CodeRush Posted February 26, 2014 Author Share Posted February 26, 2014 DKMN, sure this BIOS is locked? I see no locking code in PowerManagement module there. @all, please try your new BIOS versions before reporting that PMPatch doesn't work. Link to comment Share on other sites More sharing options...
DKMN Posted February 26, 2014 Share Posted February 26, 2014 DKMN, sure this BIOS is locked? I see no locking code in PowerManagement module there. CodeRush, No, I am not sure. I'd heard that closely-related boards were not locked, but have not been able to get power management working. I also read from your post there were different codes that needed to be checked for, and wasn't sure how to do this myself. One of the folks who was helping me troubleshoot (knowledgeable) suggested it could be a locked MSR code... So I figured it might have been a newer pattern or something. Anyway, if you don't see a lock that's reassuring. And helpful, though I'm still not sure why I haven't been able to get something working. Might be the processor type (Xeon Sandy Bridge E5-2620 v1... most the hacking work so far is supporting the Ivy Bridge chips, so maybe the hacked AICPM I'm using isn't handling it correctly). Thanks again! David Link to comment Share on other sites More sharing options...
speedyrazor Posted February 27, 2014 Share Posted February 27, 2014 red link in my footer, I own this board and explained exactly howto unlock Hi, thanks for the info, but I have a couple of questions: 1. How do I create the nvram.txt? 2. Where do you run SCEWIN_64, dos, linux, etc? As I don't want to brick my motherboard, could you do an idiots guide please? Link to comment Share on other sites More sharing options...
CodeRush Posted February 27, 2014 Author Share Posted February 27, 2014 DKMN, you can use RW Everything to with MSR 0xE2 register value, if bit 15 is set - it's locked, if not - the problem is somewhere else. 1 Link to comment Share on other sites More sharing options...
FelipeZé Posted February 27, 2014 Share Posted February 27, 2014 FelipeZ, try recovery flash with modified image, it may work. I don't know any method to flash modified BIOSes, but there are people who may be familiar with them: SLIC modders from MDL. Ask here for a method, please. speedyrazor, AFU /GAN method from FAQ doesn't work? Master CodeRush, Just to inform that I managed to bypass Insyde Secure Flash in my Dell XPS14 L421X, I used prr2 utility made by master SLV7 to unlock BIOS memory to write, backuped bios with FPT using -BIOS to backup ONLY BIOS region, made some modifications to modules using your great UEFI Tool, and flashed it also with FPT, managed to unlock all hidden tabs. Just to tell you this method works to flash insyde bioses in newer laptops and your uefi tool also works great 1 Link to comment Share on other sites More sharing options...
Emil Posted February 28, 2014 Share Posted February 28, 2014 Hello. I need an advice.I've got Asrock Z87 Pro4 with newest bios 2.0I can't patch. Output file didn't apear. http://www3.zippyshare.com/v/34102146/file.html It's image of cmd. http://www75.zippyshare.com/v/22069493/file.html here is bios.bin from my mainboard.Any solution CodeRush? Link to comment Share on other sites More sharing options...
Emil Posted March 1, 2014 Share Posted March 1, 2014 So I tried other thing. I downloaded official bios (version 1.70) from Asrock Z87 Pro4 and Pmpatcher done well. "Output file generated"Still I need how to patch my bios because . It's version 2.00 so I guess structure is different or something (In 1.70 PowerMgmtDxe/PowerManagement2.efi at 001DAC2C is patched and AMI as well) (In 2.00 pmpatch cannot find this things) . Can someone investigate this thing? Link to comment Share on other sites More sharing options...
StoneTemplePilots Posted March 1, 2014 Share Posted March 1, 2014 Hi, thanks for the info, but I have a couple of questions: 1. How do I create the nvram.txt? 2. Where do you run SCEWIN_64, dos, linux, etc? As I don't want to brick my motherboard, could you do an idiots guide please? I ran it on windows and linux too, but on linux you'd have to compile the module. SCEWIN_64 /o /s nvram.txt /h Hii.db /v /q dumps the nvram-data to nvram.txt and SCEWIN_64 /i /s nvram.txt writes back the nvram.txt. If you have any fear to brick your board you can also attach your nvram.txt and I'll change it for you correctly. 1 Link to comment Share on other sites More sharing options...
Aigors Posted March 1, 2014 Share Posted March 1, 2014 Hi peoples, today i buy a new mainboard with new cpu, gigabyte z87n-wifi itx, i'm interested on modify bios to put in ozmosis stuff. I have some lacks on knoweledge, is mandatory to use pmpatch before try to insert ozmosis stuffs? Many thanks Link to comment Share on other sites More sharing options...
xpamamadeus Posted March 1, 2014 Share Posted March 1, 2014 Hi peoples, today i buy a new mainboard with new cpu, gigabyte z87n-wifi itx, i'm interested on modify bios to put in ozmosis stuff. I have some lacks on knoweledge, is mandatory to use pmpatch before try to insert ozmosis stuffs? Many thanks Gigabyte boards dont need patching. 1 Link to comment Share on other sites More sharing options...
Aigors Posted March 1, 2014 Share Posted March 1, 2014 Gigabyte boards dont need patching. Good so, can i use mtools to try to insert ozmosis stuffs? after end to work go in my house and try, if success i post report For my knoweldge, in others cases and for others vendors, i must use pmpatch to unlock bios and after insert ozmosis stuf right? Hvala ;-) Link to comment Share on other sites More sharing options...
vvd214 Posted March 1, 2014 Share Posted March 1, 2014 Hey CodeRush,My Mainboard is ZOTAC H77 ITX B series.(http://www.zotacusa.com/zotac-h77-it...77itx-b-e.html) I'm trying to patch my bios file with your Tools, but I got the messege : bash-3.2# ./PMPatch /Volumes/DATA/Documents/Downloads/pa230/A2300508.bin /Volumes/DATA/Documents/Downloads/pa230/A2300509.bin PMPatch 0.5.14 PowerManagement modules not found. PowerMgmtDxe/PowerManagement2.efi modules not found. Trying to apply patch #1 Nested PowerManagement module at 0032EB2C patched. Patched module too big after compression. Trying to apply patch #2 Nested PowerManagement module at 0032EB2C patched. Patched module too big after compression. Trying to apply patch #3 Nested PowerManagement module at 0032EB2C patched. Patched module too big after compression. Trying to apply patch #4 Nested PowerManagement module at 0032EB2C patched. Patched module too big after compression. Trying to apply patch #5 Nested PowerManagement module at 0032EB2C patched. Patched module too big after compression. AMI nest module at 005D0048 not patched: Repacked module can't be inserted. Phoenix nest modules not found. CpuPei module at 0079F300 not patched: Patch pattern not found. I did try in both Mac and Windows but the result is the same.Please find the attached BIOS file and help me!Thank you very much for doing what you are doing!! A2300508.bin.zip Link to comment Share on other sites More sharing options...
StoneTemplePilots Posted March 1, 2014 Share Posted March 1, 2014 Hey CodeRush, My Mainboard is ZOTAC H77 ITX B series.(http://www.zotacusa.com/zotac-h77-it...77itx-b-e.html) I'm trying to patch my bios file with your Tools, but I got the messege : bash-3.2# ./PMPatch /Volumes/DATA/Documents/Downloads/pa230/A2300508.bin /Volumes/DATA/Documents/Downloads/pa230/A2300509.bin PMPatch 0.5.14 PowerManagement modules not found. PowerMgmtDxe/PowerManagement2.efi modules not found. Trying to apply patch #1 Nested PowerManagement module at 0032EB2C patched. Patched module too big after compression. Trying to apply patch #2 Nested PowerManagement module at 0032EB2C patched. Patched module too big after compression. Trying to apply patch #3 Nested PowerManagement module at 0032EB2C patched. Patched module too big after compression. Trying to apply patch #4 Nested PowerManagement module at 0032EB2C patched. Patched module too big after compression. Trying to apply patch #5 Nested PowerManagement module at 0032EB2C patched. Patched module too big after compression. AMI nest module at 005D0048 not patched: Repacked module can't be inserted. Phoenix nest modules not found. CpuPei module at 0079F300 not patched: Patch pattern not found. I did try in both Mac and Windows but the result is the same. Please find the attached BIOS file and help me! Thank you very much for doing what you are doing!! patched pattern 75080fbae80f89442430 manually with Andy's Tool, @coderush, UEFI Tool crashed at reinserting the patched module. 2 Link to comment Share on other sites More sharing options...
CodeRush Posted March 1, 2014 Author Share Posted March 1, 2014 Thanks for report, will check this out. UPD: worked for me. A2800201.pm.zip Link to comment Share on other sites More sharing options...
Kill.Javascript Posted March 1, 2014 Share Posted March 1, 2014 howdy: wish i could join the "thanks, it worked!" party. but i can't even seem to get the PMPatch executable to work. I tried versions 0.5.10 and 0.5.11 for OSX, and both gave me the same error in terminal: "Illegal instruction: 4" i thought maybe you had left out the need to run as sudo in the instructions, so i tried that. no more illegal instruction errors, but I got nothing else. just a return back to the prompt and no readouts indicating that anything was happening. and of course no modified bios on my desktop. the PMPatch executable is executable, so i don't understand the illegal instruction error. not a permissions issue either. for the record, i am trying to patch the bios for my asus p8h77-i. the version asus recommends for the cpu i'm using (i3-3240) is 1006. it's a .cap file. i tried changing the extension to .rom, .ROM but nothing worked...PMPatch couldn't get to first base. any suggestions? BTW, I was able to successfully flash my bios using FTK and DOS as in your other tutorial. but even with the BIOS upgrade, sleep doesn't work, even with the usual patch to AICPM.kext. (attaching vanilla BIOS from Asus in case you might have the time to patch it. if so, many thanks) P8H77-I-ASUS-1006_(FROM ASUS).zip Link to comment Share on other sites More sharing options...
CodeRush Posted March 1, 2014 Author Share Posted March 1, 2014 Kill.Javascript, I know the source of this annoying bug - it's clang compiler with -O2. UEFITool form Mac had the same issues, and now it's compiled with -O1, but I have no time to recompile PMPatch, because, truly saying, the project is abandoned in favor of UEFITool, but there are no options in UT now to fully replace it as "one-click" solution. Will recompile it in a pair days, I promise. Here is your patched file, BTW, you can flash it with FTK. P8H77-I-ASUS-1006.PM.CAP.zip 1 Link to comment Share on other sites More sharing options...
Arkanis Posted March 2, 2014 Share Posted March 2, 2014 Hello Code, I'm a total noob in these matters and I'm trying to get my Z9PE-D8 with dual E5-2650 v1 working as they should. So I'm trying to use latest omni/piker/rampage findings. But it seems my MSR could be locked, so doing a research I stepped on this post. You are saying this tool is dead ? what alternative can I use ? I went to the github repo but cannot find a PKG or anything. Just in case here is attached the bios file in case you have time to have a look at it. Thanks for any useful information you could share, A. Z9PE-D8-WS-ASUS-5353.zip Link to comment Share on other sites More sharing options...
CodeRush Posted March 2, 2014 Author Share Posted March 2, 2014 But it seems my MSR could be locked, so doing a research I stepped on this post. You are saying this tool is dead ? what alternative can I use ? I went to the github repo but cannot find a PKG or anything. The project itself Is not completely dead, I'm trying to help people here anyway, but the old code of PMPatch is a mess and I will not add any new patches or implement any new features there - it's literally a miracle that such piece of sh*t still works for someone. There are no alternatives now, unless you know how to work with hex editor and PhenixTool/MMTool/UEFITool, but I will and autopatching support ti UEFITool soon. UPD: the locking code is here: 0000000180003460: B9 E2 00 00 00 mov ecx,0E2h ; 0xE2 to ECX 0000000180003465: E8 52 1C 00 00 call 00000001800050BC ; RDMSR inside 000000018000346A: B9 E2 00 00 00 mov ecx,0E2h ; 0xE2 to ECX again 000000018000346F: 48 89 44 24 38 mov qword ptr [rsp+38h],rax ; MSR value to stack variable 0000000180003474: 0F BA 6C 24 38 0F bts dword ptr [rsp+38h],0Fh ; Set LOCK bit in that variable 000000018000347A: 48 8B 54 24 38 mov rdx,qword ptr [rsp+38h] ; Modified variable value to RDX 000000018000347F: E8 28 1C 00 00 call 00000001800050AC ; WRMSR inside BTS instruction must be either nopped (0F BA 6C 24 38 0F -> 90 90 90 90 90 90) or replaced with BTR (0F BA 6C 24 38 0F -> 0F BA 74 24 38 0F). Modified file is attached. Z9PE-D8-WS-ASUS-5353.PM.CAP.zip Link to comment Share on other sites More sharing options...
Arkanis Posted March 2, 2014 Share Posted March 2, 2014 Code, Thank you for the fast response and thank you for the file. I will test it later on today on my rig, I have a replacement BIOS chip in case things turn ugly. I'm kind of a noob in all this BIOS patching thing and HEX editing, but I've written down what you just highlighted here in case I need to update the BIOS and patch this myself again. I hope by then your auto patching tools will be available ;-) so I don't make my computer explode. Will let you know how it goes, take care... A. Link to comment Share on other sites More sharing options...
macwanabe Posted March 2, 2014 Share Posted March 2, 2014 Hi Seems like I have a non standard BIOS this is for Gigabyte GA-X79-UD5 https://www.dropbox.com/s/oppb59beojtn189/X79UD5.14c Would be great if it can be patched. Arise, you are right. I will now show you and others how UEFITool can be handy for such mods. It will be automated there someday, but right now, here is the guide: 1. Download latest version of UEFITool from here. 2. Open your BIOS file. If it fails to open, check it for being UEFI BIOS. Legacy ones are not supported. 3. Select "File->Search..." (or press Ctrl+F) and enter "75080FBAE80F89442430" as hex pattern, set search scope to "Body only". 4. Look for "Hex pattern found" string in Messages field, double-click on it to select found section. If not found - you have nonstandard BIOS that needs to be studied further, please upload it here. 5. Press RMB on found section and select "Extract body..." action. "Save file..." dialog will open, enter the name of file to save, for example, "pm.bin", and press Save. 6. Open saved file with hex editor, find that "75080FBAE80F89442430" pattern once again, replace 75 to EB and save modified file. 7. Select the same section you have found in step 4, press RMB and select "Replace body..." action. Select your modified "pm.bin" file in "Open file..." dialog, that will open and press Open. Old section will be marked "Remove", and another section marked "Replace" will be added after it. 8. Select "File->Save image file..." (or press Ctrl+S) and save your modified BIOS. 9. Reopen the saved file to see that it opens correctly. 10. Flash the result with any suitable method. --- This guide can be followed for any particular patch pattern, but have in mind that UEFITool is still in early beta stages and it can produce corrupt BIOS images. Try them on your own risk, but please, try it. Without testing it's very hard to develop something useful, and my testing possibilities are very limited. But, if you have any working recovery solutions, you can test UEFITool-made mods. Let's make it better together. Link to comment Share on other sites More sharing options...
speedyrazor Posted March 2, 2014 Share Posted March 2, 2014 I ran it on windows and linux too, but on linux you'd have to compile the module. SCEWIN_64 /o /s nvram.txt /h Hii.db /v /q dumps the nvram-data to nvram.txt and SCEWIN_64 /i /s nvram.txt writes back the nvram.txt. If you have any fear to brick your board you can also attach your nvram.txt and I'll change it for you correctly. Thanks for the kind offer. Where can I get SCEWIN_64 from please? And what exactly is nvram.txt and where does it write it back to, BIOS, board? Link to comment Share on other sites More sharing options...
CodeRush Posted March 3, 2014 Author Share Posted March 3, 2014 macwanabe, same locking code as described above. X79UD5.14c.PM.zip Link to comment Share on other sites More sharing options...
Aigors Posted March 3, 2014 Share Posted March 3, 2014 Hi codeRush, your tool uefi tool con be used like mmtool to put inside uefi bios ozmosis stuffs? Link to comment Share on other sites More sharing options...
Arkanis Posted March 3, 2014 Share Posted March 3, 2014 Code, I've tried to flash my BIOS with the patched one you provided me but the BIOS tool for flashing refuses to work telling me that the "security check" failed. Is there another way to flash the bios on a ASUS Z9PE-D8 other than using the BIOS tool ? Went to the ASUS website but the tool that was before availble there is now removed (and it was Win32 only anyway). Thanks, A. Link to comment Share on other sites More sharing options...
Aigors Posted March 3, 2014 Share Posted March 3, 2014 Code, I've tried to flash my BIOS with the patched one you provided me but the BIOS tool for flashing refuses to work telling me that the "security check" failed. Is there another way to flash the bios on a ASUS Z9PE-D8 other than using the BIOS tool ? Went to the ASUS website but the tool that was before availble there is now removed (and it was Win32 only anyway). Thanks, A. If you mobo does flash recovery thru usb stick, try, or you have to use method from coderush firm Link to comment Share on other sites More sharing options...
Recommended Posts