How To Disable Protected Range Register on Lenovo T440 based on Cr4sh?

Discussion in 'BIOS Mods' started by freetimes, Aug 11, 2016.

  1. freetimes

    freetimes MDL Novice

    Feb 21, 2013
    5
    0
    0
    Hi,

    I have a Lenovo ThinkPad T440 with Locked BIOS, when I tried to flash the Moded BIOS prepared for me by the expert ‘Serg008’ I discovered that the Protected Range Register are set in my BIOS and it’s preventing it from being flashed.

    In recent post of ‘quid’ I discovered that there is a security researcher called ‘Cr4sh’ that has exploited a vulnerability in Lenovo BIOS and he could disable the PRx (Protected Range Register)

    He tested his work on Lenovo T450s, I wanted to ask here if I could apply his work on my T440 without a risk
    I’m talking about the part when he entered the command :

    Fwexpl_app_amd64.exe –target-smi 3 –pr-disable

    (here is his Blog: blog.cr4.sh)

    And then he executed the Python script ‘CHIPSEC’ and the PRx are Zeroed.

    Any advice please, can I go ahead with this command, or do I need to adapt his application to my T440?

    Thanks in advance.

    (Sorry I’m not allowed yet to post Links and Images)
     
  2. LatinMcG

    LatinMcG Bios Borker

    Feb 27, 2011
    5,314
    1,433
    180
    i believe it should work due to intel chipset specs he speaks of usually work on most intel chips he speaks of in docs.
     
  3. freetimes

    freetimes MDL Novice

    Feb 21, 2013
    5
    0
    0
    Thanks For your response

    I've tested it, but it didn't work, It gave me an error as you can see on the image attached

    I also tried the Python script CHIPSEC, but it didn't recognized my bios correctly (please see attached)

    I think my BIOS is certainly vulnerable, But I just need to find a way to crack it

    any Help Please.
     

    Attached Files:

  4. LatinMcG

    LatinMcG Bios Borker

    Feb 27, 2011
    5,314
    1,433
    180
    #4 LatinMcG, Aug 12, 2016
    Last edited: Aug 12, 2016
    thats from linux ?
    looks like you need to adjust the code somewhere.. i got ideas but no time to play nor expertize in this.
    basicaly the registers that get set on boot lock or unlock 1 time till reboot.

    on my T410 (non efi) shows some lock firmware requiring signature... i dont have it enabled..
    1 time set never able to revert.. unless?
     
  5. freetimes

    freetimes MDL Novice

    Feb 21, 2013
    5
    0
    0
    No, it's just from Windows 8.1, I deactivated the secure boot and the OS optimization.

    Ok, Thank you, I'll get a look on the source code of his application and see where I can made a modification.
     
  6. LatinMcG

    LatinMcG Bios Borker

    Feb 27, 2011
    5,314
    1,433
    180
    try it in linux and flashrom
     
  7. freetimes

    freetimes MDL Novice

    Feb 21, 2013
    5
    0
    0

    Hi LatinMcG,

    It turns out that my bios is not affected by this vulnerability as described on Cr4sh Blog, because I applied the Update of last April :-(

    Is it really risky (as lenovo support flag it) to downgrade the BIOS image?

    is there any safe way to downgrade it? if yes where can I find some older and original Bios images for My Thinkpad T440?

    Thanks in advance.
     
  8. dany_l2003

    dany_l2003 MDL Novice

    May 10, 2012
    2
    0
    0
    Hi, do you manage to flash bios?