Hey everyone, so I want to unlock this Insyde BIOS (link here http://www.mediafire.com/file/agyl19d3yr…0200D5.ROM/file ), so I’ve followed a lot of tutorials and spent a lot of time on this, but for the life of me I just can’t find what I need to edit. So I’d REALLY appreciate it if one of you guys take a look.
The main problem I’ve been having is that after extracing the SetupUtility module(Where all this menu stuff belongs, right? It’s not in another module like SetupBrowser I believe) ( https://ibb.co/3TrJ4qq ), and extracting it with Universal IFR Extractor, the stuff you’d usually find under “Form Sets” isn’t there(Like Main, Power, Advanced, Boot, Exit, etc) Instead I get this: https://ibb.co/3TrJ4qq
So I’m thinking I’m extracting the wrong thing…? Or maybe this is the right thing, but I just can’t find the bytes to edit…? Please help me out guys, I’ve put hours into this to no avail. If anyone could tell me what I need to modify in where – or how to find WHAT I need to modify, I’d really appreciate it
EDIT: Nevermind, I think I found the edits I need to make now - on another forum. I’ll update if it works or not
EDIT 2: I can’t flash the bios. Using the insyde flash tool that Sony ships with their BIOS updates, it gives me “Invalid firmware image” error… I can’t do the recovery method either, it just simply doesnt work at all - i’d appreciate it if anybody could tell me what I could do to flash?
@Kurtisdede - your second linked image is same as the first, so I can’t see what you mean about " Main, Power, Advanced" etc - that is the PE32 module file to extract
To flash mod BIOS you need to edit iscflash.dll via assembly/hex to bypass the error you are getting. Or, dump BIOS via FPT, then mod, then reflash via FPT (Do not FPT flash stock BIOS)
I need a link to the stock exe package to be able to help you edit the iscflash.dll
Thank you very much for the reply, sorry for linking the same image twice, I meant this: https://ibb.co/RSjfX3K
This is the stock exe package: http://download.sony-europe.com/PUB/VAIO…P0000601231.exe
Also I tried to use the FPT flashing method, but it didn’t work(I did it from Windows though). The program refused to even start(Yes, I ran the program with a .bat file with all the commands needed) Is it because I’m using the x64 version? Anyway I’d prefer the modded iscflash.dll method anyway, so i’d really be thankful if you helped me on this.
Also the file I get from Sony’s site is 8.6MB, and I have modded that file and I’m gonna try flash that on my laptop. But when I rip my own bios, I get a 3MB file. Should I mod that & flash that instead?
Thanks a lot for replying!
@Lost_N_BIOS Hey man, did you forget about this? You seem like you reply to a LOT of posts so I’m sorry to ping you about this but maybe you missed this post. I’d really like to get this done sooner than later. Ty a lot.
@Kurtisdede - Thanks for corrected image link, now I see what you mean. This could be how the BIOS is made, or a IFR extractor error, I will check with a few IFR extractors I have and see if both are same - What is this Sony model, so I can keep stock BIOS in a proper folder.
No, I didn’t forget, I’m just VERY FAR BEHIND 
, about 7-8 entire pages of new replies I’m behind and I don’t even want to know how many PM’s going a month back I’ve yet to have time to reply back to
On FPT, did you check if yours system uses Intel ME and which version You can tell by if there is ME driver downloads on your main driver page, and by Check BIOS main page and see if ME FW version is shown, if not then download HWINFO64 and on the large window on left side, expand motherboard and find ME area, inside that get the ME Firmware version. Once you have that, go to this thread and in the section “C” download the matching ME System Tools Package (ie if ME FW version = 10.x get V10 package, if 9.0-9.1 get V9.1 package, if 9.5 or above get V9.5 package etc)
Intel Management Engine: Drivers, Firmware & System Tools
If you do not have ME, then this method does not apply to your BIOS at all anyway
I cut your BIOS from the R0200D5.ROM extracted from the main EXE package, and this is only a 3MB BIOS update anyway, not even half a partial BIOS 
I see Sandy/Ivy BIOS modules, so ME FW is likely in the actual full BIOS on-chip. This is less than half the BIOS so I cant check to be 100% Sure, but I do see MWFWDowngrade BIOS module, so high chance it’s using ME
If your system does use ME, then that may be the easiest and safest way to flash in a mod BIOS. Yes, it works fine from windows, and no you shouldn’t use x64 type, but you do have to have ME, then have ME drivers installed, use the correct FPT from the matching ME System Tools package, and run FPT from admin command prompt.
And when you dump your BIOS off the board, this is also a partial dump, BIOS chip is 4MB or 8MB, not 3MB. This is normal, due to BIOS/security locks etc. Some tools may be able to dump more of the BIOS, maybe not, flash programmer can dump it all, and maybe Universal BIOS backup Toolkit
But, you can’t flash it all back anyway, unless you pinmod the board to unlock the FD, or you have a flash programmer. Complete BIOS will have a FD region, ME region is present, GbE if Intel Gigabit LAN is used, and maybe other regions too.
What you dump with software is “partial” BIOS region (and what you download from Sony is even less than that)
I suggest you dump entire BIOS region with FPT if possible. If not, then you will have to edit the 8.45MB BIOS and flash with modified iscflash.dll (if that is possible on this BIOS)
Here is the two IFR’s I could get and both IFR extractors I used), both have better output than you showed in image, but one entry still messed up (I do see this often with Insyde BIOS)
http://s000.tinyupload.com/index.php?fil…411712840972416
Here’s all your tab entries from assembly >> DF424DB5523951 search
180013B38
180061E50 << Power from IFR
180061E50
180064280 << Secondary Security From IFR/H20EZE via GUID and settings inspection/detection
180064280
18006C060 << Advanced from IFR
18006C060
18007A900 << Boot From IFR
18007A900
18007B650 << Security from IFR
18007B650
18007BA70 << Main from IFR
18007BA70
18007BE10 << Exit from IFR
18007BE10
Show me some images of your BIOS, one image of each main page, put in zip or 7zip please, the only routine I see of interest in assembly is sub_180000B5C, but it doesn’t look like any menus are being bypassed
@Lost_N_BIOS Thank you a lot for the detailed reply!
My Laptop is a SVE1512Q1EW. Here’s it’s link from Sony’s site(I couldn’t find an English version, sorry): https://www.sony.com.tr/electronics/supp…ries/sve1512q1e – ME is present on my system. - Version 8.1.0.1248 to be exact - I have extracted my BIOS using FPT, and it returns me a 3MB file. I’ve modded that, but is it even safe to flash(since it is not the full BIOS?) I don’t think there’s a way for me to extract the full BIOS - The command I’ve used is “fptw -bios -d biosrip.bin” and it gave me a 3mb file. Here’s it’s log:
"Intel (R) Flash Programming Tool. Version: 8.1.60.1561
Copyright (c) 2007 - 2014, Intel Corporation. All rights reserved.
Platform: Intel(R) HM76 Express Chipset
Reading HSFSTS register… Flash Descriptor: Valid
— Flash Devices Found —
W25Q64BV ID:0xEF4017 Size: 8192KB (65536Kb)
- Reading Flash [0x800000] 3072KB of 3072KB - 100% complete.
Writing flash contents to file “biosrip.bin”…
Memory Dump Complete
FPT Operation Passed"
BIOS Backup Toolkit says that the BIOS is 3MB. These are the modifications I’ve done – found these from another forum – with HxD, on the SetupUtility module:
0609 : 75 1D to EB 1D
0631 : 74 D8 to 74 00
0638 : 74 D1 to 74 00
064E : 74 BB to 74 00
So I guess the only way to flash a modded bios on here is with modified iscflash.dll or can I just flash the modded 3MB bios by itself? Thank you a LOT btw, it’s insane how much effort you put into these…
Here are the BIOS menus(Also, before I can access the BIOS, I have to go through this VAIOCare thing, I’ve screenshotted that too): https://www.mediafire.com/file/a62kr3lr2…OSpics.zip/file
@Kurtisdede - Thanks for the info, and you’re welcome!
I thought it should have ME, thanks for confirming. BIOS region is always less than full BIOS, this is what you can easily extract/flash via FPT, and this means you can probably flash back BIOS region via FPT much easier than the Insyde method, however both ways may have issues you’ll have to get around
You may be able to dump entire BIOS with FPT, or other regions, but flashing them back usually will be blocked due to locked FD. Dump entire BIOS >> FPTw.exe -d bios.bin // Dump FD >> FPTw.exe -desc -d FD.bin // Dump ME Region >> FPTw.exe -me -d ME.bin
Yes, we flash “BIOS region” all day long with FPT, it has flags to determine which region it’s dumping or flashing, and you feed it only those regions or entire BIOS and it can determine based on what flags you set what to flash. Now, lets test to see what error, if any, you need to get around to flash back with FPT.
Flash back your dumped BIOS region >> FPTw.exe -bios -f biosrip.bin
Show me command given and error if it gives you any error, then stop and try nothing more
Those edits look good to me, good eyes and find if those are correct! Link me to the thread where you found this discussed, it’s OK.
I wasn’t sure about that, since it didn’t look like it was jumping tabs there to me last night when I checked. But, I’m not used to editing Insyde BIOS all that often, so I only know the basics and this BIOS is not basic/usual
As for flashing, you will have to test FPT and see if you can flash stock biosregion back in, if you can then you can flash mod biosregion back in too.
If you get error with stock, I’ll have to see it before I can tell you how to get around, if you can, if you can’t without programmer then you’ll have to edit iscflash.dll (or use one you already found modified)
@Lost_N_BIOS Thanks for the reply.
I tried dumping those 3 sections, while I could dump BIOS and FD, I couldn’t dump the ME region, it gave me Error 26.
And when I tried flashing my modified BIOS, it gave me this error: "Error 28: Protected Range Registers are currently set by BIOS, preventing flash access."
This is where I found my edits BTW, no iscflash.dll on there though. https://www.bios-mods.com/forum/Thread-R…S-Unlock?page=2
BTW, I’d really like if we could get this done through software, but I can probably buy a Programmer and try to do it that way if this turns out to be next to impossible…
Thanks for your help!
Does your dumped BIOS contain the ME section?
Error 28 means you need to do an edit with tool in DOS on your end (Or I can unlock in BIOS file, but you must program it in with programmer before it’s unlocked)
Here is the tool, try PRR2 first, then if no luck try PRR - http://s000.tinyupload.com/index.php?fil…400459610089845 (For this, you need everything on bootable DOS USB, including all contents of FPT/DOS folder, and BIOS region file all on root of USB)
Before doing the PRR2/PRR thing, try putting system to sleep (S3) for one minute, then wake it up and try FPT flashing BIOS region again and see if you still get error 28 or not.
Thanks for info link, I trust that guy so I’m sure he’s given the correct edits (as long as you are using same BIOS version they posted those edits from - notice on page 4, different edits are given, so be sure you are editing the same BIOS version they gave the edits from)
Notice they mentioned PRR in that thread too, but looks like no one confirmed whether it worked or not, after mentioning and no one commented about it working or not they said flash only with programmer after that (As if someone said it failed to work?)