mbeifuss Posted August 1, 2010 Share Posted August 1, 2010 I have figured this InsydeFlash thing out. I used the F.34 BIOS for a Compaq Presario C700 series. And using all of the tips on how to use the EzH2O and WinHex tools, I was able to figure out the byte that needed to be changed to ignore the PCIe wireless whitelist altogether. After not being able to find my subsys codes, I started looking around a bit. I found the 104 - Unsupported wireless network device detected string in the memory dump and the Microsoft EXE signature just above which lead to the breakthrough (at least for me). What follows is a general procedure to allow you to modify your own BIOS safely (I hope). 1. obtain your bios.fd file obtained from HP (or whatever manufacturer) 2. use Insyde BIOS editor - EZH2O (I used EZH20 2.1.0.4) 3. run exh2o.exe, open the file bios.fd 4. run WINHEX 5. Tools -> OpenRAM -> Ezh2o -> Entire Memory 6. Find HEX Values -> «31 00 30 00 34 00 2d 00 55», this should be the be the first part of the '104-U...' error string in wide character format (2 bytes/char) see step1.jpg. 7. from here search up and find HEX values «4d 5a», you can just scroll up a few pages till you see 'MZ' in the ASCII pane. This is the code that MS uses for start of an EXE. Somewhere between here and the 104 string is where we need to find and modify the JNZ (byte code 75) 8. You will notice that there is a lot of blank space around and below the 'MZ', this is header information and is of no interest. Scroll down till the ASCII pane no longer is mostly blanks, about a page, you should see «55 8b ec», this is the start of the program and is setting up the stack 9. Now click on the 55 and drag the mouse down to the next 'MZ' code about 1-2 pages on my BIOS, and then click Edit -> Copy Block -> Into New File and name the file Something.com. The .com is important as we will load it with debug. Refer to step2.jpg. 10. Open a command prompt and navigate to where you saved the file and type debug something.com, you should get a '-' prompt, type u and hit enter and you should see something like this. See step3.jpg. The first column is memory addresses, the 2nd column is instruction bytes and the rest are Intel mnemonics. 11. Now we need some elementary assembly skills to find what we are looking for. Debug will show the mnemonics for the instructions. Debug doesn't handle 386 instructions well so you may see a few ??? but we should be able to find what we need. Look for a test al,al followed by a jnz {address}. The unassemble should have addresses on the left and they should correspond to the addresses in the debug so you can then -u {address} to see what happens at the jump to locations. See step4.jpg. 12. Now that we know what to change write down a about 6 or so of the bytes ending with the 75 and the following byte (27 in the step 4 example) and go back to WinHex and from the start of our program (the «55 8b ec» bytes) search for the bytes you recorded. Make sure everything around matches your debug window and replace 75 (JNZ short) with eb (JMP short). eb is an unconditional jump and will exit the routine so we don't get to the infinite loop. See step5.jpg. 13. In WinHex save your change by clicking on the disk icon 14. Switch to EzH2O, File -> Save AS 15. Put your modified BIOS (and only that BIOS) where the flash utility can find it and start InsydeFlash and let it do it's thing. 16. Sometimes after flashing the machine may appear bricked but turn it off remove power and battery and then reapply power and turn it on. If it still doesn't come up Google for the procedure to use a USB memory stick to get your computer back. Might be a good idea to prepare the flash drive before you flash your BIOS. I have attached my F.34 flash file that I fixed. You can compare that to the one from HP in WinHex to see or use my modded BIOS. 30d9f34mb.zip Cheers, Mark 1 Link to comment Share on other sites More sharing options...
bastian433 Posted August 4, 2010 Share Posted August 4, 2010 This isn't so easy as I hoped it would be, still very nice of you to post this I am frustrated that my intel 5300 wireless doesn't work... My 104 error is at offset 58D1896 If I search up I get to 058AE620, this is where my MZ seems to start 2 lines above is the word PostKeyFnDrv From step 7 I don't get it quite well, I don't know where to start copying. I see the MZ, .text .rdata, this is probably the start of the header... but where it ends... It is only a few lines, not the described pages, unless you have a 640 x 480 resolution. the 55 8b ec is about 400 pages down... I am trying to edit the .fd file extracted from this file ftp:// ftp.hp.com/pub/softpaq/sp48501-49000/sp48896.exe It is the bios file for a HP dv7-3030ed Link to comment Share on other sites More sharing options...
mbeifuss Posted August 6, 2010 Author Share Posted August 6, 2010 It appears that there are two sizes of Insyde BIOS (1MB & 2MB). The 2MB is a completely different animal and I'm currently looking into it to see if I can find where it does the test for the wireless cards. It may take awhile as the tools aren't great. I could use a good 80x86 disassembler one where I can save the mnemonics to a file so I can use search tools. Any one know of a good one (free would be good). Link to comment Share on other sites More sharing options...
Onedesign1 Posted October 19, 2010 Share Posted October 19, 2010 I have attached my F.34 flash file that I fixed. You can compare that to the one from HP in WinHex to see or use my modded BIOS. 30d9f34mb.zip Cheers, Mark Mark...Thank you so much for this mod. I just received Gigabyte Aircruiser 300n and my laptop would not accept it.. So 5 hours later I'm up and running thanks to you. I have never hacked a bios but was ready and willing, finding the utilities and tools planning to follow your instructions. But whats even better, once I found this version of your post (its in several places with and without attachments), with your mod'd F.34 for C700 I just went with it. Piece of cake. moved out the HP version, moved in your version, flashed it, shut down, install new card, hit power button and...viola! Maybe 5 minutes total once I had your file! You da man! Anyone who reads this and has a C700 I confirm this version works to knockout the whitelist issue for a new network card. Thanks so much. Perry Link to comment Share on other sites More sharing options...
mbeifuss Posted October 19, 2010 Author Share Posted October 19, 2010 You're welcome. You should however probably use your own machines BIOS as you may lose some functionality or stability. Cheers, Link to comment Share on other sites More sharing options...
Chad Cartee Posted November 9, 2010 Share Posted November 9, 2010 I've tried following the instructions but can not find test al,al in my something.com. I am trying to remove the whitelist for the following bios for my dv5-1003nr: ftp://ftp.hp.com/pub/softpaq/sp46501/sp46501.exe I am running Windows 7 64-bit so had to run XP Mode to run debug. I have attached my something.com in a zip file as well. Any help is greatly appreciated. something.zip Link to comment Share on other sites More sharing options...
mbeifuss Posted November 10, 2010 Author Share Posted November 10, 2010 There are two bios files in the zip from HP. I don't know which one that is of interest. It appears that they have changed things up a bit. However the file 30F2F38.FD, which is the one I looked at has the same logic. Following the instructions in the first post replacing the searches and debugs with this search for these bytes in Winhex: 00 00 00 e8 72 ff ff ff 84 c0 75 7e 48 There should only be one hit. change the 75 to eb. and finish the instructions. If you need the other file you can try the above search string and see if you get a hit. Link to comment Share on other sites More sharing options...
JuzzMann Posted November 30, 2010 Share Posted November 30, 2010 can some please tell me what to do with the .FD file attached in the first post. Thanks in advance! Justin Link to comment Share on other sites More sharing options...
nightalon Posted December 18, 2010 Share Posted December 18, 2010 I shouldn't be messing with this, but studying for my exams instead...since I ran into a roadblock I'll ask my question and revisit this after Christmas: I am interested in purchasing an EliteBook 8540w, but only if I can patch the BIOS to accept any WIFI or WWAN card. So I downloaded the latest BIOS, found the .bin file, opened it with EzH2O, examined it with WinHex, but then things got a bit nasty. First off, there are two separate warnings, 104 for the WIFI and 105 for the WWAN. Additionally, the .bin file was a 3 MB BIOS! EZH2O managed to separated it into several .fd files. However, if I saved the .fd file from EZH2O, I could not find the WIFI and WWAN error strings anymore, so I went back to the .bin file. Creating the .com files was something of a challenge, since the 55 8b ec series was very, very far from the MZ marker. So I created two separate .com files; the first copies from the 55 to the next MZ, where as the second (somethingelse.com) copies from one MZ to the next. I run Win7-64, so the debugger didn't work, even after installing MS's Windows debug tools. Copying debug.exe from a 32-bit install also didn't work. So I tried running the debugger on the 32-bit machine, but I only got gibberish out of it! Lastly I remembered to try XP Mode. This provided more fruitful results, but since the EliteBook is a fairly complex model with a 3 MB BIOS, I think the TEST command compares a pointer with a fixed value rather than AL,AL. I really can't be sure, so I've attached my two different .com files, and if anyone would be willing to give me a hand, I'd be most grateful! I've never done any BIOS hacking, really, so it was nice to learn about assembly code. A bit like a EE class I once took where we designed our own 8-bit CPU on an FPGA. Thanks, Nightalon NYC something.com.txt somethingelse.com.txt Link to comment Share on other sites More sharing options...
phu_dj Posted December 27, 2010 Share Posted December 27, 2010 hey man, this method working for hp dv200 series? Link to comment Share on other sites More sharing options...
NIXin Posted December 30, 2010 Share Posted December 30, 2010 Thanks a lot for this great explanation mbeifuss, works great for all of HP DV6-2xxx, DV7-3xxx and DV8 bioses. If anybody is interested in the modded DV8 BIOS, I'm posting it below. This bios was tested and it works, so it should be safe to flash, but in case something goes wrong, write here and we'll help you recover your old BIOS via USB flash drive. I don't take any responsibility if you brick or damage your laptop, though. Unpack and Flash in Windows by running InsydeFlash.exe. http://improwizuj.pl/temp/dv8-WIFIunlocked-bios.rar Debugging method shown here: Cheers, NIXin Link to comment Share on other sites More sharing options...
Hugo_bee Posted September 26, 2011 Share Posted September 26, 2011 in my f1a bios dv6 6132sl I cannot find that sequence I used winhex with the gap.. but.. because I'm not sure.. I saved test.com starting from MZ ending to the second MZ i mean: from point 7 to 9 so it contains the minimum gap necessary to extract the data.. I suppose! Link to comment Share on other sites More sharing options...
mbeifuss Posted September 27, 2011 Author Share Posted September 27, 2011 I don't see any of the markers that would indicate this code has the traits that would allow us to modify it. I do see what looks like a list of wifi cards. Is this a 2MB BIOS? I didn't spent a lot of time on the 2MB so I never got anywhere with it. If not do you have a link to the full bios so I can take a look? Link to comment Share on other sites More sharing options...
Hugo_bee Posted October 1, 2011 Share Posted October 1, 2011 -Motherboard Model: Pavillion DV6-6132sl -Bios revision:F.1A -Bios Type: INSYDE BIOS -Bios Download Link: ftp://ftp.hp.com/pub/softpaq/sp54001-54500/sp54024.exe Need to white list Half mini pci-e WLan 802.11n + Bluetooth 3.0 COMBO CARD WIRELESS MODULE: RALINK RT3090 WIRELESS SPEED: 150Mbps BLUETOOTH: VERSION 3.0 + HS BLUETOOTH MODULE: CSR BC04 but the card is not arrived yet from HK so I prefer to do this better hack (DEBUG) the SLIC is not necessary!.. as you wish also.. if it's possible.. to have always enable the power (F12 damned) to bypass the enabling of the wlan.. because the F12 on/off run only under the Windows operating system!!! (I think it commands the EC register.. mah) thanks ugo!! Link to comment Share on other sites More sharing options...
mbeifuss Posted October 1, 2011 Author Share Posted October 1, 2011 That HP link isn't working. Can you tell if it is a 2MB BIOS? If so I haven't worked on that and I don't have a lot of time right now to work on it. Link to comment Share on other sites More sharing options...
xilef Posted May 10, 2012 Share Posted May 10, 2012 I'm impressed and extremely grateful. I joined the forum to download the the f.34 bios. I took the two tests just to post. I don't know a thing about Mac's, so it'll probably be my only post. I'm working on a Compaq A900 that uses the f.34 BIOS. Updated to this version and NO MORE WHITELIST! I had another OEM wifi card in the shop, but it failed the same way the original did. Popped in an Intel while the computer was still running. Windows identified it, installed the drivers and it connected. Got the boot message and knew it wasn't a hardware problem. Searched for a bit and wound up here pretty quickly. I've noticed this problem with several OEM cards and 64 bit Vista and possibly 64 bit 7. The OEM card is AR5BXB63-H THANK YOU! Link to comment Share on other sites More sharing options...
jaagut Posted July 24, 2012 Share Posted July 24, 2012 hi, i have dv6-6c06tx. This machine has current Bios Version/Date: F.16 / 3-22-2012 New Bios is here: http://h10025.www1.hp.com/ewfrf/wc/softwareDownloadIndex?softwareitem=ob-106024-1&cc=ph&dlc=en&lc=en&os=4063&product=5207947&sw_lang= I want to mod the new BIOS, so that I can replace the Intel Centrino Wifi card with BCM9422MC for my hackintosh machine. Problem is, however I have have no tools to do it and I could not find the EzH20 tool that is compatible for it. Also the FD file is a bin file (017FC.bin). Could someone help me? Link to comment Share on other sites More sharing options...
oSxFr33k Posted April 13, 2018 Share Posted April 13, 2018 On 8/1/2010 at 10:37 AM, mbeifuss said: I have figured this InsydeFlash thing out. I used the F.34 BIOS for a Compaq Presario C700 series. And using all of the tips on how to use the EzH2O and WinHex tools, I was able to figure out the byte that needed to be changed to ignore the PCIe wireless whitelist altogether. After not being able to find my subsys codes, I started looking around a bit. I found the 104 - Unsupported wireless network device detected string in the memory dump and the Microsoft EXE signature just above which lead to the breakthrough (at least for me). What follows is a general procedure to allow you to modify your own BIOS safely (I hope). 1. obtain your bios.fd file obtained from HP (or whatever manufacturer) 2. use Insyde BIOS editor - EZH2O (I used EZH20 2.1.0.4) 3. run exh2o.exe, open the file bios.fd 4. run WINHEX 5. Tools -> OpenRAM -> Ezh2o -> Entire Memory 6. Find HEX Values -> «31 00 30 00 34 00 2d 00 55», this should be the be the first part of the '104-U...' error string in wide character format (2 bytes/char) see step1.jpg. 7. from here search up and find HEX values «4d 5a», you can just scroll up a few pages till you see 'MZ' in the ASCII pane. This is the code that MS uses for start of an EXE. Somewhere between here and the 104 string is where we need to find and modify the JNZ (byte code 75) 8. You will notice that there is a lot of blank space around and below the 'MZ', this is header information and is of no interest. Scroll down till the ASCII pane no longer is mostly blanks, about a page, you should see «55 8b ec», this is the start of the program and is setting up the stack 9. Now click on the 55 and drag the mouse down to the next 'MZ' code about 1-2 pages on my BIOS, and then click Edit -> Copy Block -> Into New File and name the file Something.com. The .com is important as we will load it with debug. Refer to step2.jpg. 10. Open a command prompt and navigate to where you saved the file and type debug something.com, you should get a '-' prompt, type u and hit enter and you should see something like this. See step3.jpg. The first column is memory addresses, the 2nd column is instruction bytes and the rest are Intel mnemonics. 11. Now we need some elementary assembly skills to find what we are looking for. Debug will show the mnemonics for the instructions. Debug doesn't handle 386 instructions well so you may see a few ??? but we should be able to find what we need. Look for a test al,al followed by a jnz {address}. The unassemble should have addresses on the left and they should correspond to the addresses in the debug so you can then -u {address} to see what happens at the jump to locations. See step4.jpg. 12. Now that we know what to change write down a about 6 or so of the bytes ending with the 75 and the following byte (27 in the step 4 example) and go back to WinHex and from the start of our program (the «55 8b ec» bytes) search for the bytes you recorded. Make sure everything around matches your debug window and replace 75 (JNZ short) with eb (JMP short). eb is an unconditional jump and will exit the routine so we don't get to the infinite loop. See step5.jpg. 13. In WinHex save your change by clicking on the disk icon 14. Switch to EzH2O, File -> Save AS 15. Put your modified BIOS (and only that BIOS) where the flash utility can find it and start InsydeFlash and let it do it's thing. 16. Sometimes after flashing the machine may appear bricked but turn it off remove power and battery and then reapply power and turn it on. If it still doesn't come up Google for the procedure to use a USB memory stick to get your computer back. Might be a good idea to prepare the flash drive before you flash your BIOS. I have attached my F.34 flash file that I fixed. You can compare that to the one from HP in WinHex to see or use my modded BIOS. 30d9f34mb.zip Cheers, Mark Do you have the original unmodified file so I can compare? Link to comment Share on other sites More sharing options...
Recommended Posts