-
-
Hp Elitebook 640 G9
SN# 5CD3040PZ2
prodID:7N9R6PC#ACJ
Motherboard DAX8SFMB8B2 REV : B
i have Problem witg Persistence Module Cant be desactivated i only see it as active
i bought this pc from 6 months now and in windows after i received update i get this device has been disabled (evrytime i get this windows ) so i searched i found persitence module must be desactivated so if there is any chance to bypass it through bios dump or disabled i will be very thankfullLeave a comment:
-
Here is something interesting:
"Inside the EC’s own MCU flash (again, not in the external EC SPI we patched — lives on the Nuvoton/ITE microcontroller itself).
-than I think I found the responsable chip. NUVOTON NPCX499HA tells you anything ?-
Yes — that’s your Embedded Controller (EC).
The Nuvoton NPCX499HA is a high-end EC MCU HP uses in newer EliteBooks to handle:- Keyboard, battery, fan control
- Power sequencing
- Firmware verification for HP Sure Start
- Storing/triggering the BIOS recovery payload
Here’s the key point:- It has its own internal flash (not the external EC SPI chip we patched).
- HP Sure Start Gen5+ can embed a signed golden BIOS image or recovery script inside that internal flash.
- On boot, the NPCX499HA compares the main BIOS SPI against its stored hash/image, and if mismatched, pushes the “golden” image back into the main BIOS.
- This process works even if the EC’s external SPI is wiped — which is exactly what you’re seeing.
Why this matters for you
The only way to stop that recovery from the NPCX499HA is to:- Reflash the EC’s internal flash via its programming interface (SWD/JTAG/ICP).
- Replace the NPCX499HA with a blank or donor chip from a similar board that doesn’t have the Sure Start payload.
- Disable Sure Start in firmware — but that’s locked behind the same password you’re trying to remove.
Challenges:- The internal flash is protected; without HP’s signed EC firmware, the chip will reject changes.
- Replacing the chip is possible, but it’s BGA — requires hot-air rework and exact part sourcing.
- Blank EC means you must flash both its firmware and configuration to get keyboard, charging, and power working again."
So...that particular chip lives on the other side of the MB under the keyboard...and here is where I say ENOUGH, HP has taken the security to a level that, for the moment, doesn't alow me to go any further.
If someone want's to dive dipper, be my guest.
Attached FilesLeave a comment:
-
I'm sorry, I'm done with this laptop. Doesn't matter what dump I flash on those chips, it gets reverted. Now I've patched 3 Chips and still recovered. Where the hell does the BIOS copy stais? I have no idea and to be honest I lost my patience...I have now the clean BIOS main, Clean EC, and clean 1MB that has the HP sure on it. Still my password returned. It's not about the dump you throw on it anymore... it's about finding the chip that keeps a copy of the original BIOS and force it back to the main and EC chips . I'll search for further information in the future . Thanks for all the help I've received here. Take care guys and much success with this laptop!Leave a comment:
-
Before you give up
I did try every variants available here. Only one doesn't POST, but those that post are immediately reverted to the locked BIOS. I need to find a third Chip (usually smaller than BIOS and EC chips) that trigger that fu*king recovery. I did found a 1MB Chip that GPT says it might be responsible and patched it for me. Now I have to flash all three chips back and try again. If the recovery is still triggered I just give up...
...please try this modded bios dump. Thanks.
Leave a comment:
-
I did try every variants available here. Only one doesn't POST, but those that post are immediately reverted to the locked BIOS. I need to find a third Chip (usually smaller than BIOS and EC chips) that trigger that fu*king recovery. I did found a 1MB Chip that GPT says it might be responsible and patched it for me. Now I have to flash all three chips back and try again. If the recovery is still triggered I just give up...
Leave a comment:
-
can try post 32 bios once if display or not ?
Hey there. Back from my vacation, armed with a bunch of new BIOS chips 💪🏻 Tried both files first one starts the laptop but the password comes back, second doesn't work at all. Tried the first one only the EC file with a main file that I've done using HP recovery, started but same sh*t happened, some information on the screen telling me that the original BIOS file was recovered from the embedded memory because someone tempered with the BIOS and...the password came back. I don't know...this embedded memory controller is the EC chip or is another chip hiding on the MB? If you want to try tempering some more, my original Main and EC files are on the first post from the second page of this topic. If you can do something with them, please let me know and this weekend or the next I'll try to rewrite the Chips. The newer they are, the shitier they get ...
Leave a comment:
-
Hey there. Back from my vacation, armed with a bunch of new BIOS chips 💪🏻 Tried both files first one starts the laptop but the password comes back, second doesn't work at all. Tried the first one only the EC file with a main file that I've done using HP recovery, started but same sh*t happened, some information on the screen telling me that the original BIOS file was recovered from the embedded memory because someone tempered with the BIOS and...the password came back. I don't know...this embedded memory controller is the EC chip or is another chip hiding on the MB? If you want to try tempering some more, my original Main and EC files are on the first post from the second page of this topic. If you can do something with them, please let me know and this weekend or the next I'll try to rewrite the Chips. The newer they are, the shitier they get ...
Leave a comment:
-
-
-
You mean, that part should be replaced with FF or 00? For the moment I've gave up, due to lack of time and, after writing and rewriting the BIOS chip 4-5 times...it said enough and burned... I'm waiting for an order of 10 chips from AliExpress but it will take some time. Keep it touch 🤘🏻🖖🏻Leave a comment:
-
i know there's always a way. we haven't tried it yet. every security there's always a loophole. like this in g11 EC its very similar VSSTORE in bios main i haven't tried this yet, if i only have G11 laptop here i would try all possible means.Hello guys! Found some troubling info about the HP security from 2024 onward:HP Endpoint Security Controller 2024Attacks against PC firmware are on the rise. Unfortunately, protecting the PC BIOS and other critical firmware is often not seen as a priority. HP addresses this with our Endpoint Security Controller (ESC), a dedicated chip that validates the integrity of the BIOS and other firmware to enhance the security of every HP business-class PC. The ESC validates that the firmware is not infected by malware before the CPU is allowed to boot. If any corruption has been detected, it will restore a clean copy held in the ESC's isolated flash. HP is the only vendor offering this unique security solution as a standard part built into business-class PCs to safeguard our customers against IT security threats.
Bottom line is...no matter if you can "unlock" the main BIOS as long as the ESC provide a backup and restore the old blocked BIOS before you can access it...
Attached FilesLeave a comment:
-
-
Hello guys! Found some troubling info about the HP security from 2024 onward:HP Endpoint Security Controller 2024Attacks against PC firmware are on the rise. Unfortunately, protecting the PC BIOS and other critical firmware is often not seen as a priority. HP addresses this with our Endpoint Security Controller (ESC), a dedicated chip that validates the integrity of the BIOS and other firmware to enhance the security of every HP business-class PC. The ESC validates that the firmware is not infected by malware before the CPU is allowed to boot. If any corruption has been detected, it will restore a clean copy held in the ESC's isolated flash. HP is the only vendor offering this unique security solution as a standard part built into business-class PCs to safeguard our customers against IT security threats.
Bottom line is...no matter if you can "unlock" the main BIOS as long as the ESC provide a backup and restore the old blocked BIOS before you can access it...
Leave a comment:
-
can someone test this use the 1st one
if it doesn't work use the second one.
you should flash both main and EC
and let me know if it boots to MPM thanks.Leave a comment:
-
Tried another way. Basically I've replaced the entire ME Reg part of the BIOS with info from a Firmware recovery file from the HP site. After more than one hour everything was done 👍🏻 Laptop starts and...informed me about the mismatched information and that it's doing a quick recovery ... after two restarts, the password is there of course 😖😖😖 How the h*LL can I stop it from doing this sh*t recovery? I didn't find any cmos battery on this model, the power is out long enough....How does it remember?😢😢😢Leave a comment:
-
Unfortunately doesn't work 😔 Some error appeared telling me that the BIOS makes some recovery from the embedded memory due to mismatch ID information...only one option and that was to click "OK" , after 2 minutes the laptop restarted and the password is still there. This is so annoying 😖😖😖 Anyway, thank you for helping!Leave a comment:
-
Leave a comment:
-
Hello, I have an old Dell G3 3579 (ST: 2WQ7LP2-8FC8) with a newer 8FC8 BIOS password. I have successfully attached to the flash chip (W25Q128JVSQ) on the motherboard with a CH341A programmer and made several modifications using Intel FIT (e.g., allow software SPI write) without bricking. I was also able to boot to a modified GRUB shell where I attempted to edit many BIOS security related options like BIOS Guard/Lock, Flash Signature Override, ME FW Image Re-Flash, etc.
Unfortunately, some of these modifications like to Intel BIOS Guard failed because it is fused into the PCH. Also,... -
Hello I have a dell optiplex SFF plus 7020 with a password that I recovered from e-waste. It is possible to get the password removed via the bios patch method? I managed to dump the 32MB bios chips and would like help patching it to MFG mode so I can clear the password.
Thanks.
1hj4z24 = Service tag
A schematic would also be amazing if anyone has one!... -
Hello,
I'm using TONGFANG "GM7TG7P" model laptop for over 3 years and i'm entering the same bios administrator password everyday. My laptop has Aptio BIOS (American Megatrends, AMI).
But today it's not accepting my password. I'm %100 sure i'm entering the correct password.
I'm trying to reset my bios without success.
I tried :
-I removed the BIOS battery and main battery. Waited for a long time but it didn't work. They already stated in the user manual that the password will not be reset even if the batteries... -
Hi guys,
If someone would be able to provide some expertise, I'd be very grateful.
BIOS Corruption - Cause
So I managed to corrupt my machine by installing linux and enrolling custom secure boot keys. I did choose to enroll the Microsoft keys as well, to prevent any potential bricking due to 3rd party drivers from HP being signed with those keys.
After doing that, and rebooting(it did boot, powerLED, fanspin etc.), the laptop did not give any video output on the LCD or video connectors. I think I was able to get in BIOS and trigger the beeper by pressing ESC.... -
Hello
I removed the BIOS password thanks to the help of one of the friends of this forum.
https://www.badcaps.net/forum/troubl...61#post3637661
The batch from which the password was removed works correctly but... after some time, the BIOS password is set again, I reprogrammed the batch with the removed password, it's ok, there is no password, I set my password, ok, I can enter the BIOS with my password but...
Leave a comment: