 Notice. New forum software under development. It's going to miss a few functions and look a bit ugly for a while, but I'm working on it full time now as the old forum was too unstable. Couple days, all good. If you notice any issues, please contact me. |
Forum Index : Microcontroller and PC projects : Protecting flash chip from being written (and where to find ROMs)
| Author | Message | ||||
SimpleSafeName Guru  Joined: 28/07/2019 Location: United StatesPosts: 319 |
Hi guys, A friend of mine had his laptop hacked and part of the attack included having his BOIS flash chip hacked and now it can't be updated. It wants "his" password, one that he never setup in his laptop to begin with. So the solution is to reload the firmware, which the password check isn't going to allow. This can be bypassed by loading an offline image using an EPROM burner. All you need is an offline image... But finding an offline ROM image has been futile, so he decided to buy a used motherboard. Which will now provide a donor offline image for us, as well as a second motherboard. :) ----------------- Once I get everything sorted out, I plan on lifting the /WP pin and tying it to low to prevent any BIOS upgrades in the future. The line prevents the Status register from being written to, which seems to be a convoluted way of protecting a chip. Is this going to protect the chip from being written to? And what would be the correct, or the better, way of doing this? The chip is a Winbond W25Q128JVSIQ, and pin #3 is the active low write protect line. ----------------- All of this is for a Dell Inspiron 17 5770 laptop with a 8550u motherboard. I have downloaded the entire set of BIOS images for it, both the ".exe" versions as well as the "BIOS_IMG.rcv" images (where available). The difference between the two file formats is minor, and makes me wonder what the donor's image will reveal. But does anyone here know of where I can find the "raw" images that can be directly written to a flash chip outside of the Dell laptop? The rooted BIOS requires a password, and let's just say that it is exceedingly picky to which password it is going to accept (as in none of them). :) Thanks guys! John |
||||
Quazee137 Guru Joined: 07/08/2016 Location: United StatesPosts: 571 |
A life time ago I did database and a bit of IT for a few casinos in Las Vegas. We had 10 or maybe 16 laptops come in. All the same and all infected at the same meeting using a hub. We used a square desoldering iron to remove the bios eproms. Then used a known good chip and reprogrammed then put them back and added a usb lock program to each. Oh we also set the bios password "knockknock" LOL. If you can get access to the same model and use a program to read the bios chip. It's been some time I did any thing windows now. Sorry cant refer you to a program for Win10 we where dealing with win7. try searching I found this pgm bios chip a better search looks good NeoProgrammer Hope it helps Quazee137 Edited 2023-12-29 06:09 by Quazee137 |
||||
| SimpleSafeName Guru Joined: 28/07/2019 Location: United StatesPosts: 319 |
LOL! A lot happened in a day, we bought a replacement motherboard and it (eventually) dawned on me that I now had my backup ROM! Nonetheless, I kept looking around and in the wee hours I found a Python script that works with numerous vendors BIOSes, and for the Dell it extracted these files: 12/28/2023 04:29 AM 9,109,504 1 !Ins_1100 -- 1 System BIOS with BIOS Guard v1.10.0.bin 12/28/2023 04:29 AM 327,680 1 !Ins_1100 -- 2 Embedded Controller1 v1.0.8.bin 12/28/2023 04:29 AM 327,680 1 !Ins_1100 -- 3 Embedded Controller2 v1.0.8.bin 12/28/2023 04:29 AM 2,031,616 1 !Ins_1100 -- 4 Intel Management Engine (Non-VPro) Update v11.8.92.4222.bin 12/28/2023 04:29 AM 2,208 1 !Ins_1100 -- 5 System Board Map v1.0.1.bin 12/28/2023 04:29 AM 65,280 1 !Ins_1100 -- 6 Main System Cypress Port Controller 0 v0.39.64.75.bin 12/28/2023 04:29 AM 136 1 !Ins_1100 -- 7 Model Information v1.0.0.0.txt I used this utility to get this far: https://github.com/platomav/BIOSUtilities?tab=readme-ov-file Until I upload the firmware from the new motherboard I won't know if this utility is going to work for me. The board should be here by the 3rd. And another github page that shows the CMD line syntax: https://github.com/dreamwhite/bios-extraction-guide/blob/master/Dell/README.md The CMD line syntax: python3 Dell_PFS_Extract.py <BIOS_UPGRADE.EXE> And more importantly, how to extract the darn thing: https://github.com/dreamwhite/bios-extraction-guide/tree/master Thanks! The first video was more about the EEPROM programmer than anything else, but it's good to know that the programmer no longer needs the 1.8 volt modification (I bought the new version so I didn't need it anyway). And he mentioned that some motherboards have protection circuitry which will prevent the chip-clip approach from working. I'm going to take a page out of your book and modify my soldering iron tip to get both sides of the EEPROM at the same time if I have to pull it from the board. Thank you for that. :) The second video had some more "Nuts and Bolts" details, and unfortunately is hopelessly dated for the newer PCs. Dell seems to be in direct competition with the firmware hackers as to who is going to get to lock you out of your laptop. In any case they have changed their format at least twice since that video came out. Thanks for the info! The chip write protect warning will probably be a lifesaver. :) John |
||||
| SimpleSafeName Guru Joined: 28/07/2019 Location: United StatesPosts: 319 |
Seems like the algorithm might be kicking in. These look like decent results: Channel: https://www.youtube.com/@wrongchip https://www.youtube.com/watch?v=_Orv4Un1eHo Channel: https://www.youtube.com/@BiosSolution https://www.youtube.com/watch?v=uqsC9Sbzc1w This guy posts a link to an encrypted version of the Dell PFS extractor. You would have to pay to get access. I have no idea if this is his work, or if it is even legit. https://www.youtube.com/watch?v=SAcV2nbHtho The interesting thing is that he provided a clip showing the "working" BIOS, something that you don't find very often. Dell PFS Assembler (who knew?). Apparently useful for patching "downgrades" into your BIOS (a gamer thing I think). https://github.com/vuquangtrong/Dell-PFS-BIOS-Assembler Happy New Year all! John |
||||
 Print this page |
