Page 1 of 4
#1 Insyde H2O bios unlocking/flashing by klaxklax3 22.04.2019 13:56

Hello

I have created this topic to discuss general problems related to Insyde H2O bios unlocking and flashing, i believe H2O Insyde bios is a real pain due to built-in security signature thats why it requires special attention and treatment.





Using the Insyde Win Flash






If you have any useful info comment and share here

PLEASE NO FLOODING !!!

#2 RE: Insyde H2O bios unlocking/updating/modding/flashing by klaxklax3 22.04.2019 13:59

also interesting link related to this topic in the following post https://www.insanelymac.com/forum/topic/...eeps-on-lenovo/

#3 RE: Insyde H2O bios unlocking/updating/modding/flashing by DvL 22.04.2019 23:36

Look at this topic: [Acer V3-571G] How to unlock this BIOS (Advanced settings menu)? version 2.21

In that case (for the unlocking part):

Zitat von Lost_N_BIOS im Beitrag [Acer V3-571G] How to unlock this BIOS (Advanced settings menu)? version 2.21

Here is the unlock edits to make, extract that "DriverSampleDXE-SetupUtility PE32 "BODY" Edit body at two bytes as follows
8DE: 59 >> Change to >> 00
8E8: 4F >> Change to >> 00



But those edits you need aren't going to be the same. Then he said:

Zitat von Lost_N_BIOS im Beitrag [Acer V3-571G] How to unlock this BIOS (Advanced settings menu)? version 2.21
That BIOS module is in all BIOS, it's the "Setup" module, some BIOS call is Setup, other BIOS it's DriverSampleDXE or SetupUtility etc.
So yes, all BIOS have this, and often with Insyde BIOS yes this is the module you need to edit to unlock, but it's never going to be those exact same bytes to edit. To find what you need to edit, there's several ways, some better/easier than others, and not all work on all BIOS even if it's still Insyde BIOS
Here is a general method to figure it out for many Insyde based BIOS - http://web.archive.org/web/2016111807325...power-tabs.html



So basically for Insyde you just need to know the assembly instructions to get the bytes you need to edit (be a developer) or use the tool he linked.

That topic also contains info on the other modding steps we have taken (as you said, "unlocking/updating/modding/flashing")

#4 RE: Insyde H2O bios unlocking/updating/modding/flashing by klaxklax3 23.04.2019 00:07

@DvL thx, i saw this topic already

Unfortunately recovery flash via FN + ESC didnt work for me

if certificate is missing there is nothing you can do, the process will end up with similar result



#5 RE: Insyde H2O bios unlocking/updating/modding/flashing by DvL 23.04.2019 00:18

Did you try using Flash Tool: InsydeH2OFFT from https://www.insyde.com/downloadcenter already?

Because it's not easy to pass that "wall" and get the download, I uploaded InsydeH2O_Dibbler_05.22.04.0011 at https://www.dropbox.com/s/brzls1iztezzlw....08.18.zip?dl=1 (only the Insyde flash tool, not the standard BIOS for OEMs)

Or else, just try find a download for an universal Windows GUI "Insyde h20fft" flash tool (not DOS like above) that looks like this:

#6 RE: Insyde H2O bios unlocking/updating/modding/flashing by klaxklax3 23.04.2019 09:41

@DvL

i have this tool already!

all my attempts end up with "InsydeH20 - Secure Flash Error : Invalid firmware image!!!" or "it only supports to flash secure BIOS on current platform. the image to be updated is not secure BIOS"

no matter what values i put into platform.ini

#7 RE: Insyde H2O bios unlocking/updating/modding/flashing by Lost_N_BIOS 23.04.2019 09:49

avatar

H2OFFT-Wx64.exe is included with your stock BIOS as you mentioned @klaxklax3 - you need to edit iscflash.dll to bypass that error (Or simply dump with your programmer, edit, and then reprogram as I mentioned on the other thread)
platform.ini will be ignored if you put BIOS image back into the stock.FD file because there is a platform.ini in that FD that's used instead. If you feed the H2OFFT-Wx64.exe an extracted actual BIOS image without the embedded platform.ini then it will use the one in the folder
The embedded ini can also be extracted and edited, then replaced if you wanted to do that instead too - 0x800CDC is it's starting location at the stock FD file, and it's 10000h

I'll check your iscflash.dll now, since I see your exact error mentioned above, but read my huge reply on the other thread just now, your mod BIOS is broken
CHECKING BIOS CHECKSUM, CALCULATION AND REPLACEMENT

#8 RE: Insyde H2O bios unlocking/updating/modding/flashing by klaxklax3 23.04.2019 10:01

@Lost_N_BIOS huge thanks for important information, it helps to understand the structure but how i can edit DLL?

P.S
I hold my programmer as a last resort, still hoping to flash the bios using software =D

#9 RE: Insyde H2O bios unlocking/updating/modding/flashing by Lost_N_BIOS 23.04.2019 10:13

avatar

You're welcome, please wait, I will tell you how to edit the .dll - in general, this is done in assembly/hex, in assembly you find the coding that checks and invokes this error and bypass it by either jumping past it, or making it not happen (NOP it out >> No Operation Possible >> 9090)

Thank you for the interesting post you linked at post #2 above, although he disabled replies, so you can't see the amount of success vs failure with that method, it does look valid and proves a long drawn out edit can be done to fix the issue as well.
That is a lot of edits though, so on a non-personal level (ie someone making a mod BIOS for someone else) it's easier to just bypass the secure BIOS check by editing the iscflash.dll
However, that does not work on some more recent BIOS, it only causes another error instead, then you can't get around that one either unless you do the edit via programmer to the onboard BIOS first.

I wonder if that method, gets you around RSA Internally Signed BIOS or not, or only the RSA check at the flashing level. It's too bad he's disabled comments on that, I'm sure that would have been discussed and tested at length.
Why create such a guide, and then not allow discussion!?!?

Please be patient, I will let you know once I've found the edits on your iscflash.dll (I'm using slow computer right now, so the search within the file is very slow)

* Edit - I see your edit and raise you >> Last resort is fine, but since you have it and you are trying to flash in mod BIOS, I suggest you use your programmer now to get a valid and verified backup made, that way you know you can recover and you know what version software works for your setup.
If you don't do that, and have to recover later with stock BIOS only, you can never get NVRAM/VSS back, and it will be a huge pain to find and put back in your system details

#10 RE: Insyde H2O bios unlocking/updating/modding/flashing by klaxklax3 23.04.2019 11:11

@Lost_N_BIOS thank you for advice, i will keep that in mind ..

Hard to say .. FPT doesnt recognize my system nor in GPT/UEFI nor in Legacy/MBR nor in DOS nor in WINDOWS ...

H2OFFT end up as

#11 RE: Insyde H2O bios unlocking/updating/modding/flashing by Lost_N_BIOS 23.04.2019 11:37

avatar

@klaxklax3 - You have TXE MW FW, you can see that in UEFITool or with ME Analyzer, you need to use TXE V2 FPT, from this thread in section "C2" - Intel Trusted Execution Engine: Drivers, Firmware & System Tools

Please show me image of this error you get >> Invalid firmware image << With stock included H2OFFT-Wx64, I do not see this exact message in iscflash.dll, similar but not exact and there is a few, so I need to see the exact error or you need to confirm which it is
"The BIOS image to be updated is invalid for Secure Flash or current BIOS does not support Secure Flash" << This one, or this one >> Signature Invalid

Dismantle laptop now and get backup made is much better than dismantle laptop later to try and recover with partial BIOS download from the web.
You can't get full backup with FPT unless you unlock FD First via pinmod, but you might be able to with Universal BIOS Backup Toolkit, try and see (window cannot move, press read, then once it's done press backup). This may setoff virus warnings for you, ignore or disable before you download and use
https://www.majorgeeks.com/files/details...up_toolkit.html

In my comments, for backing up via programmer and FPT etc, programmer will give you complete BIOS dump, FPT will get you a "BIOS Region" dump.
Region dump is all you absolutely need to recover from failed flash/bad flash ect with your programmer, but you would need to build a complete BIOS file with a stock BIOS Image (FD/ME and then add your BIOS region backup instead of the stock, then program)

You're "Saving" comments, that's a function of your hex tool, or whatever you are using to edit the BIOS, completely normal if you've set it up that way or that's it's default preference/setting
Please edit your posts to add in a new comment, no need for a new post every time you need to add something new, thanks!

For your H20FFT image above, that's probably/maybe because you're trying to flash that broken BIOS? Or, you already have V2.x BIOS flashed in the board now? That is V1.19 BIOS you are editing, in case you were not sure.

#12 RE: Insyde H2O bios unlocking/updating/modding/flashing by klaxklax3 23.04.2019 15:08

@Lost_N_BIOS

looks like I finally have all necessary software on my PC ...

I believe version 2.x belong to ME Firmware bcz i never had bios other than 1.18 or 1.19

Let me do couple more attempts and will report depending on a result

#13 RE: Insyde H2O bios unlocking/updating/modding/flashing by klaxklax3 23.04.2019 15:41

@Lost_N_BIOS

OK, I have intalled packages

have no idea what to do next but meanwhile I passed couple tests

#14 RE: Insyde H2O bios unlocking/updating/modding/flashing by Lost_N_BIOS 24.04.2019 08:00

avatar

@klaxklax3 - From Flash Programming Tool folder, inside that find the Windows or Win/Win32 folder. Select that Win folder, hold shift and press right click, choose open command window here (Not power shell).
At the command prompt type the following command and send me the created file to modify/check etc, and this is the file you should use from now on (redo your edits on this, flash via FPT etc) >> FPTw.exe -bios -d biosreg.bin
Once you dump this file, immediately try to reflash the dumped biosreg.bin back, so we can see what error you get and I can tell you how to get around that so you can flash mod BIOS >> FPTw.exe -bios -f biosreg.bin
Show me image of error if any, if red/size error stop and DO NOT proceed, show me command/error image

V2 on FFT error, must be due to the broken BIOS, that has nothing to do with ME (And if it did that would be wrong too, because you already have V2 ME and are trying to flash BIOS with V2 ME in it too, so unrelated things here)

If you'll answer my question from post #11 I can tell you how/where to edit iscflash.dll - or is that what you are showing above? If yes, that's not the original "invalid error" you mentioned earlier/always until now..... So as you can see, I still need to know which error you need to bypass.
But, I still say that is broken BIOS too and I would not flash it, but if you want to try I need to know exact error it gives you when you try, then we can bypass.

#15 RE: Insyde H2O bios unlocking/updating/modding/flashing by DvL 24.04.2019 08:03

Zitat von Lost_N_BIOS im Beitrag #9
You're welcome, please wait, I will tell you how to edit the .dll - in general, this is done in assembly/hex, in assembly you find the coding that checks and invokes this error and bypass it by either jumping past it, or making it not happen (NOP it out >> No Operation Possible >> 9090)

It's easier to just bypass the secure BIOS check by editing the iscflash.dll



If someone here is planning to (or has successfully) edited the DLL, maybe sharing it here will benefit others that are blocked by the same issue.
Preferably, modify the latest known version of H20FFT Flash tool (ver 5.74 from 2017). Attaching the file: H20FFT_x86_WIN_5.74.zip to this post, so others can try at the same time I will try to hack the checks out.
if I succeed myself, I will also post it here.

Instead of having to reverse/debug it, do you already know the address of that check?

Xobor Forum Software von Xobor
Datenschutz