Re: BIOS guides, methods, resources and tools — Discussions
Would suggest adding information about update extraction from Acer update files (applies to a lot of brands that use Insyde firmware), since those mostly contain full images that do not require stitching. For reference this would be the corresponding page on my wiki:
[url]https://github.com/ISpillMyDrink/UEFI-Repair-Guide/wiki/Insyde-Flash-Firmware-Tool-(H2OFFT[/url])
I can post a quick guide on Badcaps aswell if none is already present.Re: BIOS guides, methods, resources ...cussions<br />
EineWildeStehlampe
Member
Last Activity: 12-30-2024, 11:20 AM
Joined: 06-27-2021
Location: Cologne
-
Re: Panasonic CF-D1N bios password recovery
[url]https://www.badcaps.net/forum/showthread.php?t=102275[/url]Re: Panasonic CF-D1N bios password r...t=102275[/url]Leave a comment:
-
Re: HP Omen 17-w104no dead PCH? Second opinion
Here's the boardview if you don't believe me
...
Leave a comment:
-
Re: HP Omen 17-w104no dead PCH? Second opinion
A lot of weird suggestions here. There is obviously a low resistance reading both on the 3.3v and 1.05v switch mode coils. It's a dead PCH with almost 100% certainty. Inject 3v on the 3.3v coil and feel the PCH heat up if you want to confirm it.Leave a comment:
-
Re: Asus X705mb - not turning on
TXE Region of the "known working" dump had to be cleaned before it would POST. My bad, that wasn't very clear.Leave a comment:
-
Re: Asus X705mb - not turning on
Firmware from another device where the TXE region hasn't been cleaned may stop this one from POSTing iirc. I had a very similar one of these ASUS boards in last week, X705MA I think, which wouldn't power on. Turned out to be a part of the ROM was wiped for some reason (when compared to a "known working" image), TXE region had to be cleaned before it would POST.Leave a comment:
-
Re: AMITSESetup Decryptor
Confirmed to work with at least those devices, will add more when I have some in:
- Microsoft Surface (Pro) 3
- Advantech MIO-5251
- Medion Lifetab P8912
- ASUS Vivobook Flip 14 TP412
I've noticed there's also a few AMI implementations storing the password in cleartext instead of scancodes, I'll probably add something to parse those aswell. And then there's some that look like SHA1 hashes, so I might at least add some functionality to detect those.Leave a comment:
-
Re: AMITSESetup Decryptor
Glad it's of use to someone. I'd love to keep a list of devices using the AMITSESetup variable if only I could find out how to edit my posts
Leave a comment:
-
Re: AMITSESetup Decryptor
I meant "AMITSESetup" obviously....Leave a comment:
-
Re: HP Elitebook 820 G2 ... turns off exactly after 30 minutes
*pulled highLeave a comment:
-
Re: HP Elitebook 820 G2 ... turns off exactly after 30 minutes
As indirectly mentioned above, shutdown after exactly 30 minutes is likely a Watchdog timeout due to the Management Engine not initializing properly. The way to fix that is to "clean" the ME region in the firmware image. See [url]https://winraid.level1techs.com/t/guide-clean-dumped-intel-engine-cs-me-cs-txe-regions-with-data-initialization/31277[/url] for that. In rare cases the problem might also occur due to a hardware problem, namely the PCH's "Descriptor Security Override Strap", on most PCHs...Leave a comment:
-
AMITSESetup Decryptor
As a lot of older firmware images use the well known, [I]incredibly secure[/I] AMI XOR key to encode the supervisor password in the firmware image, I wrote a small Python tool to automate the process of searching through the image and decrypting the key. It is far from perfect but works well enough for me to share.
The tool uses UEFIExtract to dump the entire image, naively search for a folder ending in "AMITSEDecrypt", iterate through the body.bin to find all possible hashes stored in there, decrypt them with the XOR key, remove every second byte, then convert to ASCII.... -
Re: 840 G1 , 840 G3 and 8470p bios passwords
I know this thread is somewhat old but I've been experimenting with those HP laptops with the HP_BIOSAdminScancode structure a bit today and found out that it is in fact quite easy to brute force them given a certain maximum character length.
The encrption mechanism works like this:
The entered password is firstly stored as a Scancode string (see [url]https://www.scs.stanford.edu/10wi-cs140/pintos/specs/kbd/scancodes-1.html#ss1.4[/url] for example), so "q" becomes 0x10, "w" becomes "0x11",...Leave a comment:
No activity results to display
Leave a comment: