How do I dump (and extract) the contents of an Insyde BIOS with the Insyde / Phoenix mod tool? I'm trying to recover a bad flash (I was messing around with the splash screen, trying to be cool, and I failed, bricking my friend's laptop, which is an Acer Aspire 5532). I've tried hundreds of filenames, and nothing is working. In the "Undocumented-INSYDE-BIOS-recovery-method." thread, which I've become well-acquainted with, a user named "mightyEx" seems to have figured out a solution to getting the necessary file name for any Insyde BIOS: I've been trying to replicate his work and hopefully eventually get the filename I need for this computer, but I'm not doing a very good job. I tried to find the "Insyde / Phoenix mod tool" he used, and I think I figured out that it was this one: ---EDIT: Can't post links... the thread title here is: "Tool to Insert/Replace SLIC in Phoenix / Insyde / Dell / EFI BIOSes" When I run that on the 7720g (I'm trying to replicate his work and then try it on my own laptop, the Acer Aspire 5532) BIOS file, it creates a "DUMP" directory filled with .ROM files. Thinking these were the files he meant he searched through to find the string ICL50HW.fd, I tried running ".fd" through grep (on Mac) and Windows Grep with a few results, but none of them were "ICL50HW.fd". I can't help but think that I'm missing something obvious, and if someone could help me on my quest for knowledge (and this apparently-secret filename), I would be eternally grateful.
Try to search for the bytes sequence 2E00660064 at all *.ROM modules....the text .fd is interrupted with zero bytes (it looks like between every letter there is a dot). Try also capital letters (sequence 2E00460044)... Then have a look what's before........ You need to figure what's before .fd, simple text search seems not to work.....will have a look when I have tools....
I have one hit: at 3D17205B-4C49-47E2-8157-864CD3D80DBD_1_690.ROM Code: Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 00001E20 00 00 00 00 5C 00 42 00 49 00 4F 00 53 00 2E 00 ....\.B.I.O.S... 00001E30 46 00 44 00 00 00 00 00 45 4C 20 54 4F 52 49 54 F.D.....EL TORIT 00001E40 4F 20 53 50 45 43 49 46 49 43 41 54 49 4F 4E 00 O SPECIFICATION. 00001E50 43 44 30 30 31 00 00 00 00 00 00 00 00 00 00 00 CD001........... It seems it's also BIOS.FD Try to rename it to BIOS.FD (capital letters, and if it's not the right one bios.fd). You may burn both named files onto CD and try..also USB pen device....make sure the files are at root directory. Format the USB pen fat32 before. If that should be a reliable way, I'll PM Andy to implement that feature into his tool.....then a pop up window may show all possible hits...
That might have worked. I ended up putting somewhere over 1,000 different copies of the BIOS file with various names onto a flash drive. I know one of them was BIOS.FD, so that may have been what did the trick! I would flash the corrupt BIOS again and then try to recover with just BIOS.FD on the flash drive to see if that's really what worked, but alas, the computer isn't mine to experiment with. I think that this would be a great addition to his tool. I know that would have made my life a hell of a lot easier, but then again, I definitely wouldn't have learned as much. Also, I just want to say that I think it's very cool that you of all people responded to me. In my quest for the filename, I read tons of posts by you on this forum (that I suppose you're the admin of) and I really feel honored to have you respond to my post. You're something of a genius in my book! -Drew Carey Buglione
Thanks a lot for your compliment. I'm glad that you finally have managed to recover your friend's Laptop. If I can help somebody I always try to. I know your feeling when bricking a friends Laptop accidentally....a similar feeling I get when one of the requester bricks his Laptop by trying one of my biosmods... Yes, I am admin (one of three) besides the owner of MDL. I have searched for a 'home' to modify bioses and finally I arrived here. The admin role came later to me, basically I'm a bios modder. I feel responsible to MDL and I try to keep it growing. I want MDL to be a friendly forum with helpful and kind members. I'll check more Insyde bioses that way and will compare it to posted results. After that I'll PM andy about to implement. It's really easy, since the recovery routine must call a file and therefore the name of it must be coded somewhere.... I mentioned about an idea just to search for it. There are also some specific identifier strings for recovery. What I need to do is to check some Insyde bioses...I'm not sure if the extension .FD is used at any time. 'EL TORITO' is a CD boot specification, which could be an indicator for recovery from CD... I never finalized that idea, but the amount of Insyde bioses is increasing and the need to recover them, too. Enjoy MDL.
I did a few tests with some Insyde bioses. (Sorry i'm not at home ATM, can't check your bios). Edit: It should be BIOS.fd (check the spelling, case sensitive) Since the correct name for recovery isn't always *.FD, the best is to search for: EL TORITO SPECIFICATION 00-byte CD001 at all dumped files of andy's tool. Before that string there are 5 zero bytes and then the filename for recovery. The filename starts with a backslash (5Ch) to indicate root directory (not always). Sometimes the filemame is interrupted with 00 bytes (after each letter).... Byte sequence to search: 45 4C 20 54 4F 52 49 54 4F 20 53 50 45 43 49 46 49 43 41 54 49 4F 4E 00 43 44 30 30 31 preferably at 3D17205B-4C49-47E2-8157-864CD3D80DBD (GUID) Before that sequence you should find the right filaname. It's in between the above byte sequence and the next 5Ch byte (read backwards) Please note you have to press a special key combination to kick in the recovery....you may also try (boot)cd. Insyde bioses are IMO better for recovery than Phoenix. (More modern). You need your right key combination and the right filename. Then it always will work, at Phoenix not . After I have verified that method, andy can implement it into his tool. (Need to test more different EFI) Comments and results are welcome.
Some random examples of different bioses all at common GUID:3D17205B-4C49-47E2-8157-864CD3D80DBD Byte sequence to search: 45 4C 20 54 4F 52 49 54 4F 20 53 50 45 43 49 46 49 43 41 54 49 4F 4E 00 43 44 30 30 31 preferably at 3D17205B-4C49-47E2-8157-864CD3D80DBD (GUID) (here are two names) Code: Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 000020F0 66 8B 55 08 EF 61 C9 C3 00 00 00 00 00 00 00 00 f‹U.ïaÉÃ........ 00002100 00 00 00 00 33 00 36 00 31 00 42 00 2E 00 42 00 ....3.6.1.B...B. 00002110 49 00 4E 00 00 00 00 00 33 00 36 00 31 00 30 00 I.N.....3.6.1.0. 00002120 2E 00 42 00 49 00 4E 00 00 00 00 00 45 4C 20 54 ..B.I.N.....EL T 00002130 4F 52 49 54 4F 20 53 50 45 43 49 46 49 43 41 54 ORITO SPECIFICAT 00002140 49 4F 4E 00 43 44 30 30 31 00 00 00 00 00 00 00 ION.CD001....... 00002150 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00002160 00 00 00 00 4F D9 17 C7 B9 B2 59 48 B5 77 AE D7 ....OÙ.ǹ²YHµw®× Watch out: here it is Bios.fd (case sensitive) could be a matter.. Code: Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 00001E70 41 83 7D 10 00 77 EB 33 C0 5F 5D C3 00 00 00 00 Aƒ}..wë3À_]Ã.... 00001E80 00 00 00 00 5C 00 42 00 69 00 6F 00 73 00 2E 00 ....\.B.i.o.s... 00001E90 66 00 64 00 00 00 00 00 45 4C 20 54 4F 52 49 54 f.d.....EL TORIT 00001EA0 4F 20 53 50 45 43 49 46 49 43 41 54 49 4F 4E 00 O SPECIFICATION. 00001EB0 43 44 30 30 31 00 00 00 00 00 00 00 00 00 00 00 CD001........... 00001EC0 00 00 00 00 80 1E 00 10 A1 8A 5D 69 EE 42 46 4C ....€...¡Š]iîBFL Code: Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 00001EF0 41 83 7D 10 00 77 EB 33 C0 5F 5D C3 00 00 00 00 Aƒ}..wë3À_]Ã.... 00001F00 00 00 00 00 5C 4B 4D 32 58 36 34 2E 66 64 00 00 ....\KM2X64.fd.. 00001F10 45 4C 20 54 4F 52 49 54 4F 20 53 50 45 43 49 46 EL TORITO SPECIF 00001F20 49 43 41 54 49 4F 4E 00 43 44 30 30 31 00 00 00 ICATION.CD001... 00001F30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00001F40 00 00 00 00 4F D9 17 C7 B9 B2 59 48 B5 77 AE D7 ....OÙ.ǹ²YHµw®× Sometimes you get a second hit at 43B93232-AFBE-11D4-BD0F-0080C73C8881 (GUID) but its (always about partition driver) Code: Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 00001B40 50 00 61 00 72 00 74 00 69 00 74 00 69 00 6F 00 P.a.r.t.i.t.i.o. 00001B50 6E 00 20 00 44 00 72 00 69 00 76 00 65 00 72 00 n. .D.r.i.v.e.r. 00001B60 28 00 4D 00 42 00 52 00 2F 00 47 00 50 00 54 00 (.M.B.R./.G.P.T. 00001B70 2F 00 45 00 6C 00 20 00 54 00 6F 00 72 00 69 00 /.E.l. .T.o.r.i. 00001B80 74 00 6F 00 29 00 00 00 65 6E 67 00 45 46 49 20 t.o.)...eng.EFI 00001B90 50 41 52 54 00 00 00 00 45 4C 20 54 4F 52 49 54 PART....EL TORIT 00001BA0 4F 20 53 50 45 43 49 46 49 43 41 54 49 4F 4E 00 O SPECIFICATION. 00001BB0 43 44 30 30 31 00 00 00 00 00 00 00 00 00 00 00 CD001........... 00001BC0 C8 02 00 10 9B 03 00 10 DF 04 00 10 10 00 00 00 È...›...ß....... here's the right one Code: Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 00001C70 10 8B 45 08 8B 55 0C 59 C9 C3 00 00 00 00 00 00 .‹E.‹U.YÉÃ...... 00001C80 00 00 00 00 5C 00 42 00 49 00 4F 00 53 00 2E 00 ....\.B.I.O.S... 00001C90 66 00 64 00 00 00 00 00 45 4C 20 54 4F 52 49 54 f.d.....EL TORIT 00001CA0 4F 20 53 50 45 43 49 46 49 43 41 54 49 4F 4E 00 O SPECIFICATION. 00001CB0 43 44 30 30 31 00 00 00 00 00 00 00 00 00 00 00 CD001........... 00001CC0 00 00 00 00 A1 8A 5D 69 EE 42 46 4C 80 5C 6E A6 ....¡Š]iîBFL€\n¦ Code: Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 00001EF0 41 83 7D 10 00 77 EB 33 C0 5F 5D C3 00 00 00 00 Aƒ}..wë3À_]Ã.... 00001F00 00 00 00 00 33 30 46 42 2E 62 69 6E 00 00 00 00 ....30FB.bin.... 00001F10 45 4C 20 54 4F 52 49 54 4F 20 53 50 45 43 49 46 EL TORITO SPECIF 00001F20 49 43 41 54 49 4F 4E 00 43 44 30 30 31 00 00 00 ICATION.CD001... 00001F30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00001F40 00 00 00 00 4F D9 17 C7 B9 B2 59 48 B5 77 AE D7 ....OÙ.ǹ²YHµw®× 00001F50 99 56 55 1F A1 8A 5D 69 EE 42 46 4C 80 5C 6E A6 ™VU.¡Š]iîBFL€\n¦ It would be nice if andy would implement that. And print out the ASCII. Anyway not easy to find the right length to read / eliminate 00 pattern.. Last resort would be to print out the entire block and the user would have to read the names by himself.. I would suggest to read backwards from the mentioned EL TORITO string until the backslash appears and / or at least 8 zero bytes are following or C3h appears...then eliminate all 00 bytes in between in case they are present. Also remain the common extentions .FD, .BIN, .ROM. to set (remain) the dot for the extension, also it's case sensitive I guess... Hits with two filenames seem to be separated with 5 zero bytes also. (in between them).. Will PM andy about and test some more. At Sony Insyde there is no hit. Another reason why Sony sux. Seems they want customers to pay for repair, or they use always the original filename??? Here's one with multiple fiiles: Code: Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 00002290 66 8B 55 08 EF 61 C9 C3 00 00 00 00 00 00 00 00 f‹U.ïaÉÃ........ 000022A0 00 00 00 00 33 00 36 00 32 00 37 00 2E 00 42 00 ....3.6.2.7...B. 000022B0 49 00 4E 00 00 00 00 00 33 00 36 00 32 00 39 00 I.N.....3.6.2.9. 000022C0 2E 00 42 00 49 00 4E 00 00 00 00 00 33 00 36 00 ..B.I.N.....3.6. 000022D0 32 00 38 00 2E 00 42 00 49 00 4E 00 00 00 00 00 2.8...B.I.N..... 000022E0 33 00 36 00 32 00 33 00 2E 00 42 00 49 00 4E 00 3.6.2.3...B.I.N. 000022F0 00 00 00 00 33 00 36 00 32 00 34 00 2E 00 42 00 ....3.6.2.4...B. 00002300 49 00 4E 00 00 00 00 00 45 4C 20 54 4F 52 49 54 I.N.....EL TORIT 00002310 4F 20 53 50 45 43 49 46 49 43 41 54 49 4F 4E 00 O SPECIFICATION. 00002320 43 44 30 30 31 00 00 00 00 00 00 00 00 00 00 00 CD001........... 00002330 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Seems best is to read backwards until C3h (magic byte..lol)
Summary of my tests GUID to search: 3D17205B-4C49-47E2-8157-864CD3D80DBD Sequence: 45 4C 20 54 4F 52 49 54 4F 20 53 50 45 43 49 46 49 43 41 54 49 4F 4E 00 43 44 30 30 31 Read bytes until C3h backwards, copy data block, ignore 00h bytes, scan for common extensions, remain (get) case, build filename(s), pop up info window. Should be fine to program..
At ASUS P5 deluxe it's located at GUID E008B434-0E73-440C-8612-A143F6A07BCB Specific byte sequence to search here: Code: Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 000046B0 43 44 30 30 31 00 00 00 45 4C 20 54 CD001...EL T 000046C0 4F 52 49 54 4F 20 53 50 45 43 49 46 49 43 41 54 ORITO SPECIFICAT 000046D0 49 4F 4E ION It's right before and also 'ends' with a C3h byte. Code: Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 00004680 00 80 5E 5B C9 C3 00 00 00 00 00 00 00 00 00 00 .€^[ÉÃ.......... 00004690 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 000046A0 00 00 00 00 00 00 20 00 50 35 51 44 45 46 49 2E ...... .P5QDEFI. 000046B0 52 4F 4D 00 43 44 30 30 31 00 00 00 45 4C 20 54 ROM.CD001...EL T 000046C0 4F 52 49 54 4F 20 53 50 45 43 49 46 49 43 41 54 ORITO SPECIFICAT 000046D0 49 4F 4E ION It seems Sony Tiano compressed EFI are using the same way. I will do more research to get all EFI. At LZMA compressed Sony (EzH2O) the method doesn't work..will test...hmm nothing found, but original name, nothing about TORITO
Hello everybody, Please help me find the name for recovery. HP G62-b50SR, BIOS Version:F.23 A, 3.13M I can't properly rename 0143B.fd. Phoenixtool 1.64 - ERROR "Not Phoenix / Dell / Insyde / EFI BIOS". Is it possible to solve this problem? Thank you in advance