Forum RSS Feed Follow @ Twitter Follow On Facebook

Thread Rating:
  • 11 Vote(s) - 4.64 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[-]
Welcome
You have to register before you can post on our site.

Username:


Password:





[-]
Latest Threads
[REQUEST] Bios Unlock Asus ROG GL552VW
Last Post: retryer
Today 01:31 AM
» Replies: 123
» Views: 72224
Bricked Ms-16j9
Last Post: Venor
Yesterday 07:49 PM
» Replies: 0
» Views: 53
[REQUEST] Lenovo Thinkpad X1 Carbon Gen3...
Last Post: Dudu2002
Yesterday 03:12 PM
» Replies: 36
» Views: 14824
Sony Vaio AW11Z - Support for Quad CPU -...
Last Post: BootlegScarce
Yesterday 01:16 PM
» Replies: 9
» Views: 3508
Dell XPS 8900 bios mod - Requesting Kaby...
Last Post: Dragzilla66
Yesterday 04:15 AM
» Replies: 2
» Views: 242
MBX-160 , Rev: v1.1 , Chipset: Intel 945...
Last Post: dma
10-29-2024 10:10 PM
» Replies: 16
» Views: 13872
HOW TO FLASH MODIFIED OR ORIGINAL BIOS
Last Post: dma
10-29-2024 10:01 PM
» Replies: 19
» Views: 67701
[REQUEST] Lenovo IdeaPad Z510 (8DCNxxWW)...
Last Post: autism86
10-29-2024 03:56 PM
» Replies: 18
» Views: 8192
Optiplex 7060 SFF 9th Generation Intel C...
Last Post: peter123
10-29-2024 03:54 PM
» Replies: 61
» Views: 16219
[Request] eMachines EL1200-05w Bios Unlo...
Last Post: LePhoenixReborn
10-29-2024 03:12 PM
» Replies: 0
» Views: 96
[REQUEST] Lenovo G40-70 (9ACNxxWW) White...
Last Post: Dudu2002
10-29-2024 09:15 AM
» Replies: 37
» Views: 11591
[REQUEST] Lenovo B490 (H9ETxxWW) Whiteli...
Last Post: staroface
10-29-2024 03:08 AM
» Replies: 4
» Views: 1292
Acer Veriton M480 (G43T-AM4) and Core 2 ...
Last Post: DeathBringer
10-29-2024 01:09 AM
» Replies: 3
» Views: 161
Asus M5A99FX EVO R2.0 Bios
Last Post: ChenZhen
10-28-2024 09:44 PM
» Replies: 0
» Views: 150
[REQUEST] Lenovo G50-70 (9ACNxxWW) White...
Last Post: Dudu2002
10-28-2024 04:42 PM
» Replies: 235
» Views: 87096
Asrock ALiveNF6G-DVI AM3 support mod
Last Post: vorobaz
10-28-2024 02:12 PM
» Replies: 29
» Views: 18184
[REQUEST] Asus ROG Strix G15 G513QM Lapt...
Last Post: elfametesar
10-28-2024 06:12 AM
» Replies: 2
» Views: 724
[REQUEST] Asus ROG Strix G512LW BIOS Unl...
Last Post: Melzas
10-28-2024 02:48 AM
» Replies: 14
» Views: 3659
[REQUEST] Can I enable my integrated GPU...
Last Post: SplatPie
10-27-2024 01:20 PM
» Replies: 0
» Views: 128
[REQUEST] ECS G41T-TM Bios Mod ~ unique ...
Last Post: Akash453
10-27-2024 12:10 PM
» Replies: 20
» Views: 7958

(UEFI) Dell XPS 15z L511z modded BIOS - and HOWTO
(02-07-2012, 08:53 AM)ScruffyITA Wrote: hi, im the owner of a l502x that is mentioned on ur topic so i picked up the 550 bios mod and flashed. all was ok under windows. pc rebooted and the flash program popped up normally, so the programming process was all quite good. after 5 seconds pc rebooted and nothing happened. the caps led is on, screen is off and the fan speed is stuck at 100% and pc is frozen. any suggestion on how to rcover it?

Scruffy - the files in the first post are currently only for the 15z (L511z) so I think you may have flashed an incorrect BIOS!!

Try this. Disconnect your battery from the laptop, and leave it unplugged for 5 minutes. Reconnect everything, and power on (and pray).

Good luck!
jkbuha

find
quote
a good idead is to write 15z or l511x in the files download link or some red code with that little observation.


however in the phoenix tools ive foun that the crisisrecovery is preent or should be available also for my notebook, but cant know if i made a wrong usb stick or i press the wrong botton combination.
find
quote
(02-07-2012, 09:40 AM)ScruffyITA Wrote: a good idead is to write 15z or l511x in the files download link or some red code with that little observation.


however in the phoenix tools ive foun that the crisisrecovery is preent or should be available also for my notebook, but cant know if i made a wrong usb stick or i press the wrong botton combination.

Actually the few lines preceding the files did say that they were for the 15z only, but I've taken your point and added a red note on the first line to make sure everyone is aware that these files are for the 15z only.

Yes in theory there is a crisis recovery option present, but we've never fully tested it. What is required in theory is a FAT-formatted USB stick with PHLASH.EXE, MINIDOS.SYS and the correct BIOS.WPH file on it. You can google around for "CRISIS UEFI Recovery" for more info. Suggest you have a USB stick that flashes when active (so you'll know if/when the stick is being read by the BIOS).

Please keep us posted on this.

jkbuha
find
quote
(02-07-2012, 07:25 AM)AHMED HOSSAM Wrote: Hmmmm, seems more complex than i have expected.
I will look into this when I'm back home in 2 days.
Another thing , try noping the other call for the offest you are using.
For example, you replaced advanced with another qword, this qword was called from another routine, nop this call and make it only called from one routine .

Tried nopping the call from the previous routine, but same result.
I'm starting to suspect the hidden menus are nested in the Advanced Menu - could this be the case?

@kasar - I don't think PBE has been updated to support UEFI, and/or simulation of BIOS images. Can someone verify this and get back to us please?
find
quote
Hey Ahmed

Hope you're having a good weekend.
I've had some time to play around with modifying some of the code, and I've listed the work I've done so far:

1) I've backtraced all the calls to the 'interesting' routines - and it appears that they seem to originate (as you correctly indicated) from sub_41488. In fact, the smoking gun is at offset_4150b: lea r8,off_3e0 (where all the advanced menu text beings)

2) So far so good. So in my normal BIOS, under the Advanced Menu I get to see all the text (and options obviously) from off_3e0 to about off_2470. From off_2478 (Charger Behaviour, etc) this text is hidden from my 15z standard BIOS.

3) Maybe I haven't figured IDA out properly yet, or maybe there is a strong clue in what I'm going to point out now. If you switch to text view mode when xrefing the code at off_3e0, the code is automatically segmented as follows:

1) .text: 03e0 off_3e0 (xref from sub_41488)
2) .text: 0410 qword_410 (start of Unhidden BIOS menu options: Speedstep, Virtualization etc)
3) .text: 1458 (Unhidden BIOS options: Powershare, 1394 etc)
4) .text: 2478 (Hidden options: Charger Behaviour, Express Charge, Wireless Config)
5) .text: 34a0 (Unhidden options: Battery Health, Misc Devices (USB Ports, eSata)
5a) .text: 3900 (Hidden option: Express Card Slot) <- prob because the 15z does not have a express card slot
5b) Note: at offset 3960 there are hidden options: Modem, Microphone, Camera, 1394, Media Card, Optical, FingerPrint
6) .text: 44a8 (Unhidden options: Diagnostic Screen)
6a) Note at offset 4600 there are hidden options: lots of interesting stuff
7) .text: 54a8 (Hidden options. Really good stuff)
etc etc

Why does IDA automatically group 410, 1458, 2478, 34a0?

4) So what I modded in sub_41488 was to nop or jmp my way sequentially through all the module without prematurely ending at loc_415eb. I've attached my handiwork. Result: Advanced Menu comes back, but no hidden menus or options unlocked. At this point I'm thinking that the routine checks against some mask (r9, rdx, ecx?) to identify the available hardware and/or allowed menu options before jumping to various parts of the code. Or I've reached the limits of what I can do today Smile

Anyway it's Friday night, and I need to go out to clear my head. If you have some time to look at the file and let me know if you've picked up on something it would be greatly appreciated!

Cheers
jkbuha


Attached Files
.rar   CFEF94C4-4167-466A-8893-8779459DFA86_1_1048 - Copy.rar (Size: 55.93 KB / Downloads: 5)
find
quote
If you want to nop the jumps to the SUB_415EB , So why noping jumps inside the INT_64 routine ......... nop it in the first routine ( SUB_41488 ) and see the result if anything is unlocked .

i looked before inside strings and it seems like its hidden inside the ADVANCED tab ....... i guess no hidden tabs but its hidden menus inside the ADVANCED tab .
i will look deeply into this today .......... and try noping the SUB_415EB calls inside the SUB_41488 .


"Many of life's failures are people who did not realize how close they were to success when they gave up." Smile
find
quote
(02-11-2012, 08:48 PM)AHMED HOSSAM Wrote: If you want to nop the jumps to the SUB_415EB , So why noping jumps inside the INT_64 routine ......... nop it in the first routine ( SUB_41488 ) and see the result if anything is unlocked .

i looked before inside strings and it seems like its hidden inside the ADVANCED tab ....... i guess no hidden tabs but its hidden menus inside the ADVANCED tab .
i will look deeply into this today .......... and try noping the SUB_415EB calls inside the SUB_41488 .

The reason why I've nopped the routine (just before) the int64 code is because that's where the reference to off_3e0 happens (ie: that routine is definitely in use), but have a look and let me know what you think Smile

find
quote
EDIT: In fact I tried it just now. Nopped all premature jumps to sub_415eb in routine sub_41488. No change in result. Advanced Menu is back, but with standard options.

EDIT EDIT: I've even nopped the premature jumps in DllEntryPoint and sub_40e48, before the code gets to sub_41488 (attached). Same result.

I'm suspecting that the "allowed options" are defined as bitmasks in qword_sections between qword_280 and qword_2f0. @Ahmed have you ever come across something like this in other bios mods?


Attached Files
.rar   CFEF94C4-4167-466A-8893-8779459DFA86_1_1048 - Copy - Copy - Copy.rar (Size: 55.94 KB / Downloads: 4)
find
quote
Ok , i made this the latest possibility but there is no hidden tabs in the BIOS and its only menus inside the advanced tab .......... as these are menus not tabs , its not controlled through routines but its controlled by control bits .
the strings are connected to the strings table and the strings table is connected to the menus structure which controls what is shown or hidden .
for example ( its not true , its just example ) :-

72 0f 00 00 01 00 02 00 93 95 85 41 32 85 78

72 0f is the menu ID and 01 is the language bits ( 01 for english ) 02 means hidden while the rest of bits points to the menu name and the bits is the strings table which leads to the strings itself .

i made it the latest possibility as its complicated to knew how to find and analyse the menus structure and strings table ....... but it seems we must do this .... i will begin today but this will take sometime .


"Many of life's failures are people who did not realize how close they were to success when they gave up." Smile
find
quote
Hi guys, I'm back. I had a lot of things going on, so no time for bios modding. Smile
I see that you made great progress, that's really good. I'll try to keep up with you doing the same modding for the Vostro 3750 series. Dell just released a brand new version (A11) so it's a perfect time for modding. Smile
find
quote


Forum Jump:


Users browsing this thread: 24 Guest(s)