Free Flash Drivers

CodeRushs UEFI Modding Posts

Hey everyone. Just ran across some posts by CodeRush about modding UEFI. Covers a lot of details about how he modded just about everything in his Lenovos BIOS. Very impressive work, and well worth reading! Heres part one and part two. Theyre in Russian, so use Googles Translator if you prefer English.

Available link for download

Insyde BIOS Modding GPU Overclocking

Adjusting the clock speed of electronics has been popular for decades. The primary goals accomplished by doing this are to either achieve greater performance, by overclocking, or to make their machine consume less power, by underclocking. This kind of a thing had some risk though. Overclocking can often lead to overheating, and underclocking can often lead to an unstable system.

For this tutorial were going to talk about adjusting the clock speed(s) of our graphics card. Modern GPUs usually have two clock speeds, the core frequency and memory frequency. NVidia cards also have a shader clock, but AMDs dont. Just to mention it, my laptop had an AMD GPU. Each clocks frequency controls the speed for difference aspects of your GPU. The core clock is primarily used for the computations carried out by the graphics card, the memory clock controls its bandwidth speed, and the shader clock controls how fast the shaders operate. Increasing the speed of any one of these things will boost your performance.

Another good piece of information to know is that your GPU has different states which control its current speed. It will jump back and forth from these states when your requiring more performance. Its similar to C-states in a CPU.

So lets get started with this tutorial. If youd like to follow along by using the same BIOS as me, then you can download it here. Were going to increase the speed of all our GPUs clocks in order to maximize performance. These same steps can also be applied to underclock your GPU, but Im not going to personally do that to mine. First we need to find out which module in our BIOS contain our VBIOS. The VBIOS is just the BIOS for the GPU. So to do this were going to need to use either Everest or Aida64 to extract our current VBIOS from our system. You can download Aida64 here. Now right click on the bottom bar and go to Video Debug | Video BIOS Dump.


This will dump a current version of our VBIOS to vgabios.dmp. Now lets open that with a hex editor. Our VBIOS is stored in one of the modules in our BIOS, so were going to have to determine which one that is. Lets pick a hex sequence in our VBIOS so we can search for it later in the modules. You can download the same hex editor that I use, HxD, here. Im picking this string.

Time to search through our BIOS. Unpack your BIOS installer so that you have access to you BIOS rom. Open that ROM with Andys tool. The latest version of Andys tool can be downloaded here. In Andys tool, press the Structure button and extract the DXE Core module. Make sure Decompress Extracted Modules is checked.


Now open that extracted file with a hex editor and search for the hex sequence that we decided on earlier. Looks like it found it at offset 0x29C07C.


To see which module this is in, we have to search for the byte sequence that marks the start of a module, 4D 5A. Then the VBIOSs modules name should be right above that. This byte pattern might appear a few times in the current module, so keep searching until you get to one that looks like it signifies that start of a module.


Thats weird, my VBIOSs module doesnt have a name. Thats because some modules dont have a name. Andys tool has calls them Freeform modules. we can still isolate our VBIOS module by seeing which modules are above and below it, so search above it and below it for 4D 5A.


So these are the two modules that frame the one were looking for. Lets see what that is in Andys tool.


To find out which, I just extracted all of the possible choices and searched through each of them for that hex string we decided on earlier. My VBIOS ended up being in the 35064B31-3D4A-4731-BBC0-A4AA102C8DB4 module. Now time to overclock it. This is where the tutorial gets focused primarily on AMD graphics cards. Im sure there are programs around that can accomplish the same thing for NVIDIA and Intel GPUs.

First were going to determine the maximum stable clock speed for our system. For this were going to use the AMD GPU Clock Tool. You can get it here. This tool allows use to adjust the clocks speeds of our GPU in real time, and by doing this, we can test out speeds without making them permanent. To use it, simply set your new frequencies and press Ok.


Be careful at this part. Use common sense so you dont break you GPU. Id recommend you start off by increasing your core clocks speed by 50 MHz at first, then do 10 MHz increments after that. I wouldnt suggest you change the voltage unless you know what your doing. Also run a benchmark software, such as FurMark, in between increments. This is to make sure that your system can handle the new speeds without any problems. You know your past you max stable frequency when your graphics driver crashes or when your stress test score starts to decrease. Id then lower this frequency by 5 - 10 MHz to get your stable, maximum value. Now repeated this same process for the memory clock. You can also test out lower frequencies while your here incase you want to underclock your GPU.

Now lets apply this new frequencies to our VBIOS. In Andys tool, click on the Advanced button. We need to set it so that we can edit modules. These are the options I checked for that.


Now click Done, and at the main menu of Andys tool press Go. And wait for this screen to come up. Now we need to edit our VBIOS module before pressing Ok.


All of our modules are in the DUMP folder created by Andys tool when it open your BIOS. So inside this folder is our VBIOS module which should be named similar to the module we isolated earlier, mine was named 35064B31-3D4A-4731-BBC0-A4AA102C8DB4. To edit our frequencies, were going to use a program called Radeon BIOS Editor. You can get the latest version here. So open your VBIOS module from the DUMP folder with this program. Make sure you open the biggest module with this name because thats the one that actually contains our VBIOS.


Now go to the Clock settings tab to view all the current power states of your GPU. You can edit all of these if youd like, but the important ones are the highest and lowest speeds. These are the ones to edit for over and under clocking.

As you can see, Ive already entered my new values. When your done, press File | Save BIOS and overwrite the existing VBIOS file. Now press Ok on the message from Andys tool. Itll now insert your module into a new BIOS file. Lets test it out. Rename the file produced from Andys tool, mine was named 01448F29_SLIC.bin, to what the original BIOS rom was named, mine was 01448F29.bin. Now run InsydeFlash.exe and hit Start. Wait for it to initialize and press Ok. Itll now flash your newly modified BIOS and restart automatically when its finished. Now your GPU should be utilizing your new frequency. To verify this, simply run FurMark and make sure it displays you new clock speeds.


Here are my benchmark scores before and after the overclocking. Thats a 21% increase in the score! And only a 5 degree Celsius temperature increase.

 Hope you guys get as good of results as I did. Thanks for reading!

Available link for download

Insyde BIOS Modding Manually Changing Settings

Even though you dont have access to all the hidden settings in your BIOS, you can still manually adjust them by changing the EFI global variable package that contains the values for each setting. By doing this, you can easily change the settings you want without having access to them in the setup utility.

The flash chip on your computer that contains your BIOS also has several other regions. Usually a computer has at least these follow regions: Intel ME, BIOS, and Descriptor. However they can also have additional ones line GBE and OEM. Depending on how you update your computers firmware, only parts of these regions are actually changed. So when you update your BIOS through an update released by your OEM, your actually only overwriting part of the whole BIOS region. So whats stored in the remaining part? Well in the BIOS region, one of these things are the EFI global variables.

So how do we gain access to a complete dump of out BIOS so that we can modify these values? Ive only seen one program that can accomplish this task and thats Intels Flash Programming Tool. There are different version of it for each of the Intel chipsets, so get the one that corresponds to your mobos chipset. You can find the different versions in this discussion.

To create a complete dump of your bios, youll need to run the following command through an admin cmd after youve already navigated to the programming tools directory. So heres what I did:

 cd C:UsersDominoDesktopME 6.0.0.1184ME 6.0.0.1184ToolsSystem ToolsFlash Programming ToolWindows 
 
 fptw.exe -d output.bin -BIOS 

If everything worked, then the output on the command prompt should say something similar to this:


So this will create a file called output.bin that contains the complete dump of your bios. As a side note, this complete dump will include things like your computers tattoo information, variable packages, etc. Since some of this stuff is unique to the computer it came from, like serial numbers, I dont recommend you attempt to flash someone elses complete BIOS dump on your own computer. Now lets use my EFI Variable Dumper to extract the important information about the variable packages from it. Just drag and drop the output.bin file onto the EFI Variable Dumper.exe executable.


This creates a file called output Variables Dump.txt that contains all the EFI global variable packages. Most of these packages arent of much interest to us, however the one that relates to the values of certain settings in the setup utility is the Setup package. This package contains the values currently being used by the settings. So all you need to know is the variable ID of the setting you want to change, the size of its storage in the package, and all its possible values. Luckily my EFI IFR Dumper can give us all that information. So before we continue, we first need to be get the IFR dump from our setup utility module. The first part of my hidden settings tutorial goes over how to get this, so come back here after you successfully dumped the internal forms representation from that module. Now lets continue, so heres what EFI IFR Dumper tells me about my Virtualization Technology settings:

 fptw.exe -f output.bin -BIOS 

Available link for download

Insyde BIOS Modding Hidden Settings

Despite what Ive already gone over in this blog, theres still more to be unlocked in the setup utility. You can see proof of this by going through the setup utilitys module with a hex editor. Theres tons of strings that cant be seen under normal circumstances. Heres just a few that I noticed right away:


The most common way of unlocking most of these hidden options is to modify the internal form representation, IRF, used in EFIs human interface infrastructure, HII, protocol. This is whats used to create everything in the setup utilitys interface. Unfortunately this is not the same as the standard IA-64 assembly that weve worked with in the past, so were going to have to learn some stuff before we can modify it. I post a program I made to assist in the disassembly of this code later in this tutorial, so you can skim though most of this if you dont care about the details.

The resources I found the most useful when researching this protocol were the latest Intels EFI Human Interface Infrastructure Specifications, which can be found here, and the EfiInternalFormRepresentation.h specification file found in the latest EDK II toolchain, which can be found here. I highly recommend you at least skin over these two documents so you can understand everything I say in this tutorial. Lets extract the setup module from our BIOS and examine the HII sections of it with a hex editor. Ill quickly go over how to find out which module this is first.

To get started make sure you unpack your BIOS installer so that you have access to the BIOS rom. If you want to follow along with this tutorial by using the same BIOS as me, then you can get it here. Now open the rom with Andys tool, go to the structure view, check the Decompress Extracted Modules box, and extract the DXE Core module. The latest version of Andys tool can be downloaded here.

My extracted module is named 4A538818-5AE0-4EB2-B2EB-488B23657022.MOD. Yours might be named something different. So lets open that module with a hex editor, and search for a familiar string so that we can locate what module contains the setup utility. The hex editor I use is HxD. As a side note, Insyde BIOS uses Unicode strings. This means that after each letter, theres a 00 hex character. This is because each character is 16 bits instead of 8 bits. So heres what I am going to search for, notice how I have blank characters between each letter. The name of one of my tabs is System Configuration, so the module that contains this string should also contain the setup utility.


So lets search for this string in our DXE Core module and see if it exists. Awesome! It found it.


Now we know were in the correct module. So search for the hex values 4D 5A. These values are always at the start of a module, and the name of a module is always at the end of a module. So heres what it finds:


I circled the modules name in red. So now we need to remember the GUID of the SetupUtility module. Lets go back to Andys tool to see what it is.


My SetupUtility GUID is FE3542FE-C1D3-4EF8-657C-8048606FF670. So lets open this module with a hex editor to get a better understanding of how to mod it. To do this, open the file in the DUMP folder created by Andys tool in the same directory as your BIOS rom. Make sure you open the largest file because there will be several with similar names.


Now we can get started looking at the HII protocol. First we need to find the HII database header as this will tell us the initial offsets of our string packages and form sets. You can usually locate this header because it starts off with an obvious identifier. Mine starts with the $SBV, but yours might start off with something different. Id recommend skimming through the entire file until you notice something similar to it. Its usually located right before the start of the first string package.


As you can see, it tells us some pretty useful things. Both offsets are stored in little endian, so just reverse the byte order if your having trouble reading the values. Heres the data structure I made to contain these values:

 struct EFI_HII_DATABASE_HEADER { 
 uint32_t Offset; 
 string Identifier; 
 uint32_t StartStringPackages; 
 uint32_t StartFormSets; 
 }; 

All BIOS might now implement this header the same way, so I dont rely on it in my program. Now that we know the offset of the first string package, lets take a look at it. Heres mine:


This follows the EFI_IFR_STRING_PACK structure thats described in the specification file I mentioned earlier. The picture points out some of the more important things. Lets talk about what a string package is before we go any further. To add support for multiple languages, strings are stored in groups depending on their language types. So the HII database will store all these individual string packages and reference them if the user selects their corresponding setting under the language option. Each string in a package is given a unique string ID. These start off at 0x00 and increase in 0x01. increments. For your setup to use a specific string, it must reference that strings string ID. A string package header is followed by a series of offsets that each correspond to the location of a string in that package. Past all these offsets, the actual strings are stored. You can verify this yourself by scrolling down a little bit below the string package header. Youll quickly see the strings start out with their localization strings, like eng and English. String packages might not all be stored in together in the module, so I take this into account in my program. In addition, theres one string package per language. Heres the data structures I made to contain string packages:

 struct EFI_HII_PACK_HEADER { 
 uint32_t Offset; 
 uint32_t Length; 
 uint16_t Type; 
 }; 
 
 struct EFI_IFR_STRING_PACK { 
 EFI_HII_PACK_HEADER Header; 
 uint32_t LanguageNameString; 
 uint32_t PrintableLanguageString; 
 uint32_t NumStringPointers; 
 uint32_t Attributes; 
 string *Strings; 
 }; 

Now lets go check out the first form sets header whose offset was given to us by the HII database header we mentioned earlier. Heres mine:


Sorry this picture got kind of messy with all the arrows. I tired to circle some of the more important things, like the title value which contains the string ID that corresponds to the name of the form set. In my case, the string ID 0x0022 refers to the string Main. So this is the Main tab. This header follows the EFI_IFR_FORM_SET structure. Similar to the string packages, the form sets might be scattered throughout the module. After the header, all the IFR instructions are stored which can all be examined more closely by looking at the documentation. The last instruction in any form set is the EFI_IFR_END_FORM_SET_OP. A form set is just another name for the tabs in your setup utilitys menu, so we can dissect the menu more thoroughly by looking at the instructions used in each form set. Theres one form set per tab. So heres the form set data structures:

 struct EFI_IFR_OP_HEADER { 
 uint32_t Offset; 
 uint8_t Opcode; 
 uint8_t Length; 
 }; 
 
 struct EFI_IFR_FORM_SET { 
 EFI_HII_PACK_HEADER Header; 
 string Guid; 
 uint16_t FormSetTitle; 
 uint16_t Help; 
 uint64_t CallbackHandle; 
 uint16_t Class; 
 uint16_t Subclass; 
 uint16_t NvDataSize; 
 }; 

Lets look at the first instruction in the first form. The first byte of an instruction is  its opcode, so lets see what the instruction is by looking at the opcodes value. As a side note, the second byte of an instruction is the length of that instruction including its opcode. Heres a list of opcodes for all the instructions used in EFIs IFR protocol:

 #define EFI_IFR_FORM_OP 0x01 
 #define EFI_IFR_SUBTITLE_OP 0x02 
 #define EFI_IFR_TEXT_OP 0x03 
 #define EFI_IFR_GRAPHIC_OP 0x04 
 #define EFI_IFR_ONE_OF_OP 0x05 
 #define EFI_IFR_CHECKBOX_OP 0x06 
 #define EFI_IFR_NUMERIC_OP 0x07 
 #define EFI_IFR_PASSWORD_OP 0x08 
 #define EFI_IFR_ONE_OF_OPTION_OP 0x09 
 #define EFI_IFR_SUPPRESS_IF_OP 0x0A 
 #define EFI_IFR_END_FORM_OP 0x0B 
 #define EFI_IFR_HIDDEN_OP 0x0C 
 #define EFI_IFR_END_FORM_SET_OP 0x0D 
 #define EFI_IFR_FORM_SET_OP 0x0E 
 #define EFI_IFR_REF_OP 0x0F 
 #define EFI_IFR_END_ONE_OF_OP 0x10 
 #define EFI_IFR_END_OP EFI_IFR_END_ONE_OF_OP 
 #define EFI_IFR_INCONSISTENT_IF_OP 0x11 
 #define EFI_IFR_EQ_ID_VAL_OP 0x12 
 #define EFI_IFR_EQ_ID_ID_OP 0x13 
 #define EFI_IFR_EQ_ID_LIST_OP 0x14 
 #define EFI_IFR_AND_OP 0x15 
 #define EFI_IFR_OR_OP 0x16 
 #define EFI_IFR_NOT_OP 0x17 
 #define EFI_IFR_END_IF_OP 0x18 
 #define EFI_IFR_GRAYOUT_IF_OP 0x19 
 #define EFI_IFR_DATE_OP 0x1A 
 #define EFI_IFR_TIME_OP 0x1B 
 #define EFI_IFR_STRING_OP 0x1C 
 #define EFI_IFR_LABEL_OP 0x1D 
 #define EFI_IFR_SAVE_DEFAULTS_OP 0x1E 
 #define EFI_IFR_RESTORE_DEFAULTS_OP 0x1F 
 #define EFI_IFR_BANNER_OP 0x20 
 #define EFI_IFR_INVENTORY_OP 0x21 
 #define EFI_IFR_EQ_VAR_VAL_OP 0x22 
 #define EFI_IFR_ORDERED_LIST_OP 0x23 
 #define EFI_IFR_VARSTORE_OP 0x24 
 #define EFI_IFR_VARSTORE_SELECT_OP 0x25 
 #define EFI_IFR_VARSTORE_SELECT_PAIR_OP 0x26 
 #define EFI_IFR_TRUE_OP 0x27 
 #define EFI_IFR_FALSE_OP 0x28 
 #define EFI_IFR_GT_OP 0x29 
 #define EFI_IFR_GE_OP 0x2A 
 #define EFI_IFR_OEM_DEFINED_OP 0x2B 
 #define EFI_IFR_LAST_OPCODE EFI_IFR_OEM_DEFINED_OP 
 #define EFI_IFR_OEM_OP 0xFE 
 #define EFI_IFR_NV_ACCESS_COMMAND 0xFF 

My setup utilitys first opcode is 0x01 which happens to be EFI_IFR_FORM_OP. This creates a form in the current form set.


Everything after the first two bytes of an instruction is unique to the specific opcodes structure. So well have to looks at its data structure to find out more. Here it is so you can better understand what Im saying:

 struct EFI_IFR_OP_HEADER { 
 uint32_t Offset; 
 uint8_t Opcode; 
 uint8_t Length; 
 }; 
 
 struct EFI_IFR_FORM { 
 EFI_IFR_OP_HEADER Header; 
 uint16_t FormId; 
 uint16_t FormTitle; 
 }; 

Now that weve established how EFIs HII IFR protocol works, we can create a program to make disassembling it easier. If your more curious about how this protocol works, then feel free to take a look at my programs source code. I commented it thoroughly and its very easy to follow. You can get the latest version of both the program and its source in this post. This program takes the setup utilitys module as a parameter via the use of command line arguments. So the easiest way to run it is to just drag and drop the setup utilitys module onto the EFI IFR Dumper.exe program. This will create an output file which contains all your setups dumped information. Heres what part of my outputted file looks like:


For ease of use, I made it show both the instruction and its offset. Now we can easily see everything thats hiding. The two ways that this protocol can restrict access to certain settings are to use the either the EFI_IFR_GRAYOUT_IF_OP or the EFI_IFR_SUPPRESS_IF_OP instructions. If the statement following either of these instructions is evaluated as true, then their restrictions take affect. All the instructions that aid in these conditional restrictions are as follows:

 #define EFI_IFR_EQ_ID_VAL_OP 0x12 
 #define EFI_IFR_EQ_ID_ID_OP 0x13 
 #define EFI_IFR_EQ_ID_LIST_OP 0x14 
 #define EFI_IFR_AND_OP 0x15 
 #define EFI_IFR_OR_OP 0x16 
 #define EFI_IFR_NOT_OP 0x17 
 #define EFI_IFR_EQ_VAR_VAL_OP 0x22 
 #define EFI_IFR_TRUE_OP 0x27 
 #define EFI_IFR_FALSE_OP 0x28 

So you can easily locate all of the things hiding in your setup by looking through the output file for instances of Grayout and Suppress.

Lets try to enable the UEFI Boot setting which is currently not visible because of a suppress if instruction. First lets go back to Andys tool, open our BIOS rom, and press the Advanced button. We want to enable the ability to make modifications to the modules. So these are the settings I changed. I also checked No SLIC because otherwise we would have to select a SLIC table in order to repack our changes. Im fine with my BIOS current SLIC table.


Press Done to get back to the main screen of Andys tool. Then press the Go button. When this message comes up, dont press Ok yet. We need to modify our setup module first.


Lets look at the UEFI Boot situation a little more closely.


So everything between the Suppress if and End if isnt being displayed because the conditional statement after the suppress if instruction is being evaluated as true. If we can make this statement evaluate to false, then this setting will appear. Lets look at those offsets in the setup module with a hex editor to see the instructions more closely.


So to make this alteration, we have to replace the EFI_IFR_TRUE_OP with an EFI_IFR_FALSE_OP. This will make the statement right after the EFI_IFR_SUPPRESS_IF_OP evaluate to false. So lets just change 0x27 to 0x28.


Save the file. If you want to verify if this worked then you can run the EFI IFR Dumper.exe program on the newly modified setup module. Heres the changes it shows after the modification:


Its looking good! Time to try it out. Now you can press Ok on the message from Andys tool, and it should repack your BIOS with your modified SetupUtility module. Lets try it out. Rename Andys tools outputted file, mines named 01448F29_SLIC.bin, to what the original rom was called, mines 01448F29.bin. Thisll replace the original rom with the modified one. Now run InsydeFlash.exe. Press Start, wait for it to initialize, then press Ok. It will now flash your computer with you modified BIOS then restart. Upon startup, press the key that corresponds to your setup utility, mines F10, to view your changes. Heres mine:


Awesome! It worked! Now lets go over how to unlock a setting thats suppressed in a more complicated way. So get Andys tool back to the point where youre ready to modify the setup utility module. My Display Mode setting, which can be used to disable hybrid graphics support, is suppressed by two conditional statements with an or condition relating them.


So to have the IFR not hide this setting, well have to modify this entire condition. Lets take a look at those offsets to see what the actual code looks like:


Remember how I said the second byte of any instruction is the length of that instruction. The entire length of the condition is important because were going to replace it all with an EFI_IFR_FALSE_OP. This will make the condition evaluate to false, thus removing the suppression on the setting. So heres how to do that:


Now the statement immediately following the suppress instruction is a false statement. Weve made this false operation the entire length of the original condition so that the IFR will understand that the next instruction takes place 0x10 bytes after the false instruction. I filled in the remaining bytes of it with 0x00 just to make it look nicer. Lets run this new setup module through EFI IFR Dumper to see if all the changes we made were correct.

It looks as expected. So lets apply this change to the BIOS with Andys tool. Now flash it and check out your results.


Double awesome!! Now we have an easy way to gain full access to every option in our setup utility.

Available link for download

Insyde BIOS Modding Splash Screen Logo

I first got into BIOS modding back in 2009, and since then Ive always considered BIOS modding to be the ultimate test of reverse engineering. I say this because unlike most software reverse engineering for API dependent programs, you no longer have the ability to view the contents of the CPU registers, nor do you have access to any kind of debugging. Getting the results you desire without these two crutches makes this very difficult. If youd like to follow along with this tutorial by using the same BIOS that I am, then heres where you can download it.

One of the primary tools I use for modding Insyde BIOS is Andys Phoenix tool. This tool allows you to unpack, extract, insert, and replace all the different modules that make up your BIOS. It keeps all the checksums updated, which pretty much makes the modding process fool proof. You can download it here. The other tools I use are IDA Pro for any disassembling and HxD for any hex-editing.

So lets get started on my second BIOS modding tutorial. The splash screen logo is the image that appears when your computer is starting up. Since I have an HP laptop, my computers splash screen logo is an HP logo. Most computer companies follow this trend. Heres a picture of what mine looks like:


Unpack your BIOS installer so that you have access to your BIOS rom. Lets start off by opening your BIOS rom with Andys tool and press the Advanced button. We want to enable the ability to make modifications to modules. So these are the settings I changed. I also checked No SLIC because otherwise we would have to select a SLIC table in order to repack our changes. Im fine with my BIOS current SLIC table.


Press Done to get back to the main screen of Andys tool. Then press the Go button. When this message comes up, dont press Ok yet.


Now we can edit our BIOSs modules. So we have to find out which module actually contain the splash screen logo. Download XSearch here and run it. Click Browse and select the DUMP folder produced by Andys tool when it opened your BIOS image. Now depending on the type of image decoder(s) are in your BIOS, youll need to search for that type of format in XSearchs search box. If you have a jpeg decoder, then search for JFIF, for bmp search for BM, and for PCX search for this hex sequence 0A 05 01 in ascii notation. Special thanks to Florin9doi for that information. If you dont know what decoder your BIOS has, then just search for all of them. You can search for several words at once by separating them with spaces. Ex: JFIF BM

Mine found a lot of modules containing those words, but only one of them is my actual splash screen logo. Try opening up all the listed modules with MS Paint until you find the right one. If you have trouble with this part then try renaming the file extension to .jpg, .bmp, or .pcx. Just make sure you name it back to .ROM when you finished editing it. The 609DDF84-0816-46AA-92E8-3ED9A7AFC4CA_0_882.ROM file contain mine.

If your really having trouble finding which module contains your logo, then Id recommend you look through your DUMP file using the latest version of Ubuntu. Its default file browser, Nautilus, automatically parses through the files your currently looking at and displays a thumbnails of all multimedia files. So heres it automatically determining which file contains my logo:


Now you can freely edit the image. The only restriction is that theres a limited amount of space in your BIOS. The largest image I was able to get working was a very low quality 640 x 480. Andys tool will give you an error if your new logos too big. Heres a logo that I did as a quick demonstration:

When your done creating you splash screen logo, you can press Ok on the message from Andys tool. Itll now repack your BIOS with the edited module. Rename its outputted file, mines named 01448F29_SLIC.bin, to what the original rom was called, mines 01448F29.bin. Thisll replace the original rom with the modified one. Now run InsydeFlash.exe and press Start. Wait for it to initialize then press Ok. It will now flash your modified BIOS into your computer and restart. Upon startup you should be greeted with your image. Itll probably be slightly stretched. Thats just how the BIOS displays it, so you might have to adjusting the image by pulling in the sides a little. Heres what mine looks like:


Way to go! You did it!

Available link for download