Uhh thanks but that's kinda missing the point of this - that I don't want binaries from random people on the internet.
I need to know how to extract it from the bios update files, not the bios already on the EEPROM.
On 03/06/2017 11:35 PM, Matt DeVillier wrote:
I have the IFD and ME from an x220 that I recently flashed with coreboot for a customer, extracted from their stock firmware, and verified working with the coreboot ROM I subsequently flashed. Can zip and send via email, or whatever you prefer
On Mon, Mar 6, 2017 at 10:23 PM, Taiidan@gmx.com Taiidan@gmx.com wrote:
On 03/05/2017 05:20 AM, Arthur Heymans wrote:
"Taiidan@gmx.com" Taiidan@gmx.com writes:
Well I managed to download the latest BIOS from the lenovo site, which
includes an ME update now the issue is that I can't seem to figure out how to extract it from the .FL1 and .FL2 files.
Those might have a length too long to fit a flash so you need to trim
those down before using ifdtool on those (If they contain and ifd of course) so depending on size of rom dd if=FL1(or 2)file of=vendor_bios.rom bs=1 count=xM
and then ifdtool -x vendor_bios.rom
It didn't work :( after that still "no flash descriptor found in this image"
These are the files and the flash chip on the board is 8M 8523776 '$01CB000.FL1' 8523776 '$01CB000.FL2' 8523776 '$01CB100.FL2' All of them have different hashes, but I do not know what makes them different (maybe it is for various board revisions?)
I would also like to know as to how I can re-flash the EC firmware if
that could potentially cause problems, I of course do not know if it has DMA.
Only existing tool to flash EC is using vendor tool.
EC are only accessed trough port mapped IO (or on newer ones also via memory mapped IO). EC itself does not have DMA afaik.
-- coreboot mailing list: coreboot@coreboot.org https://www.coreboot.org/mailman/listinfo/coreboot
Hi Taiidan, try following these instructions: 1) download the latest official BIOS update .exe file from your laptop manufacturer's website (Lenovo in this case) 2) open this .exe file with 7zip utility and extract all its' contents to a separate folder 3) most likely is that amoung these extracted files you will see a several megabytes binary file, which contains not just a BIOS image but also EC firmware image and some other images. Then you open this binary file in a hex editor like Okteta and search for some ASCII string symbols like for example _EC_IMG to e.g. locate the beginning of EC firmware block, and knowing what size in bytes the EC firmware should be - you cut the same amount of bytes after _EC_IMG text - and save into a new binary file Something like that, will probably work for you. Good luck in your research ;)
2017-03-07 5:23 GMT+00:00 Taiidan@gmx.com Taiidan@gmx.com:
Uhh thanks but that's kinda missing the point of this - that I don't want binaries from random people on the internet.
I need to know how to extract it from the bios update files, not the bios already on the EEPROM.
On 03/06/2017 11:35 PM, Matt DeVillier wrote:
I have the IFD and ME from an x220 that I recently flashed with coreboot for a customer, extracted from their stock firmware, and verified working with the coreboot ROM I subsequently flashed. Can zip and send via email, or whatever you prefer
On Mon, Mar 6, 2017 at 10:23 PM, Taiidan@gmx.com Taiidan@gmx.com Taiidan@gmx.com wrote:
On 03/05/2017 05:20 AM, Arthur Heymans wrote: "Taiidan@gmx.com" Taiidan@gmx.com Taiidan@gmx.com Taiidan@gmx.com writes:
Well I managed to download the latest BIOS from the lenovo site, which
includes an ME update now the issue is that I can't seem to figure out how to extract it from the .FL1 and .FL2 files.
Those might have a length too long to fit a flash so you need to trim
those down before using ifdtool on those (If they contain and ifd of course) so depending on size of rom dd if=FL1(or 2)file of=vendor_bios.rom bs=1 count=xM
and then ifdtool -x vendor_bios.rom
It didn't work :( after that still "no flash descriptor found in this image"
These are the files and the flash chip on the board is 8M 8523776 '$01CB000.FL1' 8523776 '$01CB000.FL2' 8523776 '$01CB100.FL2' All of them have different hashes, but I do not know what makes them different (maybe it is for various board revisions?)
I would also like to know as to how I can re-flash the EC firmware if
that could potentially cause problems, I of course do not know if it has DMA.
Only existing tool to flash EC is using vendor tool.
EC are only accessed trough port mapped IO (or on newer ones also via memory mapped IO). EC itself does not have DMA afaik.
-- coreboot mailing list: coreboot@coreboot.orghttps://www.coreboot.org/mailman/listinfo/coreboot
-- coreboot mailing list: coreboot@coreboot.org https://www.coreboot.org/mailman/listinfo/coreboot
Hello Taiidan,
Tuesday, March 7, 2017, 6:23:37 AM, you wrote:
Tgc>Uhh thanks but that's kinda missing the point of this - that I Tgc>don't want binaries from random people on the internet.
Alas, the 8duj28us.exe update and a few others I checked do not seem to contain the ME region or the descriptor. There is 8duj28us.exe with the ME update but it requires an already running ME to be applied. You could in theory extract the partitions from it and assemble into a valid ME region by constructing an FPT but that's not trivial. I would suggest you to just take the descriptor and ME region from "random people on the internet". The descriptor does not contain any code and the ME firmware is signed by Intel so it can't be backdoored by randos (there are much easier ways to hack people than stealing keys from Intel).
Tgc>I need to know how to extract it from the bios update files, not the bios already on the EEPROM.
Tgc>On 03/06/2017 11:35 PM, Matt DeVillier wrote: Tgc>>I have the IFD and ME from an x220 that I recently flashed with coreboot Tgc>>for a customer, extracted from their stock firmware, and verified working Tgc>>with the coreboot ROM I subsequently flashed. Can zip and send via email, Tgc>>or whatever you prefer
Tgc>?On Mon, Mar 6, 2017 at 10:23 PM, Taiidan@gmx.com Taiidan@gmx.com wrote:
Tgc>?On 03/05/2017 05:20 AM, Arthur Heymans wrote:
Tgc>?"Taiidan@gmx.com" Taiidan@gmx.com writes: Tgc>?Well I managed to download the latest BIOS from the lenovo site, which Tgc>?includes an ME update now the issue is that I can't seem to figure out Tgc>?how to extract it from the .FL1 and .FL2 files.
Tgc>?Those might have a length too long to fit a flash so you need to trim Tgc>?those down before using ifdtool on those (If they contain and ifd of Tgc>?course) Tgc>?so depending on size of rom Tgc>?dd if=FL1(or 2)file of=vendor_bios.rom bs=1 count=xM
Tgc>?and then ifdtool -x vendor_bios.rom
Tgc>?It didn't work after that still "no flash descriptor found in this Tgc>?image"
Tgc>?These are the files and the flash chip on the board is 8M Tgc>?8523776 '$01CB000.FL1' Tgc>?8523776 '$01CB000.FL2' Tgc>?8523776 '$01CB100.FL2' Tgc>?All of them have different hashes, but I do not know what makes them Tgc>?different (maybe it is for various board revisions?)
Tgc>?I would also like to know as to how I can re-flash the EC firmware if Tgc>?that could potentially cause problems, I of course do not know if it Tgc>?has DMA.
Tgc>?Only existing tool to flash EC is using vendor tool. Tgc>?EC are only accessed trough port mapped IO (or on newer ones also via Tgc>?memory mapped IO). EC itself does not have DMA afaik.
Tgc>?-- Tgc>?coreboot mailing list: coreboot@coreboot.org Tgc>?https://www.coreboot.org/mailman/listinfo/coreboot
On 03/08/2017 01:29 PM, Igor Skochinsky wrote:
Hello Taiidan,
Alas, the 8duj28us.exe update and a few others I checked do not seem to contain the ME region or the descriptor. There is 8duj28us.exe with the ME update but it requires an already running ME to be applied. You could in theory extract the partitions from it and assemble into a valid ME region by constructing an FPT but that's not trivial. I would suggest you to just take the descriptor and ME region from "random people on the internet". The descriptor does not contain any code and the ME firmware is signed by Intel so it can't be backdoored by randos (there are much easier ways to hack people than stealing keys from Intel).
Damn :[ There is also the .iso bios update with the .FL2 and FL1 files what about that?
I had heard rumors from a couple people that there are ME signing keys floating around in the darknet on some elite hacker forums so I was paranoid as I don't want to have my machine used to hack something important.
-
Igor Skochinsky -
qma ster -
Taiidan@gmx.com