Jump to content

[UEFIPatch] UEFI patching utility


1,981 posts in this topic

Recommended Posts

For Dell machines with Phoenix Secure Core Tiano UEFI 2.0, such as Vostro 3750, L502x etc you can apply the patch straight to the .exe you have got from Dell.

Then flash it as if it was a stock updater thereafter. As said in the original post it will unlock all the advanced menus available for a particular machine you are patching for. The patch sequence used in this utility has originated from bios-mods, you can read this article for in-depth details on the advanced menus.

  • Like 1

k3nny, FTK for Windows is easier to use and don't have any CAP verification at all, but I still don't recommend to flash BIOS under Windows - it's way too risky.

Any other system program or driver can interfere with flashing process and make unpredictable results. With strong antivirus or virtual machine enabled this chance is rather high.

It's less dangerous to use flashrom under Linux or OS X, but DOS or is still better, because nothing can interfere with flashing process in single task system (if a bunch of drivers and/or TSR's don't loaded, of course).

More to say, flashing with non-Asus tools leads to individual data loss, so now you have to restore your SMBIOS UUID, LAN MAC and Motherboard S/N using FD44Editor and then reflash BIOS to write the restored data.

Read my post on [H] linked above.

  • Like 2

buoo, yes and no.

The pattern to find is also 75080fbae80f89442430, but there are 6 different patch variants that the program is trying to perform.

I have made an analysis of that assembly (warning, crappy Google-translate from Russian) and now is a bit more complex then just patching 0x75 to 0xeb.

Different patch variants are needed because after 0x75 to 0xeb patch the compressed module is often 1 byte bigger than original and there are BIOS versions that don't have even 1 byte of free space to insert it.

  • Like 2

Lenovo ThinkPad R61i 8932-FDG (Phoenix)

Not an UEFI, can't be patched with this program.

Intel SC5520SC

Has different module organisation and doesn't have PowerManagement or CpuPei modules to patch.

Is a patch required for this board to work with native AppleICPM.kext? Is there any patched BIOS for this board anywhere?

Lenovo ThinkPad R61i and Intel SC5520SC require patching AICPUPM.kext. I haven't seen anyone who patched Intel EFI BIOSes.

 

EDIT: about Lenovo:

 

UEFI BIOS Version 8JET42WW (1.36) 
UEFI BIOS Date 2012-05-15

oswaldini, 8JET42WW can be patched by version 0.5.9 after unpacking, BIOS file to patch is $0A8J000.FL1

There is no problem to patch Intel EFI file, the main problem is to flash patched file to BIOS chip on Intel boards.

I don't know any method to flash modified Intel BIOSes with standard Intel tools, but I do know two methods to unlock access to whole BIOS and flash it with Intel Flash Programming Tool.

Another possible way to flash modified BIOS is described by phpdev32 in his mail:

I can report that the Intel DQ77KB thin mITX build I made this weekend worked just fine. Naturally I tested the newest ROM with PMPatch before I even bought the parts (just to be safe)' date=' but the F7 BIOS flasher worked just fine. I'm pretty sure the recovery flash didn't work, restarted several times without flashing, but that isn't critical. I imagine anyone wanting to repair the BIOS could flash the stock first using recovery, then flash the patched using F7 after rebooting.[/quote']

The utility is BSD-licensed and available on GitHub.

Compiled versions for Windows and OS X are here.

Latest version is 0.5.9

 

Much better and easier than doing it under windows with Phoenix tools and an hex editor. :)

Thumb up.

 

I need testers with different boards from different vendors to make the utility better, so if you have enough courage or a spare BIOS chip - please try it and report in this topic.

Thank you in advance.

 

Tested on my Asus P8B-WS, bios 2106 (previously patched) with a Xeon E3-1230v2.

Works without any problem, a binary file compare show differences with my "hand-patched" bios but I can't see any differences under UEFI bios screens nor working under ML 10.8.2

Sleeps and wakes as usual, speedstep is the same using the same SSDT with modified iMac12_2.plist :

 

MSRDumper PStatesReached: 16 20 27 33 35 36 37.

 

Nice work !

  • Like 1

I can't see any differences under UEFI bios screens nor working under ML 10.8.2

It's normal, for AMI UEFI it only patches PowerManagement module and nothing more. Thank you for report.

Did not work for me on Intel DZ77GA70K. I press F7 and then select .bio file and PC reboots and tries to flash but then reboots again and boots into Windows.

 

C:\>pmpatch GA0061.bio GA0061A.bio
PMPatch 0.5.9
PowerManagement module at 0045CC8C patched.
AMI nest modules not found.
Phoenix nest modules not found.
CpuPei module at 001FE83C not patched: Patch pattern not found.
Output file generated.

Intel is famous for difficulties on flashing modified BIOSes...

I know a way to overcome it, but it isn't simple.

Please download FTK for Windows from the link in third post, then open Administrator console, cd to FTK/Win32 and execute fpt -i command.

I need the output to guide you further.

Intel is famous for difficulties on flashing modified BIOSes...

I know a way to overcome it, but it isn't simple.

Please download FTK for Windows from the link in third post, then open Administrator console, cd to FTK/Win32 and execute fpt -i command.

I need the output to guide you further.

 

C:\FTK_0.9.4_win\Win32>fpt -i

Intel (R) Flash Programming Tool. Version:  8.1.10.1286
Copyright (c) 2007 - 2012, Intel Corporation. All rights reserved.

Platform: Intel(R) Z77 Express Chipset
Reading HSFSTS register... Flash Descriptor: Valid

   --- Flash Devices Found ---
   W25Q64BV    ID:0xEF4017    Size: 8192KB (65536Kb)

   --- Flash Image Information --
   Signature: VALID
   Number of Flash Components: 1
    Component 1 - 8192KB (65536Kb)
   Regions:
    Descriptor - Base: 0x000000, Limit: 0x000FFF
    BIOS	   - Base: 0x1C0000, Limit: 0x7FFFFF
    ME		 - Base: 0x003000, Limit: 0x1BFFFF
    GbE	    - Base: 0x001000, Limit: 0x002FFF
    PDR	    - Not present
   Master Region Access:
    CPU/BIOS - ID: 0x0000, Read: 0x0B, Write: 0x0A
    ME	   - ID: 0x0000, Read: 0x0D, Write: 0x0C
    GbE	  - ID: 0x0118, Read: 0x08, Write: 0x08

Total Accessable SPI Memory: 8192KB, Total Installed SPI Memory : 8192KB

FPT Operation Passed

OK, as we can see, ME and GbE regions are locked, BIOS region is not.

Execute fpt -bios -d dump.bin command, if it works, patch this dump.bin file with PMPatch (pmpatch dump.bin mod.bin) and flash patched file with FPT by executing fpt -bios -f mod.bin command. If it works, reboot your computer.

C:\FTK_0.9.4_win\Win64>fpt -bios -f mod.bin

Intel (R) Flash Programming Tool. Version:  8.1.10.1286
Copyright (c) 2007 - 2012, Intel Corporation. All rights reserved.

Platform: Intel(R) Z77 Express Chipset
Reading HSFSTS register... Flash Descriptor: Valid

   --- Flash Devices Found ---
   W25Q64BV    ID:0xEF4017    Size: 8192KB (65536Kb)


Error 280: Failed to disable write protection for the BIOS space!

It's won't be so easy, as I thought but there is a way to unlock BIOS from this kind of lock. It is described here and can be dangerous, but I tried it like 10 times and it worked.

You need to disable Intel AntiTheft before trying it.

After unlocking access to all regions, you can make a dump of Descriptor region by executing fpt -desc -d desc.bin, and edit it with Hex-editor to remove locks completely.

This values are to be set:

locki.png

Then you can flash modified Descriptor region by executing fpt -desc -f desc.bin and modified BIOS region by fpt -bios -f mod.bin. If all things goes without error, then modified BIOS is finally flashed.

This way it dangerous and can lead to BIOS loss, so I don't recommend to try it unless you have to.

  • Thanks 1

No thanks. I don't want to risk to break anything, i can't afford to buy another board if this breaks. I rathed use NullCPU or patch DSDT. There is no AntiTheft on this motherboard.

 

I don't understand why it works to flash with F7 on Intel DQ77KB http://www.insanelym...y/#entry1878932 but not on my board, they have similar BIOS.

 

My motherboard has Intel® BIOS Vault Technology but so does DQ77KB.

 

Virtually incorruptible BIOS that provides fault-tolerant and secure firmware operating and upgrade environments.

  • Slice pinned this topic
×
×
  • Create New...