MODDED T530 BIOS W/ DIY GUIDE (EXTERNAL CLIP BYPASS = SOFTWARE METHOD VIA FLASHROM)

Discussion in 'Lenovo' started by Anthony Smith, Jan 1, 2020.

Tags:
?

Did it work for you?

  1. Yes

    0 vote(s)
    0.0%
  2. No

    0 vote(s)
    0.0%
  1. Anthony Smith

    Anthony Smith Newbie

    Reputations:
    0
    Messages:
    1
    Likes Received:
    1
    Trophy Points:
    5
    THIS IS FOR THE T530 BUT THE SAME PROCESS TO DUMP AND PATCH APPLIES TO THE W530 (I don't own a W530 myself so you would have to dump the W530 bios with flashrom after unlocking bios regions and use UEFIPatch to apply an applicable patches.txt.)

    This is a bypass to flash bios without external clip, substituted by the software utility flashrom in linux.

    Works on all bios versions released prior to 2.62 as the vulnerability was fixed on later bios.

    I've been seeing people having trouble with it so I've simplified the process.

    Modded 2.60 T530 Bios w/ 0xE2 Unlocked, Advanced Menu, Wifi whitelist removed, and hackintosh speedstep patch. Flash OEM 2.60 Bios by disabling secure rollback protection in bios. Flash with flashrom after unlocking protected registers with chipsec in linux. This can be done with a live usb bootable linux. My T530 thinkpad can now play 1080p video just fine. IMPORTANT: At erasing and writing prompt in flashrom make sure to have a reliable power source to prevent brick.

    PROOF:

    https://imgur.com/a/gsAMslR

    AVX AND AES-NI INSTRUCTIONS

    HELL YEAH:

    https://imgur.com/a/c1bnSMV

    YOU CAN ALSO FLASH COREBOOT. THAT IS NOT RECOMMENDED FOR PEOPLE WHO WANT TO RUN WINDOWS. STAY WITH LENOVO BIOS.

    MODDED BIOS LINK:

    https://easyupload.io/698e2t

    RAW OEM BIOS DUMP:

    https://easyupload.io/

    How to make your own dump and write it back to the bios chip:

    IN WINDOWS WITH 2.60 BIOS:

    #rollback to older BIOS with by running:

    winflash64.exe /sd /file <path_to_.fl_file>

    *after disabling rollback protection in the bios settings *

    NEXT, BOOT FROM LIVE LINUX USB DRIVE:

    # Append relaxed iomem parameter to existing command line options

    iomem=relaxed

    # BIOS_CNTL

    sudo chipsec_main -m tools.uefi.s3script_modify -a add_op,pci_wr,0x1f00dc,0x9,1

    # FLOCKDN

    sudo chipsec_main -m tools.uefi.s3script_modify -a replace_op,mmio_wr,0xFED1F804,0x6008,0x2

    S3 suspend after this. Can be done with:

    systemctl suspend

    # After resume>>>

    #Set BIOSWE:

    sudo setpci -s 00:1f.0 dc.b=09

    #Unlock protected registers

    sudo chipsec_util mmio write SPIBAR 0x74 0x4 0xAAF0800

    sudo chipsec_util mmio write SPIBAR 0x78 0x4 0xADE0AD0

    sudo chipsec_util mmio write SPIBAR 0x7C 0x4 0xB100B10

    sudo chipsec_util mmio write SPIBAR 0x80 0x4 0xBFF0B40

    # Test with this:

    sudo chipsec_main -m common.bios_wp

    #Read bios chip to file

    sudo flashrom -p internal -r /root/Desktop/bios_backup.rom --ifd -i bios

    #Write bios rom back to bios chip

    sudo flashrom -p internal -w /root/Desktop/newbios.rom --ifd --noverify-all -i bios

    IMPORTANT: FOR ERASING AND WRITING STEP MAKE SURE LAPTOP IS ON A RELIABLE POWER SOURCE PRIOR TO RUNNING THE WRITE COMMAND

    IMPORTANT:

    If you have the W530 model laptop use this patches.txt file with UEFIPatch software from Github to patch your bios.

    https://gofile.io/?c=m0kwV4

    Windows UEFIPatch:

    https://github.com/LongSoft/UEFITool/releases/download/0.27.0/UEFIPatch_0.27.0_win32.zip

    Linux UEFIPatch:

    https://github.com/LongSoft/UEFITool/releases/download/0.27.0/UEFIPatch_0.27.0_linux_x86_64.zip

    PATCH RAW BIOS DUMP:

    ./UEFIPatch bios_backup.rom patches.txt -o newbios.bin

    FLASH BIOS BACK TO CHIP:

    sudo flashrom -p internal -w /root/Desktop/newbios.rom --ifd --noverify-all -i bios

    -----------------

    If you want to use setup_var utility to modify bios settings I've done the guesswork and found what is needed.

    Two separate extracted ifrs as a text document containing all variables:

    Advanced bios settings accessible in mod (Some that are visible in menu and some that are not):

    https://filebin.net/3vlc2zr0zryjwxsk/PlatformHiiAdvancedDxe.efi_body_IFR.txt?t=68ux18lc

    Basic settings accessible on non-mod bios:

    https://filebin.net/3vlc2zr0zryjwxsk/LenovoSetupSecurityDxe.efi_body_IFR.txt?t=68ux18lc
     
    hacktrix2006 likes this.
Loading...

Share This Page