View difference between Paste ID: <a href="/f604e244a">f604e244a</a> and <a href="/post/view"></a>

View difference between Paste ID: f604e244a and

SHOW: | | - or go back to the newest paste.


#!/usr/bin/python

import sys, struct

#VSS_OFFSET = 0x00180048
#VSS_SIZE = 0x4000 - 0x48
VSS_OFFSET = 0x000c0048
VSS_SIZE = 0x3f58

#PATCH_OFFSET = 0x1af
PATCH_OFFSET = 0xae
PATCH_VALUE = 0x01
PATCH_VARIABLE = u"Setup"

def hexdump(s,sep=" "):
	return sep.join(map(lambda x: "%02x"%ord(x),s))

def ascii(s):
	s2 = ""
	for c in s:
		if ord(c)<0x20 or ord(c)>0x7e:
			s2 += "."
		else:
			s2 += c
	return s2

def pad(s,c,l):
	if len(s)<l:
		s += c * (l-len(s))
	return s

def chexdump(s,ts=""):
	for i in range(0,len(s),16):
		print ts+"%08x  %s  %s  |%s|"%(i,pad(hexdump(s[i:i+8],' ')," ",23),pad(hexdump(s[i+8:i+16],' ')," ",23),pad(ascii(s[i:i+16])," ",16))

def addup(s):
	if len(s) & 1:
		s = s + "\x00"
	sum = 0
	while len(s):
		sum += struct.unpack("<H",s[:2])[0]
		s = s[2:]
	return sum &0xFFFF

class VAR(object):
	GLOBAL_VARIABLE = "\x61\xdf\xe4\x8b\xca\x93\xd2\x11\xaa\x0d\x00\xe0\x98\x03\x2b\x8c"
	def __init__(self, data):
		hdr = data[:0x20]
		self.magic, self.status, self.attributes, self.nsize, self.dsize, self.guid = struct.unpack("<HHIII16s", hdr)
		if self.magic != 0x55aa:
			raise ValueError("bad magic 0x%x"%self.magic)
		self.bname = data[0x20:0x20+self.nsize]
		self.name = ''.join(data[0x20:0x20+self.nsize:2])
		self.name = self.name.split("\x00")[0]
		self.value = data[0x20+self.nsize:0x20+self.nsize+self.dsize]
		self.data = data[:0x20+self.nsize+self.dsize]
		cdata = data[:0x20] + "\x00\x00" + data[0x20:]
		fdata = "\xaa\x55\x7f\x00" + cdata[4:0x20+self.nsize+self.dsize]
	def update(self):
		self.nsize = len(self.name) * 2 + 2
                self.dsize = len(self.value)
		self.data = struct.pack("<HHIII16s", self.magic, self.status, self.attributes, self.nsize, self.dsize, self.guid)
		self.data += self.name.encode('utf-16le') + "\x00\x00"
		self.data += self.value
		fdata = "\xaa\x55\x7f\x00" + self.data[4:0x20+self.nsize+self.dsize]
                self.data = self.data[:0x20] + self.data[0x20:] 
	def showinfo(self, ts=''):
		print ts+"Variable %s"%repr(self.name)
		print ts+" Attributes: 0x%08x"%self.attributes
		print ts+" Status: 0x%02x"%self.status
		if self.guid == self.GLOBAL_VARIABLE:
			print ts+" VendorGUID: EFI_GLOBAL_VARIABLE (%s)"%' '.join('%02x'%ord(c) for c in self.guid)
		else:
			print ts+" VendorGUID: %s"%' '.join('%02x'%ord(c) for c in self.guid)
		print ts+" Value (0x%x bytes):"%(len(self.value))
		chexdump(self.value, ts+"  ")

print "Loading BIOS..."
bin = open(sys.argv[1], "rb").read()

print "Loading VSS..."
vss = bin[VSS_OFFSET:VSS_OFFSET+VSS_SIZE]

if vss[:4] != "$VSS":
	raise ValueError("Invalid VSS signature")

off = 0x10

found = False

while not found and vss[off:off+2] == "\xaa\x55":
	var = VAR(vss[off:])
	if var.name == PATCH_VARIABLE and var.status == 0x7f:
		found = True
	else:
		off += len(var.data)

if not found:
	#print "Variable not found!"
	raise ValueError("Variable not found!")

print "Old state:"
var.showinfo()

var.value = var.value[:PATCH_OFFSET] + chr(PATCH_VALUE) + var.value[PATCH_OFFSET+1:]
var.update()
print "Patched state:"
var = VAR(var.data)
var.showinfo()

print "Updating VSS..."
vss = vss[:off] + var.data + vss[off+len(var.data):]

print "Updating BIOS..."
bin = bin[:VSS_OFFSET] + vss + bin[VSS_OFFSET+VSS_SIZE:]

print "Writing output..."
ofd = open(sys.argv[2], "wb")
ofd.write(bin)
ofd.close()

print "Done"

1	-
1	+	#!/usr/bin/python
2
3		import sys, struct
4
5		#VSS_OFFSET = 0x00180048
6		#VSS_SIZE = 0x4000 - 0x48
7		VSS_OFFSET = 0x000c0048
8		VSS_SIZE = 0x3f58
9
10		#PATCH_OFFSET = 0x1af
11		PATCH_OFFSET = 0xae
12		PATCH_VALUE = 0x01
13		PATCH_VARIABLE = u"Setup"
14
15		def hexdump(s,sep=" "):
16		return sep.join(map(lambda x: "%02x"%ord(x),s))
17
18		def ascii(s):
19		s2 = ""
20		for c in s:
21		if ord(c)<0x20 or ord(c)>0x7e:
22		s2 += "."
23		else:
24		s2 += c
25		return s2
26
27		def pad(s,c,l):
28		if len(s)<l:
29		s += c * (l-len(s))
30		return s
31
32		def chexdump(s,ts=""):
33		for i in range(0,len(s),16):
34		print ts+"%08x %s %s \|%s\|"%(i,pad(hexdump(s[i:i+8],' ')," ",23),pad(hexdump(s[i+8:i+16],' ')," ",23),pad(ascii(s[i:i+16])," ",16))
35
36		def addup(s):
37		if len(s) & 1:
38		s = s + "\x00"
39		sum = 0
40		while len(s):
41		sum += struct.unpack("<H",s[:2])[0]
42		s = s[2:]
43		return sum &0xFFFF
44
45		class VAR(object):
46		GLOBAL_VARIABLE = "\x61\xdf\xe4\x8b\xca\x93\xd2\x11\xaa\x0d\x00\xe0\x98\x03\x2b\x8c"
47		def __init__(self, data):
48		hdr = data[:0x20]
49		self.magic, self.status, self.attributes, self.nsize, self.dsize, self.guid = struct.unpack("<HHIII16s", hdr)
50		if self.magic != 0x55aa:
51		raise ValueError("bad magic 0x%x"%self.magic)
52		self.bname = data[0x20:0x20+self.nsize]
53		self.name = ''.join(data[0x20:0x20+self.nsize:2])
54		self.name = self.name.split("\x00")[0]
55		self.value = data[0x20+self.nsize:0x20+self.nsize+self.dsize]
56		self.data = data[:0x20+self.nsize+self.dsize]
57		cdata = data[:0x20] + "\x00\x00" + data[0x20:]
58		fdata = "\xaa\x55\x7f\x00" + cdata[4:0x20+self.nsize+self.dsize]
59		def update(self):
60		self.nsize = len(self.name) * 2 + 2
61		self.dsize = len(self.value)
62		self.data = struct.pack("<HHIII16s", self.magic, self.status, self.attributes, self.nsize, self.dsize, self.guid)
63		self.data += self.name.encode('utf-16le') + "\x00\x00"
64		self.data += self.value
65		fdata = "\xaa\x55\x7f\x00" + self.data[4:0x20+self.nsize+self.dsize]
66		self.data = self.data[:0x20] + self.data[0x20:]
67		def showinfo(self, ts=''):
68		print ts+"Variable %s"%repr(self.name)
69		print ts+" Attributes: 0x%08x"%self.attributes
70		print ts+" Status: 0x%02x"%self.status
71		if self.guid == self.GLOBAL_VARIABLE:
72		print ts+" VendorGUID: EFI_GLOBAL_VARIABLE (%s)"%' '.join('%02x'%ord(c) for c in self.guid)
73		else:
74		print ts+" VendorGUID: %s"%' '.join('%02x'%ord(c) for c in self.guid)
75		print ts+" Value (0x%x bytes):"%(len(self.value))
76		chexdump(self.value, ts+" ")
77
78		print "Loading BIOS..."
79		bin = open(sys.argv[1], "rb").read()
80
81		print "Loading VSS..."
82		vss = bin[VSS_OFFSET:VSS_OFFSET+VSS_SIZE]
83
84		if vss[:4] != "$VSS":
85		raise ValueError("Invalid VSS signature")
86
87		off = 0x10
88
89		found = False
90
91		while not found and vss[off:off+2] == "\xaa\x55":
92		var = VAR(vss[off:])
93		if var.name == PATCH_VARIABLE and var.status == 0x7f:
94		found = True
95		else:
96		off += len(var.data)
97
98		if not found:
99		#print "Variable not found!"
100		raise ValueError("Variable not found!")
101
102		print "Old state:"
103		var.showinfo()
104
105		var.value = var.value[:PATCH_OFFSET] + chr(PATCH_VALUE) + var.value[PATCH_OFFSET+1:]
106		var.update()
107		print "Patched state:"
108		var = VAR(var.data)
109		var.showinfo()
110
111		print "Updating VSS..."
112		vss = vss[:off] + var.data + vss[off+len(var.data):]
113
114		print "Updating BIOS..."
115		bin = bin[:VSS_OFFSET] + vss + bin[VSS_OFFSET+VSS_SIZE:]
116
117		print "Writing output..."
118		ofd = open(sys.argv[2], "wb")
119		ofd.write(bin)
120		ofd.close()
121
122		print "Done"