ChuWi Forum»Forum Chuwi Tablet Discussion Chuwi Hi13 I think I receive an HI13 with a 1.16 bios infected ...

Follow Us

I think I receive an HI13 with a 1.16 bios infected by rootkit !

[Copy link]

Ferreol|Post time:8-21-2017 22:00:12 View:415|Reply:10

Hello

This Friday I received an HI13 who is clearly not new. It's come with 1.16 bios and  lots of trouble.

As this bios isn't referenced anywhere, after extracting the bios with AFUWINGUIx64, I flash with v1.14 and immediately reenable secureboot and reinstall Windows.

After that, I extract again the bios and compare it with WinDiff to the original one. WinDiff.jpg

I've just contacted Chuwi support and send her two bios. I hope a kick response.

Please can someone try to compare his bios with the original one and send the result here.
You can find AFUWINGUIx64 here and WinDiff here . (after you open the tow file with WinDiff you have to double-click on the red line to open the comparison window)


Reply

Use magic Report

emily| Post time 8-20-2017 23:57:12 | Show all posts
hello, could you please send me you serial number so that i can help you contact the service and send you the bios suit your tablet? have a good day
Reply Support Not support

Use magic Report

Ferreol| Post time 8-21-2017 00:36:32 | Show all posts
I send you my serial number by PM.

Thank you again for your attention.

Could you explicitly confirm I am not paranoiac, and there is really a rootkit in my bios tablet ?
Reply Support Not support

Use magic Report

Ferreol| Post time 8-21-2017 04:52:22 | Show all posts
Emily, sorry to insist, but I need to be certain.

I put here all the long story for everything to be clear.

I buy my Chuwi HI13 as new on priceminister.com to Sliverstars seller.

At the first start, the computer directly logon into a "CW" admin account !

I look at the event viewer and the admin logs show me that the first computer stated up on January 13 !
The admin logs also show a critical event in June and the August 4 ( It must be the day before the computer was sent to me ).

After a shutdown for charging, the tablet shows me a blue screen at starting ! (the first in a series)
Chkdsk seem to find errors but seem unable to correct it.

So I make a Windows memtest who rapidly fail.

At this time I contact the seller for a full refund with no return shipping fee.

But I've also bought a keyboard and stylus and the tablet seems potentially great if I could resolve this trouble.

I try a load bios default. And just after I use windows recovery environment startup repairs.

After that, chkdsk succeed and memetest too. But sfc and dism cmd fail. So after backup events logs and making a complete system backup, then I try a fresh install.

When I've done, all seem work correctly for a while.
At this time,I was really happy and satisfy by Chiwi HI13. but before to cancel the dispute with the seller I try another memtest, who fail at the second pass.

I've noticed I've got bios 1.16 who don't seem to be available anywhere, so after extract it with AFUWINGUIx64 I flash my tablet with official 1.14 bios. But memtset after that fail again. More, Kionix G-Sensor send code 10 and no longer works !

That at this time I extract 1.14 bios on my tablet and compare it with the original.

Seller hasn't responded yet. Priceminister notify me they try to resolve conflict. But for now I can't contact her, I must wait they contact me before. I also benefit of PayPal protection.

But if  there is a Rootkit and if it is not possible to remove it, I'm not sure that will be a good idea to send back to this seller who will probably sell it to another victim !

So Emily could you confirm the bios I send to the support with a ticket and by mail to service@chuwi.com are infected ?
Reply Support Not support

Use magic Report

Ferreol| Post time 8-21-2017 11:38:44 | Show all posts
Perhaps I'm a little paranoid like they suggested at 4pda.

But why nobody answers at my first suggestion ? : "Please can someone try to compare his bios with the original one and send the result here.
You can find AFUWINGUIx64 here and WinDiff here . (after you open the tow file with WinDiff you have to double-click on the red line to open the comparison window)"

I've asked the question here. It seems the differences I see are normal. It's completely contradictory with my knowledge, but I'm not a bios engineer...

So, I'm sorry for the trouble I've caused, but I would still appreciate a clear answer from the support.
Reply Support Not support

Use magic Report

Hackerjac| Post time 8-21-2017 12:49:14 | Show all posts
Ferreol replied at 8-21-2017 20:38
Perhaps I'm a little paranoid like they suggested at 4pda.

But why nobody answers at my first sugge ...

How are you comparing the BIOS v 1.16 from your tablet with the original one, the v 1.16 haven't been released for download
I do NOT work for Chuwi. Please DO NOT pm or email me with problems you may have!
Reply Support Not support

Use magic Report

Ferreol| Post time 8-21-2017 13:20:53 | Show all posts
Edited by Ferreol at 8-21-2017 13:22
Hackerjac replied at 8-21-2017 12:49
How are you comparing the BIOS v 1.16 from your tablet with the original one, the v 1.16 haven't b ...

Your right it is impossible to compare 1.16 bios with something that doesn't officially exist.

But if you read my comment carefully I think you will understand I compare officials v1.14 bios with the one I extract after installing officials v1.14 bios over the 1.16 one.

( I'm a Frenchman who does not speak very good English, so I understand that my story is not necessarily very clear)
Reply Support Not support

Use magic Report

Hackerjac| Post time 8-21-2017 13:53:53 | Show all posts
Ferreol replied at 8-21-2017 22:20
Your right it is impossible to compare 1.16 bios with something that doesn't officially exist.
But  ...

TBH, i think you are paranoid, you will never get the same out of your bios chip as the file you have downloaded, as far i know its not possible to read out the Secureboot sectors from BIOS

So my advice is, listen to Fernando at Win Raid board, he really know what hes talking about
I do NOT work for Chuwi. Please DO NOT pm or email me with problems you may have!
Reply Support Not support

Use magic Report

Ferreol| Post time 8-21-2017 14:28:06 | Show all posts
Hackerjac replied at 8-21-2017 13:53
TBH, i think you are paranoid, you will never get the same out of your bios chip as the file you h ...

your right again I'm paranoid ( Slightli but I asume )I thought naively that the secure boot protect only the writing and not reading.
And you're right for the third time Fernando at Win Raid board, really know what hes talking about.
But you seem to be wrong for the first time : at Fernando Win Raid board they devlop a completly diferent argument as you.
Perahaps the trush is a mixture of the tow ?

Finally, I take advantage of this message, to call Emilie that I still waiting for "the bios suit my tablet" or any response of support.








Reply Support Not support

Use magic Report

glpub| Post time 8-21-2017 22:00:12 | Show all posts
Guys

secure boot has nothing to do with reading/writing BIOS
it is a part of boot procedure which checks if OS bootloader has authorized signature
Reply Support Not support

Use magic Report

You have to log in before you can reply Login | Register

Points Rules

12Next
Return to list
Quick Reply To Top Return to the list