Tool to Insert/Replace SLIC in Phoenix / Insyde / Dell / EFI BIOSes

Discussion in 'MDL Projects and Applications' started by andyp, Nov 26, 2009.

  1. nel1156

    nel1156 MDL Junior Member

    Sep 7, 2011
    62
    20
    0
    Hi ! Andy and Serg008

    Confirmed working:
    Model: MSI H61M-P31 (G3)
    Version: 2.3 / 2.4
    Tool: phoenixtool 1.98
    Mode: Dynamic

    Under first release 1.98, the original 2.3 's M-flash bios CAN use the mod 2.3 bios file in USB as a file to boot. But, under latest 1.98, I find the original 2.4 bios's M-flash CANNOT use the mod 2.4 bios file in USB as a file to boot. Is it the Mod including M-flash module under latest 1.98 tool ? I think M-flash is the greatest feature to make the testing of Mod UEFI-bios in a safe way (not get M/B brick) The loss of this feature is a bit wasting.

    Thanks very much andyp for your excellent work and Serg008.

    nel1156


     
  2. MrGalaxy

    MrGalaxy MDL Junior Member

    Sep 29, 2007
    54
    0
    0
    Gentlemen, what about my second question in post № 2663? Where can I read the details of DMI method?
     
  3. aso

    aso MDL Novice

    Jan 18, 2011
    40
    10
    0
    Andy,

    I had that said issue. I had moded my Asus P8Z77-V Pro's v0906 BIOS with phoenixtool 1.98 (dynamic mode, no RW report, selected ASUS.BIN) but it failed the security verification in EZ Flash. Anyway it could be flashed with ASUS BIOS Flashback function.

    I moded it again with different ways. I ticked the box "Don't alter any ACPI tables" and unticked "Replace all OEM/Table ID occurences" in advanced option. It works great. It can be flashed in either Asus update or EZ Flash II.
    Furthermore, I didn't picked the SLP file for modification, just SLIC 2.1 file only.

    As i know, ASUS Z77 series mobos have that issue.

    I am willing to try test version as my mobo has bios flashback function and won't be bricked.

    *It's also successful in latest bios version 1015.
     
  4. nel1156

    nel1156 MDL Junior Member

    Sep 7, 2011
    62
    20
    0
    Hi ! Andy and All good guys

    In Intel site, Intel releases the OA3 Tool for Intel® Integrator Toolkit 5.0. It is so amazing that the M/B manufacturer releases the tool to public.

    I think it may provide some useful hints for the recent change of AMI Aptio UEFI-bios structure.

    nel1156
     
  5. nononsence

    nononsence MDL Addicted

    Aug 18, 2009
    806
    828
    30
    I am currently trying to RE how the MSDM table is made in for an ASUS P8Z77 WS firmware ver 601, looking at module A1902AB9-5394-45F2-857A-12824213EEFB (MSOA),
    I find sub_180000348 at first I thought it was grabbing the public key for the SLIC, but I'm starting to think that this module is signed. a second opinion would be great.
     
  6. nononsence

    nononsence MDL Addicted

    Aug 18, 2009
    806
    828
    30
    #2632 nononsence, May 12, 2012
    Last edited by a moderator: Apr 20, 2017
    I also tried patching module 97AF1D95-203C-42DE-8D6B-D13EB7E5A55A for an ASUS P8Z77 WS fw ver 601
    no other modifications just replaced the module with the patched one, two short beeps after flashing.
    Code:
     sub_180000A94   proc near               ; CODE XREF: sub_180000B7C+22p
    .text:0000000180000A94
    .text:0000000180000A94 var_18          = dword ptr -18h
    .text:0000000180000A94 arg_0           = qword ptr  8
    .text:0000000180000A94
    .text:0000000180000A94                 mov     [rsp+arg_0], rcx
    .text:0000000180000A99                 sub     rsp, 38h
    .text:0000000180000A9D                 xor     eax, eax
    .text:0000000180000A9F                 nop
    .text:0000000180000AA0                 nop
    .text:0000000180000AA1                 nop
    .text:0000000180000AA2                 test    eax, eax
    .text:0000000180000AA4                 jz      loc_180000B73
    .text:0000000180000AAA                 mov     rcx, [rsp+38h+arg_0]
    .text:0000000180000AAF                 mov     rcx, [rcx]
    .text:0000000180000AB2                 call    sub_180001480
    .text:0000000180000AB7                 test    eax, eax
    
     
  7. aso

    aso MDL Novice

    Jan 18, 2011
    40
    10
    0
    #2633 aso, May 12, 2012
    Last edited by a moderator: Apr 20, 2017
    Apparently, the problem is on that module. It seems to be sensitive.
     
  8. nononsence

    nononsence MDL Addicted

    Aug 18, 2009
    806
    828
    30
    I think some integrity checking is at play.
     
  9. andyp

    andyp SLIC Tools Author

    Aug 8, 2008
    1,673
    2,580
    60
    #2635 andyp, May 12, 2012
    Last edited by a moderator: Apr 20, 2017
    (OP)
    Thanks. Good thought.
    As you say, there must be some sort of check on that (and perhaps the other) modules
    Will keep looking :L

    Andy

     
  10. nononsence

    nononsence MDL Addicted

    Aug 18, 2009
    806
    828
    30
    my first try I left, remove vendor specific locks checked and it flashed and booted into Windows fine,
    so changes to MSOA don't pose a problem. What would be involved with replacing MSOA with a simple
    SLIC injector?
     
  11. andyp

    andyp SLIC Tools Author

    Aug 8, 2008
    1,673
    2,580
    60
    Thats effectively what the module method is for EFI
    If the 4Cxxx module doesn't exist it will be added (this effectively injects a SLIC)

    Andy

     
  12. nononsence

    nononsence MDL Addicted

    Aug 18, 2009
    806
    828
    30
    just for fun I'd like to try to write a replacement module for MSOA any desirable features
    you would like to see?
     
  13. manu198045

    manu198045 MDL Member

    Aug 24, 2010
    125
    41
    10
    Dear Andy,
    I will be getting MSI H61M-P20 motherboard soon. Which method i should use? Module or Dynamic? Kindly answer me soon. Thanks in advance.
    Manu
     
  14. nt_song

    nt_song MDL Novice

    Apr 17, 2012
    11
    0
    0