Bios Mods / Hidden Menu Unlock -> 2G RAM?

Discussion in 'Modding and Customization' started by gnubeard, Oct 28, 2009.

  1. gnubeard

    gnubeard

    Joined:
    Dec 15, 2008
    Messages:
    29
    Likes Received:
    0
    While testing my toolchain for hacking up the AAO BIOS, I created a "quiet bios" for my AAO ZG5. Fully tested - it works fine. It is based on the v3310 BIOS image. This modified image removes the "Press <F2> to enter Setup" and other pre-boot strings. The functionality still works, naturally - you just don't see the messages. It occurred to me it might be nice for those playing with different boot logos, so it is included here.

    http://rapidshare.com/files/298879165/h3310.zip.html
    http://rapidshare.com/files/298879491/h3310.zip.html
    http://rapidshare.com/files/298879860/h3310.zip.html

    If you're using a different BIOS version, or if you want to change to a custom message. You can just search for the bytes in the uncompressed BIOS image. The individual characters are separated by nulls.
     
    gnubeard, Oct 28, 2009
    #1
  2. gnubeard

    lordofazeroth

    Joined:
    Oct 23, 2008
    Messages:
    44
    Likes Received:
    0
    Re: Quiet BIOS

    How did you change the options?
    Are there other modifications, that can be made?
     
    lordofazeroth, Nov 10, 2009
    #2
  3. gnubeard

    gnubeard

    Joined:
    Dec 15, 2008
    Messages:
    29
    Likes Received:
    0
    Re: Quiet BIOS

    I opened the 3310.fd BIOS image in EzH2O. That uncompresses the FD image into RAM.

    Then I used Winhex to attach to the EzH2O process, and scoured the BIOS image in RAM to find the English text strings. The strings are Unicode, not ASCII

    After editing in WInhex, I just save the image as normal in EzH2O.

    The whole process is very manual. I've done some experimentation trying to uncompress / recompress the FD images w/o using EzH2O, so that the process is less manual and it would be possible to write a program which allows the BIOS images to be themed/patched to a point.. I can recompress the image, and it sucessfully loads into EzH2O but the stats dialog when the program initially starts is different. So I'm not sure it is safe to flash.

    Other mods are certainly possible. I'm fairly certain I've found a few locations in the BIOS image which govern the colors used in the BIOS/setup program, for instance - I'm also able to prep an image that I believe would unlock the hidden menus in the BIOS - but again, haven't had the guts to actually test that. Accessing the hidden menus is what I'm really interested in - changing the printed strings was just a safe mod that I was comfortable performing on my AAO to test the whole process, make sure the edits w/ winhex were being saved out, that the flash program would honor the modded BIOS (no CRC or signature or something that needed updating as well), etc, etc.

    The hidden menus appear to have options available to change some advanced settings - it appears that it will allow you to change memory timings, and possibly even disable the on-board RAM. That would probably open the door to a 2G mod on early AAOs.

    At this point, I'm casually/occasionally looking to pick up a used/half-broken AAO to test further on. For example, something with a shattered LCD that I can pick up for next-to-nothing to test the experimental BIOS images on.

    If someone has an AAO they are willing to donate, or let go cheaply - please contact me. Also, if you're just willing to experiment on yours for whatever reason (you have a second/newer AAO), contact me and we can discuss the options for the BIOS image you'll test, what your risk threshold is, etc :)

    The crisis recovery mode SHOULD still work, even with a completely fux0rd BIOS. But, hey - don't blame me if your AAO remains brain dead forever.
     
    gnubeard, Nov 12, 2009
    #3
  4. gnubeard

    Muzafsh

    Joined:
    Sep 1, 2009
    Messages:
    75
    Likes Received:
    0
    Re: Quiet BIOS

    Great Gnubeard !!!

    Good that somebody finally has dared to look into the bios and attempted to mod it.

    To what i understand now we should spend sometime to find if we can find a spare AAO for testing the modded bios from time to time.

    hmmmmm.......let's see if we can find one.

    So 2 Gigs of Memory might not be 2 far.......hopefully !!!

    :)
     
    Muzafsh, Nov 14, 2009
    #4
  5. gnubeard

    Muzafsh

    Joined:
    Sep 1, 2009
    Messages:
    75
    Likes Received:
    0
    Re: Quiet BIOS

    :)
     
    Muzafsh, Nov 14, 2009
    #5
  6. gnubeard

    gnubeard

    Joined:
    Dec 15, 2008
    Messages:
    29
    Likes Received:
    0
    Re: Quiet BIOS

    Yeah, the only thing that is holding me back is lack of a machine to test on. I'm pretty sure I have the BIOS figured out, but I can't risk testing on my AAO. It is my means to do my job, so I have to be very careful with hacks and updates.

    Some weekends I get *REALLY* tempted to flash a hacked BIOS. .. I think to myself "well, I'm not working and I'll have a day or two to either fix it or go out and drop the $400 on a new one .. so why not just try?" .. I guess I'm lucky that I'm not really a drinker, otherwise I'm sure one to many beers would have pushed me over the edge :D
     
    gnubeard, Nov 15, 2009
    #6
  7. gnubeard

    Muzafsh

    Joined:
    Sep 1, 2009
    Messages:
    75
    Likes Received:
    0
    Re: Quiet BIOS

    hold on Gnubeard !!! just stay put with the...

    "I'm pretty sure I have the BIOS figured out, " :idea: :ugeek: :idea: :ugeek: :idea: :ugeek: :idea:

    lets see if we can find somebody with a half dead AAO

    Glad that you don't drink. don't want to loose another AAO

    Gnubeard as you are the one who has started this thread, can you please check if you can modify the heading of this thread from "quiet bios" to something like "2 Gig's of RAM may be just round the corner - Need Testers !!!"

    That way i am sure a lot of the people would flock by.
     
    Muzafsh, Nov 15, 2009
    #7
  8. gnubeard

    Muzafsh

    Joined:
    Sep 1, 2009
    Messages:
    75
    Likes Received:
    0
    Re: Quiet BIOS

    Guys out there, we need all those who know and have experimented as much with flashing and RESTORING the bios. We may need especially the RESTORING part most!!! As we want to take the modification of the bios slowly, Step-by-Step(tweaking the lesser aspects of it first before finally hitting the RAM mod !!!).......The last thing we don't need is another test-AAO going brain dead. As getting one for this testing...is a challenge itself. Don't want to lose it...that easily!!!
     
    Muzafsh, Nov 15, 2009
    #8
  9. gnubeard

    gnubeard

    Joined:
    Dec 15, 2008
    Messages:
    29
    Likes Received:
    0
    Re: Quiet BIOS

    Alright I've changed the title.. lets see if anyone steps up with an AAO to sacrifice -- er, I mean test on :twisted:

    If anyone has a defective AAO ZG5 or similar, please contact me. At your discretion, I can either send you a BIOS file to flash for testing, or (preferrably) I would be willing to pay a negotiable sum for your unit to use as my test board. Once I have a machine to use for testing, a modded BIOS with the hidden menus unlocked shouldn't be far behind.
     
    gnubeard, Nov 15, 2009
    #9
  10. gnubeard

    jerryt

    Joined:
    Jan 5, 2009
    Messages:
    839
    Likes Received:
    0
    Well, I may be able to help. I can test with the following items.

    1) Spare motherboard.
    2) A setup for testing motherboards. (LCD, lower chassis, daughter board, etc...)
    3) An AOA SPI Bios chip programer, stand alone.
    4) Spare Bios chips.
    5) A Bios chip socket for quick change of Bios chip.

    What I don't have is a 2GB memory module. But I could order one if you make a recommandation on specifications.

    Awaiting further instructions...
     
    jerryt, Nov 16, 2009
    #10
  11. gnubeard

    gnubeard

    Joined:
    Dec 15, 2008
    Messages:
    29
    Likes Received:
    0
    Wow! Sweet set up :mrgreen:

    Well, it sounds like you are in an ideal position to taste test some of the crap I cook up :) You have a digital cam for taking screenshots for me? Strictly speaking for testing, you shouldn't really need a 2GB stick. At this point, it would be a major win just to open up the menus. From what I can tell in my hex editor, there are hidden options to alter memory timings and disable either memory bank. Whether or not the "disable" option is "greyed out" for the internal memory at run time I can't say.. when we get to that point, if you can disable the 512M builtin RAM and boot up with a recognized total memory = to whatever size stick you have (1G, I presume), then we can start to scheme about the 2G upgrade. I have a pair of 2G DDR2 that came out of my old laptop; if we can get that far safely, I'll flash my own machine and try one of those sticks.

    For now though, I'll PM you an FD that I made. I think I still have a copy, if not I'll make a new one - wasn't hard. It is not hacked, but it is a simple uncompressed/recompressed FD - an otherwise stock 3310. It loads into EzH2O fine, but gives weird specs. I hope that the decompression code in flashit is liberal enough to let it all work .. If it flashes successfully (try the DOS flashit, crisis recovery and your burner, I guess.. nice!) that will be great, because it means I can create patch files and programs to do the work and track changes instead of having to manually edit everything and save via EzH2O. In either case, I'll get back to work on the edits to open the hidden menus.. give me a bit of time to take notes on all the changes I've made so far to the menu scheme so that if it doesn't work, I have something to go on...

    I really hope this recompressed FD flashes and works OK though. It will make things a lot easier.. not only is manual hexing a pain in the ass, but to add insult to injury I have to do it under windows. Thank god for VMware :)
     
    gnubeard, Nov 16, 2009
    #11
  12. gnubeard

    Muzafsh

    Joined:
    Sep 1, 2009
    Messages:
    75
    Likes Received:
    0
    Now we are talking !!!

    Thanks JerryT, Can you please confirm whether the list of things you have posted is the list you already have and volunteering for this test or is it a list of things that you may need ??? However spending on the 2 GB memory may be needed only in the final phase of this project. For now we can work with whatever additional memory that is currently available.

    The 2Gb mod has been the most elusive of all the mods.
    Anybody with the above and MORE(of whatever you've got) please volunteer !!!

    Lets all go by one simple motto " Keep the spending low, and test with what ever we have......."


    Getting 2GB Memory is our final goal,

    However the first goal is to modify the current bios and test it for other smaller tweaks as 'Gnubeard' seemed to have already started on. This is just to get comfortable with the bios and achieve a stable.......

    "Modify - Test - Undo & restore last working state" ROUTINE !!!

    Once we have mastered the above routine. we move on to the more complex aspects of the bios.

    And when we finally are ready to work on the onboard-memory part of the bios.
    The goal then would be to, just disable the onboard memory and boot with whatever additional memory one may have (512Mb or 1GB) successfully.

    And If all goes well, Inshaallah !!! we may after all, succeed at the most elusive mods of this forum.

    cheers !!! ;)
     
    Muzafsh, Nov 16, 2009
    #12
  13. gnubeard

    Muzafsh

    Joined:
    Sep 1, 2009
    Messages:
    75
    Likes Received:
    0
    Great Gnubeard, you already seemed to have started on it. missed your post before posting mine :lol:
     
    Muzafsh, Nov 16, 2009
    #13
  14. gnubeard

    jerryt

    Joined:
    Jan 5, 2009
    Messages:
    839
    Likes Received:
    0
    Yes, these are items I already have. I will test the first version tomorrow.
     
    jerryt, Nov 16, 2009
    #14
  15. gnubeard

    jerryt

    Joined:
    Jan 5, 2009
    Messages:
    839
    Likes Received:
    0
    @ Gnubread your 1st beta bios, errors on writing with flashit in DOS.

    "Error: This ROM file size isn't correct.

    Error: ROM size: FFE67 Correct bios size 100000"

    By the way, here are the flashit command line switches that I found;
    /X Non-IHISI flash process (Broadwater)
    /DC Disable comparsion in normal flash process
    /RC Reset cache (Must use with /X)
    /BIOS Flash Intel BIOS region (Must use with /X)
    /? , H This flash utility help
    /1 Save current BIOS to file (1Mbits from memory)
    /2 Save current BIOS to file (2Mbits from memory)
    /4 Save current BIOS to file (4Mbits from memory)
    /8 Save current BIOS to file (8Mbits from memory)
    /16 Save current BIOS to file (16Mbits from memory)
    /AB Check battery life percent
    /AC Do not check AC plug in
    /ALL Flash all
    /B Flash PEI volume
    /BEEP On flashing beep
    /BIOS Flash BIOS region
    /C Clear COMS
    /Desc Flash DESC region
    /DI Disable ID display
    /E:Offset(Hex), Size(Hex), Address(Hex)
    Update fix size from file offset to physical address

    /EC Flash EC (by applicaion)
    /EC:String Flash EC (by applicaion) and BIOS (by IHISI)
    /ECB Flash EC (by applicaion) with BIOS (by IHISI)
    /EV Erase variable (ASCII)
    /EVG:GUID Erase variable (ASCII) by user's GUID
    /FD Flash DXE
    /FE Flash EC
    /FILE:FILENAME Before Flash to erase variable from file.
    /FL Flash logo
    /FM Flash CPU Microcode
    /FN Flash OEM NVS
    /FP Flash password
    /FT:value Flash OEM special type
    /FV Flash Variable
    /G Save current BIOS to file (from IHISI).
    /GbE Flash GbE region
    /GU:String Compare GUID with current BIOS
    /I:String Update logo. (may need Himem.sys)
    /LF Load Fd file by another floopy disk
    /LG:String GUID. Update small logo required.
    (Must use with /I, /WV, /WU)
    /MC Skip all platform model check
    /ME Flash ME region
    /N Do not reboot after flash
    /O:String Output file (Must use with /I)
    /PI Dump BVDT protection MAP
    /PMCA:ModelName Used to check Platform model name
    /PMCAF:FileName Used to check Platform model name
    /PN Flash non-SPI flash part
    /PQ Query ROM protection MAP in current ROM
    /PR Query region MAP in current ROM
    /PS Flash SPI flash part
    /RB:Filename Read variable (To a binary file)
    /RM Protect the region who is not in the same address
    /RV Read variable
    /S Shutdown after flash
    /SE:String Compare serial number with current BIOS
    /U Show confirm message
    /UU:String Compare UUID with current BIOS
    /V Verify file integrity
    /WB:Filename Write variable (From a binary file)
    /WH:Filename Write HDCP key
    /WU:String Write variable (UNICODE)
    /WV:String Write variable (ASCII)

    btw i found info for /all

    ForceFlash]
    ALL=1
    BB_PEI=0
    CPU_Microcode=0
    Variable=0
    DXE=0
    EC=0
    Password=0
    OEM_NVS=0
    Logo=0
    Type#09=0
    Type#08=0

    ;ALL 1 -> Flash all ROM part. 0 -> Resverd all protect areas.
    ;BB_PEI, CPU_Microcode, Variable...
    ;1 -> Force flash these area if BIOS report them are protected areas.
    ;0 -> Protect these area if BIOS report them are protected areas.
     
    jerryt, Nov 16, 2009
    #15
  16. gnubeard

    gnubeard

    Joined:
    Dec 15, 2008
    Messages:
    29
    Likes Received:
    0
    Yeah, I had a feeling there is something special going on in their compression headers, just because of the weird stats that EzH2O gives upon loading the FD. You could try flashing just the PEI and DXE parts, to see if that bypasses the ROM size checks. You could also try disabling the platform checks, but I think that is just for model information, not ROM Integrity.

    I'll send you a link to another FD soon.. I'm not going to worry about the recompression stuff just yet, I guess.. and besides, this test clinches it for me anyhow - I need to get the headers straight so that it looks the same to EzH2O as well, so I can test that easily enough on my side. If/when I get an image that looks good in EzH2O, I'll send that along.

    The next image that I send will be an attempt at gaining access to the hidden menus. This is done by changing the menu sublevel ID to match the menu ID of the "normal" menus that are displayed. Hopefully the browser code will pick up those menus automatically. I am going to build at least two images.

    One will have just the higher-level "Advanced" menu changed over. My thinking being that if we can get to that one menu, it make links down into the other menus without requiring any other changes or elevating any other menus.

    The other will have all the sub-IDs changed, and maybe I'll have a few other variations as well. Gotta keep good notes for this one. :)

    Stay tuned. Same Bat-time. Same Bat-channel.
     
    gnubeard, Nov 17, 2009
    #16
  17. gnubeard

    Muzafsh

    Joined:
    Sep 1, 2009
    Messages:
    75
    Likes Received:
    0
    Yummmm.......something surely seems to be cooking here.

    Sorry Gnubeard & JerryT.
    Unfortuanately i am not a techie so may not be able to help you guys. However i can see and understand that Gnubeard is proceeding rightly. Proper Notes are extremely important here to pull this very very delicate procedure of an AOA. Seems like we are actually preparing for the AOA's bypass Surgery.

    Thanks JerryT that's a fantastic testing lab you have there.

    Let me know if you want some help at documenting and keeping tab of all the notes you may prepare here.

    Cheers, 'n' All the best !!!
     
    Muzafsh, Nov 17, 2009
    #17
  18. gnubeard

    Muzafsh

    Joined:
    Sep 1, 2009
    Messages:
    75
    Likes Received:
    0
    Hi,

    :ugeek: :ugeek: :ugeek: Gnubeard & :ugeek: :ugeek: :ugeek: JerryT,

    Is something happening in the background(i mean between you both, over private messages) ???


    In the meanwhile i found some material which may be helpful especially to :ugeek: Gnubeard as he is the one exploring the BIOS

    You can consider the below as a help guide to modify an 'Insyde bios'.......

    http://forums.mydigitallife.info/showth ... 902&page=2
    &
    http://translate.google.co.in/translate ... n%26sa%3DG


    Waiting with bated breath for the ever so elusive breakthrough !!!


    ;)

    --------
     
    Muzafsh, Nov 21, 2009
    #18
  19. gnubeard

    jerryt

    Joined:
    Jan 5, 2009
    Messages:
    839
    Likes Received:
    0
    Awaiting another Bios from Gnubeard...
     
    jerryt, Nov 21, 2009
    #19
  20. gnubeard

    Muzafsh

    Joined:
    Sep 1, 2009
    Messages:
    75
    Likes Received:
    0
    Oh! Ok!!!
     
    Muzafsh, Nov 22, 2009
    #20
Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.