I've recently bought a Thinkpad X40. It's got a list of PCI IDs for acceptable wireless cards in ROM. Sadly, my wireless card's subsystem ID doesn't match, and so it refuses to boot. I've found the list in the BIOS image and identified what I'd need to change, but I still have a couple of issues:
1) Unsurprisingly, phlash16 complains about an invalid extended checksum afterwards. I'd rather not have to disassemble phlash to try to figure out what sort of algorithm is used, so does anyone know if it's a simple byte sum or a more awkward CRC, and which block is supposed to be changed to make it match?
2) The BIOS image doesn't directly match the contents of the running ROM. Various strings are garbled by the insertion of extra characters. Phlash will happily use the original version so it's obviously meant to be like this, but does anyone have any idea what they're there for? For example, "BCPSEGMENT" in the running image is "BCPSE0xDFGMENT" in the downloaded image.
Thanks
Phoenix NoteBIOS checksum algorithm
Ok, figured this out. The DF and similar chunks are due to the compression scheme used in IBM's distributed images. They seem to just be tokens that are replaced. I grabbed an uncompressed image from flash instead. The checksum is a 4-byte block following the strings EXTD. With a valid checksum, all the 4-byte blocks in the file will sum to 0.
I managed to figure this out with a combination of phoedeco (which I used to split the chunks out) and the prepare.exe and catenate.exe that are generated by the Phoenix BIOS editor utilitity that you can get in a trial form from their website. The .exes appear once the application is started. prepare.exe does compression and fixes up the headers appropriately, and catenate.exe joins them together into a BIOS image and writes an appropriate checksum.
As a result of this, I've now got a Thinkpad X40 that'll work with my wireless card.
I managed to figure this out with a combination of phoedeco (which I used to split the chunks out) and the prepare.exe and catenate.exe that are generated by the Phoenix BIOS editor utilitity that you can get in a trial form from their website. The .exes appear once the application is started. prepare.exe does compression and fixes up the headers appropriately, and catenate.exe joins them together into a BIOS image and writes an appropriate checksum.
As a result of this, I've now got a Thinkpad X40 that'll work with my wireless card.
Nice work.
Where the hell did you get the Phoenix BIOS editor? I've been searching for it for about half an hour on their *** website but found nothing
Where the hell did you get the Phoenix BIOS editor? I've been searching for it for about half an hour on their *** website but found nothing
Patched and tested BIOSes are at http://wims.rainbow-software.org
UniFlash - Flash anything anywhere
UniFlash - Flash anything anywhere
http://www.phoenix.com/en/products/phoe ... efault.asp is where I got it from. As far as I can tell, it doesn't allow saving, but the majority of the other features (including ACPI disassembling, I think) are there.
Thanks for the link. I'll see what can be done with that.
Patched and tested BIOSes are at http://wims.rainbow-software.org
UniFlash - Flash anything anywhere
UniFlash - Flash anything anywhere
It does not work with PhoenixBIOS 4.0 Release 6.0 for my notebook (DTK FortisPro TOP-5A) 
Patched and tested BIOSes are at http://wims.rainbow-software.org
UniFlash - Flash anything anywhere
UniFlash - Flash anything anywhere
With a valid checksum, all the 4-byte blocks in the file will sum to 0.mjg59 wrote:Ok, figured this out. The DF and similar chunks are due to the compression scheme used in IBM's distributed images. They seem to just be tokens that are replaced. I grabbed an uncompressed image from flash instead. The checksum is a 4-byte block following the strings EXTD. With a valid checksum, all the 4-byte blocks in the file will sum to 0.
.
who know how to get the checksum value in a 4-byte block following the strings EXTD.