Jump to content

Ousret

Members
 View Profile  See their activity

  • Content count

    8

  • Joined

  • Last visited

Community Reputation

0 Neutral

See reputation activity

About Ousret

  • Rank
    InsanelyMac Protégé

  1. [UEFIPatch] UEFI patching utility

    Ousret replied to CodeRush's topic in UEFI

    Laptop now bricked because of NVRAM -_-" Fu$$$$ ASUS! I never thought it could have an impact like this one .. So! User with 2012 - Today, laptop mobo ASUS ! Don't try to touch NVRAM.

  2. [UEFIPatch] UEFI patching utility

    Ousret replied to CodeRush's topic in UEFI

    Thank to you, BlackSheep VS RustyNail, I do have found another way to dump my NVRAM without any problems. But now, I don't know what to change in there ^^ I do have attached my NVRAM, open it with Hex Editor. I can replace NVRAM, ^^ Hope we can found something related to SMI Lock in there But I can't see anything related to it for now ASUS did not do the job half the way nvram.zip

  3. [UEFIPatch] UEFI patching utility

    Ousret replied to CodeRush's topic in UEFI

    Thank^^ https://www.bios-mods.com/forum/Thread-READ-FIRST-Access-Advanced-settings-through-EFI-shell Seem to be very interesting ^^ According to him, we can modify BIOS option through EFI app. I will test this and report here when it's done ^^ Some hope for me ^^

  4. [UEFIPatch] UEFI patching utility

    Ousret replied to CodeRush's topic in UEFI

    Ah. I just need to remove SMI Lock in NVRAM. But not very easy anyway. Any repo where I can find nvram.c for Linux ? Thank you.

  5. [UEFIPatch] UEFI patching utility

    Ousret replied to CodeRush's topic in UEFI

    > SCEDOS /O MyCMOS.txt > SCEDOS /I MyCMOS.txt I tried to dump the CMOS with your command. It does not work because it won't accept /o alone, he want /o /s SCEDOS /O MyCMOS.txt does nothing SCEDOS /O /S MyCMOS.txt display the same ERROR4: Thank you anyway Here is another tool to dump / write NVRAM for Aptio EFI ?

  6. [UEFIPatch] UEFI patching utility

    Ousret replied to CodeRush's topic in UEFI

    Thank you for your answer. BIOS Lock is set to 1. Unable to change it. SCEWIN_64 does not work. The program report ERROR4: Error [.....] HII db. Even with SCEDOS NVRAM locked I guess. No luck for me at all ^^ Every AFU tools say: Write protected.. And nothing goes on. I will look at SPI Flasher.. but damn! I was so close..! x)

  7. [UEFIPatch] UEFI patching utility

    Ousret replied to CodeRush's topic in UEFI

    I do have tried this method on my laptop ASUS F750J with HM86 express chipsets. Thank to you i do have unlocked my Desc region and i've unlocked all regions.. like you explained. Reboot succesfully with desc region modded. But I can't flash the bios region anyways.. I'm out of luck. Here is a screenshot And i'm currently on ME debug mode. With or without ME debug, i've the same output when i try to write on bios region. I think that this case could interest you If anyone has any idea, i'm ready to try it if it not too much suicide ^^. Thank Do i need to modify ME region ? if yes own can i do it ? By the way i'm french, sorry for my english ^^ Edit: flashrom. Calibrating delay loop... OS timer resolution is 1 usecs, 3170M loops per second, 10 myus = 9 us, 100 myus = 97 us, 1000 myus = 963 us, 10000 myus = 9769 us, 4 myus = 3 us, OK. Initializing internal programmer No coreboot table found. Using Internal DMI decoder. No DMI table found. Found chipset "Intel HM86" with PCI ID 8086:8c49. This chipset is marked as untested. If you are using an up-to-date version of flashrom *and* were (not) able to successfully update your firmware with it, then please email a report to flashrom@flashrom.org including a verbose (-V) log. Thank you! Enabling flash write... Root Complex Register Block address = 0xfed1c000 GCS = 0xc61: BIOS Interface Lock-Down: enabled, Boot BIOS Straps: 0x3 (SPI) Top Swap : not enabled 0xfff80000/0xffb80000 FWH IDSEL: 0x0 0xfff00000/0xffb00000 FWH IDSEL: 0x0 0xffe80000/0xffa80000 FWH IDSEL: 0x1 0xffe00000/0xffa00000 FWH IDSEL: 0x1 0xffd80000/0xff980000 FWH IDSEL: 0x2 0xffd00000/0xff900000 FWH IDSEL: 0x2 0xffc80000/0xff880000 FWH IDSEL: 0x3 0xffc00000/0xff800000 FWH IDSEL: 0x3 0xff700000/0xff300000 FWH IDSEL: 0x4 0xff600000/0xff200000 FWH IDSEL: 0x5 0xff500000/0xff100000 FWH IDSEL: 0x6 0xff400000/0xff000000 FWH IDSEL: 0x7 0xfff80000/0xffb80000 FWH decode enabled 0xfff00000/0xffb00000 FWH decode enabled 0xffe80000/0xffa80000 FWH decode enabled 0xffe00000/0xffa00000 FWH decode enabled 0xffd80000/0xff980000 FWH decode enabled 0xffd00000/0xff900000 FWH decode enabled 0xffc80000/0xff880000 FWH decode enabled 0xffc00000/0xff800000 FWH decode enabled 0xff700000/0xff300000 FWH decode disabled 0xff600000/0xff200000 FWH decode disabled 0xff500000/0xff100000 FWH decode disabled 0xff400000/0xff000000 FWH decode disabled Maximum FWH chip size: 0x100000 bytesSPI Read Configuration: prefetching enabled, caching enabled, BIOS_CNTL = 0x0a: BIOS Lock Enable: enabled, BIOS Write Enable: disabled Warning: Setting Bios Control at 0xdc from 0x0a to 0x09 failed. New value is 0x0a. SPIBAR = 0x00000001000ca000 + 0x3800 0x04: 0xf008 (HSFS) HSFS: FDONE=0, FCERR=0, AEL=0, BERASE=1, SCIP=0, FDOPSS=1, FDV=1, FLOCKDN=1 Warning: SPI Configuration Lockdown activated. Reading OPCODES... done OP Type Pre-OP op[0]: 0x02, write w/ addr, none op[1]: 0x03, read w/ addr, none op[2]: 0x20, write w/ addr, none op[3]: 0x05, read w/o addr, none op[4]: 0x9f, read w/o addr, none op[5]: 0x01, write w/o addr, none op[6]: 0x00, read w/o addr, none op[7]: 0x00, read w/o addr, none Pre-OP 0: 0x06, Pre-OP 1: 0x00 0x06: 0x0000 (HSFC) HSFC: FGO=0, FCYCLE=0, FDBC=0, SME=0 0x08: 0x00000000 (FADDR) 0x50: 0x0000ffff (FRAP) BMWAG 0x00, BMRAG 0x00, BRWA 0xff, BRRA 0xff 0x54: 0x00000000 FREG0: Flash Descriptor region (0x00000000-0x00000fff) is read-write. 0x58: 0x07ff0400 FREG1: BIOS region (0x00400000-0x007fffff) is read-write. 0x5C: 0x03ff0001 FREG2: Management Engine region (0x00001000-0x003fffff) is read-write. 0x60: 0x00007fff FREG3: Gigabit Ethernet region is unused. 0x64: 0x00007fff FREG4: Platform Data region is unused. 0x74: 0x00000000 (PR0 is unused) 0x78: 0x00000000 (PR1 is unused) 0x7C: 0x00000000 (PR2 is unused) 0x80: 0x00000000 (PR3 is unused) 0x84: 0x00000000 (PR4 is unused) 0x90: 0xc4 (SSFS) SSFS: SCIP=0, FDONE=1, FCERR=0, AEL=0 0x91: 0xfc4130 (SSFC) SSFC: SCGO=0, ACS=0, SPOP=0, COP=3, DBC=1, SME=0, SCF=4 0x94: 0x0006 (PREOP) 0x96: 0x043b (OPTYPE) 0x98: 0x05200302 (OPMENU) 0x9C: 0x0000019f (OPMENU+4) 0xA0: 0x00000000 (BBAR) 0xC4: 0x80802045 (LVSCC) LVSCC: BES=0x1, WG=1, WSR=0, WEWS=0, EO=0x20, VCL=1 0xC8: 0x00002045 (UVSCC) UVSCC: BES=0x1, WG=1, WSR=0, WEWS=0, EO=0x20, VCL=0 0xD0: 0x50444653 (FPB) Reading flash descriptors mapped by the chipset via FDOC/FDOD... done. === Content Section === FLVALSIG 0x0ff0a55a FLMAP0 0x02040003 FLMAP1 0x15100206 FLMAP2 0x00210120 --- Details --- NR (Number of Regions): 3 FRBA (Flash Region Base Address): 0x040 NC (Number of Components): 1 FCBA (Flash Component Base Address): 0x030 ISL (ICH/PCH Strap Length): 21 FISBA/FPSBA (Flash ICH/PCH Strap Base Address): 0x100 NM (Number of Masters): 3 FMBA (Flash Master Base Address): 0x060 MSL/PSL (MCH/PROC Strap Length): 1 FMSBA (Flash MCH/PROC Strap Base Address): 0x200 === Component Section === FLCOMP 0x64900044 FLILL 0x00000000 --- Details --- Component 1 density: 8 MB Component 2 is not used. Read Clock Frequency: 20 MHz Read ID and Status Clock Freq.: 50 MHz Write and Erase Clock Freq.: 50 MHz Fast Read is supported. Fast Read Clock Frequency: 50 MHz No forbidden opcodes. === Region Section === FLREG0 0x00000000 FLREG1 0x07ff0400 FLREG2 0x03ff0001 FLREG3 0x00007fff FLREG4 0x00007fff --- Details --- Region 0 (Descr.) 0x00000000 - 0x00000fff Region 1 (BIOS ) 0x00400000 - 0x007fffff Region 2 (ME ) 0x00001000 - 0x003fffff Region 3 (GbE ) is unused. Region 4 (Platf.) is unused. === Master Section === FLMSTR1 0xffff0000 FLMSTR2 0xffff0000 FLMSTR3 0xffff0118 --- Details --- Descr. BIOS ME GbE Platf. BIOS rw rw rw rw rw ME rw rw rw rw rw GbE rw rw rw rw rw PROBLEMS, continuing anyway The following protocols are supported: FWH, SPI. Probing for Macronix MX25L6405(D), 8192 kB: probe_spi_rdid_generic: id1 0xc2, id2 0x2017 Found Macronix flash chip "MX25L6405(D)" (8192 kB, SPI) at physical address 0xff800000. Chip status register is 0x40. Chip status register: Status Register Write Disable (SRWD, SRP, ...) is not set Chip status register: Bit 6 is set Chip status register: Block Protect 3 (BP3) is not set Chip status register: Block Protect 2 (BP2) is not set Chip status register: Block Protect 1 (BP1) is not set Chip status register: Block Protect 0 (BP0) is not set Chip status register: Write Enable Latch (WEL) is not set Chip status register: Write In Progress (WIP/BUSY) is not set This chip may contain one-time programmable memory. flashrom cannot read and may never be able to write it, hence it may not be able to completely clone the contents of this chip (see man page for details). Block protection is disabled. Reading flash... done. Restoring MMIO space at 0x1000cd8a0 Restoring PCI config space for 00:1f:0 reg 0xdc Calibrating delay loop... OK. No DMI table found. Found chipset "Intel HM86". This chipset is marked as untested. If you are using an up-to-date version of flashrom *and* were (not) able to successfully update your firmware with it, then please email a report to flashrom@flashrom.org including a verbose (-V) log. Thank you! Enabling flash write... Warning: Setting Bios Control at 0xdc from 0x0a to 0x09 failed. New value is 0x0a. Warning: SPI Configuration Lockdown activated. PROBLEMS, continuing anyway Found Macronix flash chip "MX25L6405(D)" (8192 kB, SPI) at physical address 0xff800000. Reading old flash chip contents... done. Erasing and writing flash chip... Transaction error! spi_block_erase_20 failed during command execution at address 0x430000 Reading current flash chip contents... done. spi_block_erase_d8 failed during command execution at address 0x430000 Reading current flash chip contents... done. spi_chip_erase_60 failed during command execution Reading current flash chip contents... done. spi_chip_erase_c7 failed during command execution FAILED! Uh oh. Erase/write failed. Checking if anything changed. Good. It seems nothing was changed. Writing to the flash chip apparently didn't do anything. This means we have to add special support for your board, programmer or flash chip. Please report this on IRC at chat.freenode.net (channel #flashrom) or mail flashrom@flashrom.org, thanks!
  8. Hello everyone! New member here, sorry for my english. I'm french, but i will try to do my best. Don't hesitate to tell me if something goes wrong. Since couples of days I'm working on own Asus flash their AMI EFI Firmware. Well, Some laptop has a vulnerability and flash without verifications when WinFlash give them the ROM. But WinFlash, of course, check the ROM. So I decided to search when WinFlash check the ROM and forced it to accept the ROM. It work on some Ivy Bridge ASUS AMI EFI bios for now.. Does not work on Haswell ASUS AMI EFI for now.. Try it and tell me if it work on your laptop or not. If anyone has any idea in order to extend the compatibility of this trick, don't hesitate. How to enjoy this method : Do not forget to read the README before doing anything ! Do it at your own risk ! If you want to patch it your self.. Open WinFlash.exe with your favorite hex editor. 1. First pass Search for E84C64000085C07509 and change it to E84C64000085C0EB09 2. Second pass Patch 837DE00074118B to 837DE000EB118B (Appear 3 times) Github: https://github.com/Ousret/Asus-WinFlash-Custom Twitter: https://twitter.com/Ousret for those who dislike Github..: In attachement.. WinFlashPatch1.zip AMIBCP4.53.zip
×