[UEFIPatch] UEFI patching utility

[CodeRush]

badaxe2, try modifying that hidden options using AMIBCP, they will remain hidden, but will set to your settings by default. 

[badaxe2]

Thanks guys, sorry to go of topic with the last Q...

 

I seem to be having a problem booting with and have a kernel panic telling me unable to find driver for this platform ACPI.

 

 

I have had to roll back my AppleACPIPlatform.kext to mountain lion, any ideas what may be causing this ?

 

Attached is my ssdt dsdt and ioreg and my chameleon plist

 

dsdt.zip

ioreg.zip

ssdt.aml.zip

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>DSDT</key>
	<string>/Extra/dsdt.aml</string>
	<key>DropSSDT</key>
	<string>Yes</string>
	<key>Graphics Mode</key>
	<string>1366x768x32</string>
	<key>GraphicsEnabler</key>
	<string>Yes</string>
	<key>InjectIntel-ig</key>
	<string>03006601</string>
	<key>Instant Menu</key>
	<string>Yes</string>
	<key>Kernel Flags</key>
	<string>-v -f npci=0x2000</string>
	<key>KeyLayout</key>
	<string>pc-fr</string>
	<key>Legacy Logo</key>
	<string>Yes</string>
	<key>SMBIOS</key>
	<string>/Extra/SMBios.plist</string>
	<key>SkipAtiGfx</key>
	<string>Yes</string>
	<key>SkipNvidiaGfx</key>
	<string>Yes</string>
</dict>
</plist>

[StoneTemplePilots]

 

Thanks guys, sorry to go of topic with the last Q...

 

I seem to be having a problem booting with and have a kernel panic telling me unable to find driver for this platform ACPI.

 

IMG_20140110_134927.jpg

 

I have had to roll back my AppleACPIPlatform.kext to mountain lion, any ideas what may be causing this ?

 

Attached is my ssdt dsdt and ioreg and my chameleon plist

 

dsdt.zip

ioreg.zip

ssdt.aml.zip

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>DSDT</key>
	<string>/Extra/dsdt.aml</string>
	<key>DropSSDT</key>
	<string>Yes</string>
	<key>Graphics Mode</key>
	<string>1366x768x32</string>
	<key>GraphicsEnabler</key>
	<string>Yes</string>
	<key>InjectIntel-ig</key>
	<string>03006601</string>
	<key>Instant Menu</key>
	<string>Yes</string>
	<key>Kernel Flags</key>
	<string>-v -f npci=0x2000</string>
	<key>KeyLayout</key>
	<string>pc-fr</string>
	<key>Legacy Logo</key>
	<string>Yes</string>
	<key>SMBIOS</key>
	<string>/Extra/SMBios.plist</string>
	<key>SkipAtiGfx</key>
	<string>Yes</string>
	<key>SkipNvidiaGfx</key>
	<string>Yes</string>
</dict>
</plist>

 

I patched your DSDT with Maciasl, maybe it helps. ZIP attached.

 

 

dsdt.zip

[Magiczne]

Hi! 

I have ASUS P8B75-V Motherboard with UEFI BIOS. I knew i had to patch my bios, so i did it with that result:

C:\Users\Magiczne\Desktop\AfuWin64>pmpatch bios_bkp.cap bios_pmp.cap
PMPatch 0.5.14
PowerManagement module at 00409808 patched.
PowerMgmtDxe/PowerManagement2.efi modules not found.
AMI nest modules not found.
Phoenix nest modules not found.
CpuPei module at 00790748 not patched: Patch pattern not found.
CpuPei module at 007D0748 not patched: Patch pattern not found.
Output file generated.

I have flashed bios with afuwinx64 next, it went good, but when i rebooted pc and checked bios, it still wasn't patched. 

Any solution?

 

Thanks

[StoneTemplePilots]

Hi! 

I have ASUS P8B75-V Motherboard with UEFI BIOS. I knew i had to patch my bios, so i did it with that result:

C:\Users\Magiczne\Desktop\AfuWin64>pmpatch bios_bkp.cap bios_pmp.cap
PMPatch 0.5.14
PowerManagement module at 00409808 patched.
PowerMgmtDxe/PowerManagement2.efi modules not found.
AMI nest modules not found.
Phoenix nest modules not found.
CpuPei module at 00790748 not patched: Patch pattern not found.
CpuPei module at 007D0748 not patched: Patch pattern not found.
Output file generated.

I have flashed bios with afuwinx64 next, it went good, but when i rebooted pc and checked bios, it still wasn't patched. 

Any solution?

 

Thanks

You can downgrade with an earlier capsule ROM from AFU for Aptio, but first you should dump the variables with FD44Editor.

Upload as ZIP attached if you need help.

It's known, that ASUS does not flash all regions with /gan.

[Magiczne]

That's the information generated by FD44Editor:

Motherboard name: P8B75-V
BIOS date: 11/26/2013
BIOS version: 1604
ME version: Not present
GbE version: Not present
Primary LAN MAC: 3085A9977EF4
DTS key: Not present
UUID: 0080D342DAD7DD11A2053085A9977EF4
MBSN: 120700703806592

So do you mean to try with earlier version of Bios?

[StoneTemplePilots]

That's the information generated by FD44Editor:

Motherboard name: P8B75-V
BIOS date: 11/26/2013
BIOS version: 1604
ME version: Not present
GbE version: Not present
Primary LAN MAC: 3085A9977EF4
DTS key: Not present
UUID: 0080D342DAD7DD11A2053085A9977EF4
MBSN: 120700703806592

So do you mean to try with earlier version of Bios?

yes, it's easy, downgrade for example with

 

afudos 0212.CAP /p /b /n /k

 

or use afuwinx64.exe to do it from windows, same switched.

Then you're back on an status where flashlock wasn't activated.

Anyway an uploaded ROM dump makes sense, so I'll see at which adress the capsule ends and the

bios code starts. A dump can be done with afuwinx64.exe bios.rom /o - do the dump from running up2date ROM which is 1604.

[Magiczne]

Ok. Here it is.

 

bios.zip

[josepi09]

josepi09,

MAC: AC:22:0B:85:37:B0

UUID: any 10 random bytes

MBSN: MT70214160801054

MAC storage: ASCII string and system UUID

MAC magic byte: 2D

DTS key type: None

 

 

I was not able to type all MBSN string, I can´t type the last number in, field is full.

 

Here is my bios

 

BACKUP MADE WITH INTEL FPT - PMPATCHED WITHOUT SYSTEM UUID, MAC, OR DST VERSION 0701

 

BACKUP MADE WITH INTEL FPT - PMPATCHED WITH SYSTEM UUID, MAC, AND DST VERSION 0701

 

thanks for your help

[StoneTemplePilots]

Ok. Here it is.

 

bios.zip

 

P8B75-V 1604 Flashlock removed, pmpatched.

Flashlock removed means you'll be able to flash this ROM without capsule with fpt.exe.

ZIP attached, now downgrade with afu for aptio to 0212.cap as explained above.

After downgrade flash back biosUL.rom with Intel FPT for series 7 using command

 

fpt -rewrite -f biosUL.rom

 

for safety reboot with fpt -greset (does an Intel ME reset).

 

 

That's the information generated by FD44Editor:

Motherboard name: P8B75-V

BIOS date: 11/26/2013

BIOS version: 1604

ME version: Not present

GbE version: Not present

Primary LAN MAC: 3085A9977EF4

DTS key: Not present

UUID: 0080D342DAD7DD11A2053085A9977EF4

MBSN: 120700703806592

So do you mean to try with earlier version of Bios?

 

earlier version has no flashlock, so it's possible to downgrade and flash a modified ROM

That's the clue about the downgrade from afu with an earlier capsule, it enables flashing modified ROM binaries.

The capsule is just required for establishing a secure flash session.

biosUL.zip

[Magiczne]

Ok, i downgraded bios, but when trying to flash back bios by FPT it says:

C:\Users\Magiczne\Desktop\Intel FPT>fptw64.exe -rewrite -f biosUL.rom

Intel (R) Flash Programming Tool. Version:  8.1.10.1286
Copyright (c) 2007 - 2012, Intel Corporation. All rights reserved.

Platform: Intel(R) B75 Express Chipset
Reading HSFSTS register... Flash Descriptor: Valid

    --- Flash Devices Found ---
    W25Q64BV    ID:0xEF4017    Size: 8192KB (65536Kb)
    W25Q64BV    ID:0xEF4017    Size: 8192KB (65536Kb)

PDR Region does not exist.
GBE Region does not exist.

Error 25: The host CPU does not have write access to the target flash area.  To
enable write access for this operation you must modify the descriptor settings t
o give host access to this region.

[StoneTemplePilots]

 

Ok, i downgraded bios, but when trying to flash back bios by FPT it says:

C:\Users\Magiczne\Desktop\Intel FPT>fptw64.exe -rewrite -f biosUL.rom

Intel (R) Flash Programming Tool. Version:  8.1.10.1286
Copyright (c) 2007 - 2012, Intel Corporation. All rights reserved.

Platform: Intel(R) B75 Express Chipset
Reading HSFSTS register... Flash Descriptor: Valid

    --- Flash Devices Found ---
    W25Q64BV    ID:0xEF4017    Size: 8192KB (65536Kb)
    W25Q64BV    ID:0xEF4017    Size: 8192KB (65536Kb)

PDR Region does not exist.
GBE Region does not exist.

Error 25: The host CPU does not have write access to the target flash area.  To
enable write access for this operation you must modify the descriptor settings t
o give host access to this region.

did you downgrade to 0212 ???

cause this is exactly what happens when you

• didn't flash all blocks by downgrade, use /p /b /n /k
• SMM register locked bios write
• ASUS ROMs earlier than Q2/2013 had lock implemented but it wasn't activated

at least try to downgrade from EZFlash in UEFI Apllications. I suggest that not all areas have been downgraded now.

[StoneTemplePilots]

Yes, sure.

you'll have to use meset.exe to unlock the flash area

found here (source) which will unlock

the flash area for just once on reboot.

[Magiczne]

So i have to boot from that CD, then use the FPT if i understand propertly?

And sorry, but i dont know german so good, i need to do flash from the EZFlash utility?

[StoneTemplePilots]

So i have to boot from that CD, then use the FPT if i understand propertly?

Hm, this cd doesnt have meset.exe.

I prepared one including meset, ISO zipped attached.

Flash from Intel FPT, best was DOS.

Added DOS-MESET-FPT.iso

MESET.zip

DOS-MESET-FPT.zip

[Magiczne]

Problems going on...

I successfully boot on that cd with meset, but if I type meset.exe/meset it just holds on that state, only the underscore blinks. Nothing is happening.

[StoneTemplePilots]

Problems going on...

I successfully boot on that cd with meset, but if I type meset.exe/meset it just holds on that state, only the underscore blinks. Nothing is happening.

ok, let's do it another way, dump the descriptor with

 

fpt -desc -d desc.bin

 

and upload.

[Magiczne]

I'm so problematic

 

Here it is:

desc.zip

[CodeRush]

josepi09, correct MBSN: MT7014160801054
I forgot about trailing 0x00 for MBSN string.

[bronxteck]

this script allowed me to decompress my dell optiplex 9010 bios http://forums.mydigitallife.info/threads/44785-I-present-you-a-tool-to-decompress-Dell-UEFI-BIOS

 i was then able to patch the HDR file with your patcher. now i just need to figure out how to flash the HDR back on to the desktop. i don't know if you can add the script to the patcher but it might be useful information for you or another user.

[CodeRush]

OSX binary is recompiled to address crash issues, hopefully it will be less crashes now.

Download host is changed to Sendspace, because it's much more lightweight then Mediafire.

[bronxteck]

download link shows as 0.0 mb but if you click download you get file:///Volumes/InstallGenieo/InstallGenieo.app/

[CodeRush]

bronxteck, correct download link is named "click here to download from Sendspace" and goes to PMPatch_0.5.14.1_osx.zip file, which can be downloaded normally. You have clicked to an AD, I think.

[Arise]

Hi!

 

I've tried with PMPatch 0.5.14 on two BIOS variants for Asus G750JW laptop, one of them is original BIOS from ASUS, the other one is a dump using:

fpt -bios -d biosbck.bin

 

This is what I get in both cases:

 

 

D:\bios_tools\pmpatch>PMPatch.exe biosbck.bin biosbck.bin.patched
PMPatch 0.5.14
PowerManagement modules not found.
PowerMgmtDxe/PowerManagement2.efi modules not found.
Trying to apply patch #1
Nested PowerMgmtDxe/PowerManagement2.efi module at 001D0224 patched.
Patched module too big after compression.
Trying to apply patch #2
Nested PowerMgmtDxe/PowerManagement2.efi module at 001D0224 patched.
Patched module too big after compression.
Trying to apply patch #3
Nested PowerMgmtDxe/PowerManagement2.efi module at 001D0224 patched.
Patched module too big after compression.
Trying to apply patch #4
Nested PowerMgmtDxe/PowerManagement2.efi module at 001D0224 patched.
Patched module too big after compression.
Trying to apply patch #5
Nested PowerMgmtDxe/PowerManagement2.efi module at 001D0224 patched.
Patched module too big after compression.
AMI nest module at 00080048 not patched: Repacked module can't be inserted.
Phoenix nest modules not found.
CpuPei module at 005AD200 not patched: Patch pattern not found.

I understand the concept by patching the JNE instruction with a JMP by hand, but I assume PMPatch.exe is doing the same thing in one of the 5 attempts, but it fails at fitting the module back in the ROM file.

Should I try by hand?

 

Thanks in advance!

[CodeRush]

Arise, you are right. I will now show you and others how UEFITool can be handy for such mods.

It will be automated there someday, but right now, here is the guide:

1. Download latest version of UEFITool from here.

2. Open your BIOS file. If it fails to open, check it for being UEFI BIOS. Legacy ones are not supported.

3. Select "File->Search..." (or press Ctrl+F) and enter "75080FBAE80F89442430" as hex pattern, set search scope to "Body only".

4. Look for "Hex pattern found" string in Messages field, double-click on it to select found section. If not found - you have nonstandard BIOS that needs to be studied further, please upload it here.

5. Press RMB on found section and select "Extract body..." action. "Save file..." dialog will open, enter the name of file to save, for example, "pm.bin", and press Save.

6. Open saved file with hex editor, find that "75080FBAE80F89442430" pattern once again, replace 75 to EB and save modified file.

7. Select the same section you have found in step 4, press RMB and select "Replace body..." action. Select your modified "pm.bin" file in "Open file..." dialog, that will open and press Open. Old section will be marked "Remove", and another section marked "Replace" will be added after it.

8. Select "File->Save image file..." (or press Ctrl+S) and save your modified BIOS.

9. Reopen the saved file to see that it opens correctly.

10. Flash the result with any suitable method.

---

This guide can be followed for any particular patch pattern, but have in mind that UEFITool is still in early beta stages and it can produce corrupt BIOS images.

Try them on your own risk, but please, try it. Without testing it's very hard to develop something useful, and my testing possibilities are very limited.

But, if you have any working recovery solutions, you can test UEFITool-made mods.

Let's make it better together.