Page 2 of 4
#16 RE: Bypass BIOS Flash Protection Range Registers on Insyde BIOS (Xiaomi Air 12.5) by Lost_N_BIOS 18.01.2019 22:08

avatar

@johnnync21 - If you have programmer you do not need to unlock anything, only write in the BIOS you want already modified. I don't know where the chip is, show me some images of your board and I can help you ID it

#17 RE: Bypass BIOS Flash Protection Range Registers on Insyde BIOS (Xiaomi Air 12.5) by johnnync21 20.01.2019 16:01

@Lost_N_BIOS
My Xiaomi mi air 2018

And IFR Extractor Variables

#18 RE: Bypass BIOS Flash Protection Range Registers on Insyde BIOS (Xiaomi Air 12.5) by johnnync21 22.01.2019 01:12

How can I search MC LOCK, CFG LOCK and more variables in ASP Programmer? It is in hexadecimal

#19 RE: Bypass BIOS Flash Protection Range Registers on Insyde BIOS (Xiaomi Air 12.5) by johnnync21 22.01.2019 02:00

I have a brick after flashing. My chip is a W25Q128JV. Can anyone help me? :(

#20 RE: Bypass BIOS Flash Protection Range Registers on Insyde BIOS (Xiaomi Air 12.5) by johnnync21 22.01.2019 03:40

I was able to recover the laptop

#21 RE: Bypass BIOS Flash Protection Range Registers on Insyde BIOS (Xiaomi Air 12.5) by Lost_N_BIOS 22.01.2019 08:40

avatar

@johnnync21 - Stuff like you mentioned needs setup or other modules extracted from the BIOS and then edited via IFR/Hex. Then you edit the module itself in hex, and insert back into the BIOS, then program the mod BIOS with ASProgrammer.
Or some BIOS you can open in tools with a GUI and edit the settings directly, depends on the BIOS. Send me a dump of your BIOS and I will let you know if any tools with GUI can be used to edit settings, or if you have to via IFR/Hex only.

I take it you located the chip, it's between fan and M.2 drive, right above Nuvoton chip.

#22 RE: Bypass BIOS Flash Protection Range Registers on Insyde BIOS (Xiaomi Air 12.5) by johnnync21 22.01.2019 12:42

@Lost_N_BIOS I think that it's all MiAir

#23 RE: Bypass BIOS Flash Protection Range Registers on Insyde BIOS (Xiaomi Air 12.5) by Lost_N_BIOS 24.01.2019 09:34

avatar

@johnnync21 - some things can be edited via EZH20, but it's better to edit those in UEFITool anyway. I even extracted the BIOS again from the .fd file, still no luck with EXH20
Menu settings can't be edited in EZH20 which I assume you found out already. Most can be changed in the setup IFR or by vars as you've included.

Here's how to change, via hex, edit setup file

Form: View/Configure CPU Lock Options, FormId: 0x1012 {01 86 12 10 D9 00}
One Of: CFG Lock, VarStoreInfo (VarOffset/VarName): 0x3C, VarStore: 0x3, QuestionId: 0x146, Size: 1, Min: 0x0, Max 0x1, Step: 0x0 {05 91 8A 02 8B 02 46 01 03 00 3C 00 10 10 00 01 00} << Locate this string
One Of Option: Disabled, Value (8 bit): 0x0 {09 07 04 00 00 00 00}
One Of Option: Enabled, Value (8 bit): 0x1 (default) {09 07 03 00 30 00 01} << 30 here denotes "Default" setting, move 30 to above setting instead, in same location, set 00 here in it's place, that is all.

Same for MC Lock
One Of: MC Lock, VarStoreInfo (VarOffset/VarName): 0x126, VarStore: 0x2, QuestionId: 0x197, Size: 1, Min: 0x0, Max 0x1, Step: 0x0 {05 91 35 11 36 11 97 01 02 00 26 01 10 10 00 01 00} << Locate string
One Of Option: Disabled, Value (8 bit): 0x0 {09 07 2D 10 00 00 00}
One Of Option: Enabled, Value (8 bit): 0x1 (default) {09 07 2C 10 30 00 01} <<< Move 30 above instead

#24 RE: Bypass BIOS Flash Protection Range Registers on Insyde BIOS (Xiaomi Air 12.5) by johnnync21 24.01.2019 17:04

@Lost_N_BIOS and then when Can I create .bin or introduce the ifr.txt again to .fd file?
And if I want to modify others modules like wireless, I can't use ifr extractor, because only works for setup. How Can I modify and apply changes?

This is all my modifications

#25 RE: Bypass BIOS Flash Protection Range Registers on Insyde BIOS (Xiaomi Air 12.5) by johnnync21 26.01.2019 03:25

@Lost_N_BIOS Okey, An earlier version(uefitool) of the file was downloaded and my backup copy could be modified. Now How I can disable PRR/FLOCKDN??

#26 RE: Bypass BIOS Flash Protection Range Registers on Insyde BIOS (Xiaomi Air 12.5) by Lost_N_BIOS 26.01.2019 09:37

avatar

@johnnync21 - IFR text is never put back into BIOS, this is only a human readable output of the settings contained within the BIOS setup module. You have to edit the setup module itself directly via hex, like I outlined above.
If you are still unsure how to modify the setup file, give me an exact list of all settings you need changed by exact name, and what you want them changed to, and I will send you a modified setup module.
I can't use your IFR text above, we used different IFR tools so I can't compare, my output IFR has more info so there's too many differences for me to easily see.

Here is same example above, but now edited before/after so you can see what I meant on how to change settings

Before-
One Of: CFG Lock, VarStoreInfo (VarOffset/VarName): 0x3C, VarStore: 0x3, QuestionId: 0x146, Size: 1, Min: 0x0, Max 0x1, Step: 0x0 {05 91 8A 02 8B 02 46 01 03 00 3C 00 10 10 00 01 00} << Locate this string via hex in setup module
One Of Option: Disabled, Value (8 bit): 0x0 {09 07 04 00 00 00 00}
One Of Option: Enabled, Value (8 bit): 0x1 (default) {09 07 03 00 30 00 01} << 30 here denotes "Default" setting, move 30 to above setting instead, in same location, set 00 here in it's place, that is all.

After -
One Of: CFG Lock, VarStoreInfo (VarOffset/VarName): 0x3C, VarStore: 0x3, QuestionId: 0x146, Size: 1, Min: 0x0, Max 0x1, Step: 0x0 {05 91 8A 02 8B 02 46 01 03 00 3C 00 10 10 00 01 00} << Locate this string via hex in setup module
One Of Option: Disabled, Value (8 bit): 0x0 {09 07 04 00 30 00 00} <<< Now, this will be new default (And new IFR output on modified file, will move the (Default) mark to this setting instead (new "Post-edit" IFR)
One Of Option: Enabled, Value (8 bit): 0x1 (default) {09 07 03 00 00 00 01}

Not all modules will output IFR, but many more than setup. What is it you need to modify in a wireless module, and are you sure it's the wireless module you need to modify?

Yes, to insert you need to use regular UEFITool (like 25-26 etc), the NE Alpha version is only used for extracting, hex view, informational purposes etc

FPRR/FLOCKDN removal for is covered on page one, post #4, modify BiosRegionLockDxe (GUID - BC05DC37-9DA0-4050-9728-F34DDB01E200)
Extract that GUID PE32 module as-is with UEFITool, open in hex, go to 0x05d6h location and edit line >> ba 00 80 00 00 >> To be >> ba 00 00 00 00
Then replace that PE32 back in as-is

#27 RE: Bypass BIOS Flash Protection Range Registers on Insyde BIOS (Xiaomi Air 12.5) by johnnync21 26.01.2019 13:35

@Lost_N_BIOS What ifr extractor do you use?
I don’t know what I have to modify to charge module wifi by nvme m.2 port

#28 RE: Bypass BIOS Flash Protection Range Registers on Insyde BIOS (Xiaomi Air 12.5) by Lost_N_BIOS 26.01.2019 21:54

avatar

@johnnync21 - I use this one from Donovan600 Version 0.7 - http://s000.tinyupload.com/index.php?fil...680924802087821
I will look through settings and see if I see anything related to charging, it may not be possible due to hardware missing on board or traces not setup to do that?

#29 RE: Bypass BIOS Flash Protection Range Registers on Insyde BIOS (Xiaomi Air 12.5) by johnnync21 26.01.2019 23:55

I find wlan device variable on Setup. In Xiaomi Pro it is activated on mi air not. And others version of air like 6200u and 7200u wifi m.2 port works

#30 RE: Bypass BIOS Flash Protection Range Registers on Insyde BIOS (Xiaomi Air 12.5) by Lost_N_BIOS 27.01.2019 06:31

avatar

@johnnync21 - What is the exact setting name, I can tell you how to change it. * Edit, I see the following

Enable Wireless Charge Support, VarStoreInfo (VarOffset/VarName): 0x5BA, VarStore: 0x1234, QuestionId: 0xAB1, Size: 1, Min: 0x0, Max 0x1, Step: 0x0 {05 91 8A 0F 8B 0F B1 0A 34 12 BA 05 10 10 00 01 00}
0x1634D8 One Of Option: Disabled, Value (8 bit): 0x0 (default) {09 07 04 00 30 00 00} << To change to enabled, move 30 here to below, as shown in above examples
0x1634DF One Of Option: Enabled, Value (8 bit): 0x1 {09 07 03 00 00 00 01}

USB Charge Battery Threshold, VarStoreInfo (VarOffset/VarName): 0xED, VarStore: 0x1234, QuestionId: 0x5, Size: 1, Min: 0xA, Max 0x1E, Step: 0x0 {05 91 1E 01 1F 01 05 00 34 12 ED 00 00 10 0A 1E 00}
0x33EE92 One Of Option: 10%, Value (8 bit): 0xA {09 07 20 01 00 00 0A}
0x33EE99 One Of Option: 20%, Value (8 bit): 0x14 {09 07 21 01 00 00 14}
0x33EEA0 One Of Option: 30%, Value (8 bit): 0x1E (default) {09 07 22 01 10 00 1E}

Do you need me to make this modification for you? If yes, what do you want the USB Charge Battery Threshold set to?

Xobor Forum Software von Xobor
Datenschutz