Sony Vaio VGN-AR61E Phoenix BIOS (R2080J8) - SLiC 2.0

Discussion in 'BIOS Mods' started by itsmemario1, Apr 9, 2014.

  1. itsmemario1

    itsmemario1 MDL Senior Member

    Sep 10, 2012
    264
    23
    10
    #1 itsmemario1, Apr 9, 2014
    Last edited: Jun 16, 2014
    Sony Vaio VGN-AR61E Phoenix BIOS (R2080J8) - SLiC 2.0- Adding menus, overclock nvidia

    Update 16.06.2014, so you dont have to read through all the posts (thanks to ArticFreeze & Yen in advance !) :

    -Extracted R2080J8 BIOS using "Universal BIOS Backup ToolKit 2.0"

    -Added platform data of a compatible, flashable BIOS, to the extracted BIOS.
    (to make it become flashable)
    (thx to Sml6397 / ArcticFreez, Yen, kizwan, etc.) ;)

    -Got excellent hexedit tutorial by user "Yen" (thanks!)

    - Flashed BIOS versions by Yen & Artic - nearly everythign is working, except for WCH-Workaround menu !
    No brick yet ! ^^


    Whats possible so far :

    -A gigantic INTEL menu !!! (thx SML(Arctic), Yen and forum(s))

    -An advanced keyboard menu (set Keyboard autorepeat/delay)

    -A RAID Option (visible in the Phoenix Tool, but not yet unlocked)

    -Overclocking the nvidia should at least be possible via the NVRAM registers, if not via the BIOS itself, but the ClockGenerator (PLL) seems to block such modifications.
    (same counts for CPU overclocking via windows, as the PLL of this model is not yet identified. Im also too lazy top open up this laptop. :p
    Maybe overclocking the CPU will work via the Intel BIOS menu ?)

    You can still overclock the nvidia 8400M GT via RivaTuner (even under Windows 8.1 Pro).

    CoreClock : 450 to 550
    MemoryClock : 602 to 770


    never breaching the 70° C, after hours of 3D gaming (I use an additional cooling plate below the laptop though)

    A brick can always happen. Coming up next, testing the various "Crisis Recovery Methods"


    Helpfull links :

    http://forums.mydigitallife.net/thr...OS-update-Missing-Platform-Data(Phoenix-bios)
    http://forums.mydigitallife.net/thr...-to-Modify-Phoenix-Dell-Insyde-EFI-Bios-Files
     
  2. itsmemario1

    itsmemario1 MDL Senior Member

    Sep 10, 2012
    264
    23
    10
    #2 itsmemario1, Apr 15, 2014
    Last edited: Apr 15, 2014
    (OP)

    Attached Files:

  3. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    10,967
    10,539
    340
    I had not yet the chance to have a look at your BIOS, I am not at home where I have all the tools.
    Some notes from my experiences...
    Phoenix BIOSes, especially those from Sony are tricky.

    You can modify the ROM only and add the platform data later. But do not PBE let rebuild the modified BIOS, it is highly probable that it will brick.

    I had been in the developers team when we developed the Phoenix related methods (AndyP is the programmer). It is highly recommended to replace the modified modules with HIS tool....therefore they must not exceed their original sizes....or if they would then to manually find another place for them.

    I am familiar with the old and the new Phoenix BIOS module structures and types / header / compression / linking / integrity and so on. I can say if the modules / BIOS ROM are safe after modification, but NOT if the modifications themselves are safe.
    So your project is actually made to end 'in a brick', sooner or later..... :)
    You want to know what else can be unlocked, so you are a Pioneer. And to try it you have to flash any unlock attempt...there is no other way. (You can try PBE for a 'simulation' of your modifications, though)

    But you actually need a programmer to re-programm your BIOS chip to go for your Pioneer project in case something goes wrong, or at least a verified recovery solution which is AFAIK hard to have at Sony....

    I'll reply here again when I had a look at it....
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. itsmemario1

    itsmemario1 MDL Senior Member

    Sep 10, 2012
    264
    23
    10
    Sml6379 did the "add platform part" for me and Im already very thankfull for this step. Nothing else has been modified.
    I have this BIOS here and Id really like to try to flash it, just to be sure, that I would have at least a working crisis disk ROM ready.

    Then Id try any modification possible. :)

    But if I brick it, I dont have a crisis ROM...and would have to try various other ROMs, 1st to revive it.
    Not even knowing if this Vaio can perform a crisis recovery. *sigh*

    I would also like to "test" a crisis recovery with this ROM...but I wouldnt even know if it got flashed, as it is the same BIOS with no modification.

    Lots of words, nothing actually happening...what a pioneer am I ? x'D
    I know I should just flash it. :wizard:


    :thinking:


    p.s.
    Thanks for having a look at it as well, Ill wait at least until that day. :)
     
  5. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    10,967
    10,539
    340
    Probably a risky but also a wise Pioneer with not that good 'hardware' / BIOS preconditions (no spare chip, no verified recovery method, no official BIOS update).:) It would be too bad (and for sure disappointing) not to have more attempts......
    I've modified a lot of BIOSEs, but most that bricked <5 anyway..were Phoenix BIOSes, only ONE other (AMI core 6 or something)...

    I had flashed my old PC almost 50 times, to try different mods, but I knew my BIOS chip is not soldered...so I just would need a second to replace so I can switch from one to the other after a brick and vice versa...so it had been easy to be a Pioneer.

    To have a look if it is flashed at all I'd suggest just to mod a simple screen message (no code)....
    Have a nice Easter enjoy it without to risk a brick, hope I will find some time this weekend to have a look at it. :biggrin: :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    10,967
    10,539
    340
    I have not forgotten to have a look at it. :)
    I was busy during Easter and we had to resolve an important issue and to apply some SQL changes.
    My idea is to go for it next weekend. I will for sure reply here and won't forget it. :) I'll keep you updated.

    Btw: Have you considered just to try to flash a SLIC mod? Just to have a look if the flash process itself works. The methods of andy's tool have been tested and confirmed several times...just an idea how to start.
    But any decision to flash is up to you, I do not want to push you in a way. :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. itsmemario1

    itsmemario1 MDL Senior Member

    Sep 10, 2012
    264
    23
    10
    #7 itsmemario1, Apr 24, 2014
    Last edited: Apr 24, 2014
    (OP)
    Thanks for keeping this alive :)

    I have all the time in the world. I can wait. :)

    So, for a SLIC Mod I would have to re-install Win 8.1 Pro, right ? (I used ez-Activator on my Win 8.1 Pro x64)
    And I read that one should not add SLIC tables to the BIOS, when you used a KMS and/or the ez activator already. :S

    I also read about a tool that can make various KMS activation ways unhappen...but the ez-Activators way ?
     
  8. Tito

    Tito Super Mod / Adviser
    Staff Member

    Nov 30, 2009
    17,369
    15,014
    340
    Wait wait... why do you opt for SLIC if you are using Windows 8.1??
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. itsmemario1

    itsmemario1 MDL Senior Member

    Sep 10, 2012
    264
    23
    10
    #9 itsmemario1, Apr 24, 2014
    Last edited: Apr 24, 2014
    (OP)
    I guess Yen was offering a SLIC "test flash" as a 1st way to see if flashing works at all. As it seems to be the "most harmless variation" of flashing. (?):eek:

    And I just wanted to be sure that such a SLIC-flash-test wouldnt influence with my ez-activated Win 8.1 Pro x64, even if Win 8.1 does not rely on SLIC anymore, but a MSDM table. (Yet I dont know enough about this matter, hence the question.)
     
  10. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    10,967
    10,539
    340
    Yes, only to have a look if flashing works at all. A SLIC does not affect KMS activation (it did at Vista at some cases, but M$ fixed that a long time ago)...and the original BIOS contains a Sony SLIC2.0 as separate ACPI (06) module already.
    Sorry I had again not enough spare time at weekend when I was at home.... I have decomposed it, but could not have a closer look yet....:eek:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. itsmemario1

    itsmemario1 MDL Senior Member

    Sep 10, 2012
    264
    23
    10
  12. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    10,967
    10,539
    340
    No, the platform.bin is never located on the BIOS chip, it comes with an official update and is only used to instruct phlash16. So the trick here that was suggested is to add the platform.bin from another BIOS. The platform.bin itself never will be written. So to attempt to flash without platform.bin does just not start, to flash with incompatible platform.bin may cause a brick.
    You can backup your BIOS with phlash16, yes. But then you have to provide a BIOS (update) for it. Why? because the backuped BIOS.ROM needs a BIOS.wph from which it appends its platform.bin.
    You can 'fool' phlash16 to make it to backup your BIOS by providing any other BIOS.wph from a different machine, but THEN the obtained backup.wph gets the platform.bin from the BIOS provided.

    I have compared the files you have provided...
    original (old).rom with original with platform data (unreadable).rom.
    Both have many differences, the (old) ROM seems to be newer since it has a oprom module dated:02/19/08, the other is dated 11/07/07.

    Then I have compared original with platform data (unreadable).rom with the Intel mod from above. It seems there is the unlock patch applied in TEMPLAT00.ROM (four bytes there to jump to another menu entry), BUT the bootblock is also different.

    When comparing platform data added via hexedit (readable).rom with the Intel mod then only the unlock patch has been applied, the bootblock is the same.
    It seems the original (old).rom is a different BIOS it also has the string 2090J8 in HOLE0.ROM whereas the original with platform data (unreadable).rom has there 2080J8.

    From where comes his BIOS he's modified? I mean has he modified your dump original (old).rom, or just given an example (made from another BIOS)?
    Could you just dump your current BIOS again and re-upload?
    There are some things that are confusing me. :)

    PLEASE do not flash any of the BIOSes!!! There are too many inconsistencies...!!!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    10,967
    10,539
    340
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. itsmemario1

    itsmemario1 MDL Senior Member

    Sep 10, 2012
    264
    23
    10
  15. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    10,967
    10,539
    340
    The first step is to gather info. Now we have a lot, the only thing that is confusing is that your provided original (old).rom is different to the modified BIOSES, means all those mods are not made from it.

    When doing a mod for you I use your current BIOS dump where I'd start.
    The platform.bin I can append by myself, I do not use any pre-modded files, I want to be responsible by myself only. :)
    The symcmos tool just reads / changes directly setup registers NVRAM. This is another method that does not require to flash a modified BIOS. It is probably safer since it changes just the register and it can be set back if it's not working.

    When using winphlash you have to provide an UPDATE BIOS although you do backup only. When backuping, winplash reads 1024 KByte from the chip (same as universal tool) and merges them with the platform.bin of the update BIOS!
    If you would provide a 1027kByte BIOS it backups 1024 kByte from the chip and appends the rest.
    If you would provide a 1024kByte BIOS it backups 1024 kByte from the chip and appends the rest = zero = nothing.
    If you would provide a 2053kByte BIOS it backups 1024 kByte from the chip / 1024 kbyte from virtual memory and appends the rest.
    winphlash presumes a 'valid' update BIOS in order to create a 'valid' backup BIOS, winphlash will always merge what you provide. (ROM dump + platform.bin from update.wph)

    The way to go now is...I'll use your dump and append the platfrom.bin, then I make a first mod. I'll make a 'safe' one means using a method that is known to work...
    I need access to my tools, so it'll take some time / days again...:)




     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  16. itsmemario1

    itsmemario1 MDL Senior Member

    Sep 10, 2012
    264
    23
    10
    Hey Yen,

    thank you for the friendly and clear explanation. Now I understand. :)

    Thank you for your effort !


    I guess the differences you see in the BIOS files are, because Sml combined em with the other BIOS files, so that I could see the various new menus before he really starts editing.
    I guess so, because he strictly adviced to not to flash these, but just to look at em in the phoenix editor to get an idea of the whole situation.
     
  17. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    10,967
    10,539
    340
    You're welcome. :)
    I just have a little spare time to go on....

    It seems he has only 4 bytes changed, but he has not used your dumped bios. Your BIOS has some newer modules already (I think your current BIOS is R2090J8, since this string is found at original (old).rom, BIOSCOD01.ROM), hence I'd need the new dump to be really sure.
    I cannot download from file-upload since it tries to install adware, I am always getting a strange exe to download instead of the ROM. Please re-upload your dump to sendspace.

    The changes he's made to enable the Intel menu is at TEMPLAT00.ROM offset 206h 97 12 32 05 to F3 0E 9E 02, it works when emulated with PBE. This modification enables already the entire Intel menu with its sub menus. No other modifications are required. This modification ALTHOUGH replaces the security menu, it changes the call to security menu to the (hidden) Intel menu, that's all. To add it as separate call is I guess not possible...
    The Intel menu with all its options is already a part of your BIOS, but not officially called, hence 'hidden'.

    Also he did not append the platform.bin from the R0030J4 BIOS, his appended platform.bin is B36h whereas the platform.bin from R0030J4 BIOS is A86h.
    Kizwans mod (for VGN-AR760U) worked when flashed to another model (VGN-AR630E) so I'd use the platform.bin from there.

    There are some inconsistencies at Sml's mod. I'd use your dump, then append the platform.bin from Kizwan's mod which has already been confirmed to work on another model.
    Then either go for a SLIC mod to try flashing or to go for the Intel mod which seems to work when emulated.
    Also first try could be to reflash your unmodified dump just with the appended platform.bin to have a look if it's working at all.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  18. itsmemario1

    itsmemario1 MDL Senior Member

    Sep 10, 2012
    264
    23
    10
  19. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    10,967
    10,539
    340
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  20. ArcticFreeze

    ArcticFreeze MDL Novice

    Apr 22, 2014
    41
    1
    0
    BIOS Info Update

    Hello Yen and itsmemario1,


    I am Sml6397 from bios-mods. This post is very long, but contains very important information.


    Any modified BIOS images that I have posted (with the exception of the platform-appended ROM) have been for the sole purpose of testing the image in the Phoenix BIOS Editor emulator so that the options that are hidden in the BIOS image could be seen.

    It is possible to add new menus and even reorganize menus without removing other BIOS menus. The example BIOS image with the removed Security Menu was just an example of the INTEL Menu. My most recent version contains 3 new parent menus. The Intel Menu, the "ICH Workarounds:" menu and the "MCH Workarounds:" Menu. I have also added the "Frequency Ratio:" option (CPU Multiplier (doesn't actually work due to a PLL lock)) to the Advanced Menu. No menus have been removed in this copy.

    The biggest problem with AndyP's PhoenixTool is reintegrating TEMPLAT00.ROM. 95% of the time, there will be an issue regarding the size of the file. It says that "New TEMPLAT00.ROM Module is 15 bytes too big" "TEMPLAT00.ROM not reintegrated". I do not perform ANY mods upon repacking with the PhoenixTool (SSV2, locks, SLIC, Replacing occurances, removing specific strings, etc.). The only options checked are the "Don't alter any ACPI ..." "Preserve Module Size" "No SLIC" "Allow User to Modify Other Modules" and "Ask prior to each modification".

    The TEMPLAT module is the EXACT same size (down to the last bit) before and after the hex modification. I think that this could possibly be a compression issue(?).

    To circumvent the size issue, I usually have to uncheck the "preserve module size" option. When I do this and then do a byte-by-byte compare in HxD (Hex Editor), there are almost always more modification than I made (There was one exception with my own BIOS image).

    The last time I attempted to use PhoenixTool, it kept on giving "Error 53 - Could not find file 'C:\[directory]\R2090J8_SLIC.rom'/." I even tried using a different OS (WinXP Mode) and got the same error when trying to repack the image with the modified TEMPLAT module. I was not having this issue before, so I used PhoenixBIOS Editor and warned against flashing.

    This is the only reason why I have not released a BIOS image for the specific purpose of flashing. I always do a byte-by-byte compare in a hex editor before I release the BIOS image. I will NEVER release a BIOS image that I believe has any chance of bricking another person's notebook without absolute notifications. I will upload a correctly modified TEMPLAT00.ROM file as well as the EXAMPLE BIOS image for testing in Phoenix BIOS Editor only (I had to repack it with PBE this time).




    About the EXPERIMENTAL BIOS image:

    Unlocked parent menus: "Intel", "ICH Workarounds:", "MCH Workarounds:".
    •MCH Workarounds: contains caching settings for memory
    •ICH Workarounds: This menu still looks somewhat odd. I am currently investigating it.

    "MCH Workarounds:" Menu
    •This menu contains memory caching settings. All of these settings are easily editable in the NVRAM.

    "ICH Workarounds:" Menu
    •This menu (at the moment) contains settings for the hard drives... I do not think that this menu is correct, but I have added what I have learned so far.

    INTEL MENU:
    •I added the "Workaround Control Sub-Menu" to the INTEL Menu, but I am not sure what goes under it. The options that I think would normally go under it are mostly contained in other sub-menus of the INTEL Menu.
    •Although unnecessary, I added the "Penryn CPU Control Sub-Menu" to the "CPU Control Sub-Menu" under the INTEL Menu. The notebook has a Merom CPU.

    Advanced Menu:
    • There are 4 options (keyboard settings) in the advanced menu that are hidden. They include repeat-rates, etc. I added them to the menu by replacing the termination code "00 00" with "D5 11" (generic text) and changing the setup table offset in the major offset jump table (controls the BIOS menus) to the location of the new start of the Advanced menu. The new offset is 0x24E instead of the previous offset of 0x262 (which started the Advanced menu on "External Drive Boot"). The first option is now "NumLock: ".
    • I added the "frequency ratio: " option to the advanced menu in place of "Core Multi-Processing: " as this option was already in the Intel Menu. This option controls the frequency ratio of the CPU. Note: Even if you change this setting (there is even an NVRAM register that you can edit), it won't have an effect due to the PLL lock.




    Extra Info:
    •I found a setup table in TEMPLAT00.ROM containing various power settings such as the power button function. I am not sure what menu or sub-menu these settings go under, but I am still investigating.
    •My BIOS is VERY similar to itsmemario1's BIOS
    •Like my BIOS, the NVRAM registers are extremely easy to find using STRINGS00.ROM and TEMPLAT00.ROM



    BIOSfiles.rar - RAR Archieve Files:

    •R0032J8.WPH: This is the BIOS file that I used to append compatible platform data to the R2090J8 BIOS.
    •DEFAULT.TXT: This is an itsmemario1's NVRAM dump using symcmos
    •R2090J8_SLIC.rom: This is the modified BIOS file for emulation purposes only in PBE. This is my most recent version (Keep in mind, I was forced to use PBE to repack, do NOT flash it)
    •SLIC.LOG: This file contains a log of PhoenixTool when failing. Open the file and search for "15 bytes too". This is an example error message. Usually it is "4 bytes" or "2 bytes" too big. NOTE: The file size is actually the same.
    •TEMPLAT00.ROM: This file is the correctly modified TEMPLAT module that if correctly reintegrated into a BIOS file, can be flashed (although the ICH Workarounds Menu looks weird).


    Sorry for the long post, but I wanted to put this information out there. Any help with the PhoenixTool would be very very highly appreciated. :)



    File Link:

    BIOSfiles.rar (I couldn't post link (I haven't posted enough), so I had to insert it into a .txt file) - View attachment BIOSfiles_Location.txt