I found 07261C8F-9F27-4409-BD78-2BB0B691F331_OemAutoDetectWLAN and 3FEDD4A3-8112-4534-8DB2-E886EB35075E_ErrorMessage containing WLAN card device id , and by removing ErrorMessage module and change jz to jmp in OemAutoDetectWLAN , I was succeed. But if I remove ErrorMessage , the machine can not boot from USB anymore. I found removing ErrorMessage module will cause this problem.
If I do not remove ErrorMessage , it will show “Error 1802: Unauthorized network card is plugged in - Power off and remove the network card.” And it will stuck here , can not boot into system. I can find these strings in IDA , but I don’t know how to find which function referenced to them.
@dsanke - Don’t remove error message module then Did you test leaving ErrorMessage module alone, only your edit to OemAutoDetectWLAN done to BIOS? What happens then?
What made you edit OemAutoDetectWLAN? Normally you only need to edit one module, the one that contains the actual error you get with device installed, so 3FEDD4A3-8112-4534-8DB2-E886EB35075E only would be the one to usually edit. Your comment >> If I do not remove ErrorMessage , it will show “Error 1802: Unauthorized network card is plugged in - Power off and remove the network card.” And it will stuck here , can not boot into system. ^^ This tells me the edit to07261C8F-9F27-4409-BD78-2BB0B691F331 is unnecessary (or wrong edit, if someone told you that one needs edited too), since 1802 error still present.
Test this edit - On Section_PE32_image_FEDD4A3-8112-4534-8DB2-E886EB35075E_ErrorMessage_body.efi 2250: 74 >> EB
Does that fix the issue?
What exactly did you edit in OEMAutoDetect? This would be what I would edit, if I were to edit that module. Section_PE32_image_07261C8F-9F27-4409-BD78-2BB0B691F331_OemAutoDetectWLAN_body.efi 0DE8: 5A >> 00
Yes, I see your edit in first image. I only asked why you edit that module? Ohh, sorry, I see yes, at end of my message I asked what you edited Let me look at that in IDA - OK, I see where that edit is now. Why do you make this edit, I don’t see any test before this jump, or any infinite loop there (Loop is further down, at address I gave above, edit there for this module if you want to bypass infinite loop)
Yes, I think you do not need to edit that OEMAutoDetect module was my point, since you still get 1802 after editing it (if you don’t remove error module), this means whatever you edited in OEMAutoDetect is not helping, not needed etc. If you do think you need to edit that module, this is where I would edit (as mentioned above >> extract “Body” then at DE8 >> 05 change to 00 to bypass infinite loop). And, if you do need to edit this module, that is the only infinite loop in the entire module, so this would have to be correct edit.
Or, as mentioned, only 3FEDD4A3-8112-4534-8DB2-E886EB35075E needs edited
When you say >> If I do not remove error module, only edit OEMAutoDetect, I cannot boot to system. << Does that mean you still in this case get error 1802? If yes, this as I said, edit to OEMAutoDetect is either not needed, or is not correct edit yet.
we can see there is a hex pattern "4CF5B200" in front of these instructions of detection. so i search this hex pattern in ErrorMessage of 610s too. lucky, i found it, only one place. i assume i got the right place.
and edit the jcc instruction to bypass all detections.
i dont have any 610s now, so i borrowed a m710q from a friend. lucky i put the errormessage (extracted from 610s) into its bios, and it show me a whitelist error message with boot stuck, that means i can use the m710q to test. after replaced the patched errormessage, i boot normally. lucky day.
Did you test leaving ErrorMessage module alone, only your edit to OemAutoDetectWLAN done to BIOS? What happens then?
