hahaha .. there's our VSS table we were looking for like half a year ago:
![[Image: 1qRax]](http://puu.sh/1qRax)
My theory was correct .. the padding layer holds other region data. There's FD and ME inside the PADDING-00000000_0_2.ROM .. so we have to make our way through the hassle of adapting the new PFlash.efi into the capsule. Or I guess we could try flashing ME back to 7.0.4.1197 by injecting the data into appropriate offset range in the padding.
Nope .. just swapped the 0xFFs for an entire ME firmware in the range 00038000h - 0017FFFFh
Specified the /ME flag to WinFlash and ended up having the same fw version as before flash .. no bueno.
Hey guys, what happened with GT540/550 upgrade? And kasar, did you manage to do the overvolt thing you posted a while ago? =)
(11-16-2012, 01:44 PM)humanitybg Wrote: [ -> ]Hey guys, what happened with GT540/550 upgrade? And kasar, did you manage to do the overvolt thing you posted a while ago? =)
http://forum.notebookreview.com/dell-xps...-more.html
Shortly:
- Hard to find nVidia Optimus-compatible updated roms
- Altering voltage table was a piece of cake ... but results weren't that great
(11-16-2012, 01:48 PM)TimeWalker Wrote: [ -> ] (11-16-2012, 01:44 PM)humanitybg Wrote: [ -> ]Hey guys, what happened with GT540/550 upgrade? And kasar, did you manage to do the overvolt thing you posted a while ago? =)
http://forum.notebookreview.com/dell-xps...-more.html
Shortly:
- Hard to find nVidia Optimus-compatible updated roms
- Altering voltage table was a piece of cake ... but results weren't that great
Wow, thanks for the fast response but I doubt the L502X bioses are going to be compatible with my L502z, or am I mistaken? I'm also running the modded A12 from the OP right now =)
Ught, I see .. THEY ARE NOT compatible indeed.
No point in having the voltage table altered, really .. the hard coded values for respective 2/3D clocks are there for a reason.
Basically undervolting gives more stability and less heat, overvolting on the other hand leads to stability issues and more heat generated... like a lot of stability issues.
Actually you wanna know a funny thing? Remember how MEInfoWin says there's no GbE region on this HM67 chipset?
That region after FD 00001000h - 00037FFFh which is 220 Kb .. it basically has the same header as ME v8 firmware .. not quite but similar.
![[Image: 1qUqr]](http://puu.sh/1qUqr)
So being in between FD and ME I guess these 220Kb can be used for ME region of the firmware ..
And funny enough if you take the v8 firmware from lenovo which is 17CFFFh bytes and subtract the size of ME v7 which is 145FFFh you get what ? 37000h ?
Any guesses ? Yeah correct .. that our *mystery region* in between FD and ME.
Ba dum tss:
00000000h - 00000FFFh: Flash Descriptor Region
00001000h - 00037FFFh: Extends ME
00038000h - 0017FFFFh: ME Region
00180000h - 003FFFFFh: BIOS Region
I guess even modifying the PFlash.efi won't work as these regions are just plain locked.. there's no host access to them even if it's the all mighty flasher.
So the only way to unlock is using the hardware.. props to @kasar
So now we know that there's in fact free space to flash an entire v8 ME firmware onto the chip ...
What's left is getting the flasher to work .. then according to FPT readout we have the following locks:
Code:
Lock Settings.
=======================
Host CPU master: 00 00 0B 0A
ME region master: 00 00 0D 0C
GBE region master: 18 01 08 08
So as pointed out earlier .. flashing 00 00 FF FF 00 00 FF FF 18 01 08 08 to 0x60 using a hardware flasher is the only way of unlocking this sucker.
There's no GbE apparently, so no point in unlocking it anyway ...
posting from another laptop
my l502x machine its fine,but still without reasembly.
I suceeded lifting the vcc leg and adding a switch to it.
by deactivating that switch, the computer was unable to show anything from the screen, and the delay to make the lights blink increased like 2 -3 seconds.
well I also even made another internal switch to cut power of the internal bluetooth mod.
however still no luck with the flasher, even by removing the vcc of the motherboard (I verified the weak bluetooth light disapeared)
anyway the only way to "detect" the chip "sometimes" with the software, it is by leaving the laptop turned on, and it is unstable.
I'm getting short of options plus its really annoying to have taking appart my whole main laptop constantly.
only solution I see is phisically desolder the chip and move it to the flasher, after hack it, move it back to the computer.
however I'm not that good soldering, and I'm like 70% sure if I try that, I will kill the compuer.
so all I can try is to short a little the wires and see if that help
well, another more viable option would be following
just flash the bytes required to change from the descriptor, leaving untouched the rest of the flash, even unstable, they are very little bytes to need to be changed, and probably would be able to get flashed into some small attemps, the bad thing of this software is that It seems to just allow complete flashes
any ideas?
I bet there are alternatives for LPT SPI flashers, will try look something up later. But I'm not sure that even with the lock removed it would allow to flash 2 *regions* with a new firmware.
This can be useful too:
http://write-code.blogspot.com/2012/08/p...0.html?m=1
Looks like you are missing a capacitor between vcc and gnd. Resistor nominals depend on the parrallel port impedance. Also there is an updated version of the softwarw from 2012
nevermind, just disoldered the chip and removed the flasher port from the motherboard, everything were failuring like that way.
I have now the chip In my hand, with some luck, I will be able to wire it direcly like the other guys did.
now , it is all or nothing ^^
I'm building this now
![[Image: simple_diagram.jpg]](http://4.bp.blogspot.com/-EN9HFZFkT5Y/UCXczDe11mI/AAAAAAAAARY/64Wap6-FXBM/s1600/simple_diagram.jpg)
Wishing the best of luck to you, pal!
Sent from my LG-P500 using Tapatalk 2