It’s not as simple as it seems. The CH341 is not a programmable controller. Basic operating procedures in C are provided on the manufacturer’s website - https://www.wch-ic.com/.
EZP2019 - EZP2025 use the CH552/CH554 chip. It is a microcontroller of the 8052 family. It has a software program embedded in it, which is not the property of https://www.wch-ic.com/.
This is clear to me. if you don’t know the internal software of the CH552 you cannot send the commands to drive the programming.
But is it possible to rewrite the CH552 software with a custom one right? like a custom firmware?
It is very costly in terms of time and effort.
The programmer should arrive on Sunday. The first thing I want to try to do is the EZP2023+ firmware dump.
Not one… more than one and compare the various images.
Dont you write anything before this.
PSU unplugged and no CMOS battery for start as it feeds the circuit, some boards will need this or even PSU stand-by.
You need patience with the clip grip.
Good luck.
EDIT: An Hex editor, UEFI tool, WinMerge etc…
1 Like
certainly, at the moment I have the original intel bios and various dumps made with fpt.efi, flashrom and chipsec I will do others with the programmer as soon as it arrives.
Do you have any software to recommend for dump comparison?
How can I remove information from the bios to flash it on another motherboard?
for example a test secure boot key used to sign kernel module
The first thing that comes to mind is to modify the values in 0xFF with a hex editor but I’m not sure if this is a good procedure
To port a program from Windows to Linux the hardest but correct way is this:
https://goatpr0n.farm/2019/11/reverse-engineering-of-a-flash-programmer-ezp2010/
@bigmdm Thanks for the tip, I’ll try to find out more when I get the programmer.
Tonight I remembered that I have some motherboards that I can use to practice. But there is always the question of how to remove the information from the bios.
The programmer arrived this morning and I performed the first dump (3 reads to be exact) on a MIB75R/MH_SG motherboard. everything seems to work correctly and I had no difficulty with the clip, I got in the first time!
I opened the files with UEFITool and they are recognized.
Now if I wanted to make some changes such as changing strings or removing RSA keys how can I proceed? can I edit the values directly with HxD?
EDIT: I managed to recover my first motherboard!
WARNING: Don’t use the clip!
You understand that you have connected the CH341a programmer to the SPI NOR flash bios chip, but the SPI NOR flash bios chip is already connected to the microprocessor, and the power pin is already connected to the RAM, buffers, north and south bridges and other devices on the motherboard? As a result, the programmer sends signals to all connected devices. Such connection does not guarantee correct execution of read and write operations.
Hi I’m using EZP2023+ as a programmer.
I did the flash with the clip on the bare motherboard, no CMOS battery, no RAM, no ATX.
The most reliable way is to unsolder and solder.
I know but the clip is enough for now
I don’t have the right hot air gun and preheating the MB with an electric heater and then desoldering with a hot air gun to remove paint doesn’t seem ideal to me.
I recovered a few MB from old routers, I’ll start practicing on these, The next step would be to try to recover data from an old smartphone