Jump to content

Tora Chi Yo

Tora Chi Yo

Member Since 05 Dec 2005
Offline Last Active Private
-----

Topics I've Started

請注意 這是國際共識

Today, 05:36 AM

 

 

https://www.youtube.com/watch?v=hZt6PF9PJ2I

 

face62.gif

Intel HD Graphics Haswell GT1 QE/CI Patch

17 October 2017 - 10:56 AM

example: Haswell-UTL GT1 0x0a06
OS: OS X Mavericks 10.9.5
 
DSDT or org.chameleon.Boot.plist EFI strings
device-id: 0x0a26
AAPL,ig-platform-id: 0500260a
 
=======================================
AppleIntelHD5000Graphics Patch
=======================================
Find Functions "IntelAccelerator::probe"
 
Haswell GT3
__text:000000000002F461                 mov     dword ptr [r15+0CC4h], 2
__text:000000000002F46C                 mov     r14, r15
Haswell GT2
__text:000000000002F481                 mov     dword ptr [r15+0CC4h], 1
__text:000000000002F48C                 mov     r14, r15
Haswell GT1
__text:000000000002F498                 mov     dword ptr [r15+0CC4h], 0
__text:000000000002F4A3                 mov     r14, r15
__text:000000000002F21C ; __int64 __fastcall IntelAccelerator::probe(IntelAccelerator *__hidden this, IOService *, int *)
__text:000000000002F21C                 public __ZN16IntelAccelerator5probeEP9IOServicePi
__text:000000000002F21C __ZN16IntelAccelerator5probeEP9IOServicePi proc near
__text:000000000002F21C                 push    rbp
__text:000000000002F21D                 mov     rbp, rsp
__text:000000000002F220                 push    r15
__text:000000000002F222                 push    r14
__text:000000000002F224                 push    rbx
__text:000000000002F225                 push    rax
__text:000000000002F226                 mov     rbx, rsi
__text:000000000002F229                 mov     r15, rdi
__text:000000000002F22C                 mov     rax, cs:off_3F170
__text:000000000002F233                 call    qword ptr [rax+5C8h]
__text:000000000002F239                 xor     r14d, r14d
__text:000000000002F23C                 test    rax, rax
__text:000000000002F23F                 jz      loc_2F4B3       ; NOP
__text:000000000002F245                 mov     rax, cs:off_3F008
__text:000000000002F24C                 mov     rsi, [rax]
__text:000000000002F24F                 mov     rdi, rbx
__text:000000000002F252                 call    __ZN15OSMetaClassBase12safeMetaCastEPKS_PK11OSMetaClass ; OSMetaClassBase::safeMetaCast(OSMetaClassBase const*,OSMetaClass const*)
__text:000000000002F257                 mov     rbx, rax
__text:000000000002F25A                 test    rbx, rbx
__text:000000000002F25D                 jz      loc_2F4B3       ; NOP
__text:000000000002F263                 mov     rdi, rbx        ; this
__text:000000000002F266                 mov     esi, 2          ; unsigned __int64
__text:000000000002F26B                 call    __ZN11IOPCIDevice20extendedConfigRead32Ey ; IOPCIDevice::extendedConfigRead32(ulong long)
 
....
__text:000000000002F304                 mov     ecx, 35h ; '5'
__text:000000000002F309                 rdmsr
__text:000000000002F30B                 shr     eax, 10h
__text:000000000002F30E                 cmp     eax, 4
__text:000000000002F311                 jnz     short loc_2F320 ; To JMP
__text:000000000002F313                 mov     dword ptr [r15+0D0Ch], 2
__text:000000000002F31E                 jmp     short loc_2F334
__text:000000000002F320 ; ---------------------------------------------------------------------------
__text:000000000002F320
__text:000000000002F320 loc_2F320:                              ; CODE XREF: IntelAccelerator::probe(IOService *,int *)+F5j
__text:000000000002F320                 cmp     eax, 2
__text:000000000002F323                 jnz     loc_2F3FC       ; JMP 2F498 (Haswell GT1)
__text:000000000002F329                 mov     dword ptr [r15+0D0Ch], 1
...
__text:000000000002F4A8 loc_2F4A8:
__text:000000000002F4A8                 mov     dword ptr [r15+0CC4h], 3 ; To 0

Patch:

offset 0x2F23F 90 90 90 90 90 90 (NOP)
offset 0x2F25D 90 90 90 90 90 90 (NOP)
offset 0x2F311 EB (JMP)
offset 0x2F323 E9 70 01 00 00 90 (JMP 2F498)    // Haswell GT1
offset 0x2F4A8 41 C7 87 C4 0C 00 00 00 00 00 00 // mov dword ptr [r15+0CC4h], 0
 
=======================================
AppleIntelHD5000GraphicsVADriver Patch
=======================================
Find text "8086h"
 
sub_1B71A
 
Haswell GT3
__text:000000000001B89A  mov     dword ptr [rbx+8DECh], 3
__text:000000000001B8A4  mov     dword ptr [rbx+8DF4h], 118h
Haswell GT2
__text:000000000001B8D7  mov     dword ptr [rbx+8DECh], 1
__text:000000000001B8E1  mov     dword ptr [rbx+8DF4h], 8Ch ; '?
Haswell GT1
__text:000000000001B8F5  mov     dword ptr [rbx+8DECh], 0
__text:000000000001B8FF  mov     dword ptr [rbx+8DF4h], 46h ; 'F'
__text:000000000001B71B                 mov     rbp, rsp
__text:000000000001B71E                 push    rbx
__text:000000000001B71F                 sub     rsp, 18h
__text:000000000001B723                 mov     rbx, rdi
__text:000000000001B726                 mov     [rbp+var_20], 0Ch
__text:000000000001B72E                 mov     [rbp+var_10], 0
__text:000000000001B735                 mov     [rbp+var_18], 0
__text:000000000001B73D                 mov     rax, [rbx+50h]
__text:000000000001B741                 mov     edi, [rax+18h]
__text:000000000001B744                 lea     r8, [rbp+var_18]
__text:000000000001B748                 lea     r9, [rbp+var_20]
__text:000000000001B74C                 mov     esi, 100h
__text:000000000001B751                 xor     edx, edx
__text:000000000001B753                 xor     ecx, ecx
__text:000000000001B755                 call    _IOConnectCallStructMethod
__text:000000000001B75A                 mov     ecx, eax
__text:000000000001B75C                 mov     eax, 0Ah
__text:000000000001B761                 test    ecx, ecx
__text:000000000001B763                 jnz     loc_1B8BE       ; JMP 1B8F5 (Haswell GT1)
__text:000000000001B769                 mov     ecx, [rbp+var_10]
__text:000000000001B76C                 cmp     ecx, 0D268085h
__text:000000000001B772                 ja      loc_1B831
__text:000000000001B778                 cmp     ecx, 0D228085h
__text:000000000001B77E                 ja      loc_1B83F
__text:000000000001B784                 cmp     ecx, 0C268085h
 
64-bit Patch:
offset 0x1C763 E9 8D 01 00 00 90  (JMP offset 0x1C8F5) // Haswell GT1
32-bit Patch:
offset 0x2324DF E9 8C 01 00 00 90 (JMP offset 0x232670) // Haswell GT1
 
=======================================
libCLVMIGILPlugin.dylib Patch
=======================================
Find Functions "loadIcbeDylib"
 
Intel HD 5000 iCBE.dylib
__text:00000000000032BA loc_32BA:
__text:00000000000032BA                 lea     rdi, aSystemLibrar_5 ; "/System/Library/Extensions/AppleIntelHD5000GraphicsGLDriver.bundle/Contents/MacOS/iCBE.dylib"
__text:00000000000032C1                 jmp     loc_2F34
__text:0000000000002F02 ; __int64 __fastcall loadIcbeDylib(unsigned int)
__text:0000000000002F02 __ZL13loadIcbeDylibj proc near
__text:0000000000002F02
__text:0000000000002F02 var_18          = qword ptr -18h
__text:0000000000002F02 var_10          = qword ptr -10h
__text:0000000000002F02
__text:0000000000002F02                 push    rbp
__text:0000000000002F03                 mov     rbp, rsp
__text:0000000000002F06                 push    rbx
__text:0000000000002F07                 sub     rsp, 18h
__text:0000000000002F0B                 mov     eax, edi
__text:0000000000002F0D                 and     eax, 0FFFBFFFFh
__text:0000000000002F12                 cmp     eax, 1628086h   ; JMP 32BA (Intel HD 5000 iCBE.dylib)
__text:0000000000002F17                 jz      short loc_2F2D
__text:0000000000002F19                 cmp     edi, 1568086h
__text:0000000000002F1F                 jz      short loc_2F2D
__text:0000000000002F21                 cmp     edi, 1528086h
__text:0000000000002F27                 jnz     loc_304C
Find Functions "compileIGILToDeviceBinary"
 
Intel Haswell GPU
__text:0000000000005B62 loc_5B62:
__text:0000000000005B62                 mov     dword ptr [rbp+var_50], 0Eh
__text:0000000000005B69                 mov     dword ptr [rbp+var_50+8], 0Ah
__text:0000000000005B70                 mov     ecx, 0Ah
__text:0000000000005658 ; __int64 __fastcall compileIGILToDeviceBinary(const char *, unsigned __int64, const char *, unsigned __int64, unsigned int, unsigned int, unsigned int, char **, unsigned __int64 *, char **)
__text:0000000000005658 __ZL25compileIGILToDeviceBinaryPKcmS0_mjjjRPcRmS2_ proc near
__text:0000000000005658                 push    rbp
__text:0000000000005659                 mov     rbp, rsp
__text:000000000000565C                 push    r15
__text:000000000000565E                 push    r14
__text:0000000000005660                 push    r13
__text:0000000000005662                 push    r12
__text:0000000000005664                 push    rbx
__text:0000000000005665                 sub     rsp, 158h
__text:000000000000566C                 mov     [rbp+var_170], rcx
__text:0000000000005673                 mov     [rbp+var_178], rdx
__text:000000000000567A                 mov     rbx, rsi
__text:000000000000567D                 mov     r13, rdi
__text:0000000000005680                 mov     rax, cs:___stack_chk_guard_ptr
__text:0000000000005687                 mov     rax, [rax]
__text:000000000000568A                 mov     [rbp+var_30], rax
__text:000000000000568E                 mov     r12, [rbp+arg_18]
__text:0000000000005692                 mov     al, cs:__ZL39gIGILToDeviceBinaryTranslationSupported ; gIGILToDeviceBinaryTranslationSupported
__text:0000000000005698                 test    al, al
__text:000000000000569A                 jz      loc_5886        ; NOP
__text:00000000000056A0                 mov     eax, [rbp+arg_0]
__text:00000000000056A3                 xorps   xmm0, xmm0
__text:00000000000056A6                 movaps  [rbp+var_50], xmm0
__text:00000000000056AA                 mov     [rbp+var_38], 0
__text:00000000000056B1                 mov     [rbp+var_40], 0
__text:00000000000056B9                 mov     ecx, eax
__text:00000000000056BB                 and     ecx, 0FFFBFFFFh
__text:00000000000056C1                 cmp     ecx, 1628086h   ; JMP 5B62 (Intel Haswell GPU)
__text:00000000000056C7                 jz      short loc_56DB
__text:00000000000056C9                 cmp     eax, 1568086h
__text:00000000000056CE                 jz      short loc_56DB
__text:00000000000056D0                 cmp     eax, 1528086h
__text:00000000000056D5                 jnz     loc_596E
 
64-bit Patch:
offset 0x3F12 E9 A3 03 00 00 90 90 (JMP offset 0x42BA) // Intel HD 5000 iCBE.dylib
offset 0x66C1 E9 9C 04 00 00 90 (JMP offset 0x6B62) // Intel Haswell GPU
offset 0x669A  90 90 90 90 90 90 (NOP)
32-bit Patch:
offset 0x14871 E9 04 04 00 00 90 90 (JMP offset 0x14C7A) // Intel HD 5000 iCBE.dylib
offset 0x17707 E9 42 04 00 00 90 (JMP offset 0x17B4E) // Intel Haswell GPU
offset 0x176D2 90 90 90 90 90 90 (NOP)

 

Replace File:

/System/Library/Extensions/AppleIntelHD5000Graphics.kext/Contents/MacOS/AppleIntelHD5000Graphics

/System/Library/Extensions/AppleIntelHD5000GraphicsVADriver.bundle/Contents/MacOS/AppleIntelHD5000GraphicsVADriver

/System/Library/Frameworks/OpenCL.framework/Versions/A/Libraries/libCLVMIGILPlugin.dylib

sudo rm /System/Library/Frameworks/OpenCL.framework/Versions/A/Libraries/libCLVMIGILPlugin.dylib
sudo cp libCLVMIGILPlugin.dylib /System/Library/Frameworks/OpenCL.framework/Versions/A/Libraries/
sudo chown 0:0 /System/Library/Frameworks/OpenCL.framework/Versions/A/Libraries/libCLVMIGILPlugin.dylib
sudo chmod 755 /System/Library/Frameworks/OpenCL.framework/Versions/A/Libraries/libCLVMIGILPlugin.dylib
sudo codesign -f -s - /System/Library/Frameworks/OpenCL.framework/Libraries/libCLVMIGILPlugin.dylib

sudo rm /System/Library/Extensions/AppleIntelHD5000Graphics.kext/Contents/MacOS/AppleIntelHD5000Graphics
sudo cp AppleIntelHD5000Graphics /System/Library/Extensions/AppleIntelHD5000Graphics.kext/Contents/MacOS/
sudo chown 0:0 /System/Library/Extensions/AppleIntelHD5000Graphics.kext/Contents/MacOS/AppleIntelHD5000Graphics
sudo chmod 755 /System/Library/Extensions/AppleIntelHD5000Graphics.kext/Contents/MacOS/AppleIntelHD5000Graphics

sudo rm /System/Library/Extensions/AppleIntelHD5000GraphicsVADriver.bundle/Contents/MacOS/AppleIntelHD5000GraphicsVADriver
sudo cp AppleIntelHD5000GraphicsVADriver /System/Library/Extensions/AppleIntelHD5000GraphicsVADriver.bundle/Contents/MacOS/
sudo chown 0:0 /System/Library/Extensions/AppleIntelHD5000GraphicsVADriver.bundle/Contents/MacOS/AppleIntelHD5000GraphicsVADriver
sudo chmod 755 /System/Library/Extensions/AppleIntelHD5000GraphicsVADriver.bundle/Contents/MacOS/AppleIntelHD5000GraphicsVADriver

sudo rm -r /System/Library/Caches/*
sudo kextcache -a x86_64 -e
shutdown -r now

Intel HD Graphics 0x0a06 Haswell-UTL GT1 Try QECI

17 October 2017 - 04:54 AM

 Example: 10.9.5

 

UXSyA54.png

 

But still not perfect ˇ ˇ

 

=======================================
AppleIntelFramebufferAzul Patch
=======================================
eDP
AAPL,ig-platform-id
03 00 06 0A 00 03 03 03 00 00 00 04 00 00 00 01 
00 00 F0 00 00 00 00 40 D9 0A 00 00 D9 0A 00 00 
00 00 00 00 00 00 00 00 00 00 08 00 00 04 00 00 
30 00 00 00 01 05 09 00 00 04 00 00 87 00 00 00 
02 04 09 00 00 08 00 00 82 00 00 00 FF 00 00 00 
01 00 00 00 40 00 00 00 04 00 00 00 00 00 07 00 
04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 
or
 
LVDS
AAPL,ig-platform-id
03 00 06 0A 00 03 03 03 00 00 00 04 00 00 00 01 
00 00 F0 00 00 00 00 40 D9 0A 00 00 D9 0A 00 00 
00 00 00 00 00 00 00 00 00 00 08 00 20 00 00 00 
30 00 00 00 01 05 09 00 00 04 00 00 87 00 00 00 
02 04 09 00 00 08 00 00 82 00 00 00 FF 00 00 00 
01 00 00 00 40 00 00 00 04 00 00 00 00 00 07 00 
04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 
 
AppleIntelHD5000Graphics Patch
IntelAccelerator::probe(IntelAccelerator *__hidden this, IOService *, int *)
 
__text:000000000002F23F NOP
__text:000000000002F25D NOP
__text:000000000002F311 JMP
__text:000000000002F323 JMP 2F498
 
GT1 QE/CI
mov     dword ptr [r15+0CC4h], 0
mov     r14, r15
 
__text:000000000002F4A8                 mov     dword ptr [r15+0CC4h], 3 to 0
 
=======================================
libCLVMIGILPlugin.dylib Patch
=======================================
loadIcbeDylib
 
__text:000000000002F12  JMP 32BA (3F12  JMP 42BA)
 
compileIGILToDeviceBinary
jmp 5B62
 
__text:0000000000056C1  JMP 5B62 (66C1  JMP 6B62)
 
 
=======================================
AppleIntelHD5000GraphicsVADriver Patch
=======================================
sub_1B71A
 
0a26 GT3
__text:000000000001B89A  mov     dword ptr [rbx+8DECh], 3
__text:000000000001B8A4  mov     dword ptr [rbx+8DF4h], 118h
 
0a16 GT2
__text:000000000001B8D7  mov     dword ptr [rbx+8DECh], 1
__text:000000000001B8E1  mov     dword ptr [rbx+8DF4h], 8Ch ; '?
 
0a06 GT1
__text:000000000001B8F5  mov     dword ptr [rbx+8DECh], 0
__text:000000000001B8FF  mov     dword ptr [rbx+8DF4h], 46h ; 'F'
 
__text:000000000001B763 (offset 1C763)  JMP     loc_1B8F5 (offset 1C8F5)
 

TEST 2

Device ID to 0x0a26

ig-platform-id to 0500260a

 

org.chameleon.Boot.plist

<key>device-properties</key>
<string>1d0100000100000001000000110100000600000002010c00d041030a000000000101060000027fff0400180000006400650076006900630065002d0069006400000008000000260a00001c0000007200650076006900730069006f006e002d0069006400000008000000090000002c0000004100410050004c002c00690067002d0070006c006100740066006f0072006d002d00690064000000080000000500260a2c000000730075006200730079007300740065006d002d00760065006e0064006f0072002d0069006400000008000000868000001e000000730075006200730079007300740065006d002d0069006400000008000000260a0000140000006800640061002d0067006600780000000d0000006f6e626f6172642d31</string>

 

 
ALkkjLP.png

[Help] How To Patch AppleHDA for Intel Corporation 8 Series HD Audio

16 October 2017 - 10:44 AM

Linux lspci:
00:03.0 Audio device: Intel Corporation Haswell-ULT HD Audio Controller (rev 0b)
00:03.0 0403: 8086:0a0c (rev 0b)
Subsystem: 1025:0866
Flags: bus master, fast devsel, latency 0, IRQ 49
Memory at b0610000 (64-bit, non-prefetchable) [size=16K]
Capabilities: <access denied>
Kernel driver in use: snd_hda_intel
Kernel modules: snd_hda_intel
 

00:1b.0 Audio device: Intel Corporation 8 Series HD Audio Controller (rev 04)
00:1b.0 0403: 8086:9c20 (rev 04)
Subsystem: 1025:0929
Flags: bus master, fast devsel, latency 0, IRQ 48
Memory at b0614000 (64-bit, non-prefetchable) [size=16K]
Capabilities: <access denied>
Kernel driver in use: snd_hda_intel
Kernel modules: snd_hda_intel
 
Windows Dervice ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0283&SUBSYS_10250929&REV_1000
10EC:0283

Qualcomm Atheros AR9565 Wireless for OS X 10.9.5 - 10.12.6

12 October 2017 - 10:48 PM

Atheros AR9565 Wireless for OS X  10.9.x / 10.10.x / 10.12.6

 

AR9565 for 10.11.x

https://www.youtube....h?v=WbuybfOTRRg

 

 

decompress AR956X-10.*.tar.gz

$ tar zxvf AR956X-10.*.tar.gz

 

copy file AirPortAtheros40.kext to /media/kali/OSX/System/Library/Extensions/IO80211Family.kext/Contents/PlugIns/

 

 

Preview 10.9.5 

 

wLKQ95s.png

 

Preview 10.10.5eaUqGsr.png

 

Preview 10.12.6 

iaeq8WI.png

© 2017 InsanelyMac  |   News  |   Forum  |   Downloads  |   OSx86 Wiki  |   Designed by Ed Gain  |   Logo by irfan  |   Privacy Policy