All about UEFI. Both threads are merged. Beta testers are welcome.

Discussion in 'BIOS Mods' started by doakh, Oct 21, 2009.

  1. gotfree

    gotfree MDL Novice

    Mar 20, 2010
    17
    1
    0
    oa2intel

    I think, sign.bin generation is OEM and M$ deal, and Intel is not involved in that.

    A little of clarification to my previous post today.

    We all know that oa2intel works fine in most cases if used correctly. This is not that interesting anymore. My interest is, how to generate/extract pksign.bin in order to complete collection of three files required. This is particularly important if one would like to activate with the OEM other than those available (HP, DELL, J, ASUS), such as SONY, Toshiba, etc.
     
  2. anmg

    anmg MDL Senior Member

    Jul 28, 2009
    304
    307
    10
    pksign.bin is made by Intel. It is possible to get this correct bin from branded computer based on intel board.
    To do it you will need efivar.dll from the oa2intelwin (if possible to make reading this dll)
    you have to get something like this
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. amiga

    amiga MDL Junior Member

    Aug 11, 2007
    87
    96
    0
    i`m way out of my depth here but i been reading that the itk v3.2 can save bios capsules for flashing so i `m assuming it has continued in newer versions too, well my idea was if you open a bios file in itk it loads it in too memory somewhere is it not possible to patch that memory with a 2.1 slic then get the itk to resave the file now encompassing the slic. as i said it was just a thought as really its way outta my depth.
     
  4. anmg

    anmg MDL Senior Member

    Jul 28, 2009
    304
    307
    10
    you can dream longer :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. frwil

    frwil MDL Addicted

    Sep 22, 2008
    532
    177
    30
    There's no any secret in pksign.bin - it is self-signed public key, one half of it is public key, the other half is signature, which is created exactly like signature in marker - by calculating SHA-256 hash of signed info (in case of pksign.bin signed info is public key itself) and signing DER-formatted hash by corresponding private key (the process of generation/validation was described by Crypto in Vista section about two years ago already). Thus to generate either marker or pksign.bin you'll "just" need to steal private key, which is not possible even theoretically cause private keys are stored inside OEM's special pci-card device and aren't exportable, and you can't break (factorize) public key (to re-generate private key out of it) because it's too long for known cracking tools.
     
  6. gotfree

    gotfree MDL Novice

    Mar 20, 2010
    17
    1
    0
    oa2intel

    I am finding anmg's post to be very interesting. The table includes data of the encrypted pubkey:

    "GUID: 6D9BF711-A90D-42F9-A3FB-DD08B6E89037
    Name: "SLP20EncryptedOEMPublicKey#!rtUY9o"
    Size: 284 bytes

    00 00 00 00 9C 00 00 00 06 02 00 00 00 24 00 00
    52 53 41 31 00 04 00 00 01 00 01 00 83 A4 C2 5B
    5A 18 2A FE 79 59 DB D9 7E EA 3D 26 20 88 CE 6B
    D0 EA 79 D3 85 2B 95 00 9A C4 55 BF EA 39 A0 8F
    BE 23 61 59 60 73 C8 2C 5B E5 A8 8A 7F 74 F5 BF
    CB 00 2D 99 76 AB 94 8C E3 CF 9E 47 28 61 91 B2
    B5 F8 C8 DB D9 87 04 8A 48 EB 9B 7F B3 38 0A FB
    6F DD 86 75 A5 42 49 33 E2 2E 39 BE 64 8E 49 7D
    78 DD 83 36 62 88 67 02 77 79 AF 3B 2F D4 04 53
    F9 0E DA C5 38 F5 4B 7F 9C 69 63 B1 03 9B 39 7E
    BE 7F AD 0C 03 4A E2 DC 60 0C 95 48 13 48 3D 21
    6D E6 3D 57 61 5C E2 FF 0E 81 30 DD 0A 18 80 B1
    7B 5E 9C 2F 00 47 7F 27 74 2E F1 CE C0 77 C3 FE
    A3 9A 6F 60 55 A4 7D 6F 9C BB ED 14 BF CE 85 13
    50 DF 1C CE 76 05 28 29 32 88 AD 55 DC 32 1C 28
    7E 14 31 19 EF 30 89 B2 1A 2D 96 CD DF 19 DC CA
    58 37 6C 99 57 1C 04 42 83 1D 34 A0 D5 A9 D9 C2
    84 87 C4 5B 87 E6 65 24 EF 74 E1 D0 "

    However, I am not sure how did you get these data. Is that a "dump" of RAM? I think, it will be beneficial for us if you give more detales about the steps of your technique and the tools used.
     
  7. anmg

    anmg MDL Senior Member

    Jul 28, 2009
    304
    307
    10
    yes, it is already known key of JPSCSA, it is included to shared oa2intel tool
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. anmg

    anmg MDL Senior Member

    Jul 28, 2009
    304
    307
    10
    efivar.dll from oa2intelwin should help, but I am not sure. Also using any bios dump utility may help to get this data.
    I have used another tool, which I promised do not to share.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    11,902
    12,357
    340
    Isn't it just a plain EFI module or a part of it? Globally-Unique Identifier, found at dump folder of e.g. andy's tool after opening the EFI capsule???
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. tek_01

    tek_01 MDL Novice

    Jul 14, 2009
    8
    0
    0
    So with the new P67 chipset boards from MSI (and im guessing most other manufacturers) coming out very soon using the new UEFI BIOS means we are up s**t creek unless someone finds a workaround. After reading all 29 pages, chances dont look too good right?
     
  11. anmg

    anmg MDL Senior Member

    Jul 28, 2009
    304
    307
    10
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. tek_01

    tek_01 MDL Novice

    Jul 14, 2009
    8
    0
    0
    From my understanding UEFI and EFI are not exactly the same, correct?
    from reading the last 30 pages, it gives me the idea that the new UEFI bios's will not be able to be modified because of a signature that intel has implemented (and we cannot crack), or have i missed something?
     
  13. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    11,902
    12,357
    340
    (Unified) Extensible Firmware Interface. It's basically the same. It's Intel that digitally signes their (U)EFI. I guess others will not make the effort to digitally sign. There is success at MSI EFI and Asus EFI already.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. DeepDayze

    DeepDayze MDL Novice

    Sep 14, 2010
    35
    3
    0
    So that will mean that Intel's boards are to be avoided at this point ??
     
  15. anmg

    anmg MDL Senior Member

    Jul 28, 2009
    304
    307
    10
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  16. allegro16

    allegro16 MDL Novice

    Aug 3, 2009
    21
    0
    0
    Still no tools to change options and settings in AMI Aptio (UEFI) bioses?
    I searched everywhere for AMIBCP for Aptio, MMTool, DMIEdit, Change Logo, Ami Flashers..
    I have just found out my Slate BIOS has SLIC, etc, but it has other options disabled/hidden..
    So, any way to enable them, would be great! (With official tools or any other way)

    Thanks!

    WeTab Meego Slate

    Bios Information:

    BIOS Vendor: American Megatrends
    Core Version: 4.6.4.0
    Compliency: UEFI 2.0
    BIOS Version: Lucid-MWE-0125
    Build Date and Time: 09/03/2010 18.17
    EC Version: 000915
     
  17. ELVEON

    ELVEON MDL Novice

    Jan 1, 2011
    5
    0
    0
    Yen

    Hello.
    Tell me, changed the BIOS UFI is possible? If this is possible and you know how to do this, please try to add SLIC to the bios of my motherboard ASUS P8P67.

    -Motherboard Manufacturer and Model : ASUS P8P67
    -Bios Revision : 0804
    -Bios Type : EFI AMI BIOS
    -Bios SLIC: ASUS
    -Bios Link : dl.dropbox.com/u/4928793/P8P67-ASUS-0804.zip
    -Rw-everything ACPI report: dl.dropbox.com/u/4928793/AcpiTbls.rw
     
  18. anmg

    anmg MDL Senior Member

    Jul 28, 2009
    304
    307
    10
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  19. anmg

    anmg MDL Senior Member

    Jul 28, 2009
    304
    307
    10
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...