Announcement

Collapse
No announcement yet.

LENOVO BIOS AUTO-PATCHER for Supervisor Password Removal

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    LENOVO BIOS AUTO-PATCHER for Supervisor Password Removal

    lenovo_autopatcher_0.2.zip Hello everyone!

    In the past several weeks I've learned a lot from this forum and its community especially from all the folks who contributed to THIS thread

    With some trial and error I was able to reliably patch BIOS dumps for SVP-locked Lenovo machines up to the 8th generation using the info, tools, and files provided on this forum. After some practice and positive feedback from users I helped I've noticed that, once learned, the process is fairly straightforward, so I've developed a small python script to automate it and allow everyone to patch their own binaries without having to ask for help and wait.

    This is my way to give back to the community. Also I am lazy... lol.

    DISCLAIMER
    1. THIS SCRIPT IS FREE AND IS INTENDED FOR EDUCATIONAL PURPOSES ONLY.
      You CAN download it, modify it, redistribute it, etc. I only ask that you DON'T sell it or try to make a profit from it, and that you please credit the authors for the time and work they put into it.
    2. I TAKE NO CREDIT FOR CREATING THE DXE DRIVERS OR ANY OF THE FILES THAT MAKE UP THE PATCH ITSELF.
      I've only developed the python script that automates the process and puts it all together.
    3. I TAKE NO RESPONSIBILITY FOR ANY DAMAGE YOU DO TO YOUR MACHINE, YOUR PETS, YOUR HOUSE, YOUR LIFE, AND THE SPACE-TIME CONTINUUM
      Making this kind of modifications is risky and might leave you with an unusable/broken machine.
      The script is not perfect by any means, and while I haven't bricked any hardware (yet) I can't promise that won't happen to you.
      USE IT AT YOUR OWN RISK.


    With that out of the way, using it is pretty simple and it should work on both Windows and Linux as long as you have Python installed https://www.python.org/downloads/.
    Just download the zip file and extract it. You'll get a folder named "lenovo_autopatcher" with the following content:



    IMPORTANT: Before applying the patch make sure you verify that your original image is not corrupted by dumping 1 or 2 additional images from your bios chip and comparing them. The original dump is THE ONLY WAY to recover your machine if something goes wrong!

    From command line use either autopatch.cmd (Windows) or autopatch.sh (Linux) as follows:

    autopatch <your_bios_image.ext>

    THAT'S IT!

    The command will generate either your_bios_image_PATCHED.ext or your_bios_image_PATCHED_CLEAN.ext depending on the type of BIOS you are patching. The original dump will be left unchanged.

    autopatch -h will output the help info for the command
    autopatch --howto will output the following instructions on how to use the patched image:

    [ HOW TO USE THE PATCH ]
    STEP 1: Flash and replace current BIOS with the generated patch file
    STEP 2: Boot the machine
    STEP 3: Press ENTER/F1/etc. to enter BIOS settings
    STEP 4: Enter any character when asked for Supervisor Password
    STEP 5: Press enter when it shows Hardware ID
    STEP 6: Press space bar 2x when asked
    STEP 7: Turn off machine
    STEP 8: Restore original BIOS
    STEP 9: Reset BIOS settings to factory default

    [ NOTES ]
    When booting the patched BIOS you might have to:
    - Hold the anti-tamper switch down the whole time (use tape)
    - Remove the hard disk or replace it with a locked one

    Finally, I would be grateful if you could report any bugs, errors, problems, or general feedback in this thread so that I can make improvements to the script.



    Thank you, and enjoy!

    Download -> https://www.badcaps.net/filedata/fetch?id=3166264
    Attached Files
    Last edited by SMDFlea; 03-16-2022, 12:16 PM.

    #2
    Re: LENOVO BIOS AUTO-PATCHER for Supervisor Password Removal

    thanks, good job, i will look at this. Doesn't that correct the checksum?

    Comment


      #3
      Re: LENOVO BIOS AUTO-PATCHER for Supervisor Password Removal

      Originally posted by Maxpower3 View Post
      thanks, good job, i will look at this. Doesn't that correct the checksum?
      If you mean after switching the DXE drivers, it uses UEFIReplace to inject them, so that takes care of rebuilding the binary image.

      Now since you mention the checksum... Initially to verify that the image obtained using the autopatcher was the same as the one I'd manually patch I compared them using checksum and windiff but they never came up identical so I was concerned that the one generated through the script would not work. Turns out that when I patch a file manually using UEFITool I replace the 2 DXE drivers at the same time and let the program do it's thing in one pass. UEFIReplace however can only replace one driver at the time and it rebuilds the binary after each substitution. That somehow causes a few bytes to be different. I have tried replacing one driver at the time with UEFITool, save it reopen it and replace the other one and the resulting file is identical to the one generated by the autopatcher.

      Comment


        #4
        Re: LENOVO BIOS AUTO-PATCHER for Supervisor Password Removal

        If bios beeps at startup, the checksum is not corrected.
        I had the problem here and followed this tutorial

        But I failed to do a correct bios.

        https://www.badcaps.net/forum/showth...=65996&page=11

        https://www.insanelymac.com/forum/to...eps-on-lenovo/

        Comment


          #5
          Re: LENOVO BIOS AUTO-PATCHER for Supervisor Password Removal

          Originally posted by Maxpower3 View Post
          If bios beeps at startup, the checksum is not corrected.
          I had the problem here and followed this tutorial

          But I failed to do a correct bios.

          https://www.badcaps.net/forum/showth...=65996&page=11

          https://www.insanelymac.com/forum/to...eps-on-lenovo/
          Ahh I see... I do not modify the checksum of the patched bios so I am assuming it WILL beep 5x... That should not prevent it from going through the process though and reset the TPM. After that you have to reload the original bios anyway which will have the correct checksum.

          Am I missing something?

          Comment


            #6
            Re: LENOVO BIOS AUTO-PATCHER for Supervisor Password Removal

            some machine does not work if not corrected, I think so


            you have tried a lot of models already?

            Comment


            • odenirandnl
              odenirandnl commented
              Editing a comment
              hello maxpower good morning boss. I cannot seem to find the autopatcher file for the lenovo file posted by knuclegrumble at the begining of this thread. i think the badcaps site reconstruction has affected it. I dint know if there is any advice you can give me

            #7
            Re: LENOVO BIOS AUTO-PATCHER for Supervisor Password Removal

            Originally posted by Maxpower3 View Post
            some machine does not work if not corrected, I think so


            you have tried a lot of models already?
            I've tried 8-10 different models between 4th gen and 8th gen. All reported working. It would be interesting to see what people report using the autopatcher.

            Unfortunately I don't have that many SVP-locked Lenovo's on hand... lol

            Comment


              #8
              Re: LENOVO BIOS AUTO-PATCHER for Supervisor Password Removal

              if you compare an x240 with an L470, you notice that there is a blue part in uefi tools. you need to correct checksum for work.

              no need to patch each bios, the patched files are compatible in other machines. just need to create a library

              on the last gen, it is written twice (see pics)
              Attached Files

              Comment


                #9
                Re: LENOVO BIOS AUTO-PATCHER for Supervisor Password Removal

                Originally posted by Knucklegrumble View Post
                I've tried 8-10 different models between 4th gen and 8th gen. All reported working. It would be interesting to see what people report using the autopatcher.

                Unfortunately I don't have that many SVP-locked Lenovo's on hand... lol

                yes I will test as soon as I have the opportunity too

                Comment


                  #10
                  Re: LENOVO BIOS AUTO-PATCHER for Supervisor Password Removal

                  Originally posted by Maxpower3 View Post
                  if you compare an x240 with an L470, you notice that there is a blue part in uefi tools. you need to correct checksum for work.

                  no need to patch each bios, the patched files are compatible in other machines. just need to create a library

                  on the last gen, it is written twice (see pics)
                  Do you mean that if you correct the checksum then the file is compatible with different machines other than the original one?

                  Comment


                    #11
                    Re: LENOVO BIOS AUTO-PATCHER for Supervisor Password Removal

                    Originally posted by Knucklegrumble View Post
                    Do you mean that if you correct the checksum then the file is compatible with different machines other than the original one?

                    the patched file is compatible with other pc "same model of course", with or without checksum
                    https://www.badcaps.net/forum/showthread.php?t=81573
                    Last edited by Maxpower3; 08-13-2020, 02:09 PM.

                    Comment


                      #12
                      Re: LENOVO BIOS AUTO-PATCHER for Supervisor Password Removal

                      What's "List NOK with Patch files"?

                      Comment


                        #13
                        Re: LENOVO BIOS AUTO-PATCHER for Supervisor Password Removal

                        some model that doesn't work with just patched files.
                        It's been a long time since I looked at this, I don't remember very well

                        Comment


                          #14
                          Re: LENOVO BIOS AUTO-PATCHER for Supervisor Password Removal

                          Originally posted by Maxpower3 View Post
                          some model that doesn't work with just patched files.
                          It's been a long time since I looked at this, I don't remember very well
                          Right. The autopatcher has 2 steps. On the first pass it injects the patched DXE drivers. If the bios is from an older gen it ends there and its work is done. If it's a newer generation on the second pass it replaces parts of the NVRAM with clean ones and then it's done. I've patched some of the ones you have listed in NOK and they all reported working.

                          Comment


                            #15
                            Re: LENOVO BIOS AUTO-PATCHER for Supervisor Password Removal

                            ok my error is the NVRAM and not the checksum then

                            Comment


                              #16
                              Re: LENOVO BIOS AUTO-PATCHER for Supervisor Password Removal

                              Originally posted by Maxpower3 View Post
                              ok my error is the NVRAM and not the checksum then
                              Yeah that's the part that took me the longest to figure out... I had to piece together a lot of posts on several threads and compare a lot of original and patched files to figure out what I was missing. Those parts cannot be patched with UEFITool and are only visible with UEFITool NE. They need to be modified with an hex editor. The script does it for you.

                              Comment


                                #17
                                Re: LENOVO BIOS AUTO-PATCHER for Supervisor Password Removal

                                Yes ok I saw the 2 VSS2 and FTW. Why patched EVSA, it is identical to orignal?

                                Comment


                                  #18
                                  Re: LENOVO BIOS AUTO-PATCHER for Supervisor Password Removal

                                  Nice. Just unlocked about 30 Lenovos before you published this. Got to wait for the next batch to try this out. No need to copy from raspberry to work pc to patch files anymore.

                                  Comment


                                    #19
                                    Re: LENOVO BIOS AUTO-PATCHER for Supervisor Password Removal

                                    Originally posted by Maxpower3 View Post
                                    Yes ok I saw the 2 VSS2 and FTW. Why patched EVSA, it is identical to orignal?
                                    The EVSA was tricky...

                                    Without patching that the laptop plays a little musical tone after boot and the screen stays black...
                                    Attached Files
                                    Last edited by Knucklegrumble; 08-13-2020, 03:19 PM.

                                    Comment


                                      #20
                                      Re: LENOVO BIOS AUTO-PATCHER for Supervisor Password Removal

                                      Originally posted by RethoricalCheese View Post
                                      Nice. Just unlocked about 30 Lenovos before you published this. Got to wait for the next batch to try this out. No need to copy from raspberry to work pc to patch files anymore.
                                      Well I hope it works for you. Please report the results.

                                      Comment

                                      Working...
                                      X