Jump to content

Multi Manufacturer Pre-Activation


Recommended Posts

Putting the word “Gateway” @ F000:E840 in my VirtualPC BIOS activates A04597C6 & C86378C7 OEMBIOS files.

F000:E830											00 00				 ..
F000:E840 47 61 74 65 77 61 79 00-00 00 00 00 00 00 00 00 Gateway.........

Update:

With allot of trail and error I found that you can put the word 'Gateway' anywhere between F000:E840 and F000:E85F and it will activate with C86378C7 and A04597C6.

Edited by xehqter
Link to comment
Share on other sites


Yeah I think that both Gateway filesets will activate most gateway machines. But it is my understanding that each set contains at least 2 specific instances of Gateway that are found in a different section of the bios which is specific to each fileset. We need to find out what Gateway computers are specific to that area and make sure that our tools know to look in those specific areas for those specific filesets. ;) That's why I think the Gateway/EMACHINES fileset should be the one we use for now... until we come across a Gateway that does not activate and we record the area of the bios it is found in.

Link to comment
Share on other sites

Putting the word “Gateway” @ F000:E840 in my VirtualPC BIOS activates A04597C6 & C86378C7 OEMBIOS files.

F000:E830											00 00				 ..
F000:E840 47 61 74 65 77 61 79 00-00 00 00 00 00 00 00 00 Gateway.........

Update:

With allot of trail and error I found that you can put the word 'Gateway' anywhere between F000:E840 and F000:E85F and it will activate with C86378C7 and A04597C6.

From the fact that you started at F000:E840 leads me to beleive that it wasn't just trial and error.

Link to comment
Share on other sites

@Bezalel

In my previous post I listed all the instances of "gateway" on a gateway system. I individually inserted gateway into all the addresses on a VirtualPC bios. Only F000:E840 activated. From there I started at E800 and worked my way up in 16byte increments and then @ F000:E83F.. nothing worked till I reached F000:E840.. then went from F000:E8F0 down. So allot of trail and error to get that range.

@Siginet

Sounds reasonable but until I start seeing users complaining about specific OEMBIOS files not activating & providing detailed info I’m not too worried. Using the Gateway, Emachine OEMBIOS is the most logical (that’s what I use @ work) I’ve seen older dells not activate, but I’d like to believe those dells didn’t have an SLP bios because it’s an older system. The main reason I created my program was for Compaq / HP systems, since I’ve seen Compaq Branded Laptops using “HP Pavilion” OEMBIOS files and visa versa. Maybe to rephrase, if it works 98% of the time I’m happy, and so far I haven’t encountered any problems with my utility @ work.

I like your new app, would it be possible to also do a dump of the address range to possibly give a hint towards the area it’s located. Ie: bios header, DMI, etc. Maybe subtracting 20h from the address. IE: Gateway @ F000:E840 run 'D F000:E820' in debug. It’s not critical.

@Everyone

I’m curious what the project goals are now. They seemed to have strayed a bit. If it’s to have a system to make an automated multi manufacture CD I think we’ve succeeded. Are we now trying to figure out why Gateway (and maybe other) OEMBIOS files are picky about the address used? Is it necessary? How many users does it really effect? If that’s the case we should have a dedicated post we can refer to with the info like FreeStylers 202 post to list our conclusions? Is there another utility besides MGADiag that’s being used to figure out SLP Strings? How are you guys coming up with these longer then 4 id’s SLP’s?

.

Edited by xehqter
Link to comment
Share on other sites

Update:

With allot of trail and error I found that you can put the word 'Gateway' anywhere between F000:E840 and F000:E85F and it will activate with C86378C7 and A04597C6.

Great. Now that i see how your doing it i will get going on the Dell.

Edited by Randy Rhoads
Link to comment
Share on other sites

@all

Some here are ahead of you with some stuff, but it looks like they are holding information, think they want to delay the project until Vista Sp1 comes out :)

found some stuff in the public domain that might shine some light on things, With a little help from babelfish you should find your way

http://www.crfans.com/Software/Catalog59/1961.html

http://blogxp.org/ArticleShow/81255

http://bios.net.cn/Article/wzpd/BIOSJS/bio...0060608978.html

I like your new app, would it be possible to also do a dump of the address range to possibly give a hint towards the area it’s located. Ie: bios header, DMI, etc. Maybe subtracting 20h from the address. IE: Gateway @ F000:E840 run 'D F000:E820' in debug. It’s not critical.

@xehqter

Thats not really needed, we seem to be able to find the exact range for specific slp locations (check the chinese sites above)

@xehqter

Can you help Siginet to makes his tool pass wintrust as well?

LG added thx, nadav ;)

[fs]

Edited by FreeStyler
Link to comment
Share on other sites

@Bezalel: I am asking about the rapidshare folder because you are also missing some common files. At least "Acer Travelmate" notebooks are sold very well and widely spread but your repository misses the files.

I have all non-obsolete filesets in my RapidShare folder. I will upload obsolete files upon request (if nobody downloads them, RapidShare will drop the files).

Ah that explains it, thank you! And also thank you for re-uploading some files :w00t:

Link to comment
Share on other sites

@xehqter

Can you help Siginet to makes his tool pass wintrust as well?

I think it would be a good idea for us to team up and put our ideas together. ;) So the wintrust... this will actually make it so the files are protected by WFP?

@Everyone can someone with the ability to read chinese grab that OEM XP tool and begin recording the areas of the bios that we need for each manufacturer? Then maybe post your findings somewhere to help us out? :thumbup

BTW Why would someone want to wait for vista before releasing something like this? Were you kidding FreeStyler? Or are you serious? lol. We need a tool like this asap. My job is so much easier now that I don't have to activate over the phone so much. ;)

Link to comment
Share on other sites

@Siginet

As best I can see OEM XP Tool saves an image of the BIOS (0xF0000-0xFFFFF), Display’s your XP CD KEY / Product ID, and gives you a list of known OEMBIOS Address lists. It doesn’t detect the address OEMBIOS uses. Then again I can’t read Chinese. I’ll PM you the list. Is AutoIT capable of making Win32 API Calls?

Link to comment
Share on other sites

@xehqter

Use Button #1 [1aAT1/4o+-o] (first button, first tab) and select each one of your OEMBIOS.SI_ or OEMBIOS.SIG files.

For the LG set it returned some chinese characters which after using babelfish read something like:

LG OEM, BIOS E000 - E200 'LG Electronics'

It only seems to recognize oembios sets which it already knows the values for, seems hardcoded :(

So the wintrust... this will actually make it so the files are protected by WFP?

Yes, this wil fix issue with sfc /scannow & wfp, even better....there is no trace in "setuperr.log" after installation, xehqter great job! ;)

Edited by FreeStyler
Link to comment
Share on other sites

>So allot of trail and error to get that range.

You're insane, Goldmember!

What a devilishly clever divide and conquer technique that makes the range clear in a fairly short time.

>So the wintrust... this will actually make it so the files are protected by WFP

These files are all trusted on one system or another so they definitely can be protected by WFP. Somehow you need to twiddle the API to get the new ones trusted before copying them like a service pack or hotfix does. To prevent crashes from damaged media, bad, hacked, or mismatched sets, you could check if the files are trusted before copying.

http://support.microsoft.com/kb/222193/

Edited by severach
Link to comment
Share on other sites

These files are all trusted on one system or another so they definitely can be protected by WFP. Somehow you need to twiddle the API to get the new ones trusted before copying them like a service pack or hotfix does. To prevent crashes from damaged media, bad, hacked, or mismatched sets, you could check if the files are trusted before copying.

http://support.microsoft.com/kb/222193/

twiddling the API ;)

WinTrust.DLL

CryptCATAdminAcquireContext

CryptCATAdminAddCatalog

CryptCATAdminReleaseCatalogContext

CryptCATAdminReleaseContext

Got it from disassembling / on demand debugging signtool.exe

Edited by xehqter
Link to comment
Share on other sites

What methods are you all using to read from the BIOS. I'm keep getting an Access Voilation error with the following code.

int CmpStrToMem(char* Str,char* Mem)
{
int i;
if(!*Str) return 0;
if(!isprint(*Mem)) return 2; /* This line is causing the Access Violation */
if(tolower(*Str)-tolower(*Mem)) return 1;
i=CmpStrToMem(Str++,Mem++);
if(i>1) i++;
return i;
}

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...