Badcaps.net Forum
Go Back   Badcaps Forums > Troubleshooting Hardware & Devices and Electronics Theory > Troubleshooting Laptops, Portable, and Mobile Devices
Register FAQ Calendar Search Today's Posts Mark Forums Read

 
Thread Tools Display Modes
Old 11-23-2017, 01:06 PM   #1
v11
Member
 
Join Date: May 2016
City & State: Berlin
My Country: Germany
Line Voltage: 230VAC 50Hz
I'm a: Hobbyist Tech
Posts: 39
Default Remove_SMM... UEFI.

Hello ... If anyone knows what software,and how to extract it,SMM from UEFI,I want to experiment,on a Thinkpad_T460s with MAX25L12873F,Please tell me if you know.
Please Help me...


Thanks.
v11 is offline   Reply With Quote
Old 11-23-2017, 04:42 PM   #2
stj
Great Sage 齊天大聖
 
stj's Avatar
 
Join Date: Dec 2009
City & State: Europe
My Country: some shithole run by Israeli agents
I'm a: Professional Tech
Posts: 21,476
Default Re: Remove_SMM... UEFI.

i am interested in what you find with that model.
go to https://www.coreboot.org
look in the wiki - they link to lots of tools for extracting and modifying content.
stj is offline   Reply With Quote
Old 11-24-2017, 02:16 AM   #3
dycc
inspecteur
 
dycc's Avatar
 
Join Date: Nov 2011
City & State: abidjan
My Country: cote d'ivoire
Line Voltage: 220V
I'm a: Professional Tech
Posts: 538
Default Re: Remove_SMM... UEFI.

Quote:
Originally Posted by v11 View Post
Hello ... If anyone knows what software,and how to extract it,SMM from UEFI,I want to experiment,on a Thinkpad_T460s with MAX25L12873F,Please tell me if you know.
Please Help me...


Thanks.
System Management Mode basics

SMM is a special execution mode of IA-32 architecture that was introduced with i386, chapter 34 of Intel 64 and IA-32 Architectures Software Developer’s Manual is the main information source about it’s design and usage:

SMM is a special-purpose operating mode provided for handling system-wide functions like power management, system hardware control, or proprietary OEM-designed code. It is intended for use only by system firmware, not by applications software or general-purpose systems software. The main benefit of SMM is that it offers a distinct and easily isolated processor environment that operates transparently to the operating system or executive and software applications.

Some time ago SMM was used by BIOS developers mostly for power management and legacy devices emulation, for example, PS/2 support (port 60h/64h) for USB keyboard and mouse. Nowadays it's also widely used for firmware and platform security purposes.

Why SMM is interesting for hackers?

In UEFI specification SMM plays very important role for implementing of platform security mechanisms that protects firmware image stored inside flash chip on motherboard from unauthorised modifications by malicious software.
SMM is excellent place to hide OS independent and invisible malware. This execution mode has extreme power over all of the other software that runs on CPU, even OS kernel or VT-x hypervisor.
http://blog.cr4.sh/2015/07/building-...-for-uefi.html
SMM executable code and data lives inside SMRAM and when SMRAM is locked — it can't be accessed by code of operating system or user mode software. System firmware (legacy BIOS or UEFI) copies SMM code into SMRAM and locks it during platform initialization.

Processor is switching to SMM only trough System Management Interrupt (SMI), it saving current execution context into SMRAM and start executing SMI handler that can exit from SMM and resume execution from saved context using RSM instruction.
dycc is offline   Reply With Quote
Old 11-24-2017, 12:37 PM   #4
v11
Member
 
Join Date: May 2016
City & State: Berlin
My Country: Germany
Line Voltage: 230VAC 50Hz
I'm a: Hobbyist Tech
Posts: 39
Default Re: Remove_SMM... UEFI.

Quote:
Originally Posted by stj View Post
i am interested in what you find with that model.
go to https://www.coreboot.org
look in the wiki - they link to lots of tools for extracting and modifying content.
In Coreboot, not found a file for this model T460s,
I am interested,to cancel this SMM,
not to ask for the password UEFI (bios).

Thx.
v11 is offline   Reply With Quote
Old 11-25-2017, 02:02 PM   #5
stj
Great Sage 齊天大聖
 
stj's Avatar
 
Join Date: Dec 2009
City & State: Europe
My Country: some shithole run by Israeli agents
I'm a: Professional Tech
Posts: 21,476
Default Re: Remove_SMM... UEFI.

look harder, there are links to stuff like me-cleaner
stj is offline   Reply With Quote
Old 11-25-2017, 02:24 PM   #6
ala_borbe
aka Donald
 
Join Date: Apr 2011
City & State: Moved to Malta
My Country: Malta
I'm a: Knowledge Seeker
Posts: 1,559
Default Re: Remove_SMM... UEFI.

what do you aim to acomplish? password removal or something else?

do you have expirience in reverse engineering or have you ever coded code that can be injected in bios to be executed?

im very interested in project... done some minor bios modding before, unlocking menus and stuff...
but i have very limited knowledge :-/
ala_borbe is offline   Reply With Quote
Old 11-26-2017, 03:54 AM   #7
v11
Member
 
Join Date: May 2016
City & State: Berlin
My Country: Germany
Line Voltage: 230VAC 50Hz
I'm a: Hobbyist Tech
Posts: 39
Default Re: Remove_SMM... UEFI.

Quote:
Originally Posted by ala_borbe View Post
what do you aim to acomplish? password removal or something else?

do you have expirience in reverse engineering or have you ever coded code that can be injected in bios to be executed?

im very interested in project... done some minor bios modding before, unlocking menus and stuff...
but i have very limited knowledge :-/

To bypass the password,
who is in MEC1633l.and I have minor knowledge,but with your help,I'll handle it.
What software, to use to make a patch,other than ...UefiTool ?
thanks.
v11 is offline   Reply With Quote
Old 11-26-2017, 03:59 AM   #8
v11
Member
 
Join Date: May 2016
City & State: Berlin
My Country: Germany
Line Voltage: 230VAC 50Hz
I'm a: Hobbyist Tech
Posts: 39
Default Re: Remove_SMM... UEFI.

Quote:
Originally Posted by stj View Post
look harder, there are links to stuff like me-cleaner


please give me a link for a patch for T460s 20FA ,Mx25L12873f ?

Please Help....
I do not find, and I've looked a lot.

thank you.
v11 is offline   Reply With Quote
Old 11-26-2017, 04:59 AM   #9
stj
Great Sage 齊天大聖
 
stj's Avatar
 
Join Date: Dec 2009
City & State: Europe
My Country: some shithole run by Israeli agents
I'm a: Professional Tech
Posts: 21,476
Default Re: Remove_SMM... UEFI.

there is no patch - the tool is to clean the data from extracted modules.
you extract them with uefi-tool - clean them, then put them back in.
stj is offline   Reply With Quote
Old 11-26-2017, 07:31 AM   #10
v11
Member
 
Join Date: May 2016
City & State: Berlin
My Country: Germany
Line Voltage: 230VAC 50Hz
I'm a: Hobbyist Tech
Posts: 39
Default Re: Remove_SMM... UEFI.

Quote:
Originally Posted by stj View Post
there is no patch - the tool is to clean the data from extracted modules.
you extract them with uefi-tool - clean them, then put them back in.
Thank you , friend...

br
v11 is offline   Reply With Quote
Old 11-26-2017, 08:00 AM   #11
ala_borbe
aka Donald
 
Join Date: Apr 2011
City & State: Moved to Malta
My Country: Malta
I'm a: Knowledge Seeker
Posts: 1,559
Default Re: Remove_SMM... UEFI.

MEC1633l needs to be programmed with clean firmware by SVOD or RT802H

on allservice.ro thay developed a module (DXE Driver) that is inserted on org bios, it reads some data and displays code that after you send to them and pay thay make you a key to unlock pemanently

https://www.allservice.ro/forum/viewtopic.php?t=3044


maybe something can be done by loading dump in IDA PRO and disabling checks but i dont have time for that (nor do i have laptop to test it on)
ala_borbe is offline   Reply With Quote
Old 11-26-2017, 10:08 AM   #12
v11
Member
 
Join Date: May 2016
City & State: Berlin
My Country: Germany
Line Voltage: 230VAC 50Hz
I'm a: Hobbyist Tech
Posts: 39
Default Re: Remove_SMM... UEFI.

Quote:
Originally Posted by ala_borbe View Post
MEC1633l needs to be programmed with clean firmware by SVOD or RT802H

on allservice.ro thay developed a module (DXE Driver) that is inserted on org bios, it reads some data and displays code that after you send to them and pay thay make you a key to unlock pemanently

https://www.allservice.ro/forum/viewtopic.php?t=3044


maybe something can be done by loading dump in IDA PRO and disabling checks but i dont have time for that (nor do i have laptop to test it on)

I found MMTool and UEFITool but still do not know what to delete from the file ..
it does not cost much to make the boys know ...
I want to learn to do it myself.I'm sorry i do not know english well.

THX.
v11 is offline   Reply With Quote
Old 11-29-2017, 04:52 AM   #13
v11
Member
 
Join Date: May 2016
City & State: Berlin
My Country: Germany
Line Voltage: 230VAC 50Hz
I'm a: Hobbyist Tech
Posts: 39
Default Re: Remove_SMM... UEFI.

I want to ask you :what is it Ozmosis ?


How to make Ozmosis ROM via UEFITool ?

thanks.
v11 is offline   Reply With Quote
Old 12-15-2018, 05:08 AM   #14
raileanu
Member
 
Join Date: Sep 2015
City & State: LONDON
My Country: United Kingdom
Line Voltage: 220VAC 50Hz
I'm a: Professional Tech
Posts: 65
Default Re: Remove_SMM... UEFI.

Does anyone can upload the DXE Driver here so I can have a look and try to make it work for any Lenovo please.

Last edited by raileanu; 12-15-2018 at 05:12 AM..
raileanu is offline   Reply With Quote
Old 12-15-2018, 05:20 AM   #15
raileanu
Member
 
Join Date: Sep 2015
City & State: LONDON
My Country: United Kingdom
Line Voltage: 220VAC 50Hz
I'm a: Professional Tech
Posts: 65
Default Re: Remove_SMM... UEFI.

Hello. Did you manage to get a link for downloading the dxe driver or any already patched bios?
raileanu is offline   Reply With Quote
Old 04-10-2019, 02:54 AM   #16
fyaagoub
Senior Member
 
Join Date: Dec 2016
City & State: rabat
My Country: maroc
I'm a: Knowledge Seeker
Posts: 144
Default Re: Remove_SMM... UEFI.

thank you
fyaagoub is offline   Reply With Quote
Old 05-07-2019, 12:42 PM   #17
tohenk
New Member
 
Join Date: May 2019
City & State: East Java
My Country: Indonesia
I'm a: Knowledge Seeker
Posts: 1
Default Re: Remove_SMM... UEFI.

There are two methods in hacking the DXE module, but please note this is untested.
  1. Modify the key check so it accepts any code.
    If you're willing to try the modified version use the file attached, and again it is untested.
  2. Using a key generator.
    From the image above, the key for machine id 2492411559 should be 7316483. Anyone with other machine id can reply here to test the key generator. Please note, the key generator also still untested.
tohenk is offline   Reply With Quote
Old 05-14-2019, 03:05 PM   #18
dani981
New Member
 
Join Date: Mar 2018
City & State: ÉRD
My Country: Hungary
I'm a: Knowledge Seeker
Posts: 1
Default Re: Remove_SMM... UEFI.

Hi

This key generator share. Testing

hardware id: 3425684
key: 8625856

hardware id:7668394
key:6224236


hardware id:9777692
key:7729864

hardware id:2217972
key:3089784

hardware id:2292158
Key:1264964

hardware id:832201
Key:0224961

hardware id:8096698
Key:3216204

HW ID: 125318167
Key: 292467
dani981 is offline   Reply With Quote
Old 05-16-2019, 01:38 PM   #19
przemek_79
New Member
 
Join Date: Dec 2014
City & State: Łódz
My Country: Poland
I'm a: Knowledge Seeker
Posts: 10
Default Re: Remove_SMM... UEFI.

hi

I am asking for the generator to be available so that I can test it
przemek_79 is offline   Reply With Quote
Old 05-17-2019, 05:14 AM   #20
imranromi
Badcaps Veteran
 
Join Date: Jan 2015
City & State: rawalpindi/punjab
My Country: pakistan
Line Voltage: 230v
I'm a: Knowledge Seeker
Posts: 1,121
Default Re: Remove_SMM... UEFI.

Quote:
Originally Posted by dani981 View Post
Hi

This key generator share. Testing

hardware id: 3425684
key: 8625856

hardware id:7668394
key:6224236


hardware id:9777692
key:7729864

hardware id:2217972
key:3089784

hardware id:2292158
Key:1264964

hardware id:832201
Key:0224961

hardware id:8096698
Key:3216204

HW ID: 125318167
Key: 292467
Yes all hwid and key is 1st patch algorithm 2 more have algorithm
imranromi is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



Badcaps.net Technical Forums © 2003 - 2019
Powered by vBulletin ®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
All times are GMT -6. The time now is 03:33 AM.
Did you find this forum helpful?