questions about the driver locks for 6xxx for BAGZZlash

laharl2k · Jun 18, 2011

hi, just curious about the lock that amd added to catalyst (and fglrx too)
does the bios has some kind of key? or does the driver check for the checksum of the bios in some database?
how hard would it be to reverse engineer the driver, like when that guy did with the nvidia one to alow sli in mother that didn't officialy support it
tryed asking amd about it? maybe some NDA

Why does noone leaks some amd utility to sign the bios or something xD

as far as my tests go, the fan settings works in my 6950 (ref), but when the driver loads it returns to the dangerously low fan curve from the original bios. I really dont like the card getting to 90ºC just to start moving the fan, and worst when the VRMs reach about 110ºC by that time. with the fan at about 30% the card stays at 78ºC and the vrms at 92ºC.
luckly some guy coded an app to overclock for linux, because if i hadn't changed the fan settings the card would have probably burnt while mining bitcoins (openCL brute forcing sha256, gpu at 100%)

BAGZZlash · Jun 19, 2011

laharl2k said:
does the bios has some kind of key?

Yes, it's a digital signature. I talked about it a lot in the threads around here. You can also view this 32-bytes-signature with RBE's built-in hex editor.

laharl2k said:
how hard would it be to reverse engineer the driver

I don't know. I'm not a reverse engineer, nor do I know too much about the driver architecture... :ohwell:

laharl2k · Jun 19, 2011

that all i wanted to know, thanks for the answer, and sorry i couldn't find that post about the bios key

sadly i don't know enought to reverse engineer a driver either....asm and reverse enginering stuff other than unprotected exes with ollydbg is in my to-learn list, but i need to get better with c/c++ first.

all i know is that the l33t h4Xx0rs use QEMU to reverse engineer drivers to make the linux ones,
http://www.coreboot.org/Reverse_Engineering_PCI_Drivers
looking at this it seems that it could be done, its just the initialization check in the driver.
You get direct access to the grafic card, so if it's true, then fglrx or catalyst should work

BAGZZlash · Jun 19, 2011

As far as I know, large parts of the catalyst drivers are implemented in C# (the CCC, at least). That's why you need the .NET framework to install the driver, which is very annoying for a fresh windows installation as many people may know around here... :laugh:

Anyway, C# software is a lot easier to reverse because the compiler does not create true binary code.

I don't know anything about that but maybe it's a hint for you to start with. Please keep me updated about your progression every once in a while, would you?!? :toast:

W1zzard · Jun 19, 2011

the relevant piece (kernel driver) is not implemented in c# .. c# is EXTREMELY easy to decompile.

one approach that should work is to use kernel debugging on a live machine to identify the driver that shuts down the system. from there on identify which code in the driver is executed, then reverse and understand that

nice link with that pci debugging method. i doubt it will be any useful here. the driver reads the rom and then does something with it to determine if it's valid or not. this math is what's interesting

laharl2k · Jun 19, 2011

exactly, furthermore i remember reading in the radeon blog that you change the core/mem clock you have to active an interruption so maybe maybe setting a breakpoint in that interruption would work, but i don't know if the power play (was that its name?) thingy is just a table in the bios and the drivers changes the clock based on it or if the gpu itself changes the clocks, anyways the code should be executed right before that part, so a backtrace should do the job
...I said i don't know enought to be able to do it XD, and i have my hands full of stuff from college so i don't even have time to try, but i may pass by the xorg-driver-ati mailling list and ask for help

maybe someone is willing to reverse it to help u...i mean, they do that kind of stuff all the time, and with hardware stuff which is way more low level than this, so just looking for a piece of of software inside the drivers shouldn't take one of them more than 2 hours max, don't think this will be much of a problem

Cyras · Jul 10, 2011

Have somebody found a solution, for the problem?
For example, add a new Device ID with the OC Core in the driver, or did somebody found a digital sig. in a bios file?

AMD says {ticketno:[8200425731]} "We have no barrier in the driver/bios"

laharl2k · Jul 12, 2011

then how is it that the settings get reseted to the original ones....is there another copy of the settings somewhere in the bios?

W1zzard · Jul 12, 2011

laharl2k said:
then how is it that the settings get reseted to the original ones....is there another copy of the settings somewhere in the bios?

they dont get reset at all ..

laharl2k · Jul 12, 2011

W1zzard said:
they dont get reset at all ..

how? then amd is lyng? or did i miss something? (not english native)

Processor	Ryzen 7 5700X
Memory	48 GB
Video Card(s)	RTX 4080
Storage	2x HDD RAID 1, 3x M.2 NVMe
Display(s)	30" 2560x1600 + 19" 1280x1024
Software	Windows 10 64-bit

Processor	Intel I7-3970X @ 5GHz
Motherboard	ASRock X79 Extreme9
Cooling	Water Cooling
Video Card(s)	NVidia Titan Black /SLI
Storage	Samsung 850 Pro 256GB

Processor	Ryzen 7 5700X
Memory	48 GB
Video Card(s)	RTX 4080
Storage	2x HDD RAID 1, 3x M.2 NVMe
Display(s)	30" 2560x1600 + 19" 1280x1024
Software	Windows 10 64-bit

questions about the driver locks for 6xxx for BAGZZlash

laharl2k

New Member

BAGZZlash

RBE Author

laharl2k

New Member

BAGZZlash

RBE Author

W1zzard

Administrator

laharl2k

New Member

Cyras

laharl2k

New Member

W1zzard

Administrator

laharl2k

New Member