search

coderobe / VBiosFinder

Extract embedded VBIOS from (almost) any BIOS Update
GNU Affero General Public License v3.0
133 stars 21 forks source link

Dell XPS BIOS updater format not supported {XPS 9560, XPS 9550, ...} #2

Open wbushey opened 6 years ago

wbushey commented 6 years ago

I've attempted to extract the nVidia GPU BIOS from the following Dell XPS 9560 Bios update files with out success:

In both cases I had innoextract, upx, 7z, and UEFIDump installed and available to vbiosfinder.

OS: Debian 9.4 Ruby: 2.5.0

./vbiosfinder extract ~/Downloads/XPS_15_9560_1.8.1.exe 
output will be stored in '/home/bill/Development/VBiosFinder/tmp-vbiosfinder'
checking for ruby... yes

trying to extract ./XPS_15_9560_1.8.1.exe
checking for innoextract... yes
not extractable with innoextract
checking for upx... yes
not extractable with upx
checking for 7z... yes
not extractable with 7z
checking for UEFIDump... yes
not an uefi image
Cleaning up garbage
coderobe commented 6 years ago

Oh yeah, I've taken a look at the BIOS of the XPS 9550 in the past, which i assume to be similar, and couldn't figure out how the update was packed. I doubt any laptop BIOS from the XPS family currently works, as they don't seem to employ the usual BIOS updater methods. If you have any information regarding their updater format i'd love to hear it.

coderobe commented 6 years ago

I've dug around a bit more and with https://github.com/coderobe/VBiosFinder/commit/ea89d34da221eace3b3aecbbb12709ac62c6e16c i'm able to extract uefi data from the dell updaters now, though it looks like either they're only partial uefi images (like some sort of delta update?) or my patch doesn't catch all the data, or they don't actually have the vbios in the uefi roms

stzokev commented 5 years ago

I'll post here, so I do not open new issue. I tried to extract from Dell Precision 7520 (https://downloads.dell.com/FOLDER05273023M/1/Precision_7x20_1.13.0.exe) but got nowhere:


silver@Sneak:/mnt/c/Users/Silver/Desktop/VBiosFinder-master$ ./vbiosfinder extract /mnt/c/Users/Silver/Desktop/VBiosFinder-master/Precision_7x20_1.13.0.exe
output will be stored in '/mnt/c/Users/Silver/Desktop/VBiosFinder-master/tmp-vbiosfinder'
checking for ruby... yes

checking for innoextract... yes
checking for upx... yes
checking for 7z... yes
trying to extract ./Precision_7x20_1.13.0.exe
found polyglot archive
trying to extract ./Precision_7x20_1.13.0.exe-polyglot
found polyglot archive
trying to extract ./Precision_7x20_1.13.0.exe-polyglot-polyglot
found zlib archive
trying to extract ./Precision_7x20_1.13.0.exe-polyglot-polyglot-zlib
found polyglot archive
trying to extract ./Precision_7x20_1.13.0.exe-polyglot-polyglot-zlib-polyglot
extracting uefi data
trying to extract ./Precision_7x20_1.13.0.exe
found UEFIExtract archive
trying to extract ./Precision_7x20_1.13.0.exe-polyglot
found UEFIExtract archive
trying to extract ./Precision_7x20_1.13.0.exe-polyglot-polyglot
found UEFIExtract archive
trying to extract ./Precision_7x20_1.13.0.exe-polyglot-polyglot-zlib
trying to extract ./Precision_7x20_1.13.0.exe-polyglot-polyglot-zlib-polyglot
Cleaning up garbage
/usr/lib/ruby/2.3.0/fileutils.rb:717:in `remove_entry_secure': parent directory is world writable, FileUtils#remove_entry_secure does not work; abort: "/mnt/c/Users/Silver/Desktop/VBiosFinder-master/tmp-vbiosfinder" (parent directory mode 40777) (ArgumentError)
        from /mnt/c/Users/Silver/Desktop/VBiosFinder-master/src/cli.rb:27:in `block in extract'
/var/lib/gems/2.3.0/gems/cocaine-0.5.8/lib/cocaine/command_line.rb:82:in `run': Cocaine::CommandNotFoundError (Cocaine::CommandNotFoundError)
        from /mnt/c/Users/Silver/Desktop/VBiosFinder-master/src/extract-uefi.rb:20:in `uefi'
        from /mnt/c/Users/Silver/Desktop/VBiosFinder-master/src/extraction.rb:8:in `call'
        from /mnt/c/Users/Silver/Desktop/VBiosFinder-master/src/extraction.rb:8:in `attempt'
        from /mnt/c/Users/Silver/Desktop/VBiosFinder-master/src/methods.rb:45:in `block in run'
        from /mnt/c/Users/Silver/Desktop/VBiosFinder-master/src/methods.rb:43:in `each'
        from /mnt/c/Users/Silver/Desktop/VBiosFinder-master/src/methods.rb:43:in `run'
        from /mnt/c/Users/Silver/Desktop/VBiosFinder-master/src/cli.rb:36:in `extract'
        from /var/lib/gems/2.3.0/gems/thor-0.20.0/lib/thor/command.rb:27:in `run'
        from /var/lib/gems/2.3.0/gems/thor-0.20.0/lib/thor/invocation.rb:126:in `invoke_command'
        from /var/lib/gems/2.3.0/gems/thor-0.20.0/lib/thor.rb:387:in `dispatch'
        from /var/lib/gems/2.3.0/gems/thor-0.20.0/lib/thor/base.rb:466:in `start'
        from _init.rb:7:in `<main>'```

It spend a good amount of time (5 mins or more) on the step before "Cleaning up garbage"
stzokev commented 5 years ago

@coderobe I tried on the [0] file inside the .exe and got further. Can you confirm that you get that as well:


trying to extract ./[0]
found UEFIExtract archive
trying to extract ./[0]-polyglot
found UEFIExtract archive
trying to extract ./[0]-polyglot-zlib
trying to extract ./[0]-polyglot-zlib-polyglot
found UEFIExtract archive
trying to extract ./mkmf.log
found UEFIExtract archive
filtering for modules...
got 216 modules
finding vbios
no candidates found :(
input contains uefi data but no vbios could be found
the vbios might not be baked into the input!
stzokev commented 5 years ago

@coderobe If you could just confirm whether there is vbios in this https://downloads.dell.com/FOLDER05273023M/1/Precision_7x20_1.13.0.exe I would appreciate it.

mani-rai commented 5 years ago

Same for XPS 9570 bios version: 1.12.0 as well. no candidates found :(

T-vK commented 3 years ago

Hello everyone, I found a way to unpack the BIOS update to the point that VBiosFinder was able to extract the vBIOS ROMs.

Is there any chance we can add that functionality to VBiosFinder directly?

https://github.com/T-vK/DellBiosUnpackerPOC

Tested against this BIOS Update: https://dl.dell.com/FOLDER07188382M/1/XPS_15_9575_2-in-1_1.15.1.exe

Edit: @wbushey @stzokev @mani-rai I just tested it against the BIOS updates you linked and it works as well.

T-vK commented 3 years ago

@coderobe I just noticed your thumbs-up. Can we talk about integrating this into VBiosFinder?

coderobe commented 3 years ago

yeah, sure - if you translate hdr-unpack to ruby i'll integrate it in here i sadly don't currently have the time to look into that myself, but it looks like it should be fairly straightforward.

T-vK commented 3 years ago

Unfortunately I have no experience with Ruby at all. I'll see if I can figure it out though.

T-vK commented 3 years ago

@coderobe Okay, so I learned a bit of ruby now and ported the script: https://github.com/T-vK/DellBiosUnpackerPOC/blob/master/hdr-unpack.rb

Tested and works like a charm.

coderobe commented 3 years ago

alright - thanks! i'll look into merging it.

T-vK commented 3 years ago

I had a small bug in unpack.sh that I just fixed. I accidentally wrote ruby ./hdr-unpack.py "$BIOS_UPDATE_FILE" instead of ruby ./hdr-unpack.rb "$BIOS_UPDATE_FILE". (wrong file extension)

ixil commented 3 years ago

Just gave this a go on dell xps 9560, says it was successful :) thank @T-vK and @coderobe

Took me a little bit to work out why I was getting this error message: (had not checked out the new_engine branch)

/home/ixil/dev/VBiosFinder/vendor/bundle/ruby/3.0.0/gems/terrapin-0.6.0/lib/terrapin/command_line.rb:82:in `run': Terrapin::CommandNotFoundError (Terrapin::CommandNotFoundError)
    from /home/ixil/dev/VBiosFinder/src/extract-uefi.rb:20:in `uefi'
    from /home/ixil/dev/VBiosFinder/src/extraction.rb:8:in `call'
    from /home/ixil/dev/VBiosFinder/src/extraction.rb:8:in `attempt'
    from /home/ixil/dev/VBiosFinder/src/methods.rb:46:in `block in run'
    from /home/ixil/dev/VBiosFinder/src/methods.rb:44:in `each'
    from /home/ixil/dev/VBiosFinder/src/methods.rb:44:in `run'
    from /home/ixil/dev/VBiosFinder/src/cli.rb:36:in `extract'
    from /home/ixil/dev/VBiosFinder/vendor/bundle/ruby/3.0.0/gems/thor-0.20.0/lib/thor/command.rb:27:in `run'
    from /home/ixil/dev/VBiosFinder/vendor/bundle/ruby/3.0.0/gems/thor-0.20.0/lib/thor/invocation.rb:126:in `invoke_command'
    from /home/ixil/dev/VBiosFinder/vendor/bundle/ruby/3.0.0/gems/thor-0.20.0/lib/thor.rb:387:in `dispatch'
    from /home/ixil/dev/VBiosFinder/vendor/bundle/ruby/3.0.0/gems/thor-0.20.0/lib/thor/base.rb:466:in `start'
    from _init.rb:7:in `<main>'
T-vK commented 3 years ago

Btw @coderobe , any progress? :)

Th3Guardian commented 2 years ago

Hey, would you guys be able to extract from this one https://dl.dell.com/FOLDER07981163M/1/XPS_9570_1.23.0.exe and this one? https://dl.dell.com/FOLDER06224897M/1/XPS_9570_1.16.2.exe Thanks, much appreciated.

Since the nvbios is in the main bios, I don't suppose normal flashing with nvflash would work? Do I need to use an SPI programmer and sort of inject the "new" nvbios or edited nvbios into the current bios thus making a modded bios? If so, how would I go about flashing a modded bios on an XPS 9570? Will that even work?

Thanks for any help guys, and sorry if this is the wrong forum for it,

Thanks, kind regards,

David

coderobe commented 2 years ago

If you plan on flashing a modded bios, you're likely SOL there as you have no way of signing the updated package.

T-vK commented 2 years ago

I have modded BIOSes on non-Dell notebooks before and have been able to flash the resulting unsigned BIOSes using a hardware SPI flasher, but it involves opening the notebook and attaching a clamp to the SPI chip that stores the BIOS.

Th3Guardian commented 2 years ago

Yeah, and I would go about doing it with a CH341 programmer and an SOIC8 SOP8 Test Clip right? (Or whatever it's called).

Would this be the only way of getting an edited nvbios (or new) to the mainboard bios? Eg getting a 1050 Ti bios on the mainboard bios. Right now a Max Q bios is sitting on it, and I'm unsure if I can flash such a bios with nvflash, if it's sitting on the mainboard I mean. (Since reading with GPUz is not supported).

(But for a start, would you be able to extract the rom file from the 1.23 exe I provided? Thanks dude, really.)