Serial EEPROM Hacking? (Defeating BIOS Whitelists)

Discussion in 'Mobile Computing' started by rltvstc, Jan 31, 2005.

  1. rltvstc

    rltvstc n00bie

    Messages:
    61
    Joined:
    Aug 4, 2004
    HP/Compaq have started the same BIOS mini-PCI PCI ID whitelist crap that IBM has been pulling for a while now. That is, there is a list of allowed pci id's in the BIOS. If the wifi adapter in the mini-PCI bay is not on the list, the machine won't boot. They've even started applying it retroactively in some cases (Machines that originally shipped without whitelists are now getting them via BIOS updates). This basically blows. If you have a laptop with no Linux friendly wifi adapters on the whitelist, you're screwed unless you're satisfied with Linuxant's driverloader ($$$) or ndiswrapper (Loading device drivers for other operating systems is a little goofy). You also can't upgrade to newer wireless technologies as they become available (Whenever 802.11g's sucessor is on the shelves, no upgrading via a simple card swap). If you were foolish enough to buy a bare bones laptop with the idea of upgrading it yourself (perhaps via an 802.11a/b/g card where HP/Compaq only offers a b/g on a particular model), you'll discover you're screwed, and even if you decide to settle for b/g, they want $100 for their version (with the magic pci id that will work). You can get generic Intel 2200bg parts for $30. Here's some linkage:

    http://www.x1000forums.com/index.php?showtopic=5739&st=0
    http://forums1.itrc.hp.com/service/...493758+1107150745844+28353475&threadId=567021
    http://www.srcf.ucam.org/~mjg59/thinkpad/wireless.html
    http://www.paul.sladen.org/thinkpad-r31/wifi-card-pci-ids.html

    Thanks to this crap, I'm boycotting Compaq/HP. It's already cost them a $129 scanner that I didn't buy. Went with a Canon instead of the HP. Spead the word. BTW, I don't buy the regulatory crap. Toshiba and Dell don't do this, at least. Plus, they're retroactively locking machines that shipped without any restrictions. Those machines were certified before they shipped...

    Well, enough whining, how to get around this?

    1) Plug the wifi adapter in after the machine has booted - Works, but is highly annoying. The prospect of doing this more than once or twice makes me nervous, too.
    2) Hack the CMOS - This works on the IBMs, but I doubt the magic bit, if it exists, is at the same location on a HP/Compaq box.
    3) Hack the BIOS - Dangerous, but should work. The trick is finding the whitelist in the BIOS image, then locating the checksum, changing both, and flashing. Again, nobody has done this on a Compaq or HP box (or if they have, they're keeping quiet).
    4) Hack the Serial EEPROM on the 2200bg (or whatever other card) and change the device id on the card - This is the one I'm currently wondering about the most. At least if you screw something up, it's going to be a $30 2200bg instead of the entire laptop. My inspiration is here:

    http://www.rainbow-software.org/hardware/adaptec.html

    So, does anybody know if the pci id(s) on a 2200bg are in a Serial EEPROM? If so, what kind? Is there software available to hack it, or is it going to be a solder job to reprogram?

    Thoughts, comments, laughter?
     
  2. pxc

    pxc Pick your own.....you deserve it.

    Messages:
    35,300
    Joined:
    Oct 22, 2000
    Device IDs for most devices, especially PCI-based devices (vs AGP, for example), are part of the PCI interface on one of the chips (whichever one is attached to the PCI bus). That's not an EEPROM, it's more like a ROM.

    I have an Intel Pro/Wireless 2200bg in my 8600. There is no hack for changing the ID of the card. Compaqowned. :p
     
  3. omega-x

    omega-x 2[H]4U

    Messages:
    3,075
    Joined:
    Jun 21, 2003
    anyone here buy a 2200bg oem and find it funny that its "illegal" or bad for the end user to install it, according to a paper insert in the box?
     
  4. rltvstc

    rltvstc n00bie

    Messages:
    61
    Joined:
    Aug 4, 2004
    I suspect the 2200BG does indeed have some sort of a serial EEPROM for the PCI device ID. The HP 2200BG is virtually identical to the Intel OEM part except for the PCI device id. Make sense that the device id would be in a seperate, programmable memory. I de-stickered a 2200BG that I have, and I see something that might be a serial EEPROM. It's the right size, and it has epoxy over the pins.
     
  5. pxc

    pxc Pick your own.....you deserve it.

    Messages:
    35,300
    Joined:
    Oct 22, 2000
    It does make sense for the card to have an EEPROM to store the MAC address, but probably not the device ID. I'll bet the PCI ID is set once (PROM on chip) since it never has to change.

    I looked at the HP driver and the 2200BG cards they sell use the HP (xxxx103C) minor device ID instead of the Intel minor device ID (xxxx8086). But the main device ID is similar: 8086:4220/8086:4223 on the HP 2200BG vs 8086:4220 on my Intel 2200BG.

    You are not going to find a flash utility to change it. The hacks that others have used on the IBM Thinkpads to get around the same problem involve CMOS bit hacking and BIOS editing.

    http://www.srcf.ucam.org/~mjg59/thinkpad/wireless.html

    You shouldn't use the CMOS hack because it probably won't work on your HP since that bit/byte is probably used for something else (or maybe unused).
     
  6. rltvstc

    rltvstc n00bie

    Messages:
    61
    Joined:
    Aug 4, 2004
    I didn't really expect to find a utility to change the device id...the best I was hoping for was an EEPROM I could reprogram via a parallel port programmer.

    Thanks for the device IDs, if I get crazy enough to hexedit the BIOS, that will help. Compaq uses a Phoenix BIOS as does IBM, but it's different enough to be trouble. Knowing what I'm looking for helps, though. I took apart the Compaq BIOS with a utility I found on one of those websites, some of the modules are compressed...if the whitelist is in a compressed module, it will be a real pain to edit.

    As for the CMOS hack, yeah, I know the IBM address is almost certain not to work...but I'm hoping that there is a similar flag in the Compaq BIOS.
     
  7. rltvstc

    rltvstc n00bie

    Messages:
    61
    Joined:
    Aug 4, 2004
    Well, I found the whitelist, I think. But the bummer is, on the Compaq I'm playing with at least, it's in a compressed module. Looking at an uncompressed BIOS image, no sign of the appropriate PCI IDs. Using phnxdeco to take the sucker apart and decompress compressed modules, I can find what looks like a whitelist. The BIOS image as a whole isn't compressed, but the way this stuff is set up, the BIOS is composed of various modules, some of which are compressed. Editing the whitelist at this point would be trivial, if indeed I have found it, but getting all the various BIOS Bits repacked back into an image looks to be a pain.

    Any hardcore BIOS hackers out there?
     
  8. pxc

    pxc Pick your own.....you deserve it.

    Messages:
    35,300
    Joined:
    Oct 22, 2000
  9. rltvstc

    rltvstc n00bie

    Messages:
    61
    Joined:
    Aug 4, 2004
    Well, not quite *exact* instructions, but yes, much good stuff there. I'd seen that before, but hadn't realized until just now that prepare.exe and catenate.exe were included in BEDemo.zip. I'll give that a download and see if it will work with the Compaq BIOS image I'm toying with. If so, that looks great...it will take care of the checksums...and, thinking about it, now, if I screw something up, as long as it leaves the machine bootable enough to reflash, I can recover.
     
  10. rltvstc

    rltvstc n00bie

    Messages:
    61
    Joined:
    Aug 4, 2004
    Okay, I'm pretty sure I found the whitelist in one of the decoded modules. My hex skills suck, but this many wifi device ids in close proximity cannot be a coincidence. Ow, Computer Architecture in College was...oh man, 10 years ago. And the hands on bits were on the 68k architecture...this byte swapping stuff is conf00sing. 8)

    Okay, so, enough whining. I got BEDemo.zip downloaded, I'll see if I can get prepare.exe and catenate.exe to reassemble what phnxdeco took apart. Probably safer to get BEDemo to take it apart in the first place if it will....

    Then, assemble, pray, and burn. 8) Will report back success or failure. Thanks for the help, pxc.
     
  11. rltvstc

    rltvstc n00bie

    Messages:
    61
    Joined:
    Aug 4, 2004
    Well, the Phoenix BIOS Editor will take apart the latest BIOS Image, but it whines about unknown module types when it unpacks. I used prepare.exe and catenate.exe to repack it without editing anything as a test, but winphlash.exe won't flash it. It's whining something about a corrupt table. I tried phnxdeco.exe 0.31, it takes it apart, but prepare.exe and catenate.exe won't pack it back up, they don't like the rom.scr that phnxdeco generates.

    Ugh. I'm tempted to try that CMOS hack, except I really doubt that it would work, and I don't want to take the laptop apart to clear the CMOS if it screws it up to the point where it won't boot.
     
  12. sxotty

    sxotty [H]Lite

    Messages:
    91
    Joined:
    Apr 7, 2004
    BTW the EEPROM thing will work, and the 2200BG should have thie following ID to work in HP laptops. (Taken from their driver for ze2000z anyway)

    %NIC_MPCI3B_BG% = Install_HPQMPCI3B_MOW_BG_XP, PCI\VEN_8086&DEV_4220&SUBSYS_27618086 ; HPQ 2200 mPCI 3B - MoW
    %NIC_MPCI3B_BG% = Install_HPQMPCI3B_BG_XP, PCI\VEN_8086&DEV_4220&SUBSYS_27628086 ; HPQ 2200 mPCI 3B - RoW

    %NIC_MPCI3B_BG% = Install_HPQMPCI3B_MOW_BG_XP, PCI\VEN_8086&DEV_4220&SUBSYS_12F5103C ; HPQ 2200 mPCI 3B - MoW Subven 103c
    %NIC_MPCI3B_BG% = Install_HPQMPCI3B_BG_XP, PCI\VEN_8086&DEV_4220&SUBSYS_12F6103C ; HPQ 2200 mPCI 3B - RoW Subven 103c


    Depends, the way to do this in Linux is clearly outlined, but there is another new and interesting problem. HP notebooks that don't ship with wireless leave the button and switch etc off the LED daughter board. Therefore the wireless is always turned off. This results in it being impossible to flash the eeprom, you only read 00x0 and that is it. Supposedly you can make it work and I tried by soldering across some contacts on the daughter board, but as of yet I have not made it work. Sorry to ressurect this old thread, but this is something we should figure out.

    In addition, it seems that the bios hack for HP has been figured out.

    http://www.richud.com/HP-Pavilion-104-Bios-Fix/ <---there
     
  13. 2501

    2501 n00bie

    Messages:
    2
    Joined:
    Aug 4, 2004
    bump

    you guys not figure this out yet? I've just hacked an atheros card into my dv6000 bios, and did it with a freaking lot of reading from the previous link. I can provide some info for others that are having trouble getting it to work.

    2501@cinci.rr.com

    I rarely every check this forum, so just email me if you need help.


    use the pheonix bios editor, and winhex. and read a good amount from the last link. F37D just came out for dv6000's, so if anyone is running one, I can patch it and send it to you.
     
  14. maxius

    maxius 2[H]4U

    Messages:
    2,974
    Joined:
    Dec 17, 2001
    anyone have any idea how to hack the hp 6735b bios

    the bios revision is F.11 (14 Sep 2009) grab them here http://h20000.www2.hp.com/bizsupport/TechS...Item=ob-76142-1

    the old g card

    Broadcom 802.11g Network Adapter
    PCI\VEN_14E4&DEV_4315&SUBSYS_137C103C&REV_01
    PCI\VEN_14E4&DEV_4315&SUBSYS_137C103C
    PCI\VEN_14E4&DEV_4315&CC_028000
    PCI\VEN_14E4&DEV_4315&CC_0280


    the new dual band n card

    intel wifi link 5100 agn
    PCI\VEN_8086&DEV_4237&SUBSYS_12118086&REV_00
    PCI\VEN_8086&DEV_4237&SUBSYS_12118086
    PCI\VEN_8086&DEV_4237&CC_028000
    PCI\VEN_8086&DEV_4237&CC_0280

    i didn't think it would be much of a problem but i was wrong and laptop makers are insane with not making laptops easy to upgrad... everthing on a laptop should be upgradeable or at least video, mem, cpu, wif, and audio
     
  15. Flapjack

    Flapjack 2[H]4U

    Messages:
    3,095
    Joined:
    Apr 29, 2000
    Yet another bump on an outstanding (4 year old) thread.

    I have a tx2000 I'd like to DESTROY the whitelist on. I really find it hard to believe consumers aren't raising a bigger stick about the whole whitelisting thing.

    The same thing happened with cars a while back. People pushed back and the result was the Magnuson-Moss Warranty Act. I sure wish this would draw enough attention to get the FTC to bitch-slap HP...
     
  16. meaty

    meaty [H]ard|Gawd

    Messages:
    1,354
    Joined:
    Dec 13, 2001
    it's amazing that you bumped this. I have acompaq f756nr that I'm trying to put a wireless n card in. I even bought a card that has an HP part number, but apparently it's not listed for my laptop... grr... I'll have to do some reading.
     
  17. Flapjack

    Flapjack 2[H]4U

    Messages:
    3,095
    Joined:
    Apr 29, 2000
    It is completely ridiculous. We have two HP laptops that have this issue (the tx2000 I mentioned earlier, as well as a dv9000).

    As far as I know, Compaq/HP are the only companies to do this. It is obviously a ridiculous ploy to direct people wanting upgraded networking to go through them. Lack of compatibility is one thing. Denying support for the product if you put a non-HP part would even be acceptable. But completely denying a customer the right to choose their own network card (the ones in both laptops SUCK) is ridiculous.

    I'm seriously thinking about starting some sort of petition/class action lawsuit against HP. I was not told this before I purchased the systems. Had I known that, I would not have bought them.
     
  18. meaty

    meaty [H]ard|Gawd

    Messages:
    1,354
    Joined:
    Dec 13, 2001
    same here, I could have bought an acer with pretty much identical specs for the same price, and would have chosen it had I known this BS.

     
  19. Flapjack

    Flapjack 2[H]4U

    Messages:
    3,095
    Joined:
    Apr 29, 2000
    Maybe even starting a webpage www.hpwhitelist.com would be sufficient to get some attention. Start a petition on there?

    I'm willing to pay the registration fees for the domain, so long as someone is willing to build/maintain the page (I just don't have the time). Whaddya think?
     
  20. Flapjack

    Flapjack 2[H]4U

    Messages:
    3,095
    Joined:
    Apr 29, 2000
    FYI, I created the domain. I think we can go somewhere with this. At the bare minimum, we can at least make the public aware that if they buy a HP/Compaq laptop, they will not be able to put their own wireless NIC in.
     
  21. maddude

    maddude 2[H]4U

    Messages:
    3,027
    Joined:
    Sep 6, 2006
    I came across this myself. I was able to add the device I wanted after I added it to the BIOS. Took an hour just to figure out what the hell I was doing since I had never done it before. HP does this, as does Dell. On some models anyway. The reason there isn't an outcry over this is because most consumers don't install their own wireless solution. And if they do, it is USB or PCMCIA.

    As far as I can tell, the manufactures do this for support reason, they same way they only support certain OS's. It's a prebuilt machine, the tech support crew is trained on the hardware configuration that it was built with. They don't want to waste the time and money dealing with hardware compatibility problems. When I bought a new wireless chip to install, I first read through all the reviews I could find and some chips just didn't play nice with certain laptops, there are real issues out there.

    All in all though, this is such a non-issue for so many people.
     
  22. BinaryGeek

    BinaryGeek n00bie

    Messages:
    38
    Joined:
    Sep 2, 2005
    Gotta bump this again.

    This whitelisting is pure bullsh*t. Have a new HP coming with a 2.4ghz Intel 1000 card. Want my current 6250 wimax card to work so I can add the 5ghz as well. I guess I can buy the HP version at a premium price. Ti malakias! Thanks for letting me rant a bit.
     
  23. BinaryGeek

    BinaryGeek n00bie

    Messages:
    38
    Joined:
    Sep 2, 2005
    This is not a support issue.

    An intel 6200 card is an Intel 6200 card, no matter who brands it. Same chip. They do not have to support various 'versions' of a 6200 anymore than they would have to support different (customized) versions of the ATI 5650 chips. These are not ARM-type chips. Just allows them to force the customer to purchase their brand of the 6200 or 5650...usually at a much higher cost.
     
  24. Flapjack

    Flapjack 2[H]4U

    Messages:
    3,095
    Joined:
    Apr 29, 2000
    I just sold my HP laptops. Much easier than trying screw around with the shitty whitelist.

    I've since seen good deals on HP laptops, but always passed them up. I never recommend them at work or to friends/family.
     
  25. joelsplace

    joelsplace n00bie

    Messages:
    5
    Joined:
    Mar 2, 2009
    I'm an IT guy and I will never buy another HP and will tell my customers to stay away from them also. My newer Fujitsu laptops don't seem to have whitelists but I have an older B series that came with an Atheros card and won't work with an Intel. Not 100% sure it's a whitelist problem. The card is recognized and I can load the driver but it says it's turned off via the hardware switch. The switch doesn't work with this card. Is that a whitelist problem? The BIOS preventing the card from turning on?
     
  26. Flapjack

    Flapjack 2[H]4U

    Messages:
    3,095
    Joined:
    Apr 29, 2000
    I've never seen that. It's definitely odd, though. Can you boot into an older OS and see if it's being assigned an IRQ?

    The HP whitest happens during the POST sequence. If a non-whitelisted card is detected, the system won't boot. In fact, there have been people who've switched the card after bootup and had it work just fine. Don't remember how they did it, but it definitely wasn't blocked after POST.
     
  27. joelsplace

    joelsplace n00bie

    Messages:
    5
    Joined:
    Mar 2, 2009
    It's just got XP on it at the moment and I have the Atheros card back in it now. I would think that all resources would be assigned properly and the BIOS is just keeping the switch signal off since the drivers load fine and it looks fine in the device manager.
     
  28. Flapjack

    Flapjack 2[H]4U

    Messages:
    3,095
    Joined:
    Apr 29, 2000
    What do you mean, the "switch signal"? Do you have antenna hook up right? Is the card a 2 or 3 antenna setup? What about the laptop?
     
  29. joelsplace

    joelsplace n00bie

    Messages:
    5
    Joined:
    Mar 2, 2009
    I'm talking about the hardware switch. I'm replacing a 2 antenna Atheros B/G card with a 2 antenna Intel A/G/N card. The antenna connectors are the same.
     
  30. joelsplace

    joelsplace n00bie

    Messages:
    5
    Joined:
    Mar 2, 2009
  31. Flapjack

    Flapjack 2[H]4U

    Messages:
    3,095
    Joined:
    Apr 29, 2000
    Are you talking about the actual switch to enable/disable wireless on the laptop itself? If so, I doubt that would be what's making it not work. Have you been able to find anyone else with the same problem?
     
  32. joelsplace

    joelsplace n00bie

    Messages:
    5
    Joined:
    Mar 2, 2009
    No I haven't found anyone else that has the same problem. The way I understand it the hardware switch signals the BIOS which tells the card to turn the wireless TX/RX off or on via pin 20 in the mPCIe slot. Putting tape on pin 20 keeps the BIOS from turning the card off. Apparently the BIOS doesn't like this card and tells it to stay off no matter which position the hardware switch is in.
     
  33. tangoseal

    tangoseal [H]ardness Supreme

    Messages:
    4,757
    Joined:
    Dec 18, 2010
    The answer is simple.... on your next PC purchase dont get HP, DELL, or any other mainstream brand.

    Get a Sager, Malibal, etc.... I can throw any piece of industry standardized hardware and it works.
     
  34. pxc

    pxc Pick your own.....you deserve it.

    Messages:
    35,300
    Joined:
    Oct 22, 2000
    Wow, a 7 year old thread is active and still showing the difficulty with whitelists. I haven't thought of it much because I've: bought laptops with the mini PCIe cards I needed, ebayed a compatible card made for that OEM for dirt cheap or used the handy ExpressCard slot.

    I probably wouldn't boycott the OEMs even if they whitelist since I can get those systems (with an OS) for significantly cheaper than Sager/Malibal/other white boxed models with the same specs.