What is wrong with you people........do you know how easy it is for them to throw a backdoor in your modded bios'? Do you every ask yourselves, why are they doing this for us so quickly? Why dont they show us how to do it so we can do it ourselves? Why is there no tutorial that works? Did you know that about 5 lines of code can open up a backdoor in your vista system? Did you know that at black hat 2007 they will show bios demonstrations of this in vista? Did you know that at black hat 2006 they did this in XP, just do a google search or check out my other posts that have the link to it. Did you know that I have asked china4ever on a NUMBER of occasions to please just post a simple tutorial for how to do one AMI bios correctly (P5WDH Deluxe) showing me all the source code, AND HE WONT DO IT....does that tell you something? He will sit there and mod hundreds of bioses but he wont post one single tutorial or take a video screen shot of his computer while he does it himself (that way he doesn't even have to spend any time)...but no he can't spend 5 minutes doing a P5WDH Deluxe tutorial or video but will keep posting responses to me on here....DOES THIS MAKE SENSE? Ask yourselves this........if all of these bios modders are adding viruses to them, what would they do? Would they be eager to help you? Would they refuse to post a tutorial to do a particular bios modification (P5WDH Deluxe) ?? Would they send you around in circles when you ask them for information? THAT IS WHAT IS GOING ON...STOP BEING SO **** OBLIVIOUS, all of these mods are probably infected and no one has the knowledge to publicly show us how to check OURSELVES, we're stuck TRUSTING hackers, yea that sounds smart. (If this post gets deleted or edited for some reason that should be an even bigger sign for you, but realistically it wont be deleted or edited...you will all just ignore it or some bios modder will post a half *** tutorial of some other bios that hasn't been cracked, DO THE P5WDH Deluxe, show us you're here to help.....oh wait you wont because that would take 5 minutes)
Make donate to china4ever and i think he may be will show creating process for you =). Moral: No one is obliged to you by anything, it doesn't please you, don't use. P.S. Buy original Vista and use. P.P.S. Respect 4work to China4Ever Sry for my bad Eng =).
@All Hi mates, I'd like to tell you some things. 1) Modding bioses requires "non standard" procedures and even guides will not solve problems at all, as each bios has its own "story" that is, in other word, each bios must be analized and modded in different ways from previous ones. It's not like a mathematical equation in which one uses equation methods and solve it mechanically. I'd like to be clear that modding bioses IS NOT A MECHANICAL PROCESS !!!!! 2) Regarding what "shaba230" continue desperately to ask for, I can't write a guide as I don't speak english very well and I don't know how properly make things clear as I speak a "technical language" that not all users could never understand and there will never be a "universal" guide to do the job. 3) As most of you have probably noticed, some bioses, even of same brand (like award, phoenix, ami) and even using similar modding procedure, may work like not work, so it's very difficult to know "a priori" if a modded bios will certainly work or not. 4) If anyone would make its own bios, of course, he is free to do, but then forum would become a flame forum asking thousand of questions regarding a very huge amount of potential problems and not all of them can be managed. So, at last, as I make myself experience and errors on modding bioses, if anyone want to make his own knowledge, first site is chinese vistafans.com (I learnt everything I could from it). I must add that it's needed a basilar knowledge of what, for example, an Hex Editor is, or what is a "mark pointer" and so on. If anyone of you, reading what I'm writing, has never do a similar hack or never seen an hex editor and never edited a file or a similar thing, my honest opinion is to tell him "Avoid it !!!!". That's all mates, I hope to not come back to this topic or discussion again. Cheers, China4Ever.
step (1): Get the "patched" BIOS. step (2): Get the original BIOS. step (3): Do a file compare (Ultra Edit will do fine) and see what they changed. If you really want to see what is changed dissasemble the file If you do not trust it... Do not use it! If you do trust it, flash your BIOS (as I did), and say thank you.
I think we can all agree that shaba230 has raised some valid concerns. I also think that we can agree that those of us that choose to use China4ever's hacked BIOS do so at our own risk. China does not have to share his knowledge and procedures with anyone if he does not want to. If that makes shaba230 question his motives so be it. But shaba230, you've made your point. China said he won't do a guide for you so drop it. He's pretty clear that no amount of arguing or badgering is going to change that. Get over it or go and learn how to do it yourself. And if we were all wrong and China suddenly takes control of all our computers, then we'll say "Gosh. shaba230 was right", and you can be the hero you so desperately seem to want to be.
I just want to say thanks to China4Ever & XBIOS. They sure helped me out. They are good people. Some folk are just too paranoid.
whatever that shaba ******* says...hes just a kid trying to be soooo smart. so if youre so ****** smart then go and learn the **** yourself u ******** and now **** off.
waning: we have a potential retard in the thread. everyone get your safety gear and retard repellent. <--- running Modded M2A-VM bios. works fine. been working fine for months. there clean.
No need to insult anyone. This thread is a bit old and the whole thing is just a result of lack of knowledge.
comon guys,, no need for the bad language and general abuse! It is true that a very serious point is raised. Of course it is possible that a virus/trojan/etc is place dn your modded BIOS. And it is always wise to question the unfailing diligence of people who spend valuable time providing services for 'free'. The thing is; do you let M$SFT spy on you, or take the risk that someone else does? Maybe this is too far reaching? I have a MSDN, and therfore licenses. But I choose not to activate. I still have those 10 licenses, and I dont like Vista yet. I have had over 1 year to decide instead of the 30 days. Did I do anything on my computer that would hurt me if others had those details? Well if China did put a trojan or keylogger etc in my BIOS then he has a lot of porn to surf YOU TAKE CARE OF YOUR OWN SECURITY! You takes your chances. Here *edit* in my country */edit* you can buy pir8 cd's with any kind of software you can mention. Some has viruses, much has not. I buy games and download the no-cd patch, often my virus scanner has much to say about these, If you are not sure, then there are many virus scanners, application firewalls and connection monitors; not to mention the router firewall logs you should be checkin. If you wanna break the rules then you need to learn how to do it. If you just wanna pir8 in safety then your on your own! GREETS go out to China and Xbios, THX Shaba for raising a valid point. Now lets stop flaming and get on with the serious buisiness of helpin each other and catchin out the bad guys! P.S. the fact the links to the blackhat and Shabas posts remain, speak volumes.
Thank you I would just like to say a BIG thank you to China, Yen and the other modders for all of the fantastic help and the enormous amount of time that they have spent helping us. Thanks again, David.
I'm looking for where to look I run a DV7 4069wm HP laptop, well, I run part of it... Of all the threads I've read here before signing up, the frustration admittedly vented here rang true from my experience (or lack thereof). My machine ran win7 home premium64 well for a very long time, snuggled behind zonealarm. Then one day I saw a popup that wasn't called for, processes that shouldn't be running and finally in impromtu reboot. My investigation is ongoing, along with the climb up the learning curve to determine what exactly the payload was an where. rootkit - check mbr - check assorted infected files - check I also discovered the reboot was caused by impatience on the remote end, or use of the insyde flash tool as my bios was flashed two versions back to a version that isn't even listed on HP's site. Ok, so I undo, start over, begin afresh - right? Rescue flash updated bios. boot ubuntu live cd, flatten and format, build a fresh OS. Kernlog reports directory traversals before the kernel gets loaded? Video memory has usb drivers assigned to it (not just catalyst stuff - like six of them)? ATA to ATA transfers speeds top out at 20M/s? Something stuck around. No HDD boot on a minixp (hirens bootcd) shows the same processes trying to get out and eating tempfs and memory until it chokes. A fresh (old PS3 HDD) will install win7 (at 20m/s of course) but Admin context is susperceded and MOST drivers are routed through usb hubs in video memory. So, ya, it can happen, I'm here to learn how to reclaim my machine. I welcome pointers on where to look. I did get RW to run via a system context install, and started sniffing around the hex weeds I've never seen before, but when I checked the ATA/ATA... menu bit I got a spontaneous reset. I am as much curous about this invasion as I am pissed about it and had just read the blackhat article cited above. My machine ran great for me/them for a long time if I believe the datestamps, it only went bad when they got greedy and I shut the door. What remains runs before the OS, and tries to claim threads, processes and sockets. Sometimes it succeeds, but now that ubuntu is locked down, it just cooks my laptop trying. Windows still handles cpu well, but I suspect "it" was written for win7. I cannot find any video bios for the radeon 4250/5470 this machine has, and AMD/ATI is yet to confirm or deny it is hardware locked. I cannot read it with GPUZ/RBE/Winflash/ATIflash or even cat'ing the device as root in ubuntu. Since I've flashed mainboard bios and used clean MBR disk and CD install media, where else could it be? Pointers to where to look and what to look for are most welcome. And my thanks for what I've already read here. cheers, -Hyar
I couldn't dump the whole story in a single post, but I've booted (hirens, ubuntu, freedos) without a HDD at all using the hirens bootcd and processes remain by the time I get to look at them. A recovery flash win+b results in seek, find?? then "remove disks and press any key to reboot". I created a usb stick per HPs direction, and dumped the bin file all over it that it may be found, and even made a cd version as I found the HP_TOOLS folder was being renamed to "HP_TOOLS nA" in ubuntu file manager, AND disk tool. I don't know how or where, but it seems there are interrupts catching strings on IO. It's difficult to secure any OS from the machine it runs on... The only way I can successfully (read: updates the version stamp in BIOS screen - does not reset the bios bootfail log) flash is using the HP based insyde tool as a (supposedly as) system context command prompt in windows. I discovered the phoenix tool today, so will try that at boot with win+b, but hopes are not high for success, I'm just locked in a stubborn loop. For awhile I suspected Mbr/memory persistence, and resorted to dd-ing mbr prior to a hard reset and reinstall. Even with a livecd and no hard drives it doesn't take long before this machine is compromised again and memory or temp/mem disk full from outbound loop attempts. Firewall reports iterating pings from link local to localhost scanning the upper UDP port range. The reason I suspected Video BIOS (not drivers) is due to the odd usb devices assigned to GTT video memory and windows using usb as ata controllers. That, and this: Sep 3 15:02:26 ubuntu kernel: [ 0.000000] DMI: Hewlett-Packard HP Pavilion dv7 Notebook PC /1443, BIOS F.26 02/23/2011 Sep 3 15:02:26 ubuntu kernel: [ 0.000000] ACPI: RSDP 00000000000fe020 00024 (v02 HP ) Sep 3 15:02:26 ubuntu kernel: [ 0.000000] ACPI: XSDT 00000000cfef5120 0005C (v01 HPQOEM SLIC-MPC 00000003 01000013) Sep 3 15:02:26 ubuntu kernel: [ 0.000000] ACPI: FACP 00000000cfef4000 000F4 (v04 HP 1443 00000003 MSFT 01000013) Sep 3 15:02:26 ubuntu kernel: [ 0.000000] ACPI: DSDT 00000000cfee2000 0E0D7 (v01 HP 1443 F0000000 MSFT 01000013) Sep 3 15:02:26 ubuntu kernel: [ 0.000000] ACPI: HPET 00000000cfef3000 00038 (v01 HP 1443 00000001 MSFT 01000013) Sep 3 15:02:26 ubuntu kernel: [ 0.000000] ACPI: APIC 00000000cfef2000 00084 (v02 HP 1443 00000001 MSFT 01000013) Sep 3 15:02:26 ubuntu kernel: [ 0.000000] ACPI: MCFG 00000000cfef1000 0003C (v01 HP 1443 00000001 MSFT 01000013) Sep 3 15:02:26 ubuntu kernel: [ 0.000000] ACPI: BOOT 00000000cfee1000 00028 (v01 HP 1443 00000001 MSFT 01000013) Sep 3 15:02:26 ubuntu kernel: [ 0.000000] ACPI: SLIC 00000000cfee0000 00176 (v01 HPQOEM SLIC-MPC 00000001 MSFT 01000013) Sep 3 15:02:26 ubuntu kernel: [ 0.000000] ACPI: HPET id: 0x1002a201 base: 0xfed00000 Sep 3 15:02:26 ubuntu kernel: [ 2.524874] pnp 00:0b: Plug and Play ACPI device, IDs HPQ0004 (active) Sep 3 15:02:26 ubuntu kernel: [ 4.689628] ATOM BIOS: HP_JoYaHeWi Sep 3 15:02:26 ubuntu kernel: [ 7.769488] ATOM BIOS: HP Sep 3 15:02:26 ubuntu kernel: [ 7.795237] [drm] HPD1 Now, I admit I have become paranoid in this process, but I don't like making assumptions unless I'm out of ideas and need a lead. My original goal was to extract and understand this effort, but now I'm more interested in a stable and secure (ha) machine. Hints most welcome. edit: latest BIOS is F28 - I "backflashed" just to see if I could adjust stamp or confirm it worked somehow. I would expect the HP BIOS diagnostics log to be reset upon a sucessful flash no? Is the HP BIOS recovery process broken down somewhere that I may read up and gather info? That is, how it does the seek, and post find process to flash. reaching....
You're welcome?? To add to this, I tried the win+b bios recovery with an HP_TOOLS folder on a usb drive created via the softpaq as system in windows. While it seems to "find" it, It simply drops a message to remove discs and other media and press any key to reboot. This time I left the battery out after the attempt and booted ubuntu live cd on a write protected SD card. The machine runs differently in that I don't see cwd, read and list commands getting access denied as the kernel comes up, but it still loads bluetooth drivers for a machine that has no bluetooth devices. The only real bios switches accessable to me is that of SVM enable or disable. Turning this on resulted in win7 ide/ata drivers on next boot, but it certainly popped my installed ubuntu kernel. Either OS reports bluetooth that doesn't exist. Since the bios flash didn't work via cd or usb, I tried it with the efi partition on the old HDD but no joy there either. Since so many folks envision this sort of thing as a myth, finding answers is difficult. Seems more are seeing it happen though. link: virus in acpi on google (I'm too newb here for link post) This as much of a bump as extended info request...