Interesting developments:
1) Have you looked around to see what the CAP file structure is (and what it should contain?) Also - have you found any CAP files on the net?
2) What module(s) have you extracted, and why just a part?
3) Maybe all we need to do is flash one particular module eg: the recovery.fd module and all will work?
(07-07-2012, 06:01 AM)jkbuha Wrote: [ -> ]Interesting developments:
1) Have you looked around to see what the CAP file structure is (and what it should contain?) Also - have you found any CAP files on the net?
2) What module(s) have you extracted, and why just a part?
3) Maybe all we need to do is flash one particular module eg: the recovery.fd module and all will work?
1) You can find all the structural information at wiki.phoenx.com.
2) I've tried using BIOS1.wph (the update capsule that WinFlash uses), FvRecovery.fd, the f33 module (all renamed to BIOS.cap), and a BIOS.cap file for an acer that I found on MyDigitalLife (I think). None of them would get past a short period of reading the flash drive.
Then I read something about another system's FvRecovery file basically being the entire Dxe stage of the firmware, so I thought I'd yank out the same section from my firmware and see what happened. I actually used a hex editor to do it though since Phoenix tool extract the module, but leaves a file header on it instead of a volume header.The start of the Dxe phase was at 0x18_0000 and was 0x1D_0000 bytes long.
3)I'm trying to make a volume that has the entire EFI implementation (Sec, Pei, and Dxe) within it. I also want to find out exactly what changes Winflash makes to the EFI Tables to trigger an update.
+1 dude. Well earned
Ok so we're getting somewhere. So the Dxe stage is part of recovery, but we don't have visibility of what the whole recovery structure should contain. Surely wiki.phoenix.com should tell us more?
From what I can tell, the recovery structure is just the DXE core, a PEI module that tells the system what PPI's (peim to peim interface) need to be loaded for the DXE core, the necessary platform drivers to get the system up enough to read a flash drive, and the modules that actually reflash the firmware.
Right now, I'm working on narrowing down what's necessary to have in the firmware volume that the system will allow it to load. So far, I know for sure that DxeMain.efi and SystemPpisNeededByDxeCore.efi are required.
I would like to figure out what mechanism determines that modules like DellSplashLogos get loaded while ones like EFIShell don't. Do you know of any free standalone diassemblers that will work with x64 code? The free version of IDA that I have won't let me.
On a another note, I chose not to have Dell send me a replacement motherboard. Since I already have a spare LCD and some memory, I found a refurbed board on ebay and figured I could pick up a cpu, heatsink, and power supply. That way I can use the "bad" board to experiment on while not messing up my laptop again.
I use an older (paid) version of IDA (v5) which allows me to load ROMs (in metapc mode, or x64 if required). I'm sure there are other (free) x64 disassemblers out there.
Got the new motherboard in today, so I'm back up and running. I haven't really made any real progress on recovery. I'll keep working on figuring out the recovery process, but until I get some parts to get a test system together I don't think be able to figure much out.
No worries - at least you're back on debugging mode
You've made some good progress on the recovery stub; hopefully we'll be able to pick up at some point.
Now, back to debugging the BIOS
hey all
sorry for lack of updates - been away on holiday. i'll try and work on the bios in the coming week.
ahmed/ryan - any progress your end?
Hi ryan
Just seen this on another forum, with regards to recovery file. Not sure if you've done this already?
You must extract hdr file from original bios with "xxxxxxxxx.exe /writehdrfile", rename the hdr file to "yyyy.hdr" and copy the file in the root of a fat32 stick. To recover the notebook, attach usb stick, remove battery and charger, keep "End" key pressed and plug the charger.
I'm assuming you can rename hdr file to BIOS.HDR (or BIOS.CAP?) but just for you to check (if you're still interested in recovery?). Unfortunately it doesnt work for the 15z because you cannot remove battery, but perhaps it works for the L502x and L702x?
Yeah I had read that and tried it. I can't remember why it didn't work, but it didn't. lol
My job has had me on a horrible schedule (10 days straight at one point) that the most I've been capable of lately has been finding my bed. Now, even though I'm back to a regular schedule, I've got classes starting back up and I'll barely have time to sleep and get homework done, much less anything extra. It'll probably be mid-December before I can get back to tinkering with this.