ACER 5742G BIOS modding

Pagina 1 di 13

About Us

Contact Us

Newsletter Sign Up

Welcome, BDMaster

Notifications

My Profile

Settings

Log Out

FORUM
Site Rules

REVIEWS
FAQ UserCP

NEWS
New Posts

SHOP
Calendar

COUPONS
Community

DEALS

ADD ONS

VIDEOS

BUSINESS

Search...

Forum Actions

Quick Links

Image Gallery

Forum

Notebook Manufacturers

Acer

ACER 5742G BIOS modding

EDITOR'S PICKS
Sager NP7330 Linux Guide/Review by joeelmex Y410p [full review] by jobine702

FOLLOW US AROUND THE WEB

+ Reply to Thread
Results 1 to 10 of 52

Page 1 of 6 1 2 3 4 5 ...

Last

http://forum.notebookreview.com/acer/541716-acer-5742g-bios-modding.html

21/12/2013

ACER 5742G BIOS modding

Pagina 2 di 13

Thread: ACER 5742G BIOS modding

3Like Likes Tree

Thread Tools Search Thread Rate This Thread #1

Bookmark & Share 19th December 2010, 02:03 PM rajkosto

Notebook Enthusiast Join Date: Posts: Rep Power: 8 Dec 2010 10

ACER 5742G BIOS modding (unhidden pages/enabled UEFI BOOT)

You will need ezH2O 2.1.0.13 or newer All the values in the latest bios (1.10) seem to be good (every option that's nice to have is enabled), except that, for me, UEFI boot isn't working. Also, VSS modding doesn't seem to stick unless i change the value in both the Setup and the Custom variable, so I just did this with a hex editor (ACER doesn't have checksums on uncompressed VSS volumes). However, this requires a bios DUMP for each laptop, and then that to be modified. Instead, i like modifying the SetupUtility PE (well, actually the HII forms UEFI bytecode inside of its data section). This gives permanent option unlocking (just change the Suppress If statement to check some bogus variable for some bogus values). You will need Python 2.6.x or 2.5.x installed and in your PATH for this to work, also copy the lzmadec.dll to it's dll dir. First, we need the SetupUtility PE out of the bios, so do this: Code:
py thon m ain.py PEW71110. f d

MOST ACTIVE THREADS

Clevo notebooks with 800M series...
Last Post By flingin (179 replies) Today, 06:56 AM in Gaming (Software and Graphics Cards)

Looking for a gaming pc on a budget

Last Post By peppergrass (119 replies) 17th December 2013, 06:28 PM in What Notebook Should I Buy?

Mechanical Keyboard Worth it?

This will make a data folder with SetupUtility PE in it. Then, we analyze the UEFI forms bytecode in this PE: Code:
py thon dum ps et up2.py data\SetupU t i l i t y - m ine. pe > by t e c ode. t x t

Last Post By octiceps (91 replies) 18th December 2013, 07:27 PM in Accessories

XPS 11 Owner's Lounge

Last Post By IntelUser (90 replies) Today, 04:34 AM in Dell XPS and Studio XPS

Xbox controller for PC games?

Last Post By BlazeHN (70 replies) Yesterday, 12:42 AM in Gaming (Software and Graphics Cards)

Each form set listing starts with "Reading form 'Main'=7ecb0" where 7ecb0 is the offset in the PE where the HIIPACK header is located. the HIIPACK header consists of 6 bytes: [UINT32 SIZE, UINT16 TYPE], so

http://forum.notebookreview.com/acer/541716-acer-5742g-bios-modding.html

21/12/2013

ACER 5742G BIOS modding

Pagina 3 di 13

place the cursor at the offset, check intel little endian mode in your hex editor, and interpret the int of size. The UEFI bytecode is located in the area right after the 6 byte header, defined by size. You can see a list of opcodes inside dumpsetup2.py, for more information about a opcode you can just google it, and then follow the link to the Phoenix Wiki. Or consult the Intel EFI pdf that has definitions for most of them. So, i wanted to expose the advanced boot options like UEFI BOOT, FAST BOOT, etc. I found the string in bytecode.txt, found the form package they're in ("Reading form 'Boot'=7f120"), and see why they're not displaying ("Suppress If LIST [0x85<1>] in (0x00,0x01,0x02,0x03,0x04)" Now, we could either just hex edit our DUMPED bios to set the VSS var 0x85 to 0x05, but this would mess up some other pages where you will see unknown grayed out values, etc, and would be reset if you chose to restore to factory settings in the bios, or we could edit the UEFI bytecode to not check that variable anymore. To do that, we find that the LIST check we want is "EFI_IFR_EQ_ID_LIST_OP = 0x14", so we search for first occurence of 0x14 in the uefi bytecode area (after the HII header), and see: Code:
1411 8500 01 0500 0000 0100 0200 0300 0400

RECENT LAPTOP REVIEWS

**New** Samsung ATIV Book 9 Lite (NP905S3G) User Review **New** Lenovo ThinkPad Edge E431 Review HP Pavilion Touchsmart 11z Review Asus ZenBook UX51VZ-XB71 Review Alienware 14 Review

14 is our opcode, 11 is the length of it (+ additional bit, ignore it) 8500 is the variable we check 01 is the length (in bytes) we are checking 0500 is the size of the array of the values we are checking for and after that we have values[5] of UINT16 for the values to check for Since 0x85 is in the range of 0x00 to 0x05, i just changed the values to check for to : 0xFF 0xFE 0xFD 0xFC 0xFB, so our bytecode changes to: Code:
1411 8500 01 0500 FF00 FE00 FD00 FC00 FB00

NEW FORUM THREADS

After we have done the change, we need a way to pack it back into our .fd image. This is where ezH2O comes in. Open the PEW71110.fd file in it. You cannot open dumped ROMs (or any ROMs that have NVRAM in them) with ezH2O, as it will just crash while saving it later. If it were a stable utility, i could just go to modules->replace and replace the SetupUtility with our modded PE

HP Pavilion g6 Screen Problem

Posted By andoidvsapple (0 replies) Today, 07:55 AM in HP Pavilion Notebooks

Anyone know if there's a way to...

Posted By Vogelbung (0 replies) Today, 07:32 AM in Gaming (Software and Graphics Cards)

4900MQ turbo boost broken?

http://forum.notebookreview.com/acer/541716-acer-5742g-bios-modding.html

21/12/2013

ACER 5742G BIOS modding

Pagina 4 di 13

But that makes it crash. So, after opening the .fd image in ezH2O, i opened WinHEX, opened the ezH2O primary memory in it Now, we can search around the uncompressed memory of ezH2O. To find the range we want to replace, simply select a big enough chunk of hex around the area you want to edit (make sure you can find only 1 occurence of it in the PE, make it a big enough chunk of hex) Then search for that in WinHEX while having opened ezH2O's memory area. If you get the message "Virtual memory layout has changed", simply exit WinHEX and attach to ezH2O's memory again and try again. After changing the bytes you wanted, you can simply close WinHEX, there is no saving for memory. Now, some people say that ezH2O won't even bother rewriting the image from uncompressed modules in RAM unless you change something in ezH2O before doing a save as. To circumvent this, i just change the boot logo. The preferred format to change it to is a 640x480 indexed PCX file. I have put a link to the original ACER logo PCX in the bottom of this post, that you can use. Don't worry if ezH2O asks you to change the format to 0x0 or some crazy thing, just click yes, it will change the logo image properly. You can open the logo image dialog again, to verify that it changed properly. After that, simply do a File->Save as and name it modified.fd or something. Then you can flash this with the official InsydeFlash utility, either for windows or DOS. I also like setting the ALL=0 option in platform.ini to ALL=1, this way it clears the passwords and some other things get reflashed as well. To get the raw folder (instead of the self extracting exe you download from acer's site), you just run the exe from acer's site, and immediately close the CMD prompt that comes up. You can find the raw folder inside your Windows' temp dir. Copy your modified.fd as PEW71110.fd in that folder, overwriting the original one, and simply run DPJ.BAT on your laptop to flash it. Now, the problem ive encountered is: 1. the UEFI BOOT variable in the bios is already set to [ENABLED], but UEFI BOOT is not working. This would mean that we require some modules that we don't have in our BIOS, or we need to modify some boot selector that decides where we boot. The problem is that ezH2O crashes when you try to modify a module, and just gives an error that i haven't given it the correct module type when i try to insert a new one. I've found a BIOS from some other ACER laptop that supposedly CAN UEFI boot, and extracted all it's modues using fsdump.py, and it indeed has more modules than the 5742G bios (like Terminal), but both our bios and their bios have the same BOOTX64.EFI strings, as well as INTERNAL EFI SHELL string etc, in the modules, which confuses me. To extract all modules from a .fd image, first you will have to manually unLZMA

Posted By beezow (3 replies) Today, 06:26 AM in Sager and Clevo

AW17 W8: USB not working, drivers...

Posted By DivideByIchi (0 replies) Today, 06:04 AM in Alienware 17 and M17x

Hibernation issue
Posted By Davidjb82 (0 replies) Today, 05:49 AM in Asus

TECHNOLOGYGUIDE UPDATES
**New** What are the Best Tablets? **New** What are the Best Digital Cameras? **New** What are the Best Smartphones? Moms, Dads, & Grads 2013 Buyers Guide

http://forum.notebookreview.com/acer/541716-acer-5742g-bios-modding.html

21/12/2013

ACER 5742G BIOS modding

Pagina 5 di 13

it. To do this, open the .fd in a hex editor, and remove everything before the LZMA header(5D000080001000), then save it and run Code:
l zm a - c - d l zm ac om pr es s edf d. l z m a > dec om pr es s ed. bi n f v dum p. py dec om pr es s ed. bi n f s dum p. py f v - 00000010. bi n

And you will get tons of files that correspond to the modules inside the fd image. So, any ideas on how get UEFI boot going ? Files like python scripts, sample bios with extra options, and the boot logo pcx can be found at Index of /acer/tools To get ezH2O, just google ezH2O 2.1.0.13 (earlier versions will crash on .fd load) Python scripts made by Marcan and d6z, i just edited them with correct offsets for this bios image EDIT: I've found why the pages weren't showing, the SetupUtility code, on form init, checked if the form set string ID was either 0x67 ("Advanced") or 0x283 ("Power"). Simply replacing these checks with NOPs made them show up. To reiterate, i've replaced 83F867 0F849E000000 (cmp eax, 67h, jz) with 83F867 909090909090 (cmp eax, 67h, 6*nop) and 3D83020000 0F848A000000 (cmp eax, 283h, jz) with 3D83020000 909090909090 (cmp eax, 283h, 6*nop). These are at 0x1249 and 0x125B in SetupUtility PE, respectively. I've uploaded a bios image that unlocks these pages to the link above. EDIT2: Just inserting new modules properly extracted from other ACER laptop models using ezh2o does make a valid efi image, but the laptop will just keep resetting before display init if you do this However, you can safely remove the following modules: Chinese, JpegDecoder (if you're using a PCX boot logo) and also all the VGA BIOS for the graphics card you don't have, if you have nvidia, you can remove all ATOMBIOS ATI, vice versa if you have ATI In case anyone cares, the recovery bios filename for the Acer Aspire 5742G is PEW71X64.fd and you can use any 4MB .fd file from acer's site for this model, put it on a fat16/fat32 formatted usb drive or a CD/DVD EDIT3: If your laptop doesn't boot, and you don't know the filename you need to use for recovery from usb/dvd to work, you will need to extract modules from the PEI section as well, which i don't know how to do manually using these tools. However, the Phoenix SLIC Editor Package, which supports insyde h2o bioses, can automagically extract all modules, including the PEI ones. Simply have it

http://forum.notebookreview.com/acer/541716-acer-5742g-bios-modding.html

21/12/2013

ACER 5742G BIOS modding

Pagina 6 di 13

open your bios, and after you see the .ROM files being extracted, a dialog box will show up, and then you can harvest the .ROM files from the same folder the bios was in, in a subfolder called TEMP. Then simply search them for ".fd" (unicode) and see what the filename is. On mine, i had an ASCII hit as well, right next to TORITO, which is DVD bootsector related.
Attached Thumbnails

Last edited by rajkosto; 20th December 2010 at 08:59 PM. Like | Reply Reply With Quote

19th December 2010, 09:53 PM weinter

/dev/null Join Date: Posts: Apr 2008 2,798

#2

Re: ACER 5742G BIOS modding

Following the dumpsetup2.py I encountered: UnicodeDecodeError: 'utf16' can't decode bytes in position 403678403679:illegal encoding. I took at look at the offset it is this char

http://forum.notebookreview.com/acer/541716-acer-5742g-bios-modding.html

21/12/2013