Announcement

**monological** · 09-18-2023, 08:13 AM

Re: bricked lenovo t480s - need help!

Bump

**monological** · 09-20-2023, 09:55 AM

Re: bricked lenovo t480s - need help!

I figured out the vcc on the bios chip is 1.6v because of the voltage drop across the diode.

3.3v ---> diode ---> 1.6v @ vcc

Guess this is normal then?

If you have a corrupt bios firmware, what usually happens? Does it play the musical diagnostic tones?

**volinakis** · 09-20-2023, 10:19 AM

Re: bricked lenovo t480s - need help!

Originally posted by monological View Post

I figured out the vcc on the bios chip is 1.6v because of the voltage drop across the diode.

3.3v ---> diode ---> 1.6v @ vcc

Guess this is normal then?

If you have a corrupt bios firmware, what usually happens? Does it play the musical diagnostic tones?

nope, bios chipset is powered with 3.3V, check diode or bios chipset is burned. I have a recent photo of bios chipset from T480s, check if you didn't damage any component around bios chipset. It happens often when you use clamps to read/write bios chipset.

Attached Files

**monological** · 09-21-2023, 03:24 PM

Re: bricked lenovo t480s - need help!

Thanks for the tip! I checked the diode and and it was damaged.

I temporarily replaced it with a copper wire and vcc now shows ~3.4v.

I used an oscilloscope to probe DO and I can verify it's getting read out!

The keyboard lights up now and the power button blinks 3 times, but it's still not booting.

I tried re-flashing the original firmware dump and it still just blinks 3 times.

Any ideas what I should try next?

Originally posted by volinakis View Post

nope, bios chipset is powered with 3.3V, check diode or bios chipset is burned. I have a recent photo of bios chipset from T480s, check if you didn't damage any component around bios chipset. It happens often when you use clamps to read/write bios chipset.

Attached Files

**volinakis** · 09-22-2023, 05:49 AM

Re: bricked lenovo t480s - need help!

Originally posted by monological View Post

Thanks for the tip! I checked the diode and and it was damaged.

I temporarily replaced it with a copper wire and vcc now shows ~3.4v.

I used an oscilloscope to probe DO and I can verify it's getting read out!

The keyboard lights up now and the power button blinks 3 times, but it's still not booting.

I tried re-flashing the original firmware dump and it still just blinks 3 times.

Any ideas what I should try next?

that means you didn't read content of bios chipset properly or you didn't solder well chipset but most probably you failed to read chipset with CH341A, that's why masters of this forum recommend to read chipset 3-4 times and compare the dumps to see if they are the same. Try bios from the link if your motherboard is NM-B471 REV 1.0 T480s (type 20L7, 20L8) and if it works write your DMI with Lenovo Maintenance utility. And put back a good diode, it has the role to protect bios chipset.
https://www.badcaps.net/forum/showpo...8&postcount=21

**monological** · 09-22-2023, 10:10 AM

Re: bricked lenovo t480s - need help!

I flashed the firmware you linked to and it posts now.

The firmware however doesn't have the ME cleaned so I ran me_cleaner on it, re-flashed it, verified it twice but now I get musical tones error 0001

**volinakis** · 09-22-2023, 10:29 AM

Re: bricked lenovo t480s - need help!

Originally posted by monological View Post

I flashed the firmware you linked to and it posts now.

The firmware however doesn't have the ME cleaned so I ran me_cleaner on it, re-flashed it, verified it twice but now I get musical tones error 0001

I don't know how much you know about "ME cleaned" but since opening with MEAnalyzer and shows you "Configured" and not "initialized" it means it's a CLEAN ME firmware. So my supposition that you failed to read bios chipset was correct. Next time when you want to break another laptop consider READING BIOS guides, methods, resources and tools made by master piernov, it will help you to understand what a BIOS is and what it wants from you. Telling me "The firmware however doesn't have the ME cleaned" made me understand you don't have a clue of what you are doing: 1st you failed to read bios, 2nd you succeded to burn diode and replaced with a strap, 3rd I pointed you a working bios yet you "succeeded" to break it. No offence but you better start knitting instead "repairing" laptops ...

https://www.badcaps.net/forum/showth...t=phoenix+bios

Attached Files

**SMDFlea** · 09-22-2023, 10:36 AM

Re: bricked lenovo t480s - need help!

Originally posted by monological View Post

I flashed the firmware you linked to and it posts now.

The firmware however doesn't have the ME cleaned so I ran me_cleaner on it, re-flashed it, verified it twice but now I get musical tones error 0001

me_cleaner ?

https://www.badcaps.net/forum/showpo...41&postcount=3
Do not use use Intel ME/TXE Injector/Easy Clean ME or similar tools: they do not retain the manufacturer's configuration and can cause subsequent problems.
.

**monological** · 09-22-2023, 10:47 AM

Re: bricked lenovo t480s - need help!

"want to break another laptop"...what the hell are you talking about?

For your information, when I dumped the bios, it did it twice, diffed the binaries and they matched. Pretty sure that is sufficient to convince anyone that it is a valid dump.

I'm pretty sure I said the wire was temporary so I can verify that the flash chip was working correctly. Do you understand English my guy?

Look at the images. The firmware you linked to doesn't have the HAP bit set, but the modified firmware that I ran through me_cleaner *does* have it set. Want to explain that.."master"?

this is me_cleaner btw: https://github.com/corna/me_cleaner

Originally posted by volinakis View Post

I don't know how much you know about "ME cleaned" but since opening with MEAnalyzer and shows you "Configured" and not "initialized" it means it's a CLEAN ME firmware. So my supposition that you failed to read bios chipset was correct. Next time when you want to break another laptop consider READING BIOS guides, methods, resources and tools made by master piernov, it will help you to understand what a BIOS is and what it wants from you. Telling me "The firmware however doesn't have the ME cleaned" made me understand you don't have a clue of what you are doing: 1st you failed to read bios, 2nd you succeded to burn diode and replaced with a strap, 3rd I pointed you a working bios yet you "succeeded" to break it. No offence but you better start knitting instead "repairing" laptops ...

https://www.badcaps.net/forum/showth...t=phoenix+bios

Attached Files

**SMDFlea** · 09-22-2023, 10:52 AM

Re: bricked lenovo t480s - need help!

Originally posted by monological View Post

this is me_cleaner btw: https://github.com/corna/me_cleaner

Ah that one now i see.

**volinakis** · 09-22-2023, 11:01 AM

Re: bricked lenovo t480s - need help!

Originally posted by monological View Post

"want to break another laptop"...what the hell are you talking about?

For your information, when I dumped the bios, it did it twice, diffed the binaries and they matched. Pretty sure that is sufficient to convince anyone that it is a valid dump.

I'm pretty sure I said the wire was temporary so I can verify that the flash chip was working correctly. Do you understand English my guy?

Look at the images. The firmware you linked to doesn't have the HAP bit set, but the modified firmware that I ran through me_cleaner *does* have it set. Want to explain that.."master"?
this is me_cleaner btw: https://github.com/corna/me_cleaner

so ... YOUR bios has "HAP bit set" and is not working while the one i pointed you it hasn't but is working ... Yes, i can explain to you, noob: HAP bit is disabling Intel Management Engine and the bios I pointed you has Intel Management Engine ENABLED, got it or you need drawings?
The tool you use is meant to "modify an Intel ME firmware image with the final purpose of reducing its ability to interact with the system" so is NOT a clean ME firmware tool!

**monological** · 09-22-2023, 11:05 AM

Re: bricked lenovo t480s - need help!

Let me teach you something since you don't seem to understand how to neutralize the ME:

me_cleaner supports two ways to disable Intel ME:

- by removing the non-fundamental partitions and modules from the Intel ME firmware
- by setting the HAP (Intel ME >= 11) or the AltMeDisable (Intel ME < 11) bit in the flash descriptor

The former is on by default and it is the older one; it has been tested on many platforms and it seems to work quite well. However it is not a "clean" solution, as it forces Intel ME to hang after the minimal necessary hardware initialization (and wasn't probably planned by Intel).

A new way to disable Intel ME has been discovered by Positive Technologies (as explained in this blog post): they found out that Intel ME (>= 11, Skylake or newer) has a "HAP" bit which acts like a kill-switch, telling Intel ME to hang after the initialization. Igor Skochinsky discovered a similar bit, the AltMeDisable bit, which does the same on Intel ME < 11. Essentially, they achieves exactly the same result as the "old" mode (as both modes stops the execution of Intel ME after the hardware initialization), however they have the advantage of:

being something introduced by Intel, which reports a nice Alt Disable Mode status to the BIOS (that seems to be handled better than the old Normal status but with an Image Failure)
setting an alternate mode of Intel Boot Guard (however the outcome of this is currently unknown)

from https://github.com/corna/me_cleaner/...tMeDisable-bit

Originally posted by volinakis View Post

I don't know how much you know about "ME cleaned" but since opening with MEAnalyzer and shows you "Configured" and not "initialized" it means it's a CLEAN ME firmware. So my supposition that you failed to read bios chipset was correct. Next time when you want to break another laptop consider READING BIOS guides, methods, resources and tools made by master piernov, it will help you to understand what a BIOS is and what it wants from you. Telling me "The firmware however doesn't have the ME cleaned" made me understand you don't have a clue of what you are doing: 1st you failed to read bios, 2nd you succeded to burn diode and replaced with a strap, 3rd I pointed you a working bios yet you "succeeded" to break it. No offence but you better start knitting instead "repairing" laptops ...

https://www.badcaps.net/forum/showth...t=phoenix+bios

**monological** · 09-22-2023, 11:09 AM

Re: bricked lenovo t480s - need help!

I don't want the Intel Management Engine to be enabled? Got it?

That's the whole point of why I'm re-flashing the BIOS in the first place.

Intel ME is a co-processor integrated in all post-2006 Intel boards, which is the base hardware for many Intel features like Intel AMT, Intel Boot Guard, Intel PAVP and many others. To provide such features, it requires full access to the system, including memory (through DMA) and network access (transparent to the user).

I guess you like having your machine backdoor-ed.

Originally posted by volinakis View Post

so ... YOUR bios has "HAP bit set" and is not working while the one i pointed you it hasn't but is working ... Yes, i can explain to you, noob: HAP bit is disabling Intel Management Engine and the bios I pointed you has Intel Management Engine ENABLED, got it or you need drawings?
The tool you use is meant to "modify an Intel ME firmware image with the final purpose of reducing its ability to interact with the system" so is NOT a clean ME firmware tool!

**volinakis** · 09-22-2023, 11:10 AM

Re: bricked lenovo t480s - need help!

this happens when you try to help a noob, he thinks he's smarter than he is! For you to teach me something it means to live and learn for another 50 years then maybe you can teach me something ...
lol, if you don't want to have IME enabled guess what this is for? You can try 3 times ...

Attached Files

**monological** · 09-22-2023, 11:18 AM

Re: bricked lenovo t480s - need help!

if you bridge it, it shorts SRTCRST to GND..guess you think you're pretty funny huh

Originally posted by volinakis View Post

this happens when you try to help a noob, he thinks he's smarter than he is! For you to teach me something it means to live and learn for another 50 years then maybe you can teach me something ...
lol, if you don't want to have IME enabled guess what this is for? You can try 3 times ...

Attached Files

**volinakis** · 09-22-2023, 11:26 AM

Re: bricked lenovo t480s - need help!

Originally posted by monological View Post

if you bridge it, it shorts SRTCRST to GND..guess you think you're pretty funny huh

good, so you have schematics of motherboard! and what does SRTCRST want from you? 2 tries left ...

**monological** · 09-22-2023, 11:52 AM

Re: bricked lenovo t480s - need help!

it's not something want to do:

For ICH9/ICH10/Intel® 5 Series Chipset and Intel® 3400 Series Chipset, SRTCRST# is used to reset portions of the Intel Management Engine (Intel ME) and should not be connected to a jumper or button on the platform. The only time this signal gets asserted (driven low in combination with RTCRST#) should be when the coin cell battery is removed or not installed and the platform is in the G3 state. Pulling this signal low independently (without RTCRST # also being driven low) may cause the platform to enter an indeterminate state. Similar to RTCRST#, it is imperative that SRTCRST# not be pulled low in the S0 to S5 states

Originally posted by volinakis View Post

good, so you have schematics of motherboard! and what does SRTCRST want from you? 2 tries left ...

**volinakis** · 09-22-2023, 12:30 PM

Re: bricked lenovo t480s - need help!

Originally posted by monological View Post

it's not something want to do:

lol, slow internet?

"For your information, when I dumped the bios, it did it twice, diffed the binaries and they matched. Pretty sure that is sufficient to convince anyone that it is a valid dump." Really? So, how come when you write back your "valid dump" laptop doesn't start? " I tried re-flashing the original firmware dump and it still just blinks 3 times." Think, it for free!

**monological** · 09-22-2023, 01:42 PM

Re: bricked lenovo t480s - need help!

I got it to work. I successfully disabled the Intel Management Engine.

I want to share my findings just in case anyone runs into the same issues as me.

Originally I ran me_cleaner.py like this:

me_cleaner.py -S -O t480s_clean_badcaps.bin t480s_original_badcaps.bin

The original bios firmware has 13 partitions. This removes too many partitions and will brick it.

Based on this blog post from Purism, they recommend to set the HAP bit, but also whitelist the MFS partition and remove the rest, because it is required to correctly initialize the cpu. I tried this, but still had issues booting, so I chose to just set the HAP bit and neutralize the ME as recommended here.

So I ran me_cleaner a second time:

me_cleaner.py -s -O t480s_clean_badcaps.bin t480s_original_badcaps.bin

The output:

Setting the HAP bit in PCHSTRP0 to disable Intel ME...
Checking the FTPR RSA signature... VALID
Done! Good luck!

I then re-flashed the bios and it works now!

Attached Files

Announcement

bricked lenovo t480s - need help!

bricked lenovo t480s - need help!

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment