@klaxklax3 - From Flash Programming Tool folder, inside that find the Windows or Win/Win32 folder. Select that Win folder, hold shift and press right click, choose open command window here (Not power shell).
At the command prompt type the following command and send me the created file to modify/check etc, and this is the file you should use from now on (redo your edits on this, flash via FPT etc) >> FPTw.exe -bios -d biosreg.bin
Once you dump this file, immediately try to reflash the dumped biosreg.bin back, so we can see what error you get and I can tell you how to get around that so you can flash mod BIOS >> FPTw.exe -bios -f biosreg.bin
Show me image of error if any, if red/size error stop and DO NOT proceed, show me command/error image
V2 on FFT error, must be due to the broken BIOS, that has nothing to do with ME (And if it did that would be wrong too, because you already have V2 ME and are trying to flash BIOS with V2 ME in it too, so unrelated things here)
If you’ll answer my question from post #11 I can tell you how/where to edit iscflash.dll - or is that what you are showing above? If yes, that’s not the original “invalid error” you mentioned earlier/always until now… So as you can see, I still need to know which error you need to bypass.
But, I still say that is broken BIOS too and I would not flash it, but if you want to try I need to know exact error it gives you when you try, then we can bypass.
If someone here is planning to (or has successfully) edited the DLL, maybe sharing it here will benefit others that are blocked by the same issue.
Preferably, modify the latest known version of H20FFT Flash tool (ver 5.74 from 2017). Attaching the file: H20FFT_x86_WIN_5.74.zip to this post, so others can try at the same time I will try to hack the checks out.
if I succeed myself, I will also post it here.
Instead of having to reverse/debug it, do you already know the address of that check?
H20FFT_x86_WIN_5.74.zip (1.56 MB)
@DvL - This needs to be done on a case by case basis, at least for most BIOS packages since the files all differ. But yes, it could be done for that “Standard/stock” Flash package too, but I’m not sure what all BIOS are compatible with that tool anyway, have you flashed anything non-modified with it successfully?
For the version and files you linked, I need to know the exact error you want to bypass, so I can search for it via search instead of manually digging through 100’s of coding blocks (Which I’m not going to do, it’s too tedious)
hey, did you succeed in modding the dll?
i could need it 
Where can I find the QA.pfx?
Hi Lost_N_BIOS
First of all, thank you for explaining such useful information which I’ve been searching for months. As you mentioned, no matter what parameter we change in platform.ini. InsydeFlash would ignore them because those parameters embedded inside BIOS.fd so I’ve tried to hex edit fd file to change parameters inside the file but I get error message after computer reboot into BIOS.
----------------------------------------------
InsydeH20 - Secure Flash
Error : Invalid firmware image!!!
Please press any key to reset system…
------------------------------------------------
Then I know for sure, it does checksum before flashing. You also mentioned that modifying iscflash.dll could bypass this error. I use debuging program to search for string “Invalid firmware image!!!” but I can’t find it. Now I come to the dead end.
I hope to hear from you soon.
@Rexkh - Stock BIOS package and model name would help a lot here. If we cannot bypass by editing iscflash.dll, or FPT/H2OUVE flash/bypass then you will need flash programmer.
Here is the BIOS file. If somehow we can force flasher to use parameters from platform.ini instead of from fd file, I would be able to remove the password. Please take a look.
ZQS_218.zip (3.04 MB)
Does anyone have an Alienware M17x R4 A15 unlocked BIOS please?
Thanks.
@thewizardoz - I can unlock it for you, (result/proof here)please do the following and tell me what error you get at step #2
You may need flash programmer, not sure. The above guy already had one due to he corrupted his ME FW and needed that fixed before I even mentioned unlocking to him. So, we did not try do get mod BIOS to flash other ways, so we’ll have to now.
If you do not have Intel ME drivers installed, install them now from your system driver download page, then start over here after reboot.
Check your BIOS’ main page and see if ME FW version is shown. If not then > DOWNLOAD HWINFO64 HERE <
Once HWINFO is open, look at the large window on the left side, expand motherboard, and find the ME area.
Inside that section is the ME Firmware version. Take note of the version. (ie. write it down or get a screenshot)
Once you have that, go to the thread linked below, and in the section “C.2” find and download the matching ME System Tools Package for your system.
(ie if ME FW version = 10.x get V10 package, if 9.0-9.1 get V9.1 package, if 9.5 or above get V9.5 package etc)
> DOWNLOAD " ME System Tools " packages HERE <
Once downloaded, inside you will find Flash Programming Tool folder, and then inside that a Windows or Win/Win32 folder (NOT x64).
Highlight that Win/Win32 folder, then hold shift and press right click. Choose “open command window here” (Not power shell! >> * See Registry file below *).
If you get an error, reply to this post with a screenshot of it, OR write down the EXACT command entered and the EXACT error given.
((If “open command window here” does not appear, look for the “Simple Registry Edit” below…))
Now you should be at the command prompt.
You are going to BACKUP the factory un-modified firmware, so type the following command:
Command: " FPTw.exe -bios -d biosreg.bin "
>> Attach the saved "biosreg.bin ", placed into a compressed ZIP/RAR file, to your next post!!! <<
Right after you do that, try to write back the BIOS Region dump and see if you get any error(s).
Command: " FPTw.exe -bios -f biosreg.bin "
^^ This step is important! Don’t forget! ^^
If you get an error, reply to this post with a screenshot of it, OR write down the EXACT command entered and the EXACT error given.
Here is a SIMPLE REGISTRY EDIT that adds “Open command window here as Administrator” to the right click menu, instead of Power Shell
Double-click downloaded file to install. Reboot after install may be required
> CLICK HERE TO DOWNLOAD CMD PROMPT REGISTRY ENTRY <
If the windows method above does NOT work for you…
Then you may have to copy all contents from the Flash Programming Tool \ DOS folder to the root of a Bootable USB disk and do the dump from DOS
( DOS command: " FPT.exe -bios -d biosreg.bin " )
@Rexkh - Before I download anything, what is the model name of this, so I can keep in proper folder?
Password?? What do you mean about a password? If there is a BIOS password set, you need to ask for help with this at BIOS-mods.com forum, I cannot remove passwords nor tell you what the current password is, but they can help.
Flashing in stock BIOS will not remove password either, possibly if programmed in it might, but then you’d also loose your serial and other system specific info if not done correctly (ie edit BIOS first, put info in etc).
If you main issue is BIOS password, then you need to ask for help at BIOS-mods.com forum, or possibly tag DeathBringer in here and he may help.
Well, forget about password. As you may already know that Bios file (ZQS.fd) contains built-in parameters which is the same as platform.ini. No matter what you change in platform.ini, Flasher would take only built-in parameters. My goal is to customize some of those parameters. There are two way to do it. First, force Flasher to take parameters from plaform.ini which is the question of how. Second, modify built-in parameters inside ZQS.fd) by using Hex Editor. For the second method, Flasher checks ZQS.fd. If it sees that ZQS.fd is modified (I think it has checksum), it would say "Invalid bios image" so, to fix it, we have two options, force Flasher to take parameters from platform.ini or create checksum that trick Flasher in thinking that modified ZQS.fd is stock bios file. Do you have any idea?
Acer Aspire E1-431.
@Rexkh - Password has nothing to do with platform.ini - And as for Platform.ini I told you cut BIOS from the fd, rename it to the stock fd name, and then it does not have built in platform.ini and will only use what is in platform.ini you put in folder.
Do you need me to do that for you? ^^ in the stock.fd file >> BIOS starts at 0x13FE0h and ends at 0x413FDFh, cut this to new file, rename to stock.fd, then proceed with your mod platform.ini
Then you only need to edit iscflash.dll to bypass whatever error you get (Show me image). If that also fails, and gives you "invalid Image" then you need to edit iscflash.dll or InsydeFlash.exe to bypass that error
How to check for starting and ending point? All bios file start and end with those address?
I gave you the start and end point, do you need me to cut the file for you? No, that only applied to this BIOS stock fd file.
Please look at the picture.
I get this error. Any workaround?
@Rexkh - you may need to go the FPT route, please do what I mentioned for FPT in post #24 and tell me what error you get at step #2, then do the following below and send me your vars
Please download the following package, and run the command below from each versions folder that directly contains it’s exe.
Once done, copy the entire folder somewhere, delete everything but any created vars.txt and then repackage this and send to me, this way all created vars.txt remain in place in the folders of the version that created them.
http://s000.tinyupload.com/index.php?fil…212104496994806
Here is modified iscflash.dll you can try to see if this bypass that error. Also, be sure you are modifying platform.ini to not do any checks, and not require secure flash etc.
Try this with cut BIOS and original .fd BIOS edited, try both ways and this mod .dll Sorry, I cannot see or find this error message in assembly on this iscflash.dll, so we’ll have to go FPT route if platform.ini info here does now help
About platform.ini, did you make this change, seems it disables Secure Flash >>
; Supports on WIN SHELL flash.
[FlashSecureBIOSOverride]
EnableFlashSecureBIOSOverride=0 << Set #1
Action=1
;EnableFlashSecureBIOSOverride (WS)
; default : 0.
; 0 : Disable action override. Use the action which returned from BIOS.
; 1 : Enable the action override when flashing secure BIOS in OS.
That may not be what, or how it looks though, not sure.
Also, always add this at top to SwitchString (include quotes as typed below when you add)
SwitchString="PTDIS RESSEN PJMDDIS"
Or, you can also try running via Admin CMD Prompt, the following command >> Insydeflash.exe biosfilename.fd -forceit
I had changed EnableFlashSecureBIOSOverride to 1 before I modified InsydeFlash.exe. It didn’t work. That’s why I modified it in the first place. I follow your sophisticated instruction and was able to dump my bios file. Please check the attachment.
I’ve tried to flash dump bios file back and got error message “Error 28: Protected Range Registers are currently set by BIOS, preventing flash access. Please contact the target system BIOS vendor for an option to disable Protected Range Registers”
What should I do next?
AspireE1-431.zip (1.88 MB)
Show me image of the error, including the command you entered. Sad to see 28, hopefully we can get around, but it’s not ideal as some others to bypass.
After you get image for me, then please put system to sleep (S3, not hibernate) and then wait 3 minutes. Then wake it up and try FPT BIOS region flash back again and see if you get same error or not. If you do, then your BIOS does not have S3 sleep bug, we’ll move along.
Please download the following package, and run the command below from each versions folder that directly contains it’s exe.
Once done, copy the entire folder somewhere, delete everything but any created vars.txt and then repackage this and send to me, this way all created vars.txt remain in place in the folders of the version that created them.
http://s000.tinyupload.com/index.php?fil…212104496994806
H2OUVE.exe -gv vars.txt
* edit - what is above attached file?