[UEFIPatch] UEFI patching utility

[CodeRush]

Thanks for report. Try disabling the patch, if kernel goes to panic - there is a new locking code somewhere. If not - ASUS made us a gift.

[the_root]

Hi guys,  I have many successful installations on socket 775 motherboards, but recently I'm happy owner of ASUS Z87-DELUXE, so I'm try to patch my BIOS (Z87-DELUXE-ASUS-1007) with PMPatch but it fails:

-----------------------------------------------------------------------------------------------

PMPatch 0.5.12
PowerManagement modules not found.
AMI nest modules not found.
Phoenix nest modules not found.
CpuPei module at 00670E20 not patched: Patch pattern not found.
CpuPei module at 00770E20 not patched: Patch pattern not found.

-----------------------------------------------------------------------------------------------

 

What can be made, help me out pls. ?

[CodeRush]

Not implemented yet, sorry. Will do in 1-3 days, no time for programming now.

Will make you a modified BIOS tomorrow.

[the_root]

Not implemented yet, sorry. Will do in 1-3 days, no time for programming now.

Will make you a modified BIOS tomorrow.

 

Amazing, thank you friend.

[CodeRush]

I don't know if 10.9 support Haswell power management with vanilla kexts (10.8 has no such support, AFAIK), but you can try and report.

Here is your patched BIOS: 

Z87-DELUXE-ASUS-1007_PM.zip

Flash it using USB BIOS Flashback.

[the_root]

I don't know if 10.9 support Haswell power management with vanilla kexts (10.8 has no such support, AFAIK), but you can try and report.

Here is your patched BIOS: 

Z87-DELUXE-ASUS-1007_PM.zip

Flash it using USB BIOS Flashback.

 

Hi, i just successfully complete the BIOS flashing using the "USB BIOS Flashback" function ( USB thumb, and the button on the back site ). All other attempts was ending with "Security Verification Failed", and now I am able to see the boot screen from the Flash Thumb. Thank you again for the file. Now I'll try the Mavericks ...

[donovan6000]

Created a blog a while ago where I've posted a few bios modding tutorials. Just finished one where I went over how I found and patched the native power management lock in my own bios. Might be worth reading to help others create patches that don't currently exists in PMPatch. You can check It out here 

[FriedCPU]

Hi,
I am trying to modify the bios on my ASUS ROG CG8565, it supposedly has a P8Z68-V-PRO, but the bios differs and is locked down, no overclock settings for my i7-2600k apart from the Turbo up to 4.2Ghz so if you know how to get another P8Z68-V-PRO to flash without failing signature verification, that would be awesome.

But anyway, I am trying to modify the actual CG8565 bios 3508 with PMPatch for use with OS X 10.9. PMPatch produces the following results...
 

C:\>PMPatch.exe P8Z68-V-PRO-ASUS-CG8565-3508.ROM P8Z68-CG8565-3508-PMPATCH.ROM

PMPatch 0.5.12

PowerManagement module at 00422288 patched.

AMI nest modules not found.

Phoenix nest modules not found.

CpuPei module at 0079FD88 not patched: Patch pattern not found.

CpuPei module at 007DFD88 not patched: Patch pattern not found.

Output file generated.

all good, it flashes fine. but I still get a kernel panic (see attachment) after I remove NullCPUPowerManagement
 

 

thanks for your time on such a great tool, can see it works for alot of people... hope I become one of them

[CodeRush]

if you know how to get another P8Z68-V-PRO to flash without failing signature verification, that would be awesome.

Yes, I know one. Check out the link to FTK guide in my signature. Prepare DOS-bootable FTK-drive as I described there, boot from it and try backup command. If it doesn't fail, send me the resulting file "backup.bin", and I can prepare an unlocked BIOS for you. Then flash it with flashprp command and that's it.

[magnifico]

Hi Code rush ....you're working on x79?

[CodeRush]

Yes, I have found the locking code in CpuPei module of ASUS Rampage IV Extreme latest BIOS, and prepared modified BIOS file for Rampage Dev, but it looks like there is no way to use AICPM.kext even with patched BIOS and 10.9 DP.

The locking code itself can be found in CpuPei modules and it's similar to the code for old P67/Z68 BIOSes with ME 7:

fffdf6ad: 81 fb e0 06 03 00     cmp    $0x306e0,%ebx // Compare EBX with 0x0306E0 
fffdf6b3: 75 0c                 jne    0xfffdf6c1 // If not equal, jump over 3 next lines
fffdf6b5: 0d 00 80 00 18        or     $0x18008000,%eax // Setting bits 26, 27 and 15 <-- lock bit
fffdf6ba: eb 05                 jmp    0xfffdf6c1 // Jump over the next line
fffdf6bc: 0d 00 80 00 00        or     $0x8000,%eax // Setting bit 15 <-- lock bit
fffdf6c1: 6a ff                 push   $0xffffffff   // And mask 1
fffdf6c3: 6a f8                 push   $0xfffffff8 // And mask 2
fffdf6c5: 6a 00                 push   $0x0 // Or mask 1
fffdf6c7: 50                    push   %eax // Or mask 2
fffdf6c8: 56                    push   %esi // 0xE2 stored here
fffdf6c9: e8 c1 0f 00 00        call   0xfffe068f // WRMSR inside

The patch itself is 0d00800018eb050d00800000 -> 0d00000018eb050d00000000, but I brings nothing, so I haven't integrated it to PMPatch yet.

[magnifico]

Yes, I have found the locking code in CpuPei module of ASUS Rampage IV Extreme latest BIOS, and prepared modified BIOS file for Rampage Dev, but it looks like there is no way to use AICPM.kext even with patched BIOS and 10.9 DP.

The locking code itself can be found in CpuPei modules and it's similar to the code for old P67/Z68 BIOSes with ME 7:

fffdf6ad: 81 fb e0 06 03 00     cmp    $0x306e0,%ebx // Compare EBX with 0x0306E0 
fffdf6b3: 75 0c                 jne    0xfffdf6c1 // If not equal, jump over 3 next lines
fffdf6b5: 0d 00 80 00 18        or     $0x18008000,%eax // Setting bits 26, 27 and 15 <-- lock bit
fffdf6ba: eb 05                 jmp    0xfffdf6c1 // Jump over the next line
fffdf6bc: 0d 00 80 00 00        or     $0x8000,%eax // Setting bit 15 <-- lock bit
fffdf6c1: 6a ff                 push   $0xffffffff   // And mask 1
fffdf6c3: 6a f8                 push   $0xfffffff8 // And mask 2
fffdf6c5: 6a 00                 push   $0x0 // Or mask 1
fffdf6c7: 50                    push   %eax // Or mask 2
fffdf6c8: 56                    push   %esi // 0xE2 stored here
fffdf6c9: e8 c1 0f 00 00        call   0xfffe068f // WRMSR inside

The patch itself is 0d00800018eb050d00800000 -> 0d00000018eb050d00000000, but I brings nothing, so I haven't integrated it to PMPatch yet.

 

so this is a a problem serius for future ?

[CodeRush]

I can't predict the future, but for now on it's impossible to use native AICPM.kext on X79/C602 even with unlocked 0xE2.

[mickey]

This seems like the exact same issue I'm having on the z68-v lx... bios is patched but I still need a patched AICPM.kext to actually boot... I wonder if there's some new protection we're missing?

[CodeRush]

mickey, probably. Can you send me full MSRDumper report from your board?

[magnifico]

I can't predict the future, but for now on it's impossible to use native AICPM.kext on X79/C602 even with unlocked 0xE2.

mhmm ...

I am very confident about yourself, I hope so much that you can do something positive for the future

[mickey]

mickey, probably. Can you send me full MSRDumper report from your board?

yes I will, later when I get home

[>Federico<]

I've a big problem with my laptop (Fujitsu AH532 Phoenix Secure Tiano Uefi Bios), because to update the bios it uses .exe file:

http://www.mediafire.com/?gkk1gpga348h2oz

 

How can I patch my bios?

[k3nny]

I've a big problem with my laptop (Fujitsu AH532 Phoenix Secure Tiano Uefi Bios), because to update the bios it uses .exe file:

http://www.mediafire.com/?gkk1gpga348h2oz

 

How can I patch my bios?

Just patch the exe file.

[>Federico<]

I've patched the exe file but when I went to update the bios it gave me error 234 secure verification fail.

[CodeRush]

Then you need to dump your BIOS with FTK biosbck command, patch the dumped biosbck.bin file abd then flash it using restore command. Read the guide about FTK in my signature.

[misterfrista]

Hey!

 

I´m trying to patch my Gigabyte GA-Q77M-D2H lately but without success! I did the following things:

 

 

Microsoft Windows [Version 6.1.7601]
Copyright © 2009 Microsoft Corporation. Alle Rechte vorbehalten.

C:\Windows\system32>cd C:\Users\Gerrit\Desktop\Win64

C:\Users\Gerrit\Desktop\Win64>fpt -bios -d dump.bin

Intel ® Flash Programming Tool. Version:  8.1.10.1286
Copyright © 2007 - 2012, Intel Corporation. All rights reserved.

Platform: Intel® Q77 Express Chipset
Reading HSFSTS register... Flash Descriptor: Valid

    --- Flash Devices Found ---
    MX25L6405D    ID:0xC22017    Size: 8192KB (65536Kb)


- Reading Flash [0x800000] 3072KB of 3072KB - 100% complete.
Writing flash contents to file "dump.bin"...

Memory Dump Complete
FPT Operation Passed

C:\Users\Gerrit\Desktop\Win64>fpt -i

Intel ® Flash Programming Tool. Version:  8.1.10.1286
Copyright © 2007 - 2012, Intel Corporation. All rights reserved.

Platform: Intel® Q77 Express Chipset
Reading HSFSTS register... Flash Descriptor: Valid

    --- Flash Devices Found ---
    MX25L6405D    ID:0xC22017    Size: 8192KB (65536Kb)

    --- Flash Image Information --
    Signature: VALID
    Number of Flash Components: 1
        Component 1 - 8192KB (65536Kb)
    Regions:
        Descriptor - Base: 0x000000, Limit: 0x000FFF
        BIOS       - Base: 0x500000, Limit: 0x7FFFFF
        ME         - Base: 0x003000, Limit: 0x4FFFFF
        GbE        - Base: 0x001000, Limit: 0x002FFF
        PDR        - Not present
    Master Region Access:
        CPU/BIOS - ID: 0x0000, Read: 0xFF, Write: 0xFF
        ME       - ID: 0x0000, Read: 0xFF, Write: 0xFF
        GbE      - ID: 0x0118, Read: 0xFF, Write: 0xFF

Total Accessable SPI Memory: 8192KB, Total Installed SPI Memory : 8192KB

FPT Operation Passed

C:\Users\Gerrit\Desktop\Win64>PMPatch.exe dump.bin mod.bin
PMPatch 0.5.11
PowerManagement modules not found.
Trying to apply patch #1
Nested PowerManagement module at 003A59C4 not patched: Patch pattern not found.
AMI nest module at 00040048 not patched: PowerManagement modules not found in ne
sted module.
Phoenix nest modules not found.
CpuPei module at 002B4A90 not patched: Patch pattern not found.

 

 

Here is my bios-dump: https://dl.dropboxusercontent.com/u/26565887/dump.zip

 

I hope you can help me!

 

Thanks!!

[CodeRush]

Is the patch needed on this Gigabyte board at all? I think it's already unlocked.

[>Federico<]

Then you need to dump your BIOS with FTK biosbck command, patch the dumped biosbck.bin file abd then flash it using restore command. Read the guide about FTK in my signature.

Thank you patched and restored I hope it works

[misterfrista]

Thats a good question

 

I´ll look it up with MSRDumper and post it here, just if someone else searches for the same topic!

 

 

//Edit: You are absolutely right, I removed the Nullcpu from my installerstick and it simply boots up !