PDA

View Full Version : This is no request thread! HP COMPAQ bioses, how to modify the bios?



Pages : 1 2 3 4 [5] 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38

andmail
12 Aug 2009, 07:13
You need to login to view this posts content.

911medic
12 Aug 2009, 07:17
from what I see posted here, laptop BIOSes are very difficult to MOD, a special thread for, Dell, HP, and the Lenovo ways, no to mention Toshiba's own BIOS.

We are blessed to have this forum and all the experienced modders helping, but one question keeps humming in my head.

Which brand is easier to MOD, yea I know phoenix is hard, but is there one that wont make you wanna pull your hair off trying to figure out how to do its BIOS?

Gigabyte Award bios are a gimme :D

jiriteach
12 Aug 2009, 11:18
mm posing to be harder than we originally thought!
Dam HP!

Yen
12 Aug 2009, 16:10
I've never found that additive sum somewhere. I'm starting to think there is no such sum to be verified.

mutante I think the best is to disassemble either HPQflash or rompaq to find the verification algorithm.... we need to know what's checked...what kind of sum and what address range.....at bios it's 8 bit, 16bit or crc, sometimes only the odd bytes are taken and at second sum the even bytes for calculation...sometimes different address ranges....

mirza
12 Aug 2009, 18:17
Is there any possibility to re-tattoo motherboard like DELL,maybe that "trigger" for fullflash the BIOS by original HPQflash is on the motherboard?In some older HP models there is written on motherboard if the computer is freeDOS or linux or not.Or we just have to wait BIOS update with unusable SLIC 2.1 and correct it with WoW?

voyt
12 Aug 2009, 19:56
You need to login to view this posts content.

Yen
12 Aug 2009, 20:09
I think we should play with bytes....at the second marker change one byte +1 to 46h and the next byte -1 to 4Ch, try to flash with original flasher..error?
If error then correct offset 2 to 52h only
If error then correct offset 3 to 4Bh only
If error then correct offset 4 to 48h only


Somebody try please?
Edit there, not the marker header:


Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F

000F6210 45 4D 53 4C 49 43 2D 4D 50 43 57 49 4E 44 4F 57 EMSLIC-MPCWINDOW


We can fiddle with bytes and try to flash with original, we can go step by step to see how sensitive the integrity check will be....change some bytes try to flash.. again and again....keeping the sum....

chingaso
12 Aug 2009, 20:49
You need to login to view this posts content.

sebus
12 Aug 2009, 20:57
You need to login to view this posts content.

sebus
12 Aug 2009, 21:13
You need to login to view this posts content.

TTAV134
12 Aug 2009, 21:51
You need to login to view this posts content.

karateca
12 Aug 2009, 22:37
You need to login to view this posts content.

TTAV134
12 Aug 2009, 22:51
You need to login to view this posts content.

andmail
13 Aug 2009, 00:22
I think we should play with bytes....at the second marker change one byte +1 to 46h and the next byte -1 to 4Ch, try to flash with original flasher..error?
If error then correct offset 2 to 52h only
If error then correct offset 3 to 4Bh only
If error then correct offset 4 to 48h only


Somebody try please?
Edit there, not the marker header:


Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F

000F6210 45 4D 53 4C 49 43 2D 4D 50 43 57 49 4E 44 4F 57 EMSLIC-MPCWINDOW


We can fiddle with bytes and try to flash with original, we can go step by step to see how sensitive the integrity check will be....change some bytes try to flash.. again and again....keeping the sum....

Hi, Yen!
I tried all this with original HPQFlash.exe - always error.

Moreover, I drew attention that 68MAD.BAK (can be created and loaded to ROM with original rompaq.exe and patched rompaq_.exe) more than the 68MAD.BIN (original) to 6h (first byte is FFh instead of F9h).

I tried to restore original 68MAD.BIN (renamed to 68MAD.BAK) with the original rompaq.exe -> succesfull.
So, I tried your method to modify 68MAD.BAK (first byte F9h and other six bytes in your string higher by one) CRC32 are equal -> error.

And yet, I drew attention, when using rompaq_.exe (patched) in command line I can see restoring (/R) and updating (/U) proceed banks 1...14 (always with ORIGINAL and modded 68MAD.BIN).
But backuping (/B) proceed banks 1...15.
It seems, rompaq_.exe (and may be original rompaq.exe for 68MAD) cann't to overwrite 15s bank (it's may be addresses F0000-FFFFF).

Yen
13 Aug 2009, 00:58
You need to login to view this posts content.

Yen
13 Aug 2009, 01:28
Hi, Yen!
I tried all this with original HPQFlash.exe - always error.

Moreover, I drew attention that 68MAD.BAK (can be created and loaded to ROM with original rompaq.exe and patched rompaq_.exe) more than the 68MAD.BIN (original) to 6h (first byte is FFh instead of F9h).

I tried to restore original 68MAD.BIN (renamed to 68MAD.BAK) with the original rompaq.exe -> succesfull.
So, I tried your method to modify 68MAD.BAK (first byte F9h and other six bytes in your string higher by one) CRC32 are equal -> error.

And yet, I drew attention, when using rompaq_.exe (patched) in command line I can see restoring (/R) and updating (/U) proceed banks 1...14 (always with ORIGINAL and modded 68MAD.BIN).
But backuping (/B) proceed banks 1...15.
It seems, rompaq_.exe (and may be original rompaq.exe for 68MAD) cann't to overwrite 15s bank (it's may be addresses F0000-FFFFF).

So It seems the checksum problem is already solved at the patched flasher. The question: How to make the flasher to flash the last bank 15?
Either patch the flasher or..hmm the biosfile itself has a flag somewhere to tell the flasher that bank 15 has to be updated! If HP wants to make this be updated as well, the biosfile 'has to tell' the flasher, just do it!

maybe remove the 14 banks limit? Difficult? mutante? What do you think about? Or what about these special hP tools?

Edit: there is 'uniflash' a universal flasher, but quite obsolete......

ckv
13 Aug 2009, 01:40
You need to login to view this posts content.

Yen
13 Aug 2009, 01:42
I have tried this on a 6710b - How do i se if it now has SLIC 2.1 ?

Try this great tool:
http://forums.mydigitallife.info/showthread.php?t=6925

ckv
13 Aug 2009, 01:51
Try this great tool:
http://forums.mydigitallife.info/showthread.php?t=6925

I guess it is not good then. This is the result for a HP 6710b
Dump OK ! ( HPQOEMSLIC-MPC_V2.0 )

ckv
13 Aug 2009, 02:13
I guess it is not good then. This is the result for a HP 6710b
Dump OK ! ( HPQOEMSLIC-MPC_V2.0 )

I find 'HPQOEMSLIC-MPCWINDOWS' in the HQFLASH memory two times. Don't we then know what to do yet?

TTAV134
13 Aug 2009, 02:31
I find 'HPQOEMSLIC-MPCWINDOWS' in the HQFLASH memory two times. Don't we then know what to do yet?
hello,

As you can see the method for flashing HP bios is under development.
You have to wait, sorry.
Come back in few days, who knows.

regards

Yen
13 Aug 2009, 02:39
I find 'HPQOEMSLIC-MPCWINDOWS' in the HQFLASH memory two times. Don't we then know what to do yet?

The second one is protected, we still don't know how to make the flashtool to update it!

ckv
13 Aug 2009, 02:46
The second one is protected, we still don't know how to make the flashtool to update it!

I'm SO VERY sure, that you will solve it. Looks forward to that. Good luck to you. :)

andmail
13 Aug 2009, 02:56
You need to login to view this posts content.

sebus
13 Aug 2009, 04:01
You need to login to view this posts content.

vanka
13 Aug 2009, 05:02
Yup! Still looking for a way. I'm sure there will be one very soon :)

I got the modded BIOS with SLIC 2.1 from a mate. He did a bundle of others for me as well which all work well.

The others work since I can use WinFlash. It's just these specific models!

Can someone please clear something up for me? Based on the above quote, if an HP BIOS (laptop in my case) uses WinFlash to flash the BIOS; then there is no problem with checksums etc. Is this correct or no? The reason I'm asking is that I have an HP Pavilion dv9543cl laptop that comes with SLIC 2.0 and uses WinFlash to flash the BIOS. I would like to flash it with a BIOS modded with SLIC 2.1.

Yen
13 Aug 2009, 05:31
You need to login to view this posts content.

TTAV134
13 Aug 2009, 08:34
Can someone please clear something up for me? Based on the above quote, if an HP BIOS (laptop in my case) uses WinFlash to flash the BIOS; then there is no problem with checksums etc. Is this correct or no? The reason I'm asking is that I have an HP Pavilion dv9543cl laptop that comes with SLIC 2.0 and uses WinFlash to flash the BIOS. I would like to flash it with a BIOS modded with SLIC 2.1.
hello,

If your BIOS is a pure PHOENIX you have to go here (http://forums.mydigitallife.info/showthread.php?t=5864) for your request.

This thread is dedicated to HP BIOS flashed with Rompaq under DOS or HPQFlash under windows.

regards

jordan.turner1974
13 Aug 2009, 08:53
You need to login to view this posts content.

Hotpepper
13 Aug 2009, 13:19
Of course a one click soltion is better. But at the moment there's no way to get it. You'll have to wait so far...

ckv
13 Aug 2009, 14:13
This is great...for people who actually understand this. Requests for mods are made by most people who do NOT know how to do this (hence the requests) - most of the requestor. Until a fool-proof method like Yen's, Shakey, etc are made, I just do not have confidence in myself to do this on my HP530. One click install is better - the normal BIOS upgrade method. Thanks for the assistance though.

Try it. I have NEVER done things like that before, and it went well for me. - Only, HxD HAS to be started as Administrator. :)

gregg
13 Aug 2009, 15:17
You need to login to view this posts content.

mutante
13 Aug 2009, 17:11
You need to login to view this posts content.

mutante
13 Aug 2009, 17:13
You need to login to view this posts content.

mutante
13 Aug 2009, 17:32
You need to login to view this posts content.

Yen
13 Aug 2009, 17:51
I don't think it is going to work, I think that all BIOS is transfered by HPQFlash to a temporal zone then when we restar the computer it detects a new ROM it checks it, and this fail so ROM is not updated.

am I wrong?

We know that the flash tool writes 14 banks and at bios bakup it backups all 15 banks. HP itself must write the 15th bank to update to SLIC2.1 officially...how do they?

-special rompaq program (I'm afraid, I don't think so..:( )
-a update flag set somewhere, at biosfile, at EEPROM?????

mutante, is there a way to patch rompaq to update all 15 banks?

TTAV134
13 Aug 2009, 19:44
You need to login to view this posts content.

jiriteach
13 Aug 2009, 19:51
Hmm dam it's getting pretty hard now!

Yen
13 Aug 2009, 19:58
You need to login to view this posts content.

andmail
13 Aug 2009, 20:07
We know that the flash tool writes 14 banks and at bios bakup it backups all 15 banks. HP itself must write the 15th bank to update to SLIC2.1 officially...how do they?

-special rompaq program (I'm afraid, I don't think so..:( )
-a update flag set somewhere, at biosfile, at EEPROM?????

mutante, is there a way to patch rompaq to update all 15 banks?

I tried patched rompaq_.exe from sp39427 with ORIGINAL 68MAD:
rompaq_.exe /U (banks 1...14)
rompaq_.exe /B (banks 1...15)
rompaq_.exe /R (banks 1...14) with original 68MAD.BIN renamed to 68MAD.BAK
The code used to verify the integrity of your BIOS does not match
what is currently on your system. This could cause parts of the BOIS
to be skipped when updating leading to unpredictable results including
failure to load. It very strongly recommended that you not proceed with the update.
Press
F10=Continue, ESC=Cancel
I draw your attention to the fact that there are two ways to update the BIOS with a rompaq_.exe, I mean Update (/U) and Restore (/R with modded 68MAD.BIN renamed to 68MAD.BAK ) modes.

Yen
13 Aug 2009, 20:13
I tried patched rompaq_.exe from sp39427 with ORIGINAL 68MAD:
rompaq_.exe /U (banks 1...14)
rompaq_.exe /B (banks 1...15)
rompaq_.exe /R
Error in file content read from disk.
Please try recreating file or disk.

I draw your attention to the fact that there are two ways to update the BIOS with a rompaq_.exe, I mean Update (/U) and Restore (/R with modded 68MAD.BIN renamed to 68MAD.BAK ) modes.

Sorry for that question (is probably answered already). does /R write 15 banks with the original bios renamed to bios.bak??? Or is restore simply a command that flashes *.bak the same way than /U ?

To flash 15 banks instead of 14 there is hopfully just one byte needed to change??? NO? from E to F?

gregg
13 Aug 2009, 20:38
hello,

Question: does this HPQFlash version has been pached to ignore rom.sig and ver.sig in ROM.cab

regards

Yes, this version ignore signature. But this version only display a full log with debug message. This hpqflash don't update SLIC to 2.1.

DAPBENJAMIN
13 Aug 2009, 21:04
You need to login to view this posts content.

mutante
13 Aug 2009, 22:03
Hi,

Yeah I have done that.... Saved my 8510p.

edit*: tried it with a double patched BIOS image and it did nothing...

Darren

How? fn + B method?

MVV_
13 Aug 2009, 22:58
You need to login to view this posts content.

andmail
13 Aug 2009, 23:08
Sorry for that question (is probably answered already). does /R write 15 banks with the original bios renamed to bios.bak??? Or is restore simply a command that flashes *.bak the same way than /U ?

To flash 15 banks instead of 14 there is hopfully just one byte needed to change??? NO? from E to F?

It was here (http://forums.mydigitallife.info/showthread.php?p=109044#post109044)
Original rompaq.exe /R with original 68MAD.BIN renamed to 68MAD.BAK (banks 1...14)

I tried patched rompaq_.exe v.4.75 from sp39427 (http://forums.mydigitallife.info/showpost.php?p=109866&postcount=236):

Original 68MAD:
rompaq_.exe /U (banks 1...14)

The code used to verify the integrity of your BIOS does not match
what is currently on your system. This could cause parts of the BOIS
to be skipped when updating leading to unpredictable results including
failure to load. It very strongly recommended that you not proceed with the update.
Press
F10=Continue, ESC=Cancel

Modded 68MAD:
rompaq_.exe /U

Error in file content read from disk.
Please try recreating file or disk.

engage16
13 Aug 2009, 23:41
You need to login to view this posts content.

TTAV134
14 Aug 2009, 00:26
You need to login to view this posts content.

DAPBENJAMIN
14 Aug 2009, 00:39
How? fn + B method?
Put the BIOS image (and nothing else) on a USB floppy...

From a powered off state hold down all 4 arrow keys and then power on. Just wait and the floppy will start to read. You can let go once the floppy is spinning.

Found the 4 arrows easier than Fn + B.

Darren

TTAV134
14 Aug 2009, 02:34
You need to login to view this posts content.