Hello everyone. I am looking forward to unlocking the advanced tab menu on my laptop. I’ve managed to read/write the bios eeprom throght arduino/linux flashrom. Throught the use of H2OUVE and H20EZE I’ve managed to edit bios logo and see the advanced menu, but, with the exception of the bios logo, I can’t save any changes to the .bin file I had read from my bios chip. Anyone got any help/ideas on how i can edit the bios file, is it throught a use of a specific software or even I would have to edit some of the hex lines of the files (any specific address or some pattern to look for?). Thanks. Bios dump attached.
Your post is not very clear. You can see the advanced menu, but you can’t save the edited BIOS??? How can you see the advanced menu then? And you say you can’t save any edits to your BIOS, but you updated the logo and I assumed saved that correct? Very confusing post you’ve got there
Is the above attached dump, a direct dump from your chip, not modified or edited in any way by you? If not, please attach the dump you have not modified, then I will take a look.
Since this is Intel CPU system, you then you could have done all this with software instead of dumping chip, but at least now since you can dump with flashrom then you can write too, and that may save you from some little hassles of getting mod BIOS put on there
I hate Insyde BIOS, but will see if I can help. Please show me an image of your current Advanced menu.
* Edit - See if this method works first, in case it does then no mod flashing is needed. >> 1. Press F2 to load BIOS. 2. Once the BIOS is loaded, press FN+Tab 3. Now press F10, save the changes and exit. 4. On reboot, press F2 again and now you’ll have the advanced menu enabled (maybe)
This system has some restrictions in place that hinder flashing in mod BIOS >> BIOS lock (Easy) and FPRR lock enabled which is sometimes a real pain, can be impossible without programmer, but not always. So, while we can try to get around those, in the end you may need to purchase a flash programmer + SOIC8 test clip with cable. I suggest you purchase those first anyway, they are very cheap, and you then wont have to worry about anything bricking due to bad edits or bad flash etc. CH341A = $2.50 + SOIC8 Test Clip W/ Cable = $3.60, let me know if you need some links. At those prices delivery time is 3-5 weeks, you can find sellers and or stores that ship them from a more local place or faster shipping, but price will be 2-3x more.
I’ve managed to unlock the advanced menu once, by chance, just after migrating to a ssd, it lasted only for one boot and then it vanished forever (have no idea why). I would like to unlock the advanced and power menu again (now for real).
I am able to read/write the bios chip with flash programmer + SOIC8 (in my case a arduino and soic8 adapter) I did dumped my specific bios through this method, the unmodified bios .bin files are attached.
I then tried to unsuccesfully modify the .bin file i had previosly dumped through H20EZE, and although I could edit the bios logo and save it, i could not edit and save anything else, since the save option got always grayed out and the H20EZE did never allowed me to save the mods. I also tried to change the MC in H20EZE to a one in a github repository , specific for my CPUID, it did not worked at all.
I had also tried to acess the advanced menu through every F2, TAB, FN, ESC etc combination of keys possibly (believe me i did, haha), and still got no luck.
Just to be clear: The attached files are the UNMODIFIED BIOS DUMP of my very own laptop (arduino SPI + SOIC8 method - the same thing as the CH341A + SOIC8 method). I don’t have any advanced or power menu/tab in my bios right now, it only happened once in the past and now it is gone Thanks again.
The above method should get it for you then, especially since you already made it visible once before (I assume you meant without BIOS Mod). If not, how do you think you got there before, without a BIOS edit, it must have been some hotkey/combo Great you have flash programmer! Microcodes I would update manually always, with UEFITool or other methods, never with H20EZE. Thanks for clarifying what you mean about editing and saving etc. That simply means you can’t edit this BIOS with H20EZE then, making advanced visible can’t be done with that tool anyway.
Please show me an image of your current Advanced menu, or do you mean you can’t see either of the advanced menus, none at all?? Also, please zip a single image of all other main BIOS sections you can see as well, just one each so I can see which you have of the ones that have two possible menu options. Since you have flash programmer and can recover from bricked BIOS, I can help you sort this out I think, but I do hate Insyde BIOS and it’s not my specialty. It may take 10+ bricked BIOS though, if you are up for that kind of testing let me know.
Hello, thanks for repplying again. I’ve done some research on the internet about my laptop and some similar ones (helios 300 and 500), and there are a couple of posts and even some videos of this weird one time bios advanced and power menu/tab unlock like the one it happened with me. I am pretty sure when it happened with me, I only hitted F2 key. I’ve found out some things in common with everyone where this weird unlock happened: Each one had either just migrated from a hdd to a ssd, or had a windows installation usb stick plugged on (and was about to install it). I did both things when it happened, but could not reproduce it again (seems a bit random).
Right now, I’ve got neither advanced nor power menu/tab. I’ve attached my very own bios TABs pictures with everything I can see/edit, that is the standart for my unmodified laptop’s model.
I am fine with bricking my bios and be required to rewrite the original dump or anything else. If necessary I am even ok with desoldering the IC itself and replacing it (got some experience in doing so). I would just hate frying the laptop’s hardware itself, but I will take any chances in order to have that gorgeous menu again xD
@Mártin BRM - extract PE32 BODY of setup module (GUID FE3542FE-C1D3-4EF8-657C-8048606FF670) using UEFITool Open in hex and make the following edits 913: 70 >> Change to >> 00 94B: 38 >> Change to >> 00 982: 75 >> Change to >> EB
Then you have not extracted the file to edit properly, the values will be exactly as I mentioned above once you extract the correct file in the proper manner (Setup >> PE32 >> Extract body) No, you should not do anything, until you edit the correct file in the correct way, otherwise = bricked BIOS.
It was not a extraction issue. I misunderstood 913: 70 (position: 913 value: 70) to position: 91370. The values in the positions you stated were totally correct, my mistake. I then edited it, just as you said.
@Lost_N_BIOS Could you please describe more precisely why you change this variables: 913: 70 >> Change to >> 00 94B: 38 >> Change to >> 00 982: 75 >> Change to >> EB I try to figure it out by myself. I’ve already extracted body of setup module (in @Mártin BRM bios file), after that I extracted IFR.txt menu (using Universal IFR Extractor) but I do not understand next step. How do you find the right hex offset to change? If you be so kind and tell as (using this bios file as an example) how to do it.
@maks - you can’t use Mártin’s BIOS file, that has his serial, UUID, and LAN MAC ID in it, you will loose all your board specific info as it would be replaced by his. You need to dump your own BIOS, with flash programmer or BIOS region with FPT, and then modify that. FPT reflash of mod BIOS may not even be possible, I’m not sure you can get around the locks, we didn’t try since he has a flash programmer.
Also, please wait, those may not even be correct edits, wait until he’s tested and confirmed or not, since he can recover with his flash programmer.
IFR has nothing to do with any of this, mod like this is done in assembly/disassembly, then changes made in hex as shown above.
@Lost_N_BIOS I know that I can’t use Mártin’s BIOS. I would like to learn (on his file) how to find correct values (after that I can use this knowlage on my bios files).
So if you don’t need IRF how do you disassembly this particular bios file. I know that you use IDA but how can I learn how to use it correctly? How do you know that for example offset 913 should be changed from 70 to 00?
Ohh, OK. Then see above, I showed exactly how and where to extract (That’s with UEFITool)
Disassembly is done with whatever disassembler you like, I use IDA PRO but there is many free versions and even online assembly tools you can use.
I learn over time how to recognize this stuff in assembly, in some Insyde BIOS there is guides you can follow that would give you more direct answers like your wanting here, but I don’t know any guides that apply to this kind of Insyde BIOS I only know it’s this or another set of similar right beside this from past experience and knowledge garnered over the years.
What each of those is changing is a type of jump or it’s target location. For example, at 913, the full code for that jump (JZ) is 74 70 and we change that 70 since original location it jumps is bypassing a menu, but change to 00 it does not and moves onto next code instead of jumping to end and bypassing a menu Same for 94B - 74 38 982 = 75 20 << here we change the 75 (JNZ) to EB to unconditionally jump to the coded address (20) it would jump if condition was properly met, this way it goes there no matter what instead of bypassing due to condition not met
None of this is ever the same in any BIOS, the only time what you see above, if it’s the correct edits, would apply is on this BIOS version here only.
I am speechless, it worked flawless the very first time. I wrote the bios image in the eepron, it took 12 min for reading the old image, 12 min for erasing/writing itself and 12 min for the final verification, so 36min total. Just to remember, I did the arduino spi/linux flashroom way. The laptop took a couple of seconds longer on the first boot, and then was it. Both “advanced” and “power” menu tabs were there, it is trully unbeliveable. It is remarkable.
In my experiency with this specific laptop’s unlocked options, I would be very careful in overclocking the ram, the clock itself, every time i tried to change the clock from the standard 2400mhz value, either to more or less frequency, the laptop stoped working completely, not even the bios showed up. I then had to rewrite the bios (the already moded one, with the advanced and power tab) and then it was everything back to normal. The CPU voltages offset did not apear to change anything, so I could not change neither core, nor cache,nor iGPU voltages.
Somes options I was really looking foward worked very well, I reduced the ram timings from the stardard CL17 to CL15 and even CL14. I changed the PCIe x4 hotplug option from disabled, to capable. Still looking foward to changing it to enabled. (eGPU project) I also suceffully changed the FCLK from 800MHz to 1 GHz.
There is a TON of options in the bios now, it really amazing.
Again I would like to thanks the forum and all the user’s help, specially LOST_N_BIOS, you are the man.
Any questions, feedbacks, etc anyone would like to know (that is inside my little knowledge/experience), I am realy happy in repplying.
@Mártin BRM - great to see it, thanks for report back Hmm, seems I can’t live tag you here? Maybe due to the space in the name, or the ’ over the A? Often, there still may be some hidden settings, that need revealed or some that need un-grayed-out, but I’d have to see new BIOS images of each menu and all submenus inside each one too, to then make another edit. This you check against what you see in the BIOS/images, vs what you see as possible settings in software or IFR, and then break the reason it’s hidden or grayed out etc
What you mention about memory could be due to your CPU or memory isn’t up for that speed, or the timings/voltages set at that time weren’t enough for that speed.
You’re welcome, I’m glad to see you’re happy and you were able to get the settings you wanted right away without further edits
@Mártin BRM - This is controlled by Intel ME FW, what your showing above (ICC Profiles), and normally I would edit this, but in your BIOS or ME FW itself it wont open with Intel’s FITc tool (unsure why) We will have to wait until plutomaiac is back around full time, then we can have him look at your ME FW and see if he can tell us why, or fix it, so I can edit it in FITc
However, maybe there is already overclock profiles in there (I can’t tell, because I can’t open it), so maybe all you need is ungrayed option at “ICC Profile” choice Gray Out If {19 82} QuestionId: 0xAD5 equals value 0x0 {12 06 D5 0A 00 00} << FF this Numeric: ICC Profile, VarStoreInfo (VarOffset/VarName): 0xD, VarStore: 0x1, QuestionId: 0x138B, Size: 1, Min: 0x0, Max 0xF, Step: 0x1 {07 91 94 03 95 03 8B 13 01 00 0D 00 14 10 00 0F 01} Search this string, right before it you will find above ^^ Default: DefaultId: 0x0, Value (8 bit): 0x0 {5B 06 00 00 00 00}
Here is edit info if you want to do this edit.
1. Extract Setup’s PE32 as-is using UEFITool 25 2. See above edit info 3. Edit in at 0xB9C53h change 00 to FF (This directly before string above) >> Change 12 06 D5 0A 00 00 >> To >> 12 06 D5 0A FF 00 4. Save edited file, insert back into BIOS with UEFItool 25 As-is (Same way you extracted it) 5. Reflash BIOS region with FPTw.exe -bios -f modfile.bin
Then see if you can choose other profiles than zero. If not, or all look same, then we will have to wait on plutomaniac to be back around so he can help with the ME FW oddity I assume, this also requires BIOS setting >> OverClocking Feature << to be enabled, but you probably already have that enabled
Hmm, seems I can’t live tag you here? Maybe due to the space in the name, or the ’ over the A?