Jump to content
Micky1979

No WiFi Whitelist on new HP Laptops!

41 posts in this topic

Recommended Posts

Ivy Bridge envy also no longer has whitelists :)

 

A person I know installed a Dell DW1702 and it booted without any problems.

Share this post


Link to post
Share on other sites
Advertisement

The problem is how do we know if and when the whitelist will be removed for our current PCs. Does anyone know from the bios changelog of newer PCs with no whitelist? Does HP specifically mention it in the changelog or do we have to just try out the blacklisted cards?

Share this post


Link to post
Share on other sites

You can do the download of Phoenixtool.exe (for use in Windows) on mydigitallifeforum, and decompress a copy of your bios downloaded from HP.

This program is able to tell if have the Whitelist!

 

Micky

 

Ivy Bridge envy also no longer has whitelists :)

 

A person I know installed a Dell DW1702 and it booted without any problems.

Ivy bridge Envy is equal to my DV 7, same machine, so no whitelist! :)

 

Micky

Share this post


Link to post
Share on other sites

Hi Micky. I have a dw1520 card BCM943224HMS but osx can't turn on the card.

I've found a tutorial here for rebrand the card but isn't easy for me.

Can you tell me if this method works also for BCM943224HMS?

 

Grazie ;-)

 

Share this post


Link to post
Share on other sites

Hi Micky. I have a dw1520 card BCM943224HMS but osx can't turn on the card.

I've found a tutorial here for rebrand the card but isn't easy for me.

Can you tell me if this method works also for BCM943224HMS?

 

Grazie ;-)

You don't need to rebrand. Install OS X 10.8.5+ and patch dsdt as the guide here: http://www.insanelymac.com/forum/topic/292542-airport-pcie-half-mini/

Share this post


Link to post
Share on other sites

I have a dv6 6b55eg. 

I want to replace my BCM4313, with a supported one.

Now I want to figure out, if I also have no whitelist.

 

So I tried to open the http://ftp.hp.com/pub/softpaq/sp60501-61000/sp60655.exe (F.1C) but the phoenixtool says 

"Not Phoenix/Dell/Insyde/EFI BIOS."

 

Can someone please help me with that? Or tell me if sp60655.exe has a whitelist or not.

 

Thank you for every help :)

Share this post


Link to post
Share on other sites

Hi Micky! How are you?

I would to buy a skylake HP notebook, (maybe probook G450/470), d'you know if HP has still wifi whitelist in theyr laptops?

How should I inform? I tried to install in windows (and in another pc) phoenix UEFI winflash to scan BIOS downloaded from hp site and see if there is a whitelist, but the BIOS is downloaded in .exe and the program can't read it.

I would really avoid to flash the bios...

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By ludufre
      Installing macOS Mojave on Lenovo ThinkPad L440

       
      There are two version of this laptop:
      - 20AS = Chipset QM87, without Express Card (mine).
      - 20AT = Chipset HM86, with Express Card.
      I strong believe is the same thing...
       

      Changelog:
       
      07/30/2019 14:56h GMT-0
      - Fixed typo in credits. Thanks @"Sniki"
       
      06/09/2019 14:16h GMT-0
      - Added missing parts in the post-install step. 
       
      06/04/2019 17:19h GMT-0
      - Updated Clover link. 
       
      06/02/2019 18:08h GMT-0
      - Added info about update 10.14.5. 
       
      03/13/2019 13:15h GMT-0
      - Updated info about touchpad replacement and CPU and 4G LTE modem.
       
      02/05/2019 18:47h GMT-0
      - Updated info about CPU replacement and 4G LTE modem.
       
      02/04/2019 15:24h GMT-0
      - Sometimes the VoodooHDA.kext doesn't work.
      - Added AppleHDADisabler.kext to fix that (attached bellow).
       
      01/24/2019 14:42h GMT-0
      - Added more adjustments to use of VoodooHDA.
      - Updated VoodooHDA links to 2.9.1 official (without installer).
      - Changed PCM volume from 90 to 180 in Info.plist (attached modified VoodooHDA.kext bellow)
      - Updated SSDT-L440.aml (Removed HDEF and HDAU, not needed).
      - Updated config.plist (Changed to user Audio layout to 1).
       
      01/22/2019 20:47h GMT-0
      - I gave up on the AppleALC.
      - Headset does not work.
      - Now with VoodooHDA is perfect and the sound even louder.
       
      01/22/2019 14:37h GMT-0
      - Added info about update 10.14.3. 
       
      01/22/2019 13:46h GMT-0
      - Added link to BIOS reassing guide.
       
      01/20/2019 11:49h GMT-0
      - First version.
       
      What works and what does not
       
      - Processor: Intel Core i5-4300M ->  Work. All SpeedStep stages.
      - Video Card: Intel HD4600 ->  Work. QE/CI and Metal.
      - Chipset: Intel QM87 ->  Work.
      - Mini DisplayPort ->  Work. But no audio, yet.
      - VGA ->  Not work. Normal.
      - Audio: ALC292 ->  Work.
      - WiFi/Bluetooth: Intel AC 7260 ->  Not work. Replaced with DW1560 (need whitelist removal).
      - Ethernet: Intel I217-LM ->  Work.
      - Card Reader: Realtek RTS5227 ->  Not work.
      - Keyboard and Touchpad ->  Work.
      - Webcam ->  Work.
      - Fingerprint Reader ->  Not work. Normal.
      - USB3.0 ->  Work.
      - Sleep ->  Work.
      - Airdrop, Handoff, Instant Hotspot and Continuity ->  Work after replaced wireless.
       
       
      Extras
       
      - FullHD 1920x1080 display upgrade: 
      Replaced with AU Optronics B140HAN01.1 30pin eDP (B140HAN01.2 and B140HAN01.3 also compatible).
      Apparently same screen as Dell Latitude E6440, E7440, Lenovo Ideapad U430 and E129.
       
      - CPU upgrade:
      Replaced the stock Intel Core i5 4300M 2.6Ghz (3.3Ghz turbo) 6M cache with Intel Core i7 4700MQ 2.4Ghz (3.4Ghz turbo) 6MB.
      I initially had problems with overheating. The processor ran at full load above 90 degrees.
      After using a quality thermal paste I can work between 70 and 80 degrees.
      Acceptable taking into consideration that the new processor has 47TDP versus 37TDP which is recommended.
      I also had no problem consuming the battery while charging. The original 65W source seems to have figured out.
       
      - Touchpad upgrade:
      Replaced the stock with T460 touchpad.
      This is serious: you have to do it! It should be stock. Touchpad with precision and absurd quality!
      Just do it!
       
      - RAM upgrade:
      No mistery here. Just upgade.
       
       
      Todo
       
      - Make DP audio work.
      - Make Card Reader work.
      - Upgrade CPU to i7-4712MQ (Ordered. It's on the way) Done, but received i7-4700MQ (47w TDP, with good paste I have no overheating)
      - Replace touchpad with T460 model (Ordered. It's on the way) Done. Sensitivity and perception of quality much better. I recommend 100%!
      - Sierra Gobi5000 4G LTE modem EM7355 (Ordered. It's on the way. I hope works. ) Done, but not work. Recognize but not connect. I already gave up...
      - Upgrade to 16GB RAM Done
      - Make trackpad appear in System Preferences
       
       
      What you need to install

      - Running install of macOS
      - One USB flash drive of 8GB or bigger
      - macOS Mojave install app
      - Clover EFI
      - Clover Configurator
      - Some KEXTs and SSDT patches


      How create create the install flash drive
       
      Prepare install flash drive

      Format the flash drive with GUID partition mapping and name it "Install".

      - Open Disk Utility.
      - Click in View, then "Show All Devices".
      - Select the destination flash drive, then Erase.
      - Name: Install, Format: Mac OS Extended (Journaled) and Scheme: GUID Partition Map
       
      Create install flash drive

      Open terminal and run this command:
      sudo /Applications/Install\ macOS\ Mojave.app/Contents/Resources/createinstallmedia --volume /Volumes/Install --nointeraction This will take about 30 minutes.
       


      Install bootloader

      Download the CloverEFI from SourceForge (used 4934) and install with this options on "Install macOS Mojave":
       
      - Install for UEFI booting only
      - Install Clover in the ESP
      - UEFI Drivers - ApfsDriverLoader-64
      - UEFI Drivers - AptioMemoryFix-64


       
       
      Make things works

      Will be created a partition named EFI and mounted in Desktop.
      - Replace the /Volumes/EFI/CLOVER/config.plist with mine attached below
                    If you have modded BIOS with Advanced Menu and enabled 128MB DRAM-prealloc use 128MB_DRAM-prealloc_config.plist.zip
                    If no, then use 32MB_DRAM-prealloc_config.plist.zip
      - Put SSDT-L440.aml attached below in /Volumes/EFI/CLOVER/ACPI/patched/
       
      Generate your Serial, MLB and SmUUID
       
      - Open the replaced config.plist with Clover Configurator (used 5.3.2.0)
      - Go to SMBIOS, click few times in "Generate New" in Serial Number and SmUUID.
       
      Download those Kexts and put in /EFI/CLOVER/kexts/Other/
       
      - Download the HWSensors 3 from here. I used the FakeSMC.kext, ACPIMonitor.kext and IntelCPUMonitor.kext inside of DMG version r196.
      - Download the VoodooPS2Controller.kext from here. I used version 2018-1008.
      - Download the IntelMausiEthernet.kext from here. I used the version 2018-1031.
      - Download the Lilu.kext from here. I used the version 1.3.6.
      - Download the VoodooHDA from here. I used the version 2.9.1 and patched the sound volume (attached below).
      - Download the WhateverGreen.kext from here. I used the version 1.2.9.
      - Download the AppleBacklightFixup.kext from here. I used the version 2018-1013.
      - Download the USBInjectAll.kext from here. I used the version 2018-1108.
      - Download the ACPIBatteryManager.kext from here. I used the version 2018-1005.
       
      - Download the VirtualSMC.kext from here. I used version 1.0.2. Replaced with FakeSMC of the HWSensors 3 r196 package.
      - Download the FakeSMC.kext from here. I used the version 2018-0915. Replaced with VirtualSMC.kext due 10.14.4 issues on update.
      - Download the AppleALC.kext from here. I used the version 1.3.4. Replaced with VoodooHDA.kext due mic not working.
       
       
      Wifi and Bluetooth (DW1560 / BCM94352Z)
       
      Unfortunately, some notebook manufacturers are currently blocking the replacement of wireless cards. They want you to only use the models sold by them. And of course, none of them from Lenovo for this notebook model is compatible with MacOS.
       
      If you try to start with an unauthorized wifi card for them, you will receive a screen error:
      1802: Unauthorized network card is plugged in - Power off and remove the network card. Since this check is done directly in the BIOS, the only solution is to modify it.
      But since nothing is easy in this life, there is one small big problem:
      - The BIOS update procedure does not allow you to use modded files as it used to be.
      - You will need to physically reach your BIOS on the motherboard and make use of a USB BIOS reader/writer.
       
      So what you need to do:
      1. Disassembly your laptop;
      2. Dump your BIOS with an USB BIOS reader with SOIC8 clip (to not desolder from the motherboard);
      3. Patch it (In addition to removing the whitelist, add the advanced menu);
      4. Fix RSA signature;
      5. Reflash BIOS;
      6. Replace wireless card;
      7. Remount your laptop;
      8. Done.
       
      Soon, I'll provide step by step in this process. Probably until end of this week.
      In the meantime, if you need to, send me your dump that I do steps 3 and 4 for you.
      I also add the Advanced Menu so you can increase to 128MB the DRAM-prealloc.
       
      To fix a Modded BIOS to remove the 5 beeps on boot, you need this guide: https://www.insanelymac.com/forum/topic/337333-guide-fix-insyde-h2o-bios-signature-5-beeps-on-lenovo (traduzido: pt-BR)
       
       
      After replaced the wireless card. Download those Kexts and put in /EFI/CLOVER/kexts/Other/
       
      - Download the AirportBrcmFixup.kext from here. I used the version 2.0.0.
      - Download the BrcmFirmwareRepo.kext and BrcmPatchRAM2.kext from here. I used the version 2018-0505.
      - Download the BT4LEContinuityFixup.kext from here. I used the version 1.1.2.
       
       
      Now you can start the instalation without problem (I guess).
       
       
      How install
       
      UEFI Setup Configuration and Installation

      UEFI configuration
       
      My BIOS is the latest: 1.93 (J4ET93WW) 

      - Shutdown and insert the flash drive.
      - Power on with F1 pressed to enter BIOS setup.
      - Change value: Config - Intel(R) AMT - Intel(R) AMT Control to DISABLED
      - Change value: Security - Security Chip to DISABLED
      - Change value: Security - Anti-Theft - Intel(R) AT Module Activation to DISABLED
      - Change value: Security - Anti-Theft - Computrace to DISABLED
      - Change value: Security - Secure Boot to DISABLED
      - Change value: Startup - UEFI/Legacy Boot to BOTH, Legacy First and CSM Support = Yes
      - Save & Exit Setup (F10)
       
      - Now, hold the F12
      - In the list, select your flash drive.
       
      The installer will start. 
      
      Format destination disk

      Format the disk with GUID partition mapping and name it "Macintosh".

      - Select Disk Utility in the list, then press Continue.
      - Click in View, then "Show All Devices".
      - Select the destination Disk, then Erase.
      - Name: HD, Format: APFS and Scheme: GUID Partition Map

      Close Disk Utility.
      
      Select "Install macOS", then Continue.
      Follow instructions in screen.

      After install

      After first part install the system will reboot. Maybe you have to press F12 again and select the flash drive.
      
      The second part of the installation will begin. This will take 16 minutes.
       

      Post installation

      Install bootloader
       
      When the second part of install finish, the system will reboot again.

      After performing the user initial setup and go to the desktop, you need to install Clover on internal disk.

      Open the Clover installer inside flash drive that you copied before.

      Use same options above but choose the system partition this time.

      Now you need to replace the EFI folder inside your destination disk EFI parittion, with EFI folder inside flash card EFI partition.

      If the flash drive EFI partition of your destination disk or flash drive is unmounted:
      Mount with terminal "sudo diskutil mount /dev/rdiskXs1". To know what X is, use "diskutil list", most likely is 0 for destination disk and 1 for flash drive.
       
      Then, eject the flash drive.
       
      Last step
       
      Move all Kexts from EFI partition to /Library/Extensions, with those commands in Terminal:
      sudo mv -R /Volumes/EFI/EFI/CLOVER/kexts/Other/* /Library/Extensions/ sudo chmod -R 755 /Library/Extensions sudo chown -R root:wheel /Library/Extensions sudo kextcache -i / Restart the system.
       
       
      It's done!
       
       
      Updates
       
      System update 10.14.3
       
      - Updated with success;
      - Everything works perfectly after reboot;
       

       
       
      System update 10.14.4
       
      - Updated Clover to 4910.
      - Updated Lilu.kext to 1.3.5 and WhateverGreen to 1.2.7.
      - After first reboot the update progress stoped with:
      GTrace synchronization point 4 Unsupported CPU Unsupported PCH hmm.. mismatch sizes: 3100 vs 20 It was still possible to start the previous installation, selecting "Macintosh" as opposed to "macOS Install" in Clover.
      So I created a flash drive with Clover 4910 and put only my config.xml, SSDT-L440.aml, the updated Lilu.kext and WhateverGreen.kext. And I decided to test VirtualSMC instead of FakeSMC.kext.
      With this I was able to install update 10.14.4. After installation I can boot normally, even with FakeSMC.kext that already in /Library/Extensions.
      I do not know what exactly happened, but now works everything like was previously.
       


       
       
      System update 10.14.5
       
      - Updated Clover to 4934.
      - Updated Lilu.kext to 1.3.6 and WhateverGreen to 1.2.9.
      - After first reboot the update progress stoped again (like 10.14.4 update) with:
      GTrace synchronization point 4 Unsupported CPU Unsupported PCH hmm.. mismatch sizes: 3100 vs 20 It was still possible to start the previous installation, selecting "Macintosh" as opposed to "macOS Install" in Clover.
      I decided to rollback to FakeSMC.kext but this time with the version of HWSensors 3. Link above.
      With this I was able to install update 10.14.5. After installation I can boot normally.
       

       
       

      And last but not least

      I would like to thank the following community members, by making these dream possible:
      @crushers, @snatch, @apianti, @blackosx, @blusseau, @dmazar, @slice2009, @autumnrain, @phpdev32, @EMlyDinEsH, @RehabMan, @Scellow, @mitch_de, @Shailua, @Andy Vandijck, @maxfierke, @ArturXXX, @LexHimself, @brumas, @"Sniki" and all others members involved directly or indirectly.
       
       
      Attachments
      32MB_DRAM-prealloc_config.plist.zip
      128MB_DRAM-prealloc_config.plist.zip
      SSDT-L440.aml
      VoodooHDA.kext.zip
      AppleHDADisabler.kext.zip
    • By ludufre
      [GUIA] Correção de assinatura BIOS Insyde H2O
       
      Recentemente comprei um notebook Lenovo L440 pra instalar o macOS Mojave e fui substituir a placa wireless pela DW1560 porque a atual não é compatível. Descobri que existia uma whitelist de placas permitidas que as fabricantes estão adotando recentemente (no meu caso utiliza uma bios Phoenix Insyde BIOS H2O).
       
      Procurei em fórums de BIOS MODDING e encontrei pessoas que fizeram o patch pra mim. Só que após substituir a BIOS notei que o computador ficava apitando 5 vezes todas vez que ligava e fui me aprofundar no caso. E foi aí que descobri como resolver isso e por isso criei esse guia baseado nas informações que achei em alguns fóruns russos.
       
       
      Prefácio
       
      Quando a BIOS falha no teste te integridade, algumas funcionalidades Intel AMT param de funcionar e é emitido uma sequência de 5 apitos duas vezes no boot.
      Após modificar para remover whitelist (habilitar placas WI-FI não autorizadas), destravar MSR 0xe2 (hackintosh), habilitar menu avançado, etc. a BIOS não vai passar no teste de integridade causando esse problema.
      Essa verificação de integridade é feita através da assinatura RSA do bloco da BIOS chamado TCPABIOS (mais informações abaixo) com a chave pública no formato modulus 3 também armazenada na BIOS.
      Esse bloco TCPABIOS armazena os checksums de cada volume da BIOS.
       
      O que faremos é gerar novos checkums para esses volumes que foram modificados, gerar um para de chaves RSA (privada e pública), assinar esse bloco com a chave privada e substituir a chave pública.
       
       
      Ferramentas necessárias
       
      - EFITool NE alpha 54: https://github.com/LongSoft/UEFITool/releases
      - HxD 2.1.0: https://mh-nexus.de/en/hxd/
      - OpenSSL: http://gnuwin32.sourceforge.net/packages/openssl.htm (Download -> Binaries)
      - Microsoft File Checksum Integrity Verifier (FCIV.exe): https://www.microsoft.com/en-us/download/details.aspx?id=11533
       
      Passo a passo
       
      Vamos abrir a BIOS modificada, localizar o bloco TCPABIOS e entender sua anatomia.
       
      1. Abra a BIOS no HxD
       

      (Vamos utilizar nesse guia a BIOS modificada no fórum MyDigitalLife.com pelo usuário Serg008 para o notebook Lenovo B590)
       
      2. Busque a palavra TCPABIOS:
       


       
      3. O bloco começa com TCPABIOS e termina com antes de TCPACPUH
       

       
      4. Anatomia:
       
      54 43 50 41 42 49 4F 53 48 31 38 34 61 31 31 2F
      32 36 2F 31 33 49 42 4D 53 45 43 55 52 00 FD 27
      34 2A 35 AB 41 26 39 E3 32 E5 B6 8A D6 49 5B 0B
      77 F9 82 58 48 00 00 00 CE 18 1F 00 00 00 03 00
      00 00 00 00 00 00 27 00 00 00 00 00 00 00 00 00
      00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      00 00 00 00 00 00 00 00 00 00 00 FF FF 83 04 D4
      52 52 95 C5 D7 21 55 78 0E 5C AD 47 EE C4 3D 1D
      C1 EC 69 03 2B 51 A5 42 61 96 22 F9 7B 88 57 B7
      A8 9D D0 20 DB 5B 11 10 55 07 84 6C 62 DF FA 2F
      6A A8 43 0C 8A 40 AF 79 0D 31 DB 5A 5D C8 2F EB
      F8 7C 87 B0 A6 3D 2A 88 AE 91 9D 88 E3 AA 85 E3
      5A B3 91 7F 28 68 1F BA 92 C4 7E 10 F5 1A 7E 75
      A9 6F CE C0 4F BA FA 79 A5 98 2B 50 60 BA 09 73
      7B 03 D1 0C 3E A2 9C 44 DF E9 F2 92 34 7B
       
      Cinza: Nome e informações do bloco
      Vermelho: Informações dos volumes (Checksum e Cabeçalho)
      Azul: Separação da lista de volumes para a assinatura do bloco
      Verde: Assinatura do bloco TCPABIOS são os últimos 128 bytes
       
      Lista de Volumes:
       
      Cada volume tem o formato: 00 FD 27 34 2A 35 AB 41 26 39 E3 32 E5 B6 8A D6 49 5B 0B 77 F9 82 58 48 00 00 00 CE 18 1F 00 00 00 03 00 00 00 00 00
                                                      (prefixo 3 bytes + checksum 20 bytes + offset 4 bytes + tamanho do volume 6 bytes + separador do fim 6 bytes)
       
      Os volumes são enumerados e utilizam o primeiro byte no prefixo para isso (00 FD 27), começando do 0.
      A BIOS utilizada nesse exemplo possui somente um volume, mas no caso de mais de um volume, seria: 00 FD 27 .., 01 FD 27 ..., 02 FD 27 ...
      - Checksum é o cálculo SHA1 do volume.
      - Offset é a posição do volume dentro da BIOS. Os bytes ficam invertidos, nesse caso seria 00 00 00 48 ou seja: 48h
      - Tamanho do volume também está com os bytes invertidos, então: 1F18CEh
       
      Então é isso. Precisamos corrigir essas informações (checksum, offset e tamanho)
       
      5. Para extrair os volumes abra a BIOS com o UEFITool e veja como identificar os volumes (nosso exemplo há somente um volume, se houvessem outros estariam também dentro de EfiFirmwareFileSystemGuid):
       

       
      Na BIOS original, circulado em vermelho podemos ver o nosso volume.
      Observe que em azul temos Offset e verde o tamanho. Exatamente como verificamos acima no HxD. Já na BIOS modificada vemos que está diferente o tamanho:
      Oridinal: 1F18CEh
      Modificada: 1F12D5h (vamos precisar disso mais tarde)
       
      6. Vamos extrair esse volume escolhendo a opção “Extract as is...”
       
       
       
      7. Utilize esse comando para obter o checkum desse volume: fciv.exe -sha1 File_Volume_image_FvMainCompact.ffs
       

       
      Agora temos o checksum que é 396e0dc987219b4369b1b9e010166302ce635202
       
      8. Substitua as informações no bloco TCPABIOS:
       

       
      Observe que o tamanho do volume precisa ter os bytes invertidos, então se o total são 6 bytes e é 1F12D5h, fica D5 12 1F 00 00 00 no lugar de CE 18 1F 00 00 00.
      Se o offset for diferente, também realizar o mesmo procedimento invertendo os bytes.
      Checksum alterar de 34 2A 35 AB 41 26 39 E3 32 E5 B6 8A D6 49 5B 0B 77 F9 82 58 para 39 6E 0D C9 87 21 9B 43 69 B1 B9 E0 10 16 63 02 CE 63 52 02
       
      Faça esse procedimento para cada volume na BIOS.
       
      9. Agora precisamos gerar o checksum de todo o bloco TCPABIOS mas sem considerar os últimos 131 bytes, ou seja desconsiderar de FF FF 83 + 80 bytes da assinatura anterior.
       
      Copie para um novo arquivo no HxD e salve como tcpabios
       

       
      Utilize o comando para gerar o checksum desse bloco: fciv.exe -sha1 tcpabios
       

       
      Checksum do bloco TCPABIOS: 0da6715509839a376b0a52e81fdf9683a8e70e52
       
      Crie um novo arquivo no HxD e adicione 108 bytes com 00 e cole o checksum no final e salve como tcpabios_sha, ficando assim:
       

       
      10. Agora vamos gerar a chave privada RSA com modulus 3: openssl genrsa -3 -out my_key.pem 1024
       

       
      Assinar o arquivo tcpabios_sha: openssl rsautl -inkey my_key.pem -sign -in tcpabios_hash -raw > tcpabios_sign
       

       
      Agora aproveite para gerar a chave publica: openssl rsa -in my_key.pem -outform der -pubout -out my_key_pub.der
       

       
      E gerar modulus 3 da chave pública: openssl rsa -pubin -inform der -in my_key_pub.der -text -noout
       

       
      Copie e cole a chave em um arquivo de texto para utilizar daqui a pouco. Remova todos os “:” e coloque tudo em uma única linha, ficando assim:
       

       
      11.   Abra o arquivo tcpabios_sign no HxD, copie o conteúdo e substitua a assinatura no final do bloco TCPABIOS:
       
       
       
      12. Agora vamos localizar na BIOS o local da chave pública e substituir. Essa chave começa com 12 04 e termina com 01 03 FF e fica após o bloco TCPABBLK.
       
      A chave fica assim: 12 04 + 81 bytes + 01 03 FF. Faça uma busca por 01 03 FF para localizar mais facilmente. Verifique se antes dos 81 bytes tem os bytes 12 04 para ter certeza que achou.
       

       

       
      Agora substitua pela chave pública que ficou anotado no arquivo de texto anteriormente, ficando assim:
       

       
       
      Salve e está pronto. Sua BIOS está assinada e pronta.
       
    • By ludufre
      [GUIDE] Fix Insyde H2O BIOS signature (5 beeps on Lenovo)
       
      I recently bought a Lenovo L440 laptop to install the Mojave macOS and I replaced the wireless card with the DW1560 because the current one is not compatible. I discovered that there was a whitelist of enabled cards that manufacturers are adopting recently (in my case it uses a Phoenix Insyde BIOS H2O).
       
      I searched the BIOS Modding forums and found people who did the patch for me. But after replacing the BIOS I noticed that the computer keep beeping 5 times every time I boot. So, I went deeper into this issue and that's when I figured out how to solve it. Then I created this guide based on the information I found in some Russian forums.
       
      Preface
       
      When the BIOS integrity test fails, some Intel AMT functionality stops working and a sequence of 5 whistles is issued twice at boot.
      After modifying to remove whitelist (enable unauthorized WI-FI cards), unlock MSR 0xe2 (hackintosh), enable advanced menu, etc. the BIOS will not pass the integrity test causing this problem.
      This integrity check is done through the RSA signature of the BIOS block called TCPABIOS (more information below) with the public key in modulus 3 format also stored in the BIOS.
      This TCPABIOS block stores the checksums of each BIOS volume.
       
      What we will do is generate new checksum for those volumes that have been modified, generate a RSA (private and public) key pair, sign that block with the private key, and replace the public key.
       
       
      Tools needed
       
      - EFITool NE alpha 54: https://github.com/LongSoft/UEFITool/releases
      - HxD 2.1.0: https://mh-nexus.de/en/hxd/
      - OpenSSL: http://gnuwin32.sourceforge.net/packages/openssl.htm (Download -> Binaries)
      - Microsoft File Checksum Integrity Verifier (FCIV.exe): https://www.microsoft.com/en-us/download/details.aspx?id=11533
       
      Step by step
       
      Let's open the modified BIOS, locate the TCPABIOS block and understand its anatomy.
       
      1. Open the BIOS with HxD
       

      (We will use the modded BIOS in the MyDigitalLife.com forum by the Serg008 user for the Lenovo B590 laptop in this guide)
       
      2. Find the word TCPABIOS:
       


       
      3. The block starts with TCPABIOS and ends before TCPACPUH
       

       
      4. Anatomy:
       
      54 43 50 41 42 49 4F 53 48 31 38 34 61 31 31 2F
      32 36 2F 31 33 49 42 4D 53 45 43 55 52 00 FD 27
      34 2A 35 AB 41 26 39 E3 32 E5 B6 8A D6 49 5B 0B
      77 F9 82 58 48 00 00 00 CE 18 1F 00 00 00 03 00
      00 00 00 00 00 00 27 00 00 00 00 00 00 00 00 00
      00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      00 00 00 00 00 00 00 00 00 00 00 FF FF 83 04 D4
      52 52 95 C5 D7 21 55 78 0E 5C AD 47 EE C4 3D 1D
      C1 EC 69 03 2B 51 A5 42 61 96 22 F9 7B 88 57 B7
      A8 9D D0 20 DB 5B 11 10 55 07 84 6C 62 DF FA 2F
      6A A8 43 0C 8A 40 AF 79 0D 31 DB 5A 5D C8 2F EB
      F8 7C 87 B0 A6 3D 2A 88 AE 91 9D 88 E3 AA 85 E3
      5A B3 91 7F 28 68 1F BA 92 C4 7E 10 F5 1A 7E 75
      A9 6F CE C0 4F BA FA 79 A5 98 2B 50 60 BA 09 73
      7B 03 D1 0C 3E A2 9C 44 DF E9 F2 92 34 7B
       
      Gray: Name and Block Information
      Red: Volume Information (Checksum and Header)
      Blue: Separation of the list of volumes and the block signature
      Green: Signature of the TCPABIOS block are the last 128 bytes
       
      List of Volumes:
       
      Each volume has the format: 00 FD 27 34 2A 35 AB 41 26 39 E3 32 E5 B6 8A D6 49 5B 0B 77 F9 82 58 48 00 00 00 CE 18 1F 00 00 00 03 00 00 00 00 00
                                              (Prefix 3 bytes + checksum 20 bytes + offset 4 bytes + volume size 6 bytes + end delimiter 6 bytes)
       
      The volumes are enumerated and use the first byte in the prefix for this (00 FD 27), starting at 0.
      The BIOS used in this example has only one volume, but in the case of more than one volume, it would be: 00 FD 27 .., 01 FD 27 ..., 02 FD 27 ...
      - Checksum is SHA1 calculation of the volume.
      - Offset is the volume position within the BIOS. The bytes are inverted, in this case it would be 00 00 00 48, equals to 48h
      - Volume Size is also with the bytes inverted, then: 1F18CEh
       
      Then that's it. We need to correct this information (checksum, offset and size)
       
      5. To extract the volumes open the BIOS with the UEFITool and see how to identify the volumes (our example there is only one volume if there were others would also be inside EfiFirmwareFileSystemGuid):
       

       
      In the original BIOS, circled in red we can see our volume.
      Note that in blue we have offset and green the size. Exactly as we checked up on HxD. In the modified BIOS we see that the size is different:
      Original: 1F18CEh
      Modified: 1F12D5h (we'll need this later)
       
      6. Let's extract this volume to calculate the checksum by choosing the "Extract as is ..."
       
       
       
      7. Use this command to get the checksum of this volume: fciv.exe -sha1 File_Volume_image_FvMainCompact.ffs
       

       
      Now we have the checksum that is 396e0dc987219b4369b1b9e010166302ce635202
       
      8. Replace the information in the TCPABIOS block:
       

       
      Note that the volume size must have the bytes inverted, so if the total is 6 bytes and is 1F12D5h, becomes D5 12 1F 00 00 00 in place of CE 18 1F 00 00 00.
      If the offset is different, also perform the same process by inverting the bytes.
      Checksum change from 34 2A 35 AB 41 26 39 E3 32 E5 B6 8A D6 49 5B 0B 77 F9 82 58 to 39 6E 0D C9 87 21 9B 43 69 B1 B9 E0 10 16 63 02 CE 63 52 02
       
      Do this for each volume in the BIOS.
       
      9. Now we need to generate the checksum of the whole TCPABIOS block but without considering the last 131 bytes, that is to dismiss FF FF 83 + 80 bytes from the previous signature.
       
      Copy to a new file in HxD and save as tcpabios
       

       
      Use the command to generate the checksum of this block: fciv.exe -sha1 tcpabios
       

       
      Checksum of TCPABIOS block: 0da6715509839a376b0a52e81fdf9683a8e70e52
       
      Create a new file in HxD and add 108 bytes with 00 and paste the checksum at the end and save as tcpabios_hash, thus:
       

       
      10. Now let's generate the RSA private key with modulus 3: openssl genrsa -3 -out my_key.pem 1024
       

       
      Sign the file tcpabios_hash: openssl rsautl -inkey my_key.pem -sign -in tcpabios_hash -raw > tcpabios_sign
       

       
      Now enjoy to generate the public key: openssl rsa -in my_key.pem -outform der -pubout -out my_key_pub.der
       

       
      And generate public key modulus 3: openssl rsa -pubin -inform der -in my_key_pub.der -text -noout
       

       
      Copy and paste the key into a text file to use soon. Remove all ":" and put everything on a single line, thus:
       

       
      11.   Open the tcpabios_sign file in HxD, copy the contents and replace the signature at the end of the TCPABIOS block:
       
       
       
      12. Now let's locate the location of the public key in the BIOS and replace it. This key starts with 12 04 and ends with 01 03 FF and is after the TCPABBLK block.
       
      The key looks like this: 12 04 + 81 bytes + 01 03 FF. Search for 01 03 FF to locate more easily. Verify that before the 81 bytes have bytes 12 04 to make sure you found.
       

       

       
      Now substitute for the public key that was annotated in the text file previously, thus:
       

       
       
      Save and you're ready. Your BIOS is signed and ready.
    • By Capoia
      Good evening, I bought a plate of "wireless / bluetooth" (atheros ar5b195) for my HP DM4 2075BR, only time to install the notebook not league, I believe that hp bios forbid, have any way I get around this? is the only way I can do the wifi / bluetooth function = /
    • By Ioan Kralev
      Is there anyone which has HP ProBook 450 G0?
      I doesn’t have Wi-Fi on my laptop ProBook 450 G0, because my Wi-Fi card is RT3290.It is not compatible from OS X, but i have whitelist in bios, and i can’t replace it with compatible.In mine whitelist has some Atheros model whereon IDs i need for rebranding AR9280!
×