InsydeH2O hidden forms patch, new python scripts

Hello there,

over the last days I was working on some python scripts for extracting InsydeH2O EFI bioses, especially KAV80.fd (Packard Bell Dot-S GE 070), patching hidden forms and recompile the bios with hidden forms visible.

It took me about two weeks and now it works with my own bios. So I am looking for some people to test the scripts and mail me their bioses if it fails. If the scripts work with your bios they will unhide all hidden forms.

Important: Run the tool TWICE!
First with your original bios like "./main.py -v orgbios patchedbios", use -v option for being verbose
Second run it again like "./main.py -v patchedbios" - now it should not find any hidden forms anymore. But just see if it breaks with any errors. The second step will rip the patched bios apart, checking all checksums and CRCs, so if this does not fail the bios will most probably work.

Make sure you have some <fn>+<esc> recovery function on your system - just for the case.
Also check, that the origbios and the patchedbios have the same size. The contents of the files will be quite different, sind the compressed sections are different (hiding code lays inside a compressed section which needs to be uncompressed, patched and recompressed)

Please contact me and mail me your results.

Link: www:jakobheinemanne/insydeh2o_e.html
(I may not post links, I just registered: replace colons with dots; maybe some admin can change this for me after checking the link)

Thanks for testing.

 

Thanks for your quick reply. Yes - I only tested on Fedora 16, 32bit.

The lzma-libs are evil stuff. lzenc.py I wrote by myself, using lzdec.py as template. In those two files you will find a line starting with "library_path = ..." and one down is another line for windows, which is commented. Just remove the hash infront of the windows-line and instead place one infront of the linux-line.

Then you might give it a try on windows. Please tell me if you get it working...

I will check my site. I use chrome, which works ok. Probably my provider sends some wrong headers

 

i searched in google for liblzma.dll (for encoding), there should be something around.

have a look at the original marcan script. I remember I had to switch this for working with linux

Oh, and if you find those two dlls working, I would be happy to put them on my site for download, if you dont mind.

I will try it the other day, so a windows package should be out soon

 

Windows package is out. Rewrote lzdec.py to use same lib as lzenc.py does; liblzma.dll included in package!
www:jakobheinemanne/insydeh2o_e.html (at the bottom, insydeh2o_win.zip)

 

Hi there,

my netbook bios seems to be quite outdated - they changed the way of hiding the forms in newer bioses.
I am working on a 2MB 64bit bios right now - which has different hiding mechanisms. When I found out how they done it there it also might work with your bios. May take a few days, I have to get lucky to find the right spot

Thanks for the files, I will have a look at them

 

Hi again,

Your bios hides the forms differently - i even think, they are not hidden I found a piece of code within the SetupUtility, which checks for pressing key "a" or "A" and displays advanced and power forms if done so.

So what you could check: press and hold "a", probably directly after pressing the key for entering the setup?

Since I cannot test it I would appreciate your help. To what machine exactly does the bios belong to?

 

Insyde uses EFI, you will find lots of stuff searching for tianocore and edk/edk2.
Lots of stuff to read, many hours of debugging and reading edk sources, huge bunches of structs typed into IDA and days later you will have quite a good idea of whats going on in their bios

 

Hi,

I updated my tools today. The empty-vars bug is removed now and some additional patches are implemented. Please retry. with new tools and gimme some feedback

edit:
I tried it myself. It works now but cannot detect patching method, so I have to take some closer look.

What forms are visible in your setup, can you tell me? Here it seems only "power" is hidden...