Meowthra Posted October 5, 2015 Share Posted October 5, 2015 OS X El Capitan 10.11.6 XCPM for Haswell-ULT xcpm_bootstrap Patch Haswell (0x3c) = 0x04 Crystalwell (0x46) = 0x08 Haswell-ULT (0x45) = 0x10 Broadwell-H (0x47) = 0x40 Broadwell (0x3d) = 0x80 Skylake (0x4e) = 0x200 Skylake-DT (0x5e) = 0x1000 ffffff80003f547b (0x1f547b) jmp to ffffff80003f54cd(0x1f54cd) xcpm_cpu_model: Haswell-ULT 0x1f547b 0F8883000000 to EB5090909090 Find E86878FCFF4885C00F8883000000 Replace E86878FCFF4885C0EB5090909090 MSR(0xE2) PatchFind0F308B4BD80F3248C1E22089C0Replace9090909090909048C1E2209090 Fake CPUFAMILY To IVYBRIDGEFindBBDC82B210ReplaeBB35E8651F org.chameleon.Boot.plist <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Kernel</key> <string>/kernel</string> <key>Kernel Flags</key> <string>-v -f kext-dev-mode=1 rootless=0</string> <key>CsrActiveConfig</key> <string>103</string> </plist> kernel.plist <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>KernelBooter_kexts</key> <string>Yes</string> </dict> </plist> xcpm_bootstrap Opcode Analysis "PATCH:" ffffff80003f5461 movzx ebx, byte [ds:r15+0x4d] ffffff80003f5466 mov eax, dword [ds:r15+0x1a0] ffffff80003f546d mov dword [ds:_xcpm_cpufamily], eax ffffff80003f5473 call _cpuid_features ffffff80003f5478 test rax, rax ffffff80003f547b js 0xffffff80003f5504 "JMP TO xcpm_cpu_model" "xcpm_cpu_model" ffffff80003f54b5 add ebx, 0xffffffbb ffffff80003f54b8 cmp ebx, 0x9 ffffff80003f54bb ja 0xffffff80003f5504 "xcpm_cpu_model=0x10 Haswell-ULT" ffffff80003f54cd mov dword [ds:_xcpm_cpu_model], 0x10 ffffff80003f54d7 mov dword [ds:0xffffff8000a5b0d4], 0x1 ffffff80003f54e1 jmp 0xffffff80003f5547 ffffff80003f54e3 cmp ebx, 0x5e ffffff80003f54e6 jne 0xffffff80003f5504 "xcpm_cpu_model=0x1000 Skylake-DT" ffffff80003f54e8 mov dword [ds:_xcpm_cpu_model], 0x1000 ffffff80003f54f2 mov dword [ds:0xffffff8000a5b0d4], 0x0 ffffff80003f54fc xor r14d, r14d ffffff80003f54ff jmp 0xffffff80003f5587 NULL ffffff80003f5504 mov dword [ds:_xcpm_mode], 0x0 ffffff80003f550e add rsp, 0x8 ffffff80003f5512 pop rbx ffffff80003f5513 pop r14 ffffff80003f5515 pop r15 ffffff80003f5517 pop rbp ffffff80003f5518 ret "xcpm_cpu_model=0x4 Haswell" ffffff80003f5519 mov dword [ds:_xcpm_cpu_model], 0x4 ffffff80003f5523 jmp 0xffffff80003f5547 "xcpm_cpu_model=0x80 Broadwell" ffffff80003f5525 mov dword [ds:_xcpm_cpu_model], 0x80 ffffff80003f552f jmp 0xffffff80003f557a "xcpm_cpu_model=0x400 " ffffff80003f5531 mov dword [ds:_xcpm_cpu_model], 0x400 ffffff80003f553b jmp 0xffffff80003f5547 "xcpm_cpu_model=0x8 Crystalwell" ffffff80003f553d mov dword [ds:_xcpm_cpu_model], 0x8 ffffff80003f5547 mov dword [ds:0xffffff8000a5b0dc], 0x1 ffffff80003f5551 mov qword [ds:0xffffff8000a5b150], 0x0 ffffff80003f555c xor r14d, r14d ffffff80003f555f jmp 0xffffff80003f5587 "xcpm_cpu_model=0x40 Broadwell-H" ffffff80003f5561 mov dword [ds:_xcpm_cpu_model], 0x40 ffffff80003f556b xor r14d, r14d ffffff80003f556e jmp 0xffffff80003f5587 "xcpm_cpu_model=0x200 Skylake" ffffff80003f5570 mov dword [ds:_xcpm_cpu_model], 0x200 ffffff80003f557a mov dword [ds:0xffffff8000a5b0d4], 0x1 ffffff80003f5584 xor r14d, r14d kernel-1011-haswell.zip 3 Link to comment https://www.insanelymac.com/forum/topic/308450-haswell-ult-kernel-patch-for-el-capitan/ Share on other sites More sharing options...
Andres ZeroCross Posted October 16, 2015 Share Posted October 16, 2015 Where do i need to patch?? to Kernel or another kext Link to comment https://www.insanelymac.com/forum/topic/308450-haswell-ult-kernel-patch-for-el-capitan/#findComment-2178295 Share on other sites More sharing options...
maciekish Posted January 4, 2016 Share Posted January 4, 2016 Where do i put this kernel? There is no "System/Library/Kernels" folder in the install USB anymore I tried the following: perl -pi -e 's|\x30\x46\x33\x30\x38\x42\x34\x42\x44\x38\x30\x46\x33\x32\x34\x38\x43\x31\x45\x32\x32\x30\x38\x39\x43\x30|\x39\x30\x39\x30\x39\x30\x39\x30\x39\x30\x39\x30\x39\x30\x34\x38\x43\x31\x45\x32\x32\x30\x39\x30\x39\x30|g' /Volumes/Installer/System/Library/PrelinkedKernels/prelinkedkernel perl -pi -e 's|\x42\x42\x44\x43\x38\x32\x42\x32\x31\x30|\x42\x42\x33\x35\x45\x38\x36\x35\x31\x46|g' /Volumes/Installer/System/Library/PrelinkedKernels/prelinkedkernel But the resulting md5 is the same so nothing was replaced. Is that the right kernel? Cant find anything else Link to comment https://www.insanelymac.com/forum/topic/308450-haswell-ult-kernel-patch-for-el-capitan/#findComment-2202894 Share on other sites More sharing options...
Recommended Posts