Insyde Bios Flash Utility Download

 admin

Pages

Modify UEFI BIOS on mainly desktop-based mainboards. UEFI BIOS Updater is a free utility which can be used to edit UEFI BIOS on systems with certain types of mainboards. UEFI BIOS Updater is able to detect the versions of the OROM/EFI modules, which are inside an AMI UEFI BIOS file and update: a) the most important OROM/EFI modules (incl. Various 'Universal TRIM in RAID0 modified' ones) and b. Flashing the BIOS with a dead battery is asking for problems. If for some reason the system loses power during the update, your system is bricked and only a new motherboard can fix it. Even with a good battery unless you are having a specific problem that the update addresses it. If upgrading to this BIOS from a version older than F.30, it is recommended that the user enter the F10 (BIOS) Setup and restore defaults after backing up existing F10 (BIOS) Setup settings. For information on restoring F10 (BIOS) Setup settings, see System BIOS Update F.46 for 8470w, 8470p, 6470b, 8570p, and 6570b. After you enter Windows,.insyde bios flash utility downloadFind Where The Flash Is Available To Stream Now. Yidio is the premier streaming guide for TV Shows & Movies on the web, phone, tablet or smart tv.Insydeflash Windows Bios Flash Utility Download. Machine which was bricked with Windows BIOS. Windows 8; Insydeflash.

Saturday, 20 August 2016

Insyde Bios Modding Advanced and Power Tabs

Insyde Bios Modding Advanced and Power Tabs


Due to a request I received by drakonn, Ill be covering how to enable the advanced and power tabs in the setup utility. Also special thanks to Florin9doi for his impressive knowledge of BIOS. I rewrote my splash screen tutorial based on his input.
Theres not really much background information I can put here, Its kind of public knowledge that there are hidden tabs in the setup utility. I think this decision is ultimately up to the OEM, so HP decided that we dont need to have access to these hidden tabs. This is most likely because changing some settings can damager you computer, so theyre actually looking out for us. So heres a picture of what my unmodified setup utility looks like. If youd like to follow along with this tutorial by using the same BIOS that I am, then heres where you can download it.
As you can see, it currently has Main, Security, Diagnostics, System Configuration, and Exit tabs. So Ill show you how to enable the hidden tabs.
Ill try to keep all my tutorials as generic as possible, but I already know that this will be impossible. Rarely do different BIOS implement these restrictions in the exact same way, so dont expect this to be a surefire way to unlock your hidden tabs. As simple as I make these tutorials seem, it still took me several weeks to get each modification working on my own BIOS.Insyde Bios Flash Utility Download
To get started make sure you unpack your BIOS installer so that you have access to the BIOS rom. Then open it with Andys tool, go to the structure view, check the Decompress Extracted Modules box, and extract the DXE Core module. The latest version of Andys tool can be downloaded here.

My extracted module is named 4A538818-5AE0-4EB2-B2EB-488B23657022.MOD. Yours might be named something different. So lets open that module with a hex editor, and search for a familiar string so that we can locate what module contains the setup utility. The hex editor I use is HxD. As a side note, my BIOS uses Unicode strings. This means that after each letter, theres a 00 hex character. This is because each character is actually two bytes long. I think all Insyde BIOS are that way, but Im not sure. So heres what I am going to search for, notice how I have blank characters between each letter. The name of one of my tabs is System Configuration, so the module that contains this string should also contain the setup utility.
So lets search for this string in our DXE Core module and see if it exists. Awesome! It found it at offset 0x1A8B8C.

Now we know were in the correct module. Now search for the hex values 4D 5A. These values are always at the start of a module, and the name of a module is always at the end of a module. So heres what it finds:
I circled the modules name in red. So now we need to remember the GUID of the SetupUtility module. Lets go back to Andys tool to see what it is.
My SetupUtility GUID is FE3542FE-C1D3-4EF8-657C-8048606FF670. So lets disassemble this module to get a better understanding of how to mod it. To do this we need to go into the DUMP folder that Andys tool makes when opening a BIOS file, and open the SetupUtility in there with IDA Pro. Here what Im saying:

And make sure you open the largest file whos name is similar to your SetupUtilitys GUID. Since mine was FE3542FE-C1D3-4EF8-657C-8048606FF670, Im going to open up the 531 kB file which is named similar, FE3542FE-C1D3-4EF8-657C-8048606FF670_2_480.ROM. So IDA Pro should automatically determine the file type. For me, its a Portable executable for AMD64.
So now that its disassembled, we have to find out where the tabs are located, then we can see what calls them.
I created a program that can dump the internal forms representation used in EFIs human interface infrastructure. This can assist in finding the tab offsets, so you can download it here if you want to try using it. If youd rather find them manually, then in IDA Pro go to Search sequence of bytes. Then enter DF 42 4D B5 52 39 51 and press Ok. These hex values seem to always be in the header of the tabs, and are about 13 bytes after the start of the beginning of the tabs offset.

?
Now this windows will come up that shows where these bytes were found. Each one of these locations could potentially lead to one of the tabs.

So lets double click on the first one, which takes us here. I said that that byte sequence was in the header, so we need to scroll up about 13 bytes to get to the start of the tab subroutine.
Just go to each one of the places where that bytes sequence occurred to find out the offsets were looking for. Make sure you write them down. Heres all mine.

Lets go back to the first tab and see where its being referenced from. Right click on the location, and select Xrefs to. This will display the connections between this offset and other functions. You can zoom in to get a better view. Heres mine:
At one of these location the setup utility is determining which tabs to show. This calling function will probably be closer to the start of the modules code, because thats where it is initialing everything. So lets double click on the first calling location and see if it looks suspicious.

Heres the calling location:
You might be able to determine in IDA Pros Graph overview that this subroutine is most likely what switches between the tabs when you press left and right. It does references all the tab offsets, but this is just to determine which one its currently selecting. This function is not the one were looking for. If you want to make sure of this, you can modify some conditional jumps, but you will probably brick your computer this way. I should make a tutorial on how to recover from a brick. Lets check out the next calling function.

If you ever have trouble selecting the different calling functions in IDA Pro you can right click on the DATA XREF and select Jump to cross reference. Then just double click on the address to jump to that location.
So heres what the second calling function looks like. Dont be surprised that its not in a flow chart view. IDA Pro isnt perfect, so sometime it cant produce this style for all function. As a side note, you can press the space bar to swap back and forth between the flow chart view and the assembly view. Since I know how this tutorial is going to end, Im going to tell you that this is the function that decides what tabs are available in my BIOS. In yours, you might have to go through several more of the calling function before you find the one your looking for.

Since we cant see the bigger picture of this subroutine easily, well have to look through it. The main things you want to search for are conditional jumps that avoid one of the tab offsets. So once again, heres the ones Im searching for:

Back to the second calling function. Wow! Almost immediately I notice almost all of my tab locations being referenced. Theres also two conditional jumps:

Let me know if you guys think I add too many pictures. I want these tutorials to be through, but Im feeling like this is almost to slow. Let me know what you think. So lets see where these conditional jumps go to. I just scrolled down a little. So it seems like the first one it jumping over two of the tab locations. These could be the two hidden tabs. The second conditional jump is going directly to the two tab locations. And the third unconditional jump at the end is also going to bypass the two tabs.
Insyde Bios Flash Utility Download

So to make sure that those two tabs get referenced, we have to change the two conditional jumps. By changing the first one from a jump if zero (jz) to nothing, and by changing the second jz to a jmp, we can accomplish our objective. To view the hex values for the first jump, select it and go to IDA Pros hex view by clicking on the hex view tab. As you can see its 74 48. Since we want to remove it, lets change them to no operations (nop 90). Heres what were actually changing:

Insyde Corp Update Bios


And the second conditional jumps hex values are 74 0A. The first byte is the type of jump and the second is where its going to jump to. This is a short jump, and the hex value for an unconditional short jump is EB. So heres what were actually changing:

So heres what the resulting changes look like:
Now the program always jumps to 0x180001099 which references those two tabs. So lets try this out. Produce a DIF file in IDA Pro by going to File Produce file Create DIF file. I recommend you dont save it in the DUMP folder because it will most likely be deleted by Andys tool at some point. A DIF file contains the offsets and changes that we made in IDA Pro. IDA Pro cant physically edit a file, so we have to use the information in the DIF file and a hex editor to apply the changes. You can close IDA Pro now. Before actually applying the changes with a hex editor, go back to Andys tool and press the Advanced button. We want to enable the ability to make modifications to the modules. So these are the settings I changed. I also checked No SLIC because otherwise we would have to select a SLIC table in order to repack our changes. Im fine with my BIOS current SLIC table.

Press Done to get back to the main screen of Andys tool. Then press the Go button. When this message comes up, dont press Ok yet.

Insydeh20 Bios Flash Utility Download

We need to modify the setup utility module first. So open the same file we disassembled with a hex editor and apply the changes based on what the DIF file says.

Save the file. Now you can press Ok on the message from Andys tool, and it should repack your BIOS with your modified SetupUtility module. Lets try it out. Rename Andys tools outputted file, mines named 01448F29_SLIC.bin, to what the original rom was called, mines 01448F29.bin. Thisll replace the original rom with the modified one. Now run InsydeFlash.exe. Press Start, wait for it to initialize, then press Ok. It will now flash your computer with you modified BIOS then restart. Upon startup, press the key that corresponds to your setup utility, mines F10, to view your changes. Heres mine:
NO WAY!! An advanced tab! Thats weird??? Why didnt it unlock two tabs? Shouldnt there be seven tabs now? As it turns out, I havent found a way to enable all seven tabs at once in my BIOS. But I do have a way of replacing an existing tab with this hidden seventh tab. Lets go back to the disassembled code where we changed the jump locations. Now lets change one of the referenced tabs to the seventh tab. My hidden tab is at address 0x18007F490 (I know this because its the only one not referenced in the disassembled function we edited), so lets change the line of code 'lea rax, 0x18007FA00' to reference this tab.

The hex values for this line are 48 8D 05 55 E9 07 00. The first three bytes are the load affective address into rax part, and the last four bytes are the offset of the address. This is a relative address based off of the current instructions address. And its stored in little endian. So if your good with math you can determine the new values with a calculator, or you can just changes some values and see if theyll work right by seeing what IDA Pro displays. Heres what mine looked like when I was finished:
Now do the same procedure as before with the DIF file, hex editor, and Andys tool to produce a newly modified BIOS. Now flash it, and one of the tabs should be replaced with a different one.

Insydeflash Utility Download

HMMMM.. that power tab doesnt have anything new in it that the advanced tab didnt already have. I guess there is something new about interrupts under one of the settings, which Ill never change anyway. I hope your power tab isnt as lame as mine. So Im just revert it back to having the advanced tab instead.

Insyde Bios Flash Utility Download Free

This method of replacing one tab with another is probably the easiest way of unlocking one of the hidden tabs. The only downside to it is that youll have to give up one of the other tabs.
I hope you enjoyed this tutorial. I know it was a long one, but it was worth reading because it did cover some pretty good fundamentals of reverse engineering. IDA Pro makes this process much easier since it can quickly show what references what at any time. You can still do this same process with any other disassembler, but it probably wont be as easy.

Available link for download


Some time ago I bought an Alienware M14xR2 as my last laptop broke down. Lately, Alienware published an update for my BIOS that I can't burn in my computer because I only use Archlinux. By googling a bit I quickly found a tool for burning the BIOS in a DOS command line but I would need to have a look to the update package.

Just by executing the update file in a virtual machine in windows I soon figured out it was a self extracting package. I just searched %TEMP% files for the extracted version.

Insyde Bios Flash Utility Downloads

Ding.wav is just audio. I suppose it is played when flash is finished.Just by reading the header of the ini files we can guess they are configuration files for the flasher utility. The format is self explained in comments. In line 61 I found that the file I wanted for flashing was isflashWin.bin but after a fast attempt with FreeDOS and the tool I mentioned before I realised that the format was not FD as it should so I googled a bit more. As it turns out, Insyde has released a new update file format and as it seems it isn't documented.

Insydeh20 Bios Download

Inside the file I found a section that is exactly the same as the configuration file and it is preceded by a string quite suspicious.

I think these headers separate sections of the file as they are all 16 characters long. By having a look inside Hexedit I found that there is a padding of 8 bytes between the last character and some famous file magic numbers. I've done a simple python script (filesplitter) for splitting this kind of files and continue the analysis.

Part number four is clearly the configuration file. If you are trying to tweak parameters in platform.ini note that it wont work, but if you modify this part of the binary file it will. It seems that Insyde is now using the platform.ini only to point to the update file (isflashWin.bin) and then the utility just parses the configuration from there.I had no success in running one and two. I've tried FreeDOS and Windows 98 in DOS mode which should have support for MZ executables but in the best case I got no output and in the worse some memory address exceptions.I found that number three is related to a utility called Flashrom but I don't have much time to investigate. Maybe some readers can point me in the right direction.After having a look to five in Hexedit I think it can be a BIOS image although I don't really know about this topic.

Smadav 2018 version 12.0.1 serial key. Although I could not flash my BIOS I could find some little information about this new format and I also found that MZ executable signatures weren't in the binary analysis tool I use (binwalk). The latest version of binwalk now looks for MZ executables.


Please enable JavaScript to view the comments powered by Disqus.comments powered by Disqus