• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

nvflashk - Flash any BIOS to NVIDIA GPUs - Safe board ID bypass up to 4xxx series

K

kefi

Joined
Aug 20, 2023
Messages
33 (0.05/day)
Hey overclockers. I recently got back into building PCs and overclocking after 5 or so years and realized I couldn't flash my ASUS 4090 TUF OC edition to the 1000W XOC BIOS as planned due to 'Board ID mismatch'. There were patched versions of nvflash floating around on TechPowerUp, but nothing for this series. Luckily I'm a software engineer with some reverse engineering chops, so I just went ahead and patched nvflash myself. Turns out this was something a lot of people needed, especially for turning their 1.07v cards back into 1.1v cards! So I'm releasing it in the wild, posting it on here and overclock.net and on Reddit /r/nvidia. This is my first post so hopefully it doesn't get caught up by spam filters, but I can be vouched for from other communities! A ton of people have flashed over their GPUs already, especially FE owners!

How's it work?
When you go to flash a vBIOS to a GPU, nvflash double checks a few parameters (don't quote me on this, guessing a lot):
  • GPU PCI Device ID (GPU chip, i.e. 2xxx/3xxx/4xxx) - You'll see this if you try flashing across series
  • PCI Subsystem ID (PCB ID) - You'll see this for any non-standard vBIOS
  • Board ID (PCB+GPU ID) - You'll usually see this on XOC bios or where the GPU was revised but the PCB remained the same (i.e. 1.07v 4090 revision)
  • Hierarchy (Unknown, potentially Lovelace/Turing/etc) - Dunno when you see this
  • A couple other minor items that appear to just be software-defined metadata
I managed to locate a backdoor of sorts that nVidia implemented to have a 'mismatch bypass', and I have forced that bypass to be enabled at all times when using the -6 parameter. This makes this a very, very dangerous version of nvflash. It will attempt to flash anything to anything. Literally - you can try to flash a 3060 XOC BIOS to a 4090 FE, even. We now know it won't work and will just say 'Nothing happened!', but it will try!

nvflashk will still confirm you want to perform those bypasses and only when they're necessary, unlike former versions of patched nvflash that used a simpler board ID bypass. I've also added some warnings and a harmless touch of my humor to some messages. It is otherwise a fully normal, fully functioning nvflash.

Note that this doesn't mean your GPU will actually boot the BIOS you decide to flash, it just means nvflashk will get it there. I've read about some signing stuff nVidia did with some cards that may cause issues, but you should always be able to flash back either way.

I don't believe this tool will allow you to flash uncertified/modified BIOSes yet, but I will check on that and work on it.

Where do I get it? How do I use it?
You can find it (and significantly more detailed usage instructions) here: notfromstatefarm/nvflash (or on the releases page)

Proof it works?

Gains from going to a 1.1v BIOS:

Here's a video proving it works and upgrades the voltage on my card:

And even crazier, flashing a Founders Edition BIOS to my 4090 TUF:

For those worried about viruses or whatever, feel free to compare the binaries. You should only see a handful of string changes and a couple of shifted/NOP'd instructions. Filesize is identical. Nothing that could constitute a virus. Or just don't use it and stay slow.

Contribute!
If you guys manage to flash anything that hasn't been tried before (and currently that's most things), please post and let us know so I can add it to the README!
 
Nice work! and great documentation on Github
 
bitchin can't wait to give my 3070ti some more beans
 
Welcome to TPU!
 
EDIT: Rephrased:
Ok

This is what you miss from the full version:
www.techpowerup.com

(omg)vflash | Fully Patched nvflash from X to Ada Lovelace [v5.780]

Due to recent discussions on voltage limitations of RTX 4000 series cards & the leakage (creation) of a tool with partial access I would like to share the full version. Now that the cat is out of the bag. It has been a work of 2 digit months, for going back and forth between testers for...
www.techpowerup.com www.techpowerup.com
~ VendorID bypass (can)
~ SubsystemID bypass (can)
~ PCI BoardID bypass (can)

~ BoardID bypass (half, falcon issues)
~ ChipID bypass (can't)
~ USB FW check bypass (can't)
~ Mobile iGPU reflash allow (can't because of above)
~ version check bypass (not included)
~ downgrade-lock bypass (not included)
~ Golden Card system bypass (for FE/Consumer/Engineer Board) (half included)

EDIT2:
This "backdoor" is intentionally build functionally by the Developers @ NvidiaHQ
Nvflash operates on a golden-card system.
This means that depending on the Bios that is loaded on your card (Founders/GlobalVendors/XOC/MASTER) Certificate;
It will change operation and allow more or less.

If company for example utilizes a node of headless units or a mining farm, the tool will also change its operation mode and is capable to work via FTP too.
Nvflash is also capable to download and create signable signatures, including replace them + rebrand several partitions of the Card and the EEPROM (InfoROM, Vendorlayout, MemStraps and so on...)
There is no "backdoor" but purpose left behind functionality for cards with Engineering/Master certificate.
It is left there for debugging purposes, yet the history of mods was based on either changing the target identifiers, or completely jumping the check and forcing the debug commands.

Oh also those 2-3 times YES/y confirmations for every override operation, exist in the very core of the program.
Including some funny left behind "cult" joke by the engineers themselves ~ on a help message :)
 
Last edited by a moderator:
This is just the initial release of the bypass, Veii definitely has the more flexible one that covers more edge cases.

The real plan for nvflashk is being a graphical interface and a bunch of QOL features like auto-recovery and searching TPU's database for compatible BIOSes! For now I'd say just choose whichever one you want and whichever one works. I'll probably have a test version ready by the end of the week.
 
Last edited:
Thanks @kefi just flashed my MSI RTX 3080 Gaming X 10GB (350W) with Strix 3080 OC 450W Bios

Animated GIF
 
So the BIOS themselves are viewable (https://github.com/bmgjet/Ampere-Bios-Editor), but it was only the signing that was impossible? Now with this bypass, edited BIOS files can be flashed directly regardless of the signature on the file, it would seem. Is that correct? If so, can't wait for that "Editor" to come soon.
 
kefi said:
Preview of the UI and database search tool coming later this week..!
View attachment 310066


Have fun, and keep an eye on those thermals!
Click to expand...
@kefi I watch my thermals closely with my monitor screen in my case, (Monitors GPU Hotspot etc) hasn't gone above 68 degrees C (on a TimeSpy Stress Test)

Appreciated though been waiting for this for 30/40 series used to run 2070 GALAX HOF vbios when there was a nvflash a few years ago with mismatch removed on my gigabyte 2070 Super. Look forward to been able to play with the GUI when it releases. Keep up the good work
 
kefi said:
Preview of the UI and database search tool coming later this week..!
Click to expand...
Awesome work with the flash tool.

I'm curious to know, is the GUI frontend a native compiled application or Electron?
 
b1t5murf said:
Awesome work with the flash tool.

I'm curious to know, is the GUI frontend a native compiled application or Electron?
Click to expand...
Thank you! It’s a Tauri app, which is basically Electron except it has a Rust backend instead of NodeJS, and it uses webview instead of the gigantic chromium. I’ve used Electron a lot for some crazy stuff but for a small utility I found it overkill, and Rust also will be able to deal with the low level systems stuff without the need for intermediate native node modules.
 
kefi said:
Thank you! It’s a Tauri app, which is basically Electron except it has a Rust backend instead of NodeJS, and it uses webview instead of the gigantic chromium. I’ve used Electron a lot for some crazy stuff but for a small utility I found it overkill, and Rust also will be able to deal with the low level systems stuff without the need for intermediate native node modules.
Click to expand...
I'm familiar with the Tauri ecosystem.

Have you considered Delphi?
It would give you the low level power, quickly putting a nice UI together and compile a self-contained, no external runtime needed executable :)
 
nice tool.

To bad I cant flash more ram into my 3070ti... fk nvidia
 
Nice, I wonder what are the odds we will one day we see modded bioses that allow dlss3 on ampre boards.
 
Yagma said:
Nice, I wonder what are the odds we will one day we see modded bioses that allow dlss3 on ampre boards.
Click to expand...
zero
that requires ampere only hardware
 
Soul_ said:
Couldn't you already do that? I had my 3080 Gaming X on 3080 SuprimX 450W vBios, ran like a champ, till I sold it.
Click to expand...
Suprim X isn't 450W check the bios mate :) Been there done that its faster yes. BUT not full fat 450W fast.

FoulOnWhite said:
Was it any better, i have the same MSI card?

Have a full cover block on it, so thermals don't matter.
Click to expand...
Overclocking headroom is greater for core clocks without a doubt. Memory clocks are still pretty fixed average around +1000mhz on mem clock. can get higher but thermals get out of control due to the memory layout on the pcb.
 
MaddoggMiranda said:
Suprim X isn't 450W check the bios mate :) Been there done that its faster yes. BUT not full fat 450W fast.


Overclocking headroom is greater for core clocks without a doubt. Memory clocks are still pretty fixed average around +1000mhz on mem clock. can get higher but thermals get out of control due to the memory layout on the pcb.
Click to expand...

Does the port number mismatch not matter? The Asus has 2x HDMI and the MSI only 1. I might give this a try.
 
FoulOnWhite said:
Does the port number mismatch not matter? The Asus has 2x HDMI and the MSI only 1. I might give this a try.
Click to expand...
Runs fine on mine with Display Port :)

FoulOnWhite said:
Does the port number mismatch not matter? The Asus has 2x HDMI and the MSI only 1. I might give this a try.
Click to expand...
As soul stated you can run the SUPRIM X bios which is 430W completely fine and RGB works too. depends on your intentions mate :)
 
MaddoggMiranda said:
Runs fine on mine with Display Port :)
Click to expand...

I just tried a flash of the MSI supreme x bios as test, flashed my stock back to be sure i can, works fine. problem is i seem to have lost the wattage reading on HWinfo64. I am using a stream deck to display them, it has dissapeared and i cannot find it in HWinfo now. Weird as it is still there in GPUz
Untitled.jpg
 
FoulOnWhite said:
I just tried a flash of the MSI supreme x bios as test, flashed my stock back to be sure i can, works fine. problem is i seem to have lost the wattage reading on HWinfo64. I am using a stream deck to display them, it has dissapeared and i cannot find it in HWinfo now. Weird as it is still there in GPUz
View attachment 310174
Click to expand...
Yes, losing accurate power readings is common when cross-flashing. This is why it's best to get something like a WireView when pushing power limits up on other BIOSes.
 
kefi said:
Yes, losing accurate power readings is common when cross-flashing. This is why it's best to get something like a WireView when pushing power limits up on other BIOSes.
Click to expand...

Thx
Seems fine in GPUz but HWinfo has lost it, weird :(
 
You must log in or register to reply here.
Back
Top