Monday, August 21st 2023

NVIDIA BIOS Signature Lock Broken, vBIOS Modding and Crossflash Enabled by Groundbreaking New Tools

You can now play with NVIDIA GeForce graphics card BIOS like it's 2013! Over the last decade, NVIDIA had effectively killed video BIOS modding by introducing BIOS signature checks. With GeForce 900-series "Maxwell," the company added an on-die security processor on all its GPUs, codenamed "Falcon," which among other things, prevents the GPU from booting with unauthorized firmware. OMGVflash by Veii; and NVflashk by Kefinator (forum names), are two independently developed new tools that let you flash almost any video BIOS onto almost any NVIDIA GeForce graphics card, bypassing "unbreakable" barriers NVIDIA put in place, such as BIOS signature checks; and vendor/device checks (cross-flashing). vBIOS signature check bypass works up to RTX 20-series "Turing" based GPUs, letting you modify the BIOS the way you want, while cross-flashing (sub-vendor ID check bypass) works even on the latest RTX 4090 "Ada."

The tools bring back the glory days of video BIOS modding using utilities the likes of NiBiTor (now discontinued). The possibilities of such utilities are endless. You can, for example, flash the BIOS of a premium factory-overclocked graphics card onto your close-to-MSRP graphics card. For cards up to RTX 20-series "Turing," in addition to clock speeds, BIOS modding lets you raise power limits, which have a more profound impact on performance, as they increase boost frequency residency. BIOS modding also gives you control over the graphics card's voltages, cooling performance, and fan-curve, so you can make your card quieter, as long as your cooler can keep the GPU away from thermal limits (which you can adjust, too). With cross-flashing (without modifying the BIOS or disturbing its signature), you are now able to restore a voltage of 1.1 V on your RTX 4090 GPU, if you've got one of the newer models, which ticks at 1.07 V only. You could also flash your FE with a custom-design vBIOS with high power limit, to go beyond NVIDIA's power limits.
OMGVflash author Veii posted a comprehensive thread on the TechPowerUp Forums, which announces the first public beta of the tool, its development history, usage instructions, and some troubleshooting support. Find the thread here. The author has expressed interest in working with TechPowerUp on publishing future versions.

NVflashk author Kefi posted a similar comprehensive thread on TechPowerUp Forums, which can be accessed here.

OMGVflash and NVflashk are independently developed of each other. We've hand-inspected the binary code of both tools and they are free of any viruses or trojans. There's only few code modifications to the original NVFlash tool, to activate the bypass. There's no additional malware payload or anything similar. The file sizes are identical to the unmodified files. VirusTotal also confirms that these patches are legit.

Tampering with the vBIOS will void your graphics card's warranty. As with all modding, graphics card BIOS modding is not without risk, and meant for power users. It is fairly easy to recover from a broken flash, as all current desktop processors come with iGPUs that you can boot from, so you could flash a working BIOS onto the bricked graphics card. Just do remember to back-up your BIOS. You can use either of these tools to extract your current BIOS, or better yet, use GPU-Z for the task.

TechPowerUp editor and author of GPU-Z, W1zzard, will be answering all your questions in the comments section of this post. He has extensive experience with vBIOS internals from his worth with GPU-Z and he has also developed a parser that decodes, processes and organizes the ROM files in our TechPowerUp GPU BIOS Database.

Update 16:44 UTC: Kefi is currently working on a GUI version that makes it easy to backup and flash the BIOS. You can also search our BIOS Collection from within the app and filter on various properties.
Sources: OMGVflash by Veii, NVflashk by Kefi
Add your own comment

210 Comments on NVIDIA BIOS Signature Lock Broken, vBIOS Modding and Crossflash Enabled by Groundbreaking New Tools

#1
ZoneDymo
man...I honestly did not know Nvidia even (tried to) locked this out....what a crappy move.
has AMD locked this out as well?
Posted on Reply
#2
Taisho
Setting a reasonable fan curve for over-the-top cooled GPUs is finally possible, no more 1000 RPM or other decided by the manufacturer minimum... and another reason not to buy 7xxx AMD that is still locked?
Posted on Reply
#3
W1zzard
ZoneDymoman...I honestly did not know Nvidia even (tried to) locked this out....what a crappy move.
has AMD locked this out as well?
Yes, for many years now
Posted on Reply
#4
zlobby
Nice! And sheeple still believe in 'secure enclaves' and 24/7 on-chip cloud connectivity for 'security'...
Posted on Reply
#5
CyberG
if many gpu's are already burned because manufacturers miscalculate the limits imagine now with people tuning firmware to get an extra 5%
Posted on Reply
#6
TheDeeGee
TaishoSetting a reasonable fan curve for over-the-top cooled GPUs is finally possible, no more 1000 RPM or other decided by the manufacturer minimum... and another reason not to buy 7xxx AMD that is still locked?
Sorry to burst your bubble, but the reason 1000 RPM is the limit is because GPU fans are garbage quality and can't spin slower. I've had mine hooked up to a fan controller for testing and they stopped spinning at 28% (950 RPM).

The only way to have slower spinning fans is by a deshroud.
Posted on Reply
#7
Geofrancis
W1zzardYes, for many years now
as far as i knew it still worked on the 5000 series, when did they lock it down??
Posted on Reply
#8
W1zzard
Geofrancisas far as i knew it still worked on the 5000 series, when did they lock it down??
They had the signature hash on the 5000 series too, but only for some parts of the BIOS (no idea why you'd go through all the troubles to come up with a system first and then only use it on parts of the BIOS)
TaishoSetting a reasonable fan curve for over-the-top cooled GPUs is finally possible, no more 1000 RPM or other decided by the manufacturer minimum
as @TheDeeGee mentioned, you are limited by the fan's physical minimum speed. I do vaguely remember that there's some protection mechanism that will spin the fans to 100% to make them start, when they appear stuck, because the target RPM is lower than the startup speed, but high enough to keep spinning once turning
Posted on Reply
#9
john_
Does this mean that eBay sellers will have it easier to start selling GTX 970s as RTX 4090s?
Posted on Reply
#10
Geofrancis
W1zzardThey had the signature hash on the 5000 series too, but only for some parts of the BIOS (no idea why you'd go through all the troubles to come up with a system first and then only use it on parts of the BIOS)
I done some checking, I think the signature protected the part that identified the card but not its performance parameters, so you could change voltages and clocks but you couldnt change a 5600xt to a 5700xt.
Posted on Reply
#11
W1zzard
Geofrancisbut you couldnt change a 5600xt to a 5700xt
Which you still cannot, because the cores are disabled through on-die fuses. Unlocking through BIOS modding was possible on older ATI cards until they figured that using the BIOS to lock shaders is too easy to circumvent. It's how I got interested in the hardware scene over 20 years ago (ATI Radeon 9500 to 9700 mod, web.archive.org/web/20030118032341/http://www.maxdownloads.com/~ian/wizzard/)
Posted on Reply
#12
Vya Domus
Momentary success I think, they're gonna make sure to lock the BIOS again for the next generation.
Posted on Reply
#13
Ferrum Master
john_Does this mean that eBay sellers will have it easier to start selling GTX 970s as RTX 4090s?
@eidairaman1 Get ready :D
Posted on Reply
#14
dj-electric
vBIOS modding for increasing voltage? nah.
vBIOS modding for decreasing it along with power? oh yeah.
Posted on Reply
#15
leezhiran
TheDeeGeeSorry to burst your bubble, but the reason 1000 RPM is the limit is because GPU fans are garbage quality and can't spin slower. I've had mine hooked up to a fan controller for testing and they stopped spinning at 28% (950 RPM).

The only way to have slower spinning fans is by a deshroud.
The fans are DC regulated?
Posted on Reply
#16
tpa-pr
Layman here. Could this potentially be used to mod the 3XXX series to unlock features like DLSS 3?
Posted on Reply
#17
N3utro
tpa-prLayman here. Could this potentially be used to mod the 3XXX series to unlock features like DLSS 3?
DLSS3 uses hardware fourth generation tensor cores and Optical Flow Accelerator that do not exist on 3xxx series, it's not just software

Cool news! I'm wondering if removing TDP limit on my 4070 could change anything performance wise.

Is there a tool which allows to modify the existing bios of our own cards? I had 2 cards dying on me quickly after I used an xoc bios on another model in the past while they were properly cooled so now i wont flash anything that has been specifically designed for a specific model.
Posted on Reply
#18
Selaya
wait, that thread would suggest that it's merely for crossflashing but this thread's OP does suggest it's full blown bios modding (most interesting: definitely fancurves. GIMME DAT 0RPM ON THE A2000 ALREADY!); is that possible at this stage, and if not, will it ever be possible at all?
Posted on Reply
#19
john_
N3utroCool news! I'm wondering if removing TDP limit on my 4070 could change anything performance wise.
Careful not to make your 16pin connector think you are using a 4090 and commit suicide.
I know that this post looks like trolling, but I am serious here.
Posted on Reply
#21
henok.gk
Ooh leather jacket man is not gonna like this
Posted on Reply
#22
Fluffmeister
Yeah, won't be flashing anything. Thanks though.
Posted on Reply
#23
KARMAAA
Does this mean I could flash a 3090 BIOS onto a 3080 Ti and unlock the extra CUDA Cores that were disabled?
Posted on Reply
#24
P4-630
Great, so we can see many more "Fake" Gpu's in the near future....
Posted on Reply
#25
Vya Domus
N3utroDLSS3 uses hardware fourth generation tensor cores and Optical Flow Accelerator that do not exist on 3xxx series, it's not just software
Considering that their implementations are closed source we have no idea whatsoever if this really is true or not. My guess is that it more than likely isn't, there is nothing about frame interpolation that requires any kind of special hardware, computing motion vectors is something people have done for at least a decade on normal shaders and it's plenty fast.

I have been skeptical about Nvidia's claims ever since Remedy spiled the beans that the version of DLSS they used didn't even use the RT cores in Control. Intel's XeSS doesn't need ML accelerators either.
Posted on Reply
Add your own comment
Dec 21st, 2024 20:17 EST change timezone

New Forum Posts

Popular Reviews

Controversial News Posts