[b][/b]
[i][/i]
[u][/u]
[s][/s]
[code][/code]
[quote][/quote]
[spoiler][/spoiler]
[url][/url]
[img][/img]
[video][/video]
Smileys
smile
smile2
spook
alien
zunge
rose
shy
clown
devil
death
flash
sick
heart
idee
frage
blush
smokin
mad
sad
wink
frown
crazy
grin
hmm
laugh
mund
oh
rolling_eyes
lil
oh2
shocked
cool
[mail][/mail]
[pre][/pre]
Farben
[rot][/rot]
[blau][/blau]
[gruen][/gruen]
[orange][/orange]
[lila][/lila]
[weiss][/weiss]
[schwarz][/schwarz]
wdaniels
Posts: 19 | Last online: 09.21.2017
Date registered
09.10.2017
Sex
not specified
    • wdaniels has written a new post "Dell Venue Pro 7130 tablet - ME file system corrupted" Yesterday

      Hi all,

      Last update from my side on this thread. I have noticed another more bothersome side-effect of using a stock BIOS region from the updater EXE file: the unique Windows 8/10 key embedded in the MSDM table is also gone. This might be important for @jockyw2001 as well as he also wrote a stock BIOS to his tablet.

      I have done some research, and I noticed that all the board specific BIOS parameters (win key, production date, etc) are stored in the BIOS image from 0x40000-0x90000. This is not an UEFI volume recognised by UEFItool, it shows there as non-empty padding. My key/production date appears twice in there in plaintext, once around 0x3020, and another time at 0x87d0. The section starts with “DVAR” in ASCII, I don’t know if that rings any bells for anyone. I think it is Dell specific.

      Anyway, splicing in that section into the stock BIOS I got from the Dell update EXE restored the keys and production dates, and also fixed my slow boots. The stock Dell image has two dummy UEFI volumes there, one empty and another one containing “DUMMY PERSONALITY” in ASCII.

      Lastly, out of curiosity I have tried updating the normal way with the Dell exe to see if that worked. I first downgraded bios manually to A22 and loaded cleaned ME release that comes officially with that release (9.5.60.1952). The update ran fine and does not relock the flash descriptor. I did notice something strange with ME: the automatic reboot after update fails: system shuts down abruptly at Dell logo. Manual power on after that shows “Error sending end of post message to ME, System HALT!” multiple times (4 or 5 times). After getting to windows, no ME is detected, but another reboot solves all problems and shows the new ME version.

      Is this because internally ME is still “applying” the update? I have a feeling that the Dell bios update process rebooted too early, causing these problems.

    • wdaniels has written a new post "Dell Venue Pro 7130 tablet - ME file system corrupted" 09.17.2017

      For those interested and future reference, this is how I unlocked the FD with a Pi:
      - I used a raspbian lite install; no GUI required and wanted to do it headless (didn't have a screen/keyboard handy)
      - Enabled ssh by creating empty filed called 'ssh' in boot partition
      - Boot up with ethernet cable in, figure out IP somehow (I used nmap to portscan for port 22) and log in over ssh with default user and password
      - Edit config.txt in boot partition to enable SPI
      - sudo apt-get install flashrom
      - Wire up as described here: https://www.flashrom.org/RaspberryPi
      - Use usual commands for dumping and flashing. I also patched the FD on the Pi with a CLI hex editor like hexcurse

      I have attached some pictures too
      |addpics|hcn-3-fcf0.jpg,hcn-4-4374.jpg|/addpics|

    • wdaniels has written a new post "Dell Venue Pro 7130 tablet - ME file system corrupted" 09.17.2017

      I just did mine too and all problems seem to be fixed :) I did notice one minor side effect: the manufacturing date and the ownership date in the BIOS system overview are blank now. I'm assuming this is stored somewhere in an UEFI var but got cleared now.

      The unique dell service tag however is correct, so I'm wondering where that is stored. Out of curiosity, @jockyw2001 could you check if yours is still the same as the one printed on the chassis? You might have mine now because you used my full dump :)

    • wdaniels has written a new post "Dell Venue Pro 7130 tablet - ME file system corrupted" 09.16.2017

      Fantastic! Not home till tomorrow but I look forward to trying it on my end too :-)

    • wdaniels has written a new post "Dell Venue Pro 7130 tablet - ME file system corrupted" 09.16.2017

      Yup that's exactly the issue I have been trying to solve. Normal BIOS down/upgrades didn't solve anything, so hoping that flashing through FPTW will help.

    • wdaniels has written a new post "Dell Venue Pro 7130 tablet - ME file system corrupted" 09.16.2017

      @plutomaniac I was also considering that option. I will try to load the clean BIOS region extracted from the Dell HDR onto the computer through FPTW tomorrow and see what happens.

    • wdaniels has written a new post "Dell Venue Pro 7130 tablet - ME file system corrupted" 09.16.2017

      I couldn't test fully, but I had the impression that it wouldn't remain in sleep before. After sleeping for a random amount of time, at wake it would do a full reboot with the slow double flashing Dell logo. If suspend would work properly the double POST wouldn't bother me so much.

      I don't think the double POST is normal, BIOS logs show that it effectively boots twice every time with a forced shutdown in between. Also, I remember that initially it did not show this behaviour. I don't have much time today, but I will keep investigating. Maybe it is the Dell EC (embedded controller? seems to be based on an MSP430), which is in charge of some power management functionality and also has a firmware image in the HDR file.

      Anyway, great that your worst problems are fixed, I was happy to help :-)

    • wdaniels has written a new post "Dell Venue Pro 7130 tablet - ME file system corrupted" 09.16.2017

      The BIOS Lock setting is stored in an UEFI variable called "Setup". It stores all your settings from the BIOS menu as well, and if you do a reset to default in the BIOS menu it will be gone.

      It is stored in the BIOS region of the flash, by using my dump you probably have overwritten it already with the settings I had and where BIOS is locked.

    • wdaniels has written a new post "Dell Venue Pro 7130 tablet - ME file system corrupted" 09.16.2017

      There are a lot of ways to do it, but I used a patched grub from here. Reboot and load that EFI executable. The easiest is to just replace the windows bootx64.efi in the root of your ESP partition and select your SSD drive in the quickboot menu. This won't break windows booting windows, it has a separate boot entry pointing to a duplicate in one of the subdirectories.

      Anyway, once loaded just execute

      1
       
      setup_var 0x75
       

      to get the current state and

      1
       
      setup_var 0x75 0x00
       

      to disable the BIOS Lock.

    • wdaniels has written a new post "Dell Venue Pro 7130 tablet - ME file system corrupted" 09.16.2017

      I managed to disable the lock in software. Extracting IFR shows that the BIOS Lock parameter is at 0x75, just write 0x00 there and it will unlock.

      Still have the double POST after reflashing, will keep investigating.

    • wdaniels has written a new post "Dell Venue Pro 7130 tablet - ME file system corrupted" 09.16.2017

      Thanks for the info! I'll try disabling it by modifying the Setup UEFI var. If all else fails I will have to rewire it, but I have already partially reassembled so I would like to avoid that.

      Wilfried

    • wdaniels has written a new post "Dell Venue Pro 7130 tablet - ME file system corrupted" 09.16.2017

      Hi all. I have dumped through FPTW64 successfully too. You can find the file here (this is an untouched dump). The cleaning process of the guide worked with a non-fatal warning on build about a setting and yielded an output image, but I couldn't flash it back with FPTW64, it gave me the error "Error 280: Failed to disable write protection for the BIOS space!".

      I googled around a bit and there are ways around this, but in the worst case I will have to wire up the SPI chip again.. Or maybe if I just rewrite the ME I don't get the error. Anyway, it's quite late here and that is something for tomorrow. I took some pictures of how I wired up the chip, I can share these as well tomorrow.

      Good night!

    • wdaniels has written a new post "Dell Venue Pro 7130 tablet - ME file system corrupted" 09.15.2017

      I have successfully dumped the BIOS with the raspberry pi. I am currently patching the FD. I could share it already, but I am not sure if my MEBx password is in there somewhere in plain text (bad programming practice so I assume not but you never know). Let me quickly reassemble and unprovision AMT, and I will give you a fresh dump with FPT.

      PS: Good question about the automatic relocking of the FD. I was thinking about this as well yesterday, I know there are some security risks but I would like to leave it unlocked to fix future problems.

    • wdaniels has written a new post "Dell Venue Pro 7130 tablet - ME file system corrupted" 09.14.2017

      I believe that file was an update image for fwupdate, of which an EFI variant will run during the BIOS update process, not a configured region. I will dump mine this friday, I didn't have any time today. Since mine has less severe symptoms of breakage (basically slow boot and suspend problems), I have high hopes my dump wont be corrupt.

      I plan on wiring up the chip to the SPI bus of a raspberry pi running flashrom and dump it like that. I will solder wires in place in stead of waiting for a clip which I will only use once. Once the FD is unlocked I can always service it (as long as it boots :) )

      PS:
      MEAnalyzer dump of the file extracted form the BIOS update:

      File: section_5_9.5.61.3012.data

      Family: ME
      Version: 9.5.61.3012
      Release: Production
      Type: Region, Stock
      SKU: 5MB
      SVN: 1
      VCN: 11
      PV: Yes
      Date: 2017-04-07
      Size: 0x702000
      Platform: LPT-LP
      Latest: Yes

    • wdaniels has written a new post "Dell Venue Pro 7130 tablet - ME file system corrupted" 09.14.2017

      The EMI shield can definitely be placed back. There is a frame soldered down (I think you can see it in my pictures), which has little sharp bumps punched in the metal facing outwards. The removable EMI shield has holes in the folded over sides that snaps over these bumps and grab the frame.

      I used the smallest screwdriver I have and used mainly upward force (perpendicular to the board), but sometimes I tried to pry the holes away from the bumps very gently without bending the metal.

      I currently don't have a clip the can grab the 8 pin SOIC package, so I am going to order that first. I looked at it again, and I am quite sure that if I need to I can even desolder it relatively easily. If this is a dead end, I will try to find the pinstrap. My guess is that it is either under the shield closest to the headphone jack, or on the other side of the board under the CPU.

    • wdaniels has written a new post "Dell Venue Pro 7130 tablet - ME file system corrupted" 09.13.2017

      Quick question, how did you extract the HDR from the executable? I tried to pass the A23 exe the usual arguments but it doesn't seem to work.

    • wdaniels has written a new post "Dell Venue Pro 7130 tablet - ME file system corrupted" 09.13.2017

      I have started disassembling my 7130, and the winbond chip is indeed under the EMI shield that has the heatsink pipe going under it. It is relatively easy to unhook, initially I was afraid it was soldered down. The markings indicate it is a winbond W25Q128FV.

      I was planning to try ISP flashing it to unlock the flash descriptor and service it like that, but your research already indicates that might be difficult. Perhaps I can continue and find the audio chip to do the pinstrap method. Alternatively, the BIOS chip is luckily not a QFN package and I think I could unsolder it if I really needed, but I'd rather not risk that if it is not required.

      |addpics|hcn-1-fe8a.jpg,hcn-2-cab6.jpg|/addpics|

    • wdaniels has written a new post "Dell Venue Pro 7130 tablet - ME file system corrupted" 09.11.2017

      I have the A23 bios. Downgrading ME after flashing the A23 BIOS is probably not possible, it contains a ME version with a security fix for the AMT vulnerability uncovered in may (v9.5.61.3012). It has a higher VCN (Version Control Number) which disables downgrading of ME the regular way. In other words, running e.g. A22 probably only downgrades your BIOS but doesn't touch your ME. I haven't tried yet though, so it is worth a shot. I have tried running A23 again with no results.

      Another thing I tried is running FWUpdLcl64.exe -save test.img to get a dump, and after that flashing the image back with FWUpdLcl64 -F test.img -OEMID xxx -ALLOWSV. Flashed successfully but problem still persists. I think FWUpd doesn't really give a full raw dump like fptw gives, that would be a security leak if it leaked ME credentials etc. The only real way of fixing it is by unlocking the flash somehow.

      I will attempt to find a way to pinstrap it when I find the time this week. I haven't looked into it yet but the EMI shielding you speak of doesnt give me high hopes..

    • wdaniels has written a new post "Dell Venue Pro 7130 tablet - ME file system corrupted" 09.10.2017

      I was searching these forums for problems with the exact same tablet when I came across your post. My symptoms are a bit less disastrous and point less obviously to ME, but I still suspect it.

      The BIOS double POSTs when booting or coming out of hibernate (happens really a lot with rapid start enabled), adding 20s or so to an otherwise fast boot. BIOS log always shows "ASF2 force off", some googling shows this can have several causes but ME is possible. It happened after I ran the tablet for a while with a low CMOS battery, which constantly reset/unprovisioned ME. I recognize the symptoms you describe after you tried to suspend yours with the keyboard. With the empty CMOS, whenever I pulled or drained the main battery there was a normal boot buzz and then a black screen, needing at least 3 attempts to boot it. CMOS battery has since been replaced but problems persist. MEInfo shows no problems, and AMT functions do work over the network.

      After reading through these forums, I am tempted to try the pinstrap method to unlock the flash descriptor, mine is also locked. How did your friend dump his? There is a post here somewhere that shows how to clean your dump and reset ME that way, it looks promising. Alternatively, on ebay I saw some people sell preflashed BIOS chips for this model. I do have experience soldering small SMD things and access to hot air rework stations, but that seems a bit too invasive.

Recipient
wdaniels
Subject:


text:
{[userbook_noactive]}


Xobor Forum Software von Xobor