From 554f85430e21017bc2165b3098be5b39e43af25c Mon Sep 17 00:00:00 2001 From: George Kushnir Date: Thu, 20 Feb 2020 03:25:56 -0500 Subject: [PATCH] Rev 4 (hopefully). Not ready for prime time. --- start.sh | 44 +++++++++++++++++++------------------------- 1 file changed, 19 insertions(+), 25 deletions(-) diff --git a/start.sh b/start.sh index 55bdc09..c7768cd 100644 --- a/start.sh +++ b/start.sh @@ -18,16 +18,6 @@ echo "Revision 4" # Give the network time to come online if ! ping -q -c 1 -W 1 8.8.8.8 >/dev/null; then echo -e "\e[1;32mWaiting 10 seconds for Network...\e[0m" && sleep 10; fi -# update script if networked -if [[ $updated != "r4" ]] && ping -q -c 1 -W 1 8.8.8.8 >/dev/null; then - rm /home/ivy/start.sh - wget -q https://1vyra.in/start.sh --no-check-certificate -O /home/ivy/start.sh - export updated="r4" - echo 'export updated=r4' >> /home/ivy/.bashrc - bash /home/ivy/start.sh - exit 1 -fi - # verify EFI vars if [ ! -d "/sys/firmware/efivars" ] && [ ! -d "/sys/firmware/efi" ]; then echo -e "\e[1;31mEFI Vars not found! Make sure you are running in UEFI mode! Exiting.\e[0m" @@ -39,6 +29,8 @@ bios=$(dmidecode -t bios | grep -i version | awk {'print $2'}) machine=$(dmidecode -t system | grep -i "Family" | awk {'print $3$4'}) version=$(dmidecode -t bios | grep -i "Version" | awk {'print $3'} | sed 's/(//g' | sed 's/\.//g') valid="false" +flashsize=$(/root/flashrom/flashrom -p internal:laptop=force_I_want_a_brick --ifd -i bios -N -r /tmp/backup.rom > /dev/null && du -h /tmp/backup.rom | sed "s/[^0-9]//g") +padding=$(expr $flashsize - 4) # Check if BIOS version is valid case $machine in @@ -55,15 +47,15 @@ case $machine in esac if [ $valid == "false" ]; then - echo -e "\e[1;31mNo Valid BIOS detected, but you can still attempt the S3 exploit to see if your machine may be compatible in the future.\e[0m" - echo -e "\e[1;31You will not be able to flash a custom BIOS, but this data can help make your device compatible in the future.\e[0m" + echo -e "\e[1;31mNo Valid BIOS detected, but you can still attempt the S3 exploit to see if your machine may be compatible in the future." + echo -e "\eYou will not be able to flash a custom BIOS, but this data can help make your device compatible in the future.\e[0m" else echo -e "\e[1;32mDetected Compatible Configuration - $machine $bios ($(dmidecode -t bios | grep -i "Version" | awk {'print $3'} | sed 's/(//g')).\e[0m" fi read -p "Press Enter key to attempt BIOS exploit. Your ThinkPad will suspend as part of the process. Press the power button to wake it up!" -/home/ivy/chipsec/chipsec_main.py -m tools.uefi.s3script_modify -a replace_op,mmio_wr,0xFED1F804,0x6009,0x2 +/root/chipsec/chipsec_main.py -m tools.uefi.s3script_modify -a replace_op,mmio_wr,0xFED1F804,0x6009,0x2 systemctl suspend @@ -72,35 +64,37 @@ echo "Waiting for wake from S3 sleep..." sleep 5 setpci -s 00:1f.0 dc.b=09 -/home/ivy/chipsec/chipsec_util.py mmio write SPIBAR 0x74 0x4 0xAAF0800 -/home/ivy/chipsec/chipsec_util.py mmio write SPIBAR 0x78 0x4 0xADE0AD0 -/home/ivy/chipsec/chipsec_util.py mmio write SPIBAR 0x7C 0x4 0xB100B10 -/home/ivy/chipsec/chipsec_util.py mmio write SPIBAR 0x80 0x4 0xBFF0B40 +/root/chipsec/chipsec_util.py mmio write SPIBAR 0x74 0x4 0xAAF0800 +/root/chipsec/chipsec_util.py mmio write SPIBAR 0x78 0x4 0xADE0AD0 +/root/chipsec/chipsec_util.py mmio write SPIBAR 0x7C 0x4 0xB100B10 +/root/chipsec/chipsec_util.py mmio write SPIBAR 0x80 0x4 0xBFF0B40 # make sure BIOS is writable now -if [ $(/home/ivy/chipsec/chipsec_main.py -m common.bios_wp | sed 's/\n//g' | grep -c 'None of the SPI protected ranges write-protect BIOS region') == 0 ]; then +if [ $(/root/chipsec/chipsec_main.py -m common.bios_wp | sed 's/\n//g' | grep -c 'None of the SPI protected ranges write-protect BIOS region') == 0 ]; then echo -e "\e[1;31mBIOS still write-protected! Something went wrong or your device is not compatible. Exiting.\e[0m" exit 1 else if [ $valid == "false" ]; then echo -e "\e[1;32mBIOS no longer write-protected! Your machine is compatible but unsupported. Please report the following details as a GitHub issue:" - echo -e "Machine: $machine\nBIOS: $bios\nVersion: $(dmidecode -t bios | grep -i "Version" | awk {'print $3'} | sed 's/(//g')\e[0m" + echo -e "Machine: $machine\nBIOS: $bios\nVersion: $(dmidecode -t bios | grep -i "Version" | awk {'print $3'} | sed 's/(//g')\nFlashsize: $flashsize M\e[0m" read -p "Press Enter to exit the script." exit 1 fi echo -e "\e[1;32mPlease enter a choice:\e[0m" -echo "1) Flash Modified Lenovo BIOS" +$([[ $machine == "X230" ]] && echo "0) Flash LVDS Modified Lenovo BIOS for X330" +$([[ $valid == "valid" ]] && echo "1) Flash Modified Lenovo BIOS" echo "2) Flash a custom BIOS from URL" echo "3) Shutdown / Abort Procedure" read choice case $choice in + "0") if [[ $machine == "X230" ]]; then machine="X330"; fi ;; "2") echo "Enter the full URL for your 4MB BIOS file. Double, triple, and QUADRUPLE check that you are providing the CORRECT file! " read userInput if [[ -n "$userInput" ]] then echo "Downloading from $userInput" - wget $userInput -O /home/ivy/bios/custom.rom + wget $userInput -O /root/bios/custom.rom machine="custom" fi ;; @@ -113,12 +107,12 @@ read -p "Press Enter key to begin flashing your jailbroken BIOS! Do NOT let the echo -e "\e[1;32mFlashing BIOS...\e[0m" # pad the BIOS to 12MB or 16MB before flashing -dd if=/dev/zero of=/home/ivy/bios/pad bs=1M count=$([[ $machine == "T430s" ]] && echo 12 || echo 8) -cat /home/ivy/bios/pad /home/ivy/bios/$machine.rom > /home/ivy/bios/rom.temp +dd if=/dev/zero of=/root/bios/pad bs=1M count=$padding +cat /root/bios/pad /root/bios/$machine.rom > /root/bios/rom.temp -/home/ivy/flashrom/flashrom -p internal:laptop=force_I_want_a_brick -w /home/ivy/bios/rom.temp --ifd -i bios -N +/root/flashrom/flashrom -p internal:laptop=force_I_want_a_brick -w /root/bios/rom.temp --ifd -i bios -N -rm /home/ivy/bios/rom.temp +rm /root/bios/rom.temp read -p "All done! Press Enter key to restart your ThinkPad or CTRL+C to exit to shell."