StoneTemplePilots Posted September 27, 2013 Share Posted September 27, 2013 I am having this same problem. I was told that this board (H87i-plus) most likely had the MSR unlocked. Is this true? If not, am I able to flash the board using FTK? just try it, nothing bad happens than an error message [280?] if flashlocked. Before you'll have to cut the capsule header, bios starts at 800h in your case. Or the better way: dump with: fpt -d bios.bin rewrite with: fpt -rewrite -f bios.bin fpt -greset for sure it's locked Link to comment Share on other sites More sharing options...
wiz329 Posted September 27, 2013 Share Posted September 27, 2013 just try it, nothing bad happens than an error message [280?] if flashlocked. Before you'll have to cut the capsule header, bios starts at 800h in your case. I apologize, I'm not terribly familiar with all of this. Could you go into a little more detail? I thought I read something about the first part of the bios file being for security -- so I assume you're telling me I have to cut this out? I've only tried to update it through the EZ flash 2 updater in the UEFI, and it failed the security verification. How would I go about cutting this out? What tools do I need? Link to comment Share on other sites More sharing options...
StoneTemplePilots Posted September 27, 2013 Share Posted September 27, 2013 I apologize, I'm not terribly familiar with all of this. Could you go into a little more detail? I thought I read something about the first part of the bios file being for security -- so I assume you're telling me I have to cut this out? I've only tried to update it through the EZ flash 2 updater in the UEFI, and it failed the security verification. How would I go about cutting this out? What tools do I need? That's long ago, you mean descriptor region hack, it doesn't work anymore for latest intel hardware and especially ASUS is sealing their ROMs against modifications. You won't be able to flash any kind of modified ROM without special hardware, as CodeRush mentioned an SPI programmer. But you can even try it with intel ftk version for Intel series 8 and see what happens. For sure EZflash won't accept a modified bios as it's from ASUS. From a technical point of view the #WP (write-protect) pin of the bios chip is undervolted or unpowered but needs a #WP-high signal to get flashed. The power is triggered via GPIO and it's off by default. Only unlock with SPI programmer help in this case. Or recalculation of the capsule header checksum which is impossible - it's RSA signed and the key has not been leaked for now. But I've been thinking about somthing else: reverse engineering afuwinx64.exe ; ) so it could accept any firmware. We've been discussing it here earlier. Link to comment Share on other sites More sharing options...
wiz329 Posted September 27, 2013 Share Posted September 27, 2013 That's long ago, you mean descriptor region, it doesn't work anymore for latest intel hardware and especially asus is sealing their ROMs against modifications. So you won't be able to flash any kind of modified bios without special hardware, as CodeRush mentioned an SPI programmer. But you can even try it with intel ftk version for Intel series 8 and see what happens. I'm in a little over my head. If I get a board with bios flashback, will that work for sure? If so, why will that work, but the method through the UEFI won't work? Also, can anyone tell me how to tell if these boards even need flashed to load OS X? I was under the impression that some of the newer asus boards didn't need patching. Link to comment Share on other sites More sharing options...
StoneTemplePilots Posted September 27, 2013 Share Posted September 27, 2013 I'm in a little over my head. If I get a board with bios flashback, will that work for sure? If so, why will that work, but the method through the UEFI won't work? Also, can anyone tell me how to tell if these boards even need flashed to load OS X? I was under the impression that some of the newer asus boards didn't need patching. but as I read here it HAS bios flashback! "Just plug in a USB flash drive containing the BIOS file and press the RESET button for 3 seconds with the power supply connected. Hassle-free updating for ultimate convenience!" sounds just good, wait I'll create an unlocked pmpatched ROM and you can flashback as described. Put it on a FAT32 formatted USB stick as is, don't rename the extracted file H87IP.CAP < that's the recovery filename and start the recovery process. Would be nice - for the community - to report if it worked for you! This procedure won't work when the recovery checks for a functional capsule header too, don't know. Link to comment Share on other sites More sharing options...
wiz329 Posted September 27, 2013 Share Posted September 27, 2013 but as I read here it HAS bios flashback! "Just plug in a USB flash drive containing the BIOS file and press the RESET button for 3 seconds with the power supply connected. Hassle-free updating for ultimate convenience!" sounds just good, wait I'll create an unlocked pmpatched ROM and you can flashback as described. Put it on a FAT32 formatted USB stick as is, don't rename the extracted file H87IP.CAP < that's the recovery filename and start the recovery process. Would be nice - for the community - to report if it worked for you! This procedure won't work when the recovery checks for a functional capsule header too, don't know. That might be an earlier revision or something. http://www.tonymacx86.com/mavericks/103788-just-warning-asus-mobos.html I don't see a flashback button on my board. Also, how do I know if my board need flashing in the first place? Link to comment Share on other sites More sharing options...
StoneTemplePilots Posted September 27, 2013 Share Posted September 27, 2013 That might be an earlier revision or something. http://www.tonymacx86.com/mavericks/103788-just-warning-asus-mobos.html I don't see a flashback button on my board. Also, how do I know if my board need flashing in the first place? you can try to force recovery mode on AMI boards powering off the machine, keep pressing <ctrl>+<home> while powering on & keep holding this shortcut until you hear two beeps and the USB port gets accessed to reflash the ROM. Link to comment Share on other sites More sharing options...
wiz329 Posted September 27, 2013 Share Posted September 27, 2013 you can try to force recovery mode on AMI boards powering off the machine, keep pressing <ctrl>+<home> while powering on & keep holding this shortcut until you hear two beeps and the USB port gets accessed to reflash the ROM. Which USB port would I use? And do you know how to tell if I need to flash the BIOS in the first place? Link to comment Share on other sites More sharing options...
StoneTemplePilots Posted September 27, 2013 Share Posted September 27, 2013 Which USB port would I use? And do you know how to tell if I need to flash the BIOS in the first place? I'd recommend using USB2.0 port, not the blue USB3.0 ones. Also you can cut the first 800h byte and save the cut copy as amiboot.rom - more info here. I figured it out, there's a secret switch : ) skip the damn capsule header check and flash! no more lock. Just created a description @ MDL. 2 Link to comment Share on other sites More sharing options...
CodeRush Posted September 28, 2013 Author Share Posted September 28, 2013 This is great. Can't say it makes SPI programmer unneeded, but it really makes things easier for desktop users. Link to comment Share on other sites More sharing options...
StoneTemplePilots Posted September 28, 2013 Share Posted September 28, 2013 This is great. Can't say it makes SPI programmer unneeded, but it really makes things easier for desktop users. Yeah, all this RSA-signed capsule code is unimportant and no more tinkering cause of that. It would be really interesting to get out the piece of code that triggers the GPIO on, with something like a visual debugger. It could help on other bios types either. Link to comment Share on other sites More sharing options...
CodeRush Posted September 28, 2013 Author Share Posted September 28, 2013 I think it's not about GPIO toggle, but about right way to call build-in SMI handler, that disables all protection routines. We need to study afuwin code now to know more, but I have no time for anything except work now. --- Development of PMPatch successor is not stalled, BTW, and the FFS traversal code now works as supposed for PI 2.0 UEFIs, support for PI 1.x is about to be added in 1-2 weeks. I will not release it until all things will work as supposed, but if someone () with SPI programmer willing to test the alpha versions - you are welcome. There are much work to do in that project, and now one can only extract all regions, volumes, files and sections from BIOS image (repacking code is in active development and comes later), but it is written in pure C, so it can be compiled for everything, OSX included. 4 Link to comment Share on other sites More sharing options...
StoneTemplePilots Posted September 28, 2013 Share Posted September 28, 2013 I think it's not about GPIO toggle, but about right way to call build-in SMI handler, that disables all protection routines. We need to study afuwin code now to know more, but I have no time for anything except work now. --- Development of PMPatch successor is not stalled, BTW, and the FFS traversal code now works as supposed for PI 2.0 UEFIs, support for PI 1.x is about to be added in 1-2 weeks. I will not release it until all things will work as supposed, but if someone ( ) with SPI programmer willing to test the alpha versions - you are welcome. There are much work to do in that project, and now one can only extract all regions, volumes, files and sections from BIOS image (repacking code is in active development and comes later), but it is written in pure C, so it can be compiled for everything, OSX included. there's also a switch called /OEMSMI: but I don't know any arguments Link to comment Share on other sites More sharing options...
fraswa Posted October 1, 2013 Share Posted October 1, 2013 can somebody please help me? i got the bios rom and pmpatched it, but my BIOS says it cannot be flashed (i think for CRC-signed code reason) the mainboard is the asrock z87extreme3 and this is the bios ftp://europe.asrock.com/bios/1150/Z87%20Extreme3(2.10)ROM.zip this is the dos flash program ftp://europe.asrock.com/bios/1150/Z87%20Extreme3(2.10)DOS.zip thank you guys. Link to comment Share on other sites More sharing options...
StoneTemplePilots Posted October 2, 2013 Share Posted October 2, 2013 can somebody please help me? i got the bios rom and pmpatched it, but my BIOS says it cannot be flashed (i think for CRC-signed code reason) the mainboard is the asrock z87extreme3 and this is the bios ftp://europe.asrock.com/bios/1150/Z87%20Extreme3(2.10)ROM.zip this is the dos flash program ftp://europe.asrock.com/bios/1150/Z87%20Extreme3(2.10)DOS.zip thank you guys. http://rghost.net/49098964 upgrade method for DOS, Win x86, Win x64 included. Just execute upgrade.bat. Check your inbox for pass. best regardz Link to comment Share on other sites More sharing options...
fraswa Posted October 2, 2013 Share Posted October 2, 2013 It worked, thank you very much. I definetly got a boot and install, on actual system boot i get a not so random (boots fine 1 in 30 tries) "PCI Configuration begin" hang but i think it can be resolved by a working DSDT. I tried the various -x -f npci pcirootuid dart darkwake options with no luck any advice? Link to comment Share on other sites More sharing options...
StoneTemplePilots Posted October 2, 2013 Share Posted October 2, 2013 It worked, thank you very much. I definetly got a boot and install, on actual system boot i get a not so random (boots fine 1 in 30 tries) "PCI Configuration begin" hang but i think it can be resolved by a working DSDT. I tried the various -x -f npci pcirootuid dart darkwake options with no luck any advice? use dart=0 -v npci=0x2000 alternative dart=0 -v npci=0x3000 A fixed DSDT can be burnt in also in your ROM Btw. download counter shows 0. If you used the ROM I patched, you can flash now with fpt (dos, win) and flashrom (linux,mac,win), it's flashunlocked. Link to comment Share on other sites More sharing options...
mrnick Posted October 2, 2013 Share Posted October 2, 2013 Hi CodeRush, So sorry if I'm being stupid here. I've read through the instructions so many times. The attached screenshot shows what I'm trying to do with my Z87 Deluxe Dual Asus board. I open the patch in terminal, drag in the BIOS file twice, write PATCHED at the end of the second file and it say's it's output the file But I can't see it? Apologies if I'm wasting your time, but wanted to check I've got this right. Thanks in advance! Nick Link to comment Share on other sites More sharing options...
wokie Posted October 2, 2013 Share Posted October 2, 2013 I also ask for help. i got the bios rom and pmpatched it, but my BIOS says it cannot be flashed the mainboard is the asrock z87 Pro4 and this is the bios ftp://europe.asrock.com/bios/1150/Z87%20Pro4(1.70)ROM.zip this is the dos flash program ftp://europe.asrock.com/bios/1150/Z87%20Pro4(1.70)DOS.zip thank you guys. Link to comment Share on other sites More sharing options...
Gringo Vermelho Posted October 3, 2013 Share Posted October 3, 2013 Successfully patched and flashed BIOS 2104 for ASUS P8Z77-V Pro. Thanks again CodeRush! Note that the only way to flash a modified BIOS on these boards is with "USB BIOS Flashback" - see your motherboard manual for more info. 1 Link to comment Share on other sites More sharing options...
C.Frio Posted October 3, 2013 Share Posted October 3, 2013 hi any chance someone send me a patched bios for an AsRock H87M pro4... I can't install mavericks...it reboots just after loading drivers ..extra/extensions.mkext, ganged video card,subs,hds.and so on used several boot loaders..just after choose the HD ..it reboots 'cause I have no idea or expertise to patch one... thank you for any information about... c.frio Link to comment Share on other sites More sharing options...
StoneTemplePilots Posted October 3, 2013 Share Posted October 3, 2013 hi any chance someone send me a patched bios for an AsRock H87M pro4... I can't install mavericks...it reboots just after loading drivers ..extra/extensions.mkext, ganged video card,subs,hds.and so on used several boot loaders..just after choose the HD ..it reboots 'cause I have no idea or expertise to patch one... thank you for any information about... c.frio patched ROM Link to comment Share on other sites More sharing options...
C.Frio Posted October 3, 2013 Share Posted October 3, 2013 hi thank you Fix It Felix Jr. now study how to use...apply.. c.frio Link to comment Share on other sites More sharing options...
nmano Posted October 3, 2013 Share Posted October 3, 2013 Successfully patched and flashed BIOS 2104 for ASUS P8Z77-V Pro. Thanks again CodeRush! Note that the only way to flash a modified BIOS on these boards is with "USB BIOS Flashback" - see your motherboard manual for more info. Can you upload your patched bios 2104 ple Link to comment Share on other sites More sharing options...
Gringo Vermelho Posted October 4, 2013 Share Posted October 4, 2013 I didn't keep a copy. Patch it yourself, it's easy. Read the first post to see how to run pmpatch. Chapter 2.3.11 in your motherboard manual tells you everything else. If you don't have a hard copy, download the pdf from ASUS' website. -The manual tells you to go download something, that's not necessary, just place the BIOS file on your flash drive. The remaining instructions are very important though. -The BIOS must be named Z77VP.CAP in order to use USB BIOS Flashback. You can use that as output filename on the command line when you run pmpatch. Link to comment Share on other sites More sharing options...
Recommended Posts