies.

Yes Phoenix - Insyde - Ami Aptio Bioses have the same structure and the tools are almost quite similar, so "Extracting the files reveals an .INI file for configuration where you can disable the version check, enable backups and other goodies." It is the same thing for all thiese Bioses !
There are flags into Platform.ini to set = 0 to avoid some checks !
Regards

I´ve found the module UEFIL05BIOSLock (obvious name) to be responsible for whitelist lock. (GUID: {11D378C2-B472-412F-AD87-1BE4CD8B33A6_2045})

I Disassembled it, but i don't know anything about Assembler.
Here is the disassembled file.

(06-11-2014, 07:58 AM)sebold Wrote: [ -> ]I´ve found the module UEFIL05BIOSLock (obvious name) to be responsible for whitelist lock. (GUID: {11D378C2-B472-412F-AD87-1BE4CD8B33A6_2045})

I Disassembled it, but i don't know anything about Assembler.
Here is the disassembled file.

I have completed patches (for BIOS whitelist and pmlock) and created a patched image. The file size is the same as the original and I have verified by re-extracting using Andy's phoenix tool that my patches are present and correct.

Unfortunately, it won't flash. It is accepted by the windows frontend, and the computer reboots to flash, and then it (the bios?) rejects the image. Digitally signed?

Interestingly, if I enable the backup option from platform.ini, the saved file (at c:\SharkBay.bin) is not signed (it is smaller than the original). And... the windows frontend will reject this file as it is not signed. The message is "It only supports to flash secure BIOS on current platform The image to be updated is not a secure BIOS." I can go through the same process to patch the unsigned binary, but how to flash it?

Nothing jumps out at me in platform.ini as a way to disable this check, although I'll look through it again today. And I'll probably do a bit of disassembly on the flashing tool binaries to see if this check can be disabled from there.

Now, I'm assuming there is some way to flash this backup... otherwise what would be the point of the tool creating a backup? I do have the "BIOS back flash" option enabled in BIOS.

Is there a way to create a BIOS recovery USB and use a special key sequence on startup to initiate a flash from media with the unsigned image? What should I look for?

But at least the work of creating a patched binary is done. And even if I have to resort to a hardware programmer, I'll have the patches in hand to apply...

Maybe this way?
http://edmarhobby.blogspot.de/2013/02/le...reset.html

Hi friend,
I want to say few things about new Bioses and Manufacturers (UEFI want to be protect).
Actualy Bioses are Capsulated and Signed (RSA key) and many manufacturers are missing the Recovery Procedure !
The only ways to reflash Modded Bios are :

1. Intel FPT (used to backup Bios)
2. Recovery Mode (to Recover Bios when Flash goes wrong)

Both Methods are going to be vanishing as Manufacturers are missing Recovery Procedure and FPT cannot rewrite Bios as Eeprom is Write Protect (error 28 or 280)

Bios when is Capsulated cannot be flashed and cannot be used for Recovery Mode as can Brick laptops !
So It needs to be Decapsulated before (there is a Dirty Guide of mine) :

http://rghost.net/52544682

CodeRush has done a tool to decapsulate Bios basing on my guide !
So many Modded Bioses can be flashed only using an SPI External USB Programmer with a POMONA Soic Clip !
About the Withelist Patch You are right and I think You have done well (I can say only after checked It), but UEFIL05BIOSLock is the right one !
If You needs some help feel free to ask !
Regards

(06-11-2014, 09:02 AM)sebold Wrote: [ -> ]Maybe this way?
http://edmarhobby.blogspot.de/2013/02/le...reset.html

I will give this a try after a bit more research...

---

(06-11-2014, 01:16 PM)BDMaster Wrote: [ -> ]Hi friend,
I want to say few things about new Bioses and Manufacturers (UEFI want to be protect).
Actualy Bioses are Capsulated and Signed (RSA key) and many manufacturers are missing the Recovery Procedure !
The only ways to reflash Modded Bios are :

1. Intel FPT (used to backup Bios)
2. Recovery Mode (to Recover Bios when Flash goes wrong)

Both Methods are going to be vanishing as Manufacturers are missing Recovery Procedure and FPT cannot rewrite Bios as Eeprom is Write Protect (error 28 or 280)

Bios when is Capsulated cannot be flashed and cannot be used for Recovery Mode as can Brick laptops !
So It needs to be Decapsulated before (there is a Dirty Guide of mine) :

http://rghost.net/52544682

CodeRush has done a tool to decapsulate Bios basing on my guide !
So many Modded Bioses can be flashed only using an SPI External USB Programmer with a POMONA Soic Clip !
About the Withelist Patch You are right and I think You have done well (I can say only after checked It), but UEFIL05BIOSLock is the right one !
If You needs some help feel free to ask !
Regards

I have a backup BIOS at this point and can patch it too. I believe it is 'decapsulated' as it is exactly 8192KB and smaller than the downloaded BIOS binary. Just need to determine a (safe) way to flash it.

If I have to, I'll use an external programmer.

I will also check out CodeRush's thread (on insanelymac, right?)... and maybe even ask him what he thinks should be my next steps...

No luck with any of the recovery methods. There is something going on when you hold Fn+R during power on. Black screen for a long time before falling back into the normal boot or onekey menu (tried both power buttons). Perhaps it is waiting for a special keystroke/sequence and we don't know what it is...

I think next stop is hardware flash programmer.

BTW, here is my work-in-progress patching files/utilities, attached in u430_bios_patching.zip...

If you prefer to do the hexedit manually, here are the patches...
For PMlock, PowerMgmtDxe, F7731B4C-58A2-4DF4-8980-5645D39ECE58_301.ROM

For WiFi and WWAN lock, UEFIL05BIOSLock, 11D378C2-B472-412F-AD87-1BE4CD8B33A6_2045.ROM

A short description of the files in the ZIP:

directory: bios_u430/
Designed to be integrated into the extracted files from the Lenovo BIOS updater package (use 7-zip to extract the contents of the EXE)

bios_u430/patch.cmd - a batch file used to patch the two .MOD files in that "in-between" state after pressing Go in Andy's phoenixtool and pressing OK. It modifies the files with the three patches using patcho.
bios_u430/Patching_Notes.txt - disassembly and brief commentary on the patches required.
bios_u430/patcho.exe - utility to patch binary files given hex find and replace strings
bios_u430/platform.ini - replacement platform.ini. This one turns on backups of existing BIOS, waits for confirmation before flashing, and allows flashing same version as current

directory: patcho/
This directory contains the C source files for the patcho.exe binary
Original version by SJ_Underwater here (for Mac/Unix only): http://www.tonymacx86.com/general-help/8...tcher.html

patcho/build.cmd - batch file to build patcho using VC++ 2013 "cross x64 tools". Will copy the result to ../bios_u430 for use there in patch.cmd
patcho/patcho.c - source for patcho
patcho/unistd.h - a few macros to make it compile (NOT a full unistd.h for MS-C)

Here is what the output from patch.cmd looks like:

Look here: http://www.bios-mods.com/forum/Thread-RE...s-7CCN26WW