• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.
  • The forums have been upgraded with support for dark mode. By default it will follow the setting on your system/browser. You may override it by scrolling to the end of the page and clicking the gears icon.

ASRock Z370/Z390 Taichi (and some others, actively modding!) Firmware with Intel Management Engine Disabled

Status
Not open for further replies.
puma99dk| said:
@R-T-B are you gonna release v4.00 for the AsRock Z370 Taichi?

Link: https://www.asrock.com/mb/Intel/Z370 Taichi/index.asp#BIOS

I hope you haven't abandon it alreally :D
Click to expand...

Heh, I kinda did frankly. I withdrew public support for this project because well... a few things.

1.) For z370 in particular, I no longer have a board for testing.

2.) I discovered a much more effective way to disable the ME that Intel doesn't know about and am debating making a security claim (for money), or keeping it private. Either way, I'm not providing builds using the old method (using me_cleaner) because it's become too hard to maintain. (It's no longer just running the tool and it has a bunch of board specific quirks I have to remember.)

I was debating making a binary build of the new exploit for you and others to continue to get the benefits, but... I mean as a security researcher first I need to make up my mind if I'm giving this to Intel or keeping it private. I'm on the fence and if I start handing it out, I can't make a claim on it with Intel anymore. If I go public, Intel will just patch it and I will get no money and no one wins. If I give it to Intel, they patch it but at least pay me. If I keep it private, that's best for making builds like this... but they'll still probably eventually figure it out. So I want to keep a low profile regardless if going that route.

tl;dr: On the fence about whether to continue, builds are on hold for the moment though. If I decide to continue it will be much easier. If I don't , well, Intel will patch our arse and I'll get a nice check. Hopefully big.

Sorry for being a sellout. My advice for the time being would be to go official or stay on your present build... if I decide to stay with the "dark side" it doesn't matter which version you are on, heh.
 
Last edited:
R-T-B said:
If I decide to continue it will be much easier. If I don't , well, Intel will patch our arse and I'll get a nice check. Hopefully big.
Click to expand...
Quite the dilemma, on one hand your helping those that care turn off ME but if you don't disclose what you've found you're shit out of luck on the bounty.

I know what I'd pick, something about money up for grabs.

R-T-B said:
Sorry for being a sellout.
Click to expand...
So your in contact with Intel I presume? Sorry for picking apart your whole reply.
 
biffzinker said:
So your in contact with Intel I presume? Sorry for picking apart your whole reply
Click to expand...

Not yet but really thinking about it. Taking a "mental week" at the moment to avoid rash decisions.
 
Last edited:
Thanks @R-T-B for an explanation.
I will just use the latest 3.80 you released I got that one just never flashed it.
 
R-T-B said:
2.) I discovered a much more effective way to disable the ME that Intel doesn't know about and am debating making a security claim (for money), or keeping it private. Either way, I'm not providing builds using the old method (using me_cleaner) because it's become too hard to maintain. (It's no longer just running the tool and it has a bunch of board specific quirks I have to remember.)
Click to expand...

Does your method require an inactive Intel ME Watchdog Timer to function? Recently, a Github user has found ways to disable Intel ME completely on his Intel X79 system.
 
weareanomalous said:
Does your method require an inactive Intel ME Watchdog Timer to function? Recently, a Github user has found ways to disable Intel ME completely on his Intel X79 system.
Click to expand...

My method is more akin to an alternative firmware mode, ala the HAP bit. It's just much easier to apply though (minimal firmware modifications). Can't go into much more details.
 
After communication with Intel, my bug is not a bug, but more "operation as intended."

It's weird, because I sure don't see it that way, but given there is no money, I may be making builds again soon. First, a weekend with my brother whom has come to visit from far away!

puma99dk| said:
Thanks @R-T-B for an explanation.
I will just use the latest 3.80 you released I got that one just never flashed it.
Click to expand...

You willing to beta test a reasonably safe beta build when I get around to this again? I can still support the x370 Taichi but obviously I can't promise anything like before. Would be nice to have a tester. Pretty sure I know it well enough to not brick things, anyways... heh.
 
Last edited:
R-T-B said:
After communication with Intel, my bug is not a bug, but more "operation as intended."

It's weird, because I sure don't see it that way, but given there is no money, I may be making builds again soon. First, a weekend with my brother whom has come to visit from far away!



You willing to beta test a reasonably safe beta build when I get around to this again? I can still support the x370 Taichi but obviously I can't promise anything like before. Would be nice to have a tester. Pretty sure I know it well enough to not brick things, anyways... heh.
Click to expand...

Yeah I will be willing to test, the risk ain't really big because it got a dual bios and I don't overclock these days.
 
Sorry for the delay, work is keeping me very busy. This coming week I should have updates.
 
R-T-B said:
Sorry for the delay, work is keeping me very busy. This coming week I should have updates.
Click to expand...

That's fine, I am in Berlin these days so I came touch my computer :D
 
Hmm okay, I read your tech notes in #1 so this means if I have to update from the modded bios 3.20 to 3.40 I have to flash like the original 3.20 and then yours 3.40?

Because instant flash fails with message "Secure Flash check fail!":
IMG_20190805_112151.jpg

Then I tried AsRock's own windows flash utility it tells me that bios is modded and then fails when I hit the y key:
ASROM.jpg

*Edit* I tried flash the offical bios 3.20 from AsRock that went fine, but flashing to 3.40 NOME no dice it just fails with "Security Flash check fail!" so I hope that @R-T-B have something I can try :) Because you rock man :rockout:
 
Last edited:
I'm still working on the flashing issues. On the verge of cracking out something that'll work I think. ASRock and several manufacturers have really stepped up their security measures for sigchecking after that "screwed drivers" thing (reports to them happened way earlier than the news) so it's obviously been more interesting.
 
Last edited:
krusty said:
Can you build a release for the Z390 Phantom Gaming X mobo?
Click to expand...

Most likely, yes. Does it have dual bios? If not, are you willing to test a build at a slight risk of bricking the board? The risk is low, but always there.
 
Ok, I will need a few days but I should be able to make one then. :)
 
Hi,
I tried to use the experimental Z37TC400.zip for my Z370 Taichi but when i run the flashme.cmd with admin rights the cmd is just flashing for half a second and than closes itselfe but nothing has changed in the bios.
Maybe i'm missing some stepps?
I renamed the mod_bios and tried flashing via Instantflash but it shuts off and reboots immediately with no changes to the bios.
A 8600k and the original 4.00 bios is running and i'm using Win10 1903. IME 11.8.55.3510 is installed.
Any tipps and tricks how to get the ModBios flashed?

Thank you
 
What I had to do was to flash the original P4.00 from AsRock and then after a reboot into Windows 10 1903, I read the readme I got provided by @R-T-B and then ran the flashme.cmd.

Are you running anti-virus or something that might stop this @Beul ?
 
First thanks for the quick response!

P4.00 is running. Windows defener is disabled and no other antivirus is installed. The readme says "Instructions in short" so maybe you got the long version?
Should i try to execute the flashme.cmd on a freshly installed windows cause i used win10privacy?
 
Hmm depending on what the win10privacy does it could be the issue.

I am running a normal Windows 10 1903 with some things disabled by myself. I am also running Windows Defender.

The info I got was this:
Instructions in short,

First flash matching official bios standard way, then in windows:

Run "flashme.cmd" as adminstrator. Allow it to finish flashing. Reboot. Enter BIOS. A new menu may be unlocked (your settings may also be reset). Don't touch most of the stuff, it's largely locked for a reason. Open "PCH-FW Configuration" and disable or enable the ME as you please.

If you see no menu at all, it may have just worked with no user intervention required. Boot to windows and check.

The cmd is like a check that the bios file is correct and then reboot your board should boot into flash on start-up.
 
I will try a clean install and report back when done.

Sadly the behaviour did not change with a windows clean install and clear cmos. After clicking the flashme nothing happens nothing changed.
Any suggestion what i can try next?
 
Beul said:
I will try a clean install and report back when done.

Sadly the behaviour did not change with a windows clean install and clear cmos. After clicking the flashme nothing happens nothing changed.
Any suggestion what i can try next?
Click to expand...

Try launching an admin cmd, switching to the directory via cd, and running "flashme" in there. May be a home directory issue depending on where it's extracted... will add some additional checks later to avoid errors like this.
 
Last edited:
Status
Not open for further replies.
Back
Top