Monday, August 21st 2023
NVIDIA BIOS Signature Lock Broken, vBIOS Modding and Crossflash Enabled by Groundbreaking New Tools
You can now play with NVIDIA GeForce graphics card BIOS like it's 2013! Over the last decade, NVIDIA had effectively killed video BIOS modding by introducing BIOS signature checks. With GeForce 900-series "Maxwell," the company added an on-die security processor on all its GPUs, codenamed "Falcon," which among other things, prevents the GPU from booting with unauthorized firmware. OMGVflash by Veii; and NVflashk by Kefinator (forum names), are two independently developed new tools that let you flash almost any video BIOS onto almost any NVIDIA GeForce graphics card, bypassing "unbreakable" barriers NVIDIA put in place, such as BIOS signature checks; and vendor/device checks (cross-flashing). vBIOS signature check bypass works up to RTX 20-series "Turing" based GPUs, letting you modify the BIOS the way you want, while cross-flashing (sub-vendor ID check bypass) works even on the latest RTX 4090 "Ada."
The tools bring back the glory days of video BIOS modding using utilities the likes of NiBiTor (now discontinued). The possibilities of such utilities are endless. You can, for example, flash the BIOS of a premium factory-overclocked graphics card onto your close-to-MSRP graphics card. For cards up to RTX 20-series "Turing," in addition to clock speeds, BIOS modding lets you raise power limits, which have a more profound impact on performance, as they increase boost frequency residency. BIOS modding also gives you control over the graphics card's voltages, cooling performance, and fan-curve, so you can make your card quieter, as long as your cooler can keep the GPU away from thermal limits (which you can adjust, too). With cross-flashing (without modifying the BIOS or disturbing its signature), you are now able to restore a voltage of 1.1 V on your RTX 4090 GPU, if you've got one of the newer models, which ticks at 1.07 V only. You could also flash your FE with a custom-design vBIOS with high power limit, to go beyond NVIDIA's power limits.
OMGVflash author Veii posted a comprehensive thread on the TechPowerUp Forums, which announces the first public beta of the tool, its development history, usage instructions, and some troubleshooting support. Find the thread here. The author has expressed interest in working with TechPowerUp on publishing future versions.
NVflashk author Kefi posted a similar comprehensive thread on TechPowerUp Forums, which can be accessed here.
OMGVflash and NVflashk are independently developed of each other. We've hand-inspected the binary code of both tools and they are free of any viruses or trojans. There's only few code modifications to the original NVFlash tool, to activate the bypass. There's no additional malware payload or anything similar. The file sizes are identical to the unmodified files. VirusTotal also confirms that these patches are legit.
Tampering with the vBIOS will void your graphics card's warranty. As with all modding, graphics card BIOS modding is not without risk, and meant for power users. It is fairly easy to recover from a broken flash, as all current desktop processors come with iGPUs that you can boot from, so you could flash a working BIOS onto the bricked graphics card. Just do remember to back-up your BIOS. You can use either of these tools to extract your current BIOS, or better yet, use GPU-Z for the task.
TechPowerUp editor and author of GPU-Z, W1zzard, will be answering all your questions in the comments section of this post. He has extensive experience with vBIOS internals from his worth with GPU-Z and he has also developed a parser that decodes, processes and organizes the ROM files in our TechPowerUp GPU BIOS Database.
Update 16:44 UTC: Kefi is currently working on a GUI version that makes it easy to backup and flash the BIOS. You can also search our BIOS Collection from within the app and filter on various properties.
Sources:
OMGVflash by Veii, NVflashk by Kefi
The tools bring back the glory days of video BIOS modding using utilities the likes of NiBiTor (now discontinued). The possibilities of such utilities are endless. You can, for example, flash the BIOS of a premium factory-overclocked graphics card onto your close-to-MSRP graphics card. For cards up to RTX 20-series "Turing," in addition to clock speeds, BIOS modding lets you raise power limits, which have a more profound impact on performance, as they increase boost frequency residency. BIOS modding also gives you control over the graphics card's voltages, cooling performance, and fan-curve, so you can make your card quieter, as long as your cooler can keep the GPU away from thermal limits (which you can adjust, too). With cross-flashing (without modifying the BIOS or disturbing its signature), you are now able to restore a voltage of 1.1 V on your RTX 4090 GPU, if you've got one of the newer models, which ticks at 1.07 V only. You could also flash your FE with a custom-design vBIOS with high power limit, to go beyond NVIDIA's power limits.
NVflashk author Kefi posted a similar comprehensive thread on TechPowerUp Forums, which can be accessed here.
OMGVflash and NVflashk are independently developed of each other. We've hand-inspected the binary code of both tools and they are free of any viruses or trojans. There's only few code modifications to the original NVFlash tool, to activate the bypass. There's no additional malware payload or anything similar. The file sizes are identical to the unmodified files. VirusTotal also confirms that these patches are legit.
Tampering with the vBIOS will void your graphics card's warranty. As with all modding, graphics card BIOS modding is not without risk, and meant for power users. It is fairly easy to recover from a broken flash, as all current desktop processors come with iGPUs that you can boot from, so you could flash a working BIOS onto the bricked graphics card. Just do remember to back-up your BIOS. You can use either of these tools to extract your current BIOS, or better yet, use GPU-Z for the task.
TechPowerUp editor and author of GPU-Z, W1zzard, will be answering all your questions in the comments section of this post. He has extensive experience with vBIOS internals from his worth with GPU-Z and he has also developed a parser that decodes, processes and organizes the ROM files in our TechPowerUp GPU BIOS Database.
Update 16:44 UTC: Kefi is currently working on a GUI version that makes it easy to backup and flash the BIOS. You can also search our BIOS Collection from within the app and filter on various properties.
209 Comments on NVIDIA BIOS Signature Lock Broken, vBIOS Modding and Crossflash Enabled by Groundbreaking New Tools
Also, is it possible to modify the card description, ID, serial, etc, în order to fake it look like another card?
they also locked (still since i don't know if that will be supported now) CUSTOM vbioses
Maxwell 2.0 was the last gen - that i know - which allowed end user / customer to literary make their own vbios and flash it onto the card without any issue.
I still have files for my custom undervolted Titan X bios, which also gave me 0rpm fan mode etc
If NVIDIA's Bird falcon allows you with my Version - then that's a success.
But mind you the following:
You need to match the display-out most of the time.
I/O (Display) Matrix & Powerplugs , do adapt ~ usually also memory IC detection does adapt.
Yet you can easily find yourself in a situation of other Parts of the GPU not working.
If Falcon allows, then that's a yes.
It's not on nvflash to allow or prohibit that
Pascal (and pretty much Turing) will allow a "flash to whatever you want" mode.
Including everything under it will flash, as long as the Biosmod was correctly made and no checksums are broken (see Maxwell tweaker for example)
Good luck :)
Falcon itself refuses. Mostly due to a new vbios version.
If you can get the foundation on the ROM , lets say your Target Vendor Bios
And then utilize my tool to update - it will update the remain sections too and count as a full rebrand.
As for times at & before Pascal - yes, full access
Turing Half access,
Ampere and Ada - only signed bioses have full access ~ but pretty much every Boardpartners Bios is signed :)
ChipID rebrands, are difficult
It's not really nvflash's work to excecute such. It does forward to Flacon and from there the Topic is open ended.
Falcon's access, is Nvidia's proprietary and confidential information/tools/access.
Due to friendly reasons, i refuse to help on this part.
But nvflash won't be the reason why it fails. It will start executing and either finish or Falcon will say no.
Try and have fun.
Just if you have two NVIDIA cards ~ remember to start from Index 1,
If you recover with an AMD GPU, Index0 or no index at all ~ will be your target flash (recovery procedure).
This is fantastic news. Many boards of Nvidia had hard caps of 200W or even lower. With this you can unlock it. New OC's incoming!
Edit: The copper heatsinks look very much like this..
It's always interesting to read up on this stuff and it's good to see these locks can be bypassed now should folks feel the need to tinker. I do wonder, though, how many people are going to start coming around asking for help to fix bad BIOS changes/flashes....you know, more than they already for the fake cards they by off bad sites.
While XeSS doesn't need the XMX units, even Wizzard found that the "non- native" XeSS wasn't equal when it comes to performance gain and visuals.
Remedy also eventually stopped using the "2.0 prototype" in favor of the Tensor core accelerated one.
For DLSS3 an Nvidia engineer came out and said that DLSS 3.0 can work on ampere...But the end result will not be as good, and seeing how people like to trash talk the current "ideal" implementation, they might have avoided a bullet. :D If it was even more glitchy and had a higher latency impact, forums dwellers would have never shut up about how laughable the tech is
We had such good tools to our benefit in the past compared to now.
What I released is only the bypass itself - I'm working on a graphical user-friendly version of nvflash to release later this week.
If i understand thing correctly then no such GUI tool currently exists but it is possible to flash different manufacturer made BIOS'es to cards they were not meant for?
I already have 380W KFA2 BIOS on my Gainward GS 2080Ti ~300W card. I could try 450W bioses and there's even crazier Galaxy HOF OC LAB WC Edition with effectively unlimited 2000W and higher v/f curve but im not brave enough to try that even tho my card is cooled by Morpheus II and two high static pressure 120mm fans. Essentially 4,5 slot air cooling.
Im more interested in somehow unlocking ReBAR on 20 series. Nvidia never bothered making new BIOS'es to unlock this so i wonder if it requires unlocking or does it require new code in BIOS? Im asking because ReBAR has been PCIe feature for a long time and so it's possible that it has been included in some very old cards but never enabled?
AMD enabled it for 5000 series Navi 1 and if i remember correctly people have enabled it on older GCN cards too.
EDIT: Thanks kefi. Looking forward to it.
2000W bios is'nt going to harm your card - only when you raise crazy amount of power through the chip and not having sufficient cooling.