Login

**gabiz_ro** · 04-07-2014, 05:58 PM

Bios in case is G62 SP55430.exe
Since I can flash BIOS chip on external programmer,maybe there is a way to skip RSA check at BIOS initialization.
Or maybe patch CryptSHA1 and Sha1AndRsa to dummy or to replay fake (required) data.
But is just an idea,and my disassembly skills tend to 0.
Anyway maybe someone will have time to investigate this.

Full 4MB dump

**donovan6000** · (This post was last modified: 04-07-2014, 07:38 PM by donovan6000.)

The signature verification check(s) occur every time your computer starts up. Flashing the rom through different methods is not going to bypass these checks since they exists directly in the rom's code.

The only 2 ways I can think of are: 1. Generate your own private and public RSA keys and replace the existing ones and sign the image with those. 2. Find and bypass the start up check(s) in the code.

**gabiz_ro** · 04-08-2014, 02:30 AM

I know that flashing external won't bypass checks.
I mentioned this for explain,no fear to brick or to experiment.
Second variant is what I talk about.
Bypass startup check.

**gabiz_ro** · (This post was last modified: 04-11-2014, 04:23 PM by gabiz_ro.)

I try to disassembly Sha1AndRsa
Here I see some references to three modules.

298CAC74-76C2-4705-8DD2-26E44664E93D Public KEY
9FF956FE-7E07-487B-ACAC-185EE6367EAC Public KEY
C783CC01-82AE-48A2-A5FF-54C5B3A0E04D SHA-1 of CryptRSA.efi from diagnostic partition

Maybe is somehow related with RSA

Code:
00000000 01 CC 83 C7 AE 82 A2 48 A5 FF 54 C5 B3 A0 E0 4D .ÌƒÇ®‚¢H¥ÿTÅ³ àM

00000010 04 E5 02 40 4C 00 00 F8 34 00 00 02 B0 CD 1B FC .å.@L..ø4...°Í.ü

00000020 31 7D AA 49 93 6A A4 60 0D 9D D0 83 1C 00 02 00 1}ªI“j¤`.Ðƒ....

00000030 42 DD 62 35 18 00 00 19 63 32 43 6A 0A D4 69 4D BÝb5....c2Cj.ÔiM

00000040 B2 D0 A5 E0 C0 4B 2E BE 7A 23 5A E2             ²Ð¥àÀK.¾z#Zâ

00-0Fh module name
10-33h unknown data
34-37h header?
38-4Bh module content

maybe somebody with knowledge can understand more than me.

**gabiz_ro** · 04-11-2014, 04:15 AM

Maybe I found a way to bypass semibrick state.
Tested now few changes in BIOS setup,and save and exit,and survived,no semibrick.
Need to do more test to be sure.

Until then can somebody unlock everithing is available and remove whitelist on SP55430 BIOS?
Thanks.

**BDMaster** · (This post was last modified: 04-12-2014, 05:10 AM by BDMaster.)

(04-11-2014, 04:15 AM)gabiz_ro Wrote: Maybe I found a way to bypass semibrick state.
Tested now few changes in BIOS setup,and save and exit,and survived,no semibrick.
Need to do more test to be sure.

Until then can somebody unlock everithing is available and remove whitelist on SP55430 BIOS?
Thanks.

Hi friend,
Donovan is bigger expert on HP RSA Bios and He did many wonderful
mods on these bioses, so I think He is the only one can do a miracle
on It !
I know as He said that only so far sp5xxxx.exe It's possible to mod bios
and You are talking about an sp5 not sp6 and I would like to know what
is your technique to bypass semibrick !
Would You share your knowledge ?
I studied many HP bioses and the last Camiloml's bioses suffered of semibrick,
but Donovan's not !
Donovan modded some sp6 too, so I hope He will explain better what are You saying.
Thanks for your efforts in this research.
Regards

**gabiz_ro** · 04-12-2014, 06:41 AM

Camiloml moded bios sp55430 also semibrick my laptop even if I modified in same way like for original one.
At this moment all is working fine,no semibrick on saving Bios settings,all option unlocked,no white list.
Only one little problem.At power on (didn't test on resume) wireless is powered off,need to press Fn key combination to turn on.
Also EFI have no way of booting,except CryptRSA method selecting diagnostics.

I think method is better to not make it public on widew internet,since if is working for more laptops,HP could easy block it.

**donovan6000** · 04-12-2014, 12:24 PM

Lol I didn't even look at the bios version he was using. Yeah, the sp55430 bios are moddable. The only place where their signature is verified is from InsydeFlash.exe, and that's easily bypassable. When HP first started incoporating the RSA portection into their bios, they only had the flasher verify it. Then near the end of 2011, then started having the rom verify itself every time your computer starts. The later bios are unmoddable, however the former are Big Grin

The problem with Camiloml's modded RSA bios is that the version of Andy's tool he was using did not properly update the checksum bytes for the EFI modules that were modified. When I first modded my bios, which are moddable RSA, I used Ezh20 to open the rom and I directly modded the location in ram that Ezh20 had extracted the rom to. I didn't know about the checksum bytes in the EFI header, so I didn't update them. The resulting modded rom seemed to work at first, but would quickly brick due to the checksums. All modern EFI bios editors, like UEFITool, no longer have this checksum problem, so that's why the bricking issue is gone Tongue

And I hate the term semi-brick. All bricks are recoverable as long as you have the right tools. This is why you will rarley hear me say semi-brick. A brick by any other name is still a brick Wink

I've modded only one sp6xxx bios, and that was the sp61028. This is only because this bios was one of the former moddable RSA bios. I didn't do anything special with it.

The mthods to remove the wifi and bluetooth whitelists still result in issues occasionally. This is probably causing the problem with the startup wireless off. You can cover one of the pins on the wifi card with electrical tape to prevent it from being switched on/off. I don't remember which one it is, but I'm sure BDMaster does Smile

And your stuck with legacy with those bios. HP decided to remove much of the EFI functionality aside from the diagnostics tool. I was able to boot into EFI in a very non ideal way though Undecided

**gabiz_ro** · 05-04-2014, 08:21 PM

Finally I removed whitelist and have working from startup wireless switch.
For anyone who may need,BIOS is for G62, Intel i3 with ATI,original name SP55430,board id 1439,version F48.
Unlocked all menu,even added one option but all related to EFI isn't working.
Inside archive there is CryptRsa.efi (in fact is Efi shell),if you need it.
Prepare USB drive with HP tools software,rename original to something else and put that one in place.Press F2 at power on.
BIOS link

Andreww!!! · 03-18-2015, 05:04 PM

(05-04-2014, 08:21 PM)gabiz_ro Wrote: Finally I removed whitelist and have working from startup wireless switch.
For anyone who may need,BIOS is for G62, Intel i3 with ATI,original name SP55430,board id 1439,version F48.
Unlocked all menu,even added one option but all related to EFI isn't working.
Inside archive there is CryptRsa.efi (in fact is Efi shell),if you need it.
Prepare USB drive with HP tools software,rename original to something else and put that one in place.Press F2 at power on.
BIOS link

hi, do u think i can get this bios for my laptop? IT's a g62, board id 1439, version f48, but with i5 460m cpu and Ati 5470m (switchable graphics). thank you

Login
Username:
Password:	Lost Password?
	Remember me