Badcaps Forums

Badcaps Forums (https://www.badcaps.net/forum/index.php)
-   BIOS Requests ONLY! (https://www.badcaps.net/forum/forumdisplay.php?f=40)
-   -   Remove_SMM... UEFI. (https://www.badcaps.net/forum/showthread.php?t=65996)

v11 11-23-2017 01:06 PM

Remove_SMM... UEFI.
 
Hello ... If anyone knows what software,and how to extract it,SMM from UEFI,I want to experiment,on a Thinkpad_T460s with MAX25L12873F,Please tell me if you know.
Please Help me...


Thanks.

stj 11-23-2017 04:42 PM

Re: Remove_SMM... UEFI.
 
i am interested in what you find with that model.
go to https://www.coreboot.org
look in the wiki - they link to lots of tools for extracting and modifying content.

dycc 11-24-2017 02:16 AM

Re: Remove_SMM... UEFI.
 
Quote:

Originally Posted by v11 (Post 785893)
Hello ... If anyone knows what software,and how to extract it,SMM from UEFI,I want to experiment,on a Thinkpad_T460s with MAX25L12873F,Please tell me if you know.
Please Help me...


Thanks.

System Management Mode basics

SMM is a special execution mode of IA-32 architecture that was introduced with i386, chapter 34 of Intel 64 and IA-32 Architectures Software Developerís Manual is the main information source about itís design and usage:

SMM is a special-purpose operating mode provided for handling system-wide functions like power management, system hardware control, or proprietary OEM-designed code. It is intended for use only by system firmware, not by applications software or general-purpose systems software. The main benefit of SMM is that it offers a distinct and easily isolated processor environment that operates transparently to the operating system or executive and software applications.

Some time ago SMM was used by BIOS developers mostly for power management and legacy devices emulation, for example, PS/2 support (port 60h/64h) for USB keyboard and mouse. Nowadays it's also widely used for firmware and platform security purposes.

Why SMM is interesting for hackers?

In UEFI specification SMM plays very important role for implementing of platform security mechanisms that protects firmware image stored inside flash chip on motherboard from unauthorised modifications by malicious software.
SMM is excellent place to hide OS independent and invisible malware. This execution mode has extreme power over all of the other software that runs on CPU, even OS kernel or VT-x hypervisor.
http://blog.cr4.sh/2015/07/building-...-for-uefi.html
SMM executable code and data lives inside SMRAM and when SMRAM is locked ó it can't be accessed by code of operating system or user mode software. System firmware (legacy BIOS or UEFI) copies SMM code into SMRAM and locks it during platform initialization.

Processor is switching to SMM only trough System Management Interrupt (SMI), it saving current execution context into SMRAM and start executing SMI handler that can exit from SMM and resume execution from saved context using RSM instruction.

v11 11-24-2017 12:37 PM

Re: Remove_SMM... UEFI.
 
Quote:

Originally Posted by stj (Post 785947)
i am interested in what you find with that model.
go to https://www.coreboot.org
look in the wiki - they link to lots of tools for extracting and modifying content.

In Coreboot, not found a file for this model T460s,
I am interested,to cancel this SMM,
not to ask for the password UEFI (bios).

Thx.

stj 11-25-2017 02:02 PM

Re: Remove_SMM... UEFI.
 
look harder, there are links to stuff like me-cleaner

ala_borbe 11-25-2017 02:24 PM

Re: Remove_SMM... UEFI.
 
what do you aim to acomplish? password removal or something else?

do you have expirience in reverse engineering or have you ever coded code that can be injected in bios to be executed?

im very interested in project... done some minor bios modding before, unlocking menus and stuff...
but i have very limited knowledge :-/

v11 11-26-2017 03:54 AM

Re: Remove_SMM... UEFI.
 
Quote:

Originally Posted by ala_borbe (Post 786325)
what do you aim to acomplish? password removal or something else?

do you have expirience in reverse engineering or have you ever coded code that can be injected in bios to be executed?

im very interested in project... done some minor bios modding before, unlocking menus and stuff...
but i have very limited knowledge :-/


To bypass the password,
who is in MEC1633l.and I have minor knowledge,but with your help,I'll handle it.
What software, to use to make a patch,other than ...UefiTool ?
thanks.

v11 11-26-2017 03:59 AM

Re: Remove_SMM... UEFI.
 
Quote:

Originally Posted by stj (Post 786322)
look harder, there are links to stuff like me-cleaner



please give me a link for a patch for T460s 20FA ,Mx25L12873f ?

Please Help....
I do not find, and I've looked a lot.

thank you.

stj 11-26-2017 04:59 AM

Re: Remove_SMM... UEFI.
 
there is no patch - the tool is to clean the data from extracted modules.
you extract them with uefi-tool - clean them, then put them back in.

v11 11-26-2017 07:31 AM

Re: Remove_SMM... UEFI.
 
Quote:

Originally Posted by stj (Post 786421)
there is no patch - the tool is to clean the data from extracted modules.
you extract them with uefi-tool - clean them, then put them back in.

Thank you , friend...

br

ala_borbe 11-26-2017 08:00 AM

Re: Remove_SMM... UEFI.
 
MEC1633l needs to be programmed with clean firmware by SVOD or RT802H

on allservice.ro thay developed a module (DXE Driver) that is inserted on org bios, it reads some data and displays code that after you send to them and pay thay make you a key to unlock pemanently

https://www.allservice.ro/forum/viewtopic.php?t=3044


maybe something can be done by loading dump in IDA PRO and disabling checks but i dont have time for that (nor do i have laptop to test it on)

v11 11-26-2017 10:08 AM

Re: Remove_SMM... UEFI.
 
Quote:

Originally Posted by ala_borbe (Post 786448)
MEC1633l needs to be programmed with clean firmware by SVOD or RT802H

on allservice.ro thay developed a module (DXE Driver) that is inserted on org bios, it reads some data and displays code that after you send to them and pay thay make you a key to unlock pemanently

https://www.allservice.ro/forum/viewtopic.php?t=3044


maybe something can be done by loading dump in IDA PRO and disabling checks but i dont have time for that (nor do i have laptop to test it on)


I found MMTool and UEFITool but still do not know what to delete from the file ..
it does not cost much to make the boys know ...
I want to learn to do it myself.I'm sorry i do not know english well.

THX.

v11 11-29-2017 04:52 AM

Re: Remove_SMM... UEFI.
 
I want to ask you :what is it Ozmosis ?


How to make Ozmosis ROM via UEFITool ?

thanks.

raileanu 12-15-2018 05:08 AM

Re: Remove_SMM... UEFI.
 
Does anyone can upload the DXE Driver here so I can have a look and try to make it work for any Lenovo please.

raileanu 12-15-2018 05:20 AM

Re: Remove_SMM... UEFI.
 
Hello. Did you manage to get a link for downloading the dxe driver or any already patched bios?

fyaagoub 04-10-2019 02:54 AM

Re: Remove_SMM... UEFI.
 
thank you

tohenk 05-07-2019 12:42 PM

Re: Remove_SMM... UEFI.
 
1 Attachment(s)
There are two methods in hacking the DXE module, but please note this is untested.
  1. Modify the key check so it accepts any code.
    If you're willing to try the modified version use the file attached, and again it is untested.
  2. Using a key generator.
    From the image above, the key for machine id 2492411559 should be 7316483. Anyone with other machine id can reply here to test the key generator. Please note, the key generator also still untested.

dani981 05-14-2019 03:05 PM

Re: Remove_SMM... UEFI.
 
Hi

This key generator share. Testing

hardware id: 3425684
key: 8625856

hardware id:7668394
key:6224236


hardware id:9777692
key:7729864

hardware id:2217972
key:3089784

hardware id:2292158
Key:1264964

hardware id:832201
Key:0224961

hardware id:8096698
Key:3216204

HW ID: 125318167
Key: 292467

przemek_79 05-16-2019 01:38 PM

Re: Remove_SMM... UEFI.
 
hi

I am asking for the generator to be available so that I can test it

imranromi 05-17-2019 05:14 AM

Re: Remove_SMM... UEFI.
 
Quote:

Originally Posted by dani981 (Post 896428)
Hi

This key generator share. Testing

hardware id: 3425684
key: 8625856

hardware id:7668394
key:6224236


hardware id:9777692
key:7729864

hardware id:2217972
key:3089784

hardware id:2292158
Key:1264964

hardware id:832201
Key:0224961

hardware id:8096698
Key:3216204

HW ID: 125318167
Key: 292467

Yes all hwid and key is 1st patch algorithm 2 more have algorithm


All times are GMT -6. The time now is 12:07 AM.

Powered by vBulletin ®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.