HP ELitebook 840 G8 NFC activation

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • markownik
    New Member
    • Oct 2016
    • 6
    • Poland
    #1

    HP ELitebook 840 G8 NFC activation

    Hey guys,

    Recently I've been working on a laptop I've bought for myself, repaired water damaged board, and wanted to add few nice things. Fingerprint sensor worked just fine after installation, however the nfc chip is a stubborn one.

    (I also happen to have an old 850 G3, where the nfc activation happened in ME branding stage with nbdmifit tools) but the tools do not even recognize the status of "NFC" as its probably outdated for this platform.

    I have some previous experience with modding allowlists on lenovos' bioses, so I thought to try doing it by myself.

    What I discovered so far:
    Pulled the bios from my board (just got a new xgecu programmer, that is fast),
    Loaded that into UEFITool, searched for text "NFC".
    That got me a few results, from HPSetup (which would be the main bios program, I guess), two other images (one for electronic label rendering, and some other I didn't really go into), and one configuration image in VSS2 store named "NfcConfigBuiltinOptions" (which is 1 byte setting that keeps the 'enabled' value when device is visible in the bios).

    I used Ghidra and loaded both PE32 programs I've found in the bios image. I am not that good in RE but have deduced these programs reference "NfcConfigBuiltinOptions", "NfcOptionImplemented", and "FactoryConfigFlags". I hadn't known yet what to do with them, but decided to take another approach.

    I used IFRExtractor to retrieve all the entries and their conditions from the extracted HPSetup image.

    From what I deduced from the conditions in the text output, that NFC option is visible in "Built-in devices configuration" only when NfcOptionImplemented container exists with content set to '0x01'.
    So I proceeded to create the additional entry based on what I have found in the bios image.

    After programming and starting the laptop I was happy: I saw the option in BIOS to enable the NFC. The happiness was cut short though, as it booted into the os. The device was still not visible in the device manager, just as it had been before.

    My next guess would be "FactoryConfigFlags" have something to do with this, and when properly set - will enable communication with the chip - but I am afraid of not being qualified enough to properly reverse these programs.

    Do you have any ideas how to solve this further? Maybe some good soul would offer me their bios if they have it working? (so I could compare)
    Last edited by markownik; 11-16-2023, 12:57 PM.
    Tags: None
    • markownik
      New Member
      • Oct 2016
      • 6
      • Poland
      #2
      Re: HP ELitebook 840 G8 NFC activation

      Small update on progress: I wanted to see a clearer picture, so I looked for any kind of efi extension for ghidra, and I have found it. It's called efiSeek. After re-analyzing the two efi programs I have found, one of them is indeed electronic label renderer, but the other one happens to set the NfcOptionImplemented container and locate/load some protocol, based on what it finds in FactoryConfigFlags container. The algorithm is a bit obfuscated, and uses RAM addresses to load a few values, so I guess the only option left for now (without a copy of a bios from a machine with working NFC) is to try to modify bytecode (assembly) to proceed without these conditions. (unless there is a way to actually live-debug efi programs) I will report later if I have succeeded or not.

      Below is the decompiled code of the function mentioned, and in the attachments you can find the extracted efi program (I guess to maybe try and analyze it yourself, if you wish)

      Code:
      void UndefinedFunction_8000137c(EFI_EVENT param_1)

{
 void *Buffer;
 uint uVar1;
 longlong lVar2;
 EFI_STATUS EVar3;
 uint uVar4;
 void **ppvVar5;
 char acStackX_18 [8];
 undefined *puStackX_20;
 void *pvStack_28;
 void *pvStack_20;
 
 pvStack_20 = (void *)0x0;
 pvStack_28 = (void *)0x0;
 acStackX_18[0] = '\0';
 FUN_80001658(param_1,0xf0f08511);
 ppvVar5 = &pvStack_20;
 lVar2 = FUN_80001538(u_FactoryConfigFlags_80003500,&DAT_80003020,(longlong *)ppvVar5);
 uVar4 = (uint)ppvVar5;
 if (-1 < lVar2) {
  acStackX_18[0] = '\0';
  uVar1 = FUN_80001cec(0,0x15);
  FUN_800019a0(uVar1,0,uVar4);
  uVar1 = FUN_80001cec(0xe,0x11);
  FUN_80001a00(uVar1,(uint *)&puStackX_20);
  uVar1 = FUN_80001cec(0,0x15);
  FUN_800019a0(uVar1,1,uVar4);
  Buffer = pvStack_20;
  if (((char)puStackX_20 == '\0') && (*(char *)((longlong)pvStack_20 + 0xd) == '\0')) {
   acStackX_18[0] = '\x01';
  }
  if (acStackX_18[0] == '\0') {
   FUN_800012a4();
  }
  (*gRS_39->SetVariable)
       ((CHAR16 *)u_NfcOptionImplemented_80003528,(EFI_GUID *)&DAT_80003010,2,1,acStackX_18);
  puStackX_20 = (undefined *)0x0;
  lVar2 = FUN_80001538(u_NfcConfigBuiltinOptions_80003558,&DAT_80003010,(longlong *)&puStackX_20);
  if ((lVar2 == 0) && (puStackX_20 != (undefined *)0x0)) {
   (*gBS_42->FreePool)(puStackX_20);
  }
  EVar3 = (*gBS_42->LocateProtocol)((EFI_GUID *)&DAT_80003060,(void *)0x0,&pvStack_28);
  if (-1 < (longlong)EVar3) {
   *(undefined *)((longlong)pvStack_28 + 1) = 0;
   lVar2 = FUN_80001538(u_NfcConfigBuiltinOptions_80003558,&DAT_80003010,(longlong *)&puStackX_20
             );
   if ((-1 < lVar2) && (acStackX_18[0] == '\x01')) {
    *(undefined *)((longlong)pvStack_28 + 1) = *puStackX_20;
    (*gBS_42->FreePool)(puStackX_20);
   }
  }
  if (Buffer != (void *)0x0) {
   (*gBS_42->FreePool)(Buffer);
  }
  (*gBS_42->CloseEvent)(param_1);
  FUN_80001658(param_1,0xf0f09511);
 }
 return;
}
      Attached Files

        Comment

        • markownik
          New Member
          • Oct 2016
          • 6
          • Poland
          #3
          Hey, last update.

          I figured it out. Sorry it took this long, but I had to purchase another laptop preconfigured with NFC, and shipping it across the ocean with special help of customs office in my country extended it to only two months.
          As I debated before FactoryConfigFlags had one byte set differently. The first byte should be '0x00' instead of '0x01' (see attached screenshot). Afterwards ther NFC module is detected correctly and works as intended (in UEFI and Device Manager).

          Hope that helps anyone who stomps into this problem in the future.


          Attached Files

            Comment

            • SMDFlea
              #3.1
              SMDFlea commented
              01-06-2024, 03:58 PM
              Editing a comment
              An interesting thread,your determination paid off in the end.Well done
            • kinogeroj
              New Member
              • Mar 2024
              • 1
              • US
              #4
              Hi there,

              I'm trying to enable NFC on my HP EB 840 G7, I think this task is equal) but I want to understand if it's possible not to use programmer to get BIOS image.

              I have Firmware backup created using HP BIOS Recovery Program and I'll be glad if you can give me some advise on that)

              Thank you for your thread BTW, it's useful!

                Comment

                • markownik
                  New Member
                  • Oct 2016
                  • 6
                  • Poland
                  #5
                  To be fair I think it would be possible to write an EFI program to make the modification from booted external pendrive, but currently I'm overloaded with my real job, but I'm still planning to do it one day!
                  As with every bios mod I've ever done I would strongly recommend to

                  1) Gain experience with soldering, especially hotair for this case
                  2) Be confident when soldering on working device
                  3) Get eeprom/flash programmer (I'm using some chinese device, xegu) but you can always find a cheaper one compatible with the chip you're working on
                  4) Make a working backup of current bios state, ensure it works and save it in safe place for eventual reuse
                  5) Don't rely on system/software made backup, the one directly read from chip is the best

                  As to soldering topic, Louis Rossman gave me courage through countless hours of watching how he does it (the bigger the gob, the better the job, hehe).
                  What to solder? You should be looking at this chip surrounded by white soldermask.
                  Click image for larger version Name: Screenshot 2024-04-23 221950.png Views: 0 Size: 128.4 KB ID: 3258511
                  Good luck!

                  P.S. REMEMBER: ALWAYS DISCONNECT ALL BATTERIES BEFORE TOUCHING ANYTHING WITH SOLDERING IRON!

                    Comment

                    Previous template Next

                    Related Topics

                    Collapse
                    • STKR123
                      The right BIOS Programmer - The right software (HP Elitebook 820 G1, 840 G2) no soldering, EC, DMI, ME
                      by STKR123
                      Greetings badcaps community,

                      I havent done this for a long time and want to start it all again, after some evil and annyoing illness.
                      So I apologize in advance, if some phrases might sound a bit like gibberish or illogical to you.

                      Im trying my best to fully describe what I plan to achieve and hope I was choosing the right sub-forum for my new adventure.

                      I have a Elitebook 820 G1 and a Elitebook 840 G2 here.

                      These ask for a password when entering the BIOS, but boot just fine from the internal SSD.

                      I learned that desoldering...
                      10-29-2024, 06:03 AM
                    • macabook
                      🛠️ MSI GP75 Leopard MS-17E71 – No Display, Deep BIOS/EC Troubleshooting
                      by macabook
                      Hello everyone,

                      I’m currently working on a dead MSI GP75 Leopard (MS-17E71) motherboard (i7 CPU, NVIDIA GPU) with a no display/no backlight issue initially. After extensive investigation, I’m at a critical stage involving EC firmware, BIOS/ME region interaction, and possible deep corruption. I'm seeking advanced insight from anyone with experience in EC/BIOS sync issues or PCH-level behavior. Here’s a full breakdown:
                      🧩 Initial Issue
                      • Board powers on (fans spin, keyboard lights up and can be adjusted, caps lock led lights), but no display or backlight
                      • External display (HDMI) shows
                      ...
                      07-24-2025, 02:17 PM
                    • Guest
                      Elitebook 850 G5 BIOS bricked
                      by Guest
                      Hello,

                      I have an EliteBook 850 G5. After a Windows update, including a BIOS update, the notebook turns on, but the screen remains black, and the fans spin at high speed—nothing else happens.

                      I assume the BIOS update failed, so I searched for the BIOS chip.

                      I found a Winbond chip located between the RAM and the hard drive, which has a size of 32 MB.

                      However, the BIOS update available on HP's website is only 17 MB in size. I used the update version that was previously installed when the notebook was still working.

                      Can the corrupted...
                      03-24-2025, 01:21 AM
                    • Vesko356
                      [Guide] How to find the right HP bios version to flash
                      by Vesko356
                      First of all thanks to all of our members who have posted previously all methods posted here.
                      Please leave a comment if you find something new,or have anything else to add.
                      -----------------------------------------------------------------------------------------

                      Find by serial number,model number or series

                      If you know the laptop serial or model number go to HP support https://support.hp.com/us-en/drivers/laptops .
                      Enter the serial number or model number and click submit.On the next screen you will have to enter the OS
                      Operating system and OS version.If...
                      08-11-2023, 03:27 AM
                    • jbonavita
                      ASUS TP500LA BIOS request/repair/merge?
                      by jbonavita
                      Hi, my laptop wont boot at all
                      With original bios no POST, only LED lights
                      With alternative BIOS from model TP500LN (flashed via programmer) the notebook works again
                      Some issues
                      A- with bios from 500LN, it won't update from bios of model 500LA (from 500LN v203 to 500LA v300)
                      B- If updated from 500LN version 203 to 300, the battery stops being recognized

                      Things I tried

                      1- Update / clear ME: Took the non working bios, made a backup, and did this: https://www.badcaps.net/forum/troubl...theory/trouble...
                      04-29-2025, 09:38 PM
                    • Loading...
                    • No more items.
                    Working...