(omg)vflash | Fully Patched nvflash from X to Ada Lovelace [v5.780]

[R-T-B]

Yeah to be fair these tools aren't quite the "unsigned mayhem" hayday we once had, but they are still awesome to see.

 

[Wotwow]

Well, it was a big issue with the 2080 Ti, you couldn't flash a 300A vBIOS on a 300, even though the 300A is a binned 300.

Although if this allows for vBIOS modification, maybe it would be easier to just jack up the power and voltage limits instead of trying to force a 300A vBIOS on a 300 card.

You will ruin the video card.
In video cards that can draw a lot of amps, other controllers.
On the last page, I wrote how to find a bios that fits.
Look for the BIOS number so that there are more watts and that's it.
Do not listen to anyone. Simple cards are not designed to pull a lot of tension.

 

[K4sum1]

I hit max wattage even undervolted at 800mv.

 

[Mussels]

Seriously guys, don't blindly flash BIOSes onto your cards.
Even within the same GPU you can have major differences - crossflashing reference 3080/3090 GPU's could result in just one display output (or none) working because of how they wired up the outputs. Don't do this to cards you aren't willing to lose, and only flash to similar *Entire cards* like the same GPU from the same manufacturer, but one step up (Like an MSI gaming X to Gaming Z, i did with my GTX 1080) - they were similar enough that it worked fine.

I hit max wattage even undervolted at 800mv.

Just because the BIOS lets you add more watts/amps doesnt mean the hardware itself can take it.

You know that you can just change the driver string in the INF file to set the device name in Windows? NVCleanstall will even help you with that. It won't unlock anything of course. Some vendors of fake chinese NVIDIA cards have been doing that. The card only works with "their" driver, which has the changed name.

We had that awesome SLI mod here on TPU that did work, but it requires unsigned driver mode and old drivers to work. It's sad having a 1070, 1070Ti and 1080 and not being able to SLI them.

 

[K4sum1]

Just because the BIOS lets you add more watts/amps doesnt mean the hardware itself can take it.

It can use that one weird 125% power limit vBIOS, and it does work there, but that caps the fan speed pretty low, so it throttles.
Also if this is such a big issue, where are the shunt mod failure videos?

 

[Deleted member 218758]

This tool still does not allow flashing the firmware completely bypassing the GSP (Falcon).

P.S.
I'm sorry author for the truth.

If a tool exists that is forced to bypass options ~ like modify Falcon, even if its not nvlfash's work;
Then it will get taken down. Sad for the community, but community often doesn't care.
If i publish how to talk with falcon or let alone reflash, outside of above , i get in trouble. Community still wouldn't care.
// code exists to respond a talk with falcon, no code exists to modify falcon. Neither drivers nor programming tools.

The tool forces a flash and bypasses ROM check on the card you currently run.
Without this ability, nvflash is weak. Without this ability only engineering cards got full access with engineering roms inside.

Tool's work is to check host, set permissions, check file, set permissions, send to falcon and request flash.
Nvflash's work is not to command falcon. It's work is to talk with it IF you pass all checks beforehand.
All checks beforehand are lifted, but i know i forgot file checksum check. This is not so bad, as bad file integrity won't ever boot.
Files with bad header/bottom do flash, but result in code 43. This is ok how it is. It gives secureness on the user not bricking their card upon user-error.

There are couple of improvements i need to work on. An update will be pushed once they are done.
Just want to remind - the tolerance level is small. I know what to do and what i should not do.
The ability to work on modding is given. It is on you guys to make a Viewer & Editor for not messing up file-integrity.
And it is on you guys to explore falcon. Ability exists ~ but it will not come from me

1000-2000 Series fail, because you don't supply a correct file. Not because nvflash limits.
3000-4000 Series fail on CID rebrands because falcon denies you. Not because nvflash limits.

What tool also can do, is lift SW Protection forced by Falcon due to new bioses.
This lock is not bypassable even with official signed bioses. And SPI flash is again not a full flash.
Some EEPROMs and versions make still issues and bugs are to fix ~ but main post stays true to its words.

I should soon rewrite it slightly, with a bugfixed version. To make it read & follow better.

This is not hack GSP.
Use the normal version of nvflash if you're good at the Hex tool.

It was never pretendet to be. Falcon edit is one way and blows fuse.
Falcon modification is not done via nvflash at all.
Hex editing is the way to go for everything, unless you can compile the source. Sorry i dont understand.

Now in Turing I can unlock the increased cache.
But can't unlock double point performance.

Again big claims, no contribution.

I thought that these tools would be able to flash the bios bypassing the check, but they can't.

Not nvflash's work.
Tool here already sends full flash command , if you pass the very basic file integrity check i forgot to remove.
1000/2000 is not cert locked, so it's not tools flaw that falcon denies you.

// code exists to respond a talk with falcon, no code exists to modify falcon. Neither drivers nor programming tools.
The tool forces a flash and bypasses ROM check on the card you currently run.
Without this ability, nvflash is weak. Without this ability only engineering cards got full access with engineering roms inside.

Tool's work is to check host, set permissions, check file, set permissions, send to falcon and request flash.
Nvflash's work is not to command falcon. It's work is to talk with it IF you pass all checks beforehand.

Just not it's work.
I don't know how else to explain, i'm sorry.
It never was its work. A flash is a multi-stage procedure.

You potentially can create software that jumps and forces flash.
But then you can call it the GPU-Brick flasher.
Just because one can write "anything" to GPU, doesn't mean it will even turn on.
This ideology also slows down research, because user doesn't know if file will ever boot.

I think i set the foundation right, its on the community to continue work.
if falcon denies your rom-edit, so it is
File integrity checks exist for good.
Maybe less good if nvflash expects engineers to use it, but access to mostly-full nvflash is given now.

I will consider what we need and not need for the next update. For sure bug fixing some incompatible cards.

---

EDIT:
You guys make a viewer & editor (from 1000-4000 series)
~ then on successful Pascal/Turing flash with current edition, i will consider opening it up slightly more & fix CID rebrand issues.
It currently makes no sense to help you brick your GPUs. Force flash files that will fail to boot, is ~ embarrassing

Also, as long as secret is not out ~ i can not help. I can not talk about things that are not my own findings.
You guys figure out why flashing fails and i'll make sure to be there for you ~ assisting with more flash ability

 

[chraac]

If a tool exists that is forced to bypass options ~ like modify Falcon, even if its not nvlfash's work;
Then it will get taken down. Sad for the community, but community often doesn't care.
If i publish how to talk with falcon or let alone reflash, outside of above , i get in trouble. Community still wouldn't care.
// code exists to respond a talk with falcon, no code exists to modify falcon. Neither drivers nor programming tools.

The tool forces a flash and bypasses ROM check on the card you currently run.
Without this ability, nvflash is weak. Without this ability only engineering cards got full access with engineering roms inside.

Tool's work is to check host, set permissions, check file, set permissions, send to falcon and request flash.
Nvflash's work is not to command falcon. It's work is to talk with it IF you pass all checks beforehand.
All checks beforehand are lifted, but i know i forgot file checksum check. This is not so bad, as bad file integrity won't ever boot.
Files with bad header/bottom do flash, but result in code 43. This is ok how it is. It gives secureness on the user not bricking their card upon user-error.

There are couple of improvements i need to work on. An update will be pushed once they are done.
Just want to remind - the tolerance level is small. I know what to do and what i should not do.
The ability to work on modding is given. It is on you guys to make a Viewer & Editor for not messing up file-integrity.
And it is on you guys to explore falcon. Ability exists ~ but it will not come from me

1000-2000 Series fail, because you don't supply a correct file. Not because nvflash limits.
3000-4000 Series fail on CID rebrands because falcon denies you. Not because nvflash limits.

What tool also can do, is lift SW Protection forced by Falcon due to new bioses.
This lock is not bypassable even with official signed bioses. And SPI flash is again not a full flash.
Some EEPROMs and versions make still issues and bugs are to fix ~ but main post stays true to its words.

I should soon rewrite it slightly, with a bugfixed version. To make it read & follow better.

It was never pretendet to be. Falcon edit is one way and blows fuse.
Falcon modification is not done via nvflash at all.
Hex editing is the way to go for everything, unless you can compile the source. Sorry i dont understand.

Again big claims, no contribution.

Not nvflash's work.
Tool here already sends full flash command , if you pass the very basic file integrity check i forgot to remove.
1000/2000 is not cert locked, so it's not tools flaw that falcon denies you.


Just not it's work.
I don't know how else to explain, i'm sorry.
It never was its work. A flash is a multi-stage procedure.

You potentially can create software that jumps and forces flash.
But then you can call it the GPU-Brick flasher.
Just because one can write "anything" to GPU, doesn't mean it will even turn on.
This ideology also slows down research, because user doesn't know if file will ever boot.

I think i set the foundation right, its on the community to continue work.
if falcon denies your rom-edit, so it is
File integrity checks exist for good.
Maybe less good if nvflash expects engineers to use it, but access to mostly-full nvflash is given now.

I will consider what we need and not need for the next update. For sure bug fixing some incompatible cards.

---

EDIT:
You guys make a viewer & editor (from 1000-4000 series)
~ then on successful Pascal/Turing flash with current edition, i will consider opening it up slightly more & fix CID rebrand issues.
It currently makes no sense to help you brick your GPUs. Force flash files that will fail to boot, is ~ embarrassing

Also, as long as secret is not out ~ i can not help. I can not talk about things that are not my own findings.
You guys figure out why flashing fails and i'll make sure to be there for you ~ assisting with more flash ability

AFAIK, in TU102, there's a GSP processor that run some RTOS inside that run some initialization and managment job of GPU (includes read the bios feature config/fuse etc.), the falcon is response to verify and bootstrap this GSP firmware, and the falcon processor has it's own firmware which signed by nv's private key, it's like chain of trust. IMO, we have a long way to go if we want to let the grapic card runs well in an unsigned bios.

ref:

Chapter 42. GSP Firmware

A stable ABI (at least for GSP FW) · NVIDIA open-gpu-kernel-modules · Discussion #372

During the Linux Plumbers Conference 2022 the Nouveau devs held a presentation which mostly concerned the future of the project after NVIDIA released this open source kernel drivers which reignited...

github.com

 

[Wotwow]

We had that awesome SLI mod here on TPU that did work, but it requires unsigned driver mode and old drivers to work. It's sad having a 1070, 1070Ti and 1080 and not being able to SLI them.

I can sign the edited nvidia driver with a leaked Nvidia certificate. Give the driver edited.

 

[Deleted member 218758]

ref:
Chapter 42. GSP Firmware

Read;
The last 4-5 answers, including mtjanic's - would be what i would answer too.
I understand the situation.

the falcon is response to verify and bootstrap this GSP firmware,

Aware

and the falcon processor has it's own firmware which signed by nv's private key, it's like chain of trust.

Very aware.

IMO, we have a long way to go

Yes,
But

if we want to let the grapic card runs well in an unsigned bios.

We don't want that

I have a plan in mind, but i'm restricted in couple of paths
I could go rogue but that ruins everything i have build for the last 6-7 years.
I don't want that and nvidia , is nvidia. No need , there is no need to behave that way.
Even personal morals aside (i have no grudge against them on this) - they don't deserve such damage.

We want to be in a state past TU102,
Where our work and Boardpartners work is indistinguishable.
This is my goal for both GPU Vendors.
Progress at both has been made since bit of time ~ but it belongs to the community to set the foundation.
I'm part of the community like maybe you are too

I don't want to work with Partners intellectual property on this project. Official or leaked.
The damage that was done with the online bios-developement programms has been big enough to many people who lost their job.
Small or big Boardpartners. Due to AMD or Nvidia.

There are things that don't belong to me and i can not code , just modify.
Soo progress is slow and i refuse to be a leaker. Nor do i want to break trust of people who teach me.
I can just tell you, it's possible ~ else project wouldn't be started.
Yet i will need communities help in figuring things out.
Not the official way, not the damaging way ~ but the open-research and open source way.

If we confirm Pascal modifications flash, we move on
If not, we are stuck till it works.
The ability for it to work is given now.
Running unapproved ~ is not the path to take.
Its a lost fight with nvidia. Work with Falcon, not against it.
This is not supposed to be a blackhat project.

I know we can create our own mods. At least till some state, where those mods later need an approved certificate.
But without a solid Pascal/Turing foundation, forget it.

 

[Wotwow]

Read;
The last 4-5 answers, including mtjanic's - would be what i would answer too.

GSP enable information: https://wotcheats.ru/index.php?topic=455.0

 

[R-T-B]

I know we can create our own mods. At least till some state, where those mods later need an approved certificate.

That was supposed to be a thing, in the distant past. I think they called them HULK certs. NVFlash even had facilities to create a request for a certificate. I know because I requested one from EVGA claiming I wanted to do an article on what was possible with their GPU (this was back when I worked for TPU as a newswriter briefly). They pretty much told me flat out "no."

 

[chraac]

GSP enable information: https://wotcheats.ru/index.php?topic=455.0

Looks this key is only use in gpu_mgr.c@801 of the nvidia gpu's open-sourced driver, and it's caller, function `gpumgrGetRmFirmwarePolicy` was not referenced by any other function, so maybe this key was been obsolated, did you try it on your system that this key will pevent the load of GSP firmware?

 

[Deleted member 218758]

That was supposed to be a thing, in the distant past. I think they called them HULK certs. NVFlash even had facilities to create a request for a certificate. I know because I requested one from EVGA claiming I wanted to do an article on what was possible with their GPU (this was back when I worked for TPU as a newswriter briefly). They pretty much told me flat out "no."

mm mm
Early on also http://gfs.nvidia.com/ was used to yourself submit the files for verification
But they took the site down ~ end of 2018

To what i am told, even Boardpartners aren't allowed
They can create the ROM with the online toolkits, but the signature server is another one.
Same for devs @ NvidiaHQ ~ they use temporary licenses before its send away with a request to sign.

EDIT:
Currently sig generation is done a bit differently , encrypted and HMAC ontop.
But still its another team that does that.

EDIT2:
There was also a petition to bann the usage of HULK Certs,
But i don't know what happened to that.
I personally think, they rather took the site down, after some (erased) projects 5-6y ago showcased what to do and maybe to secure their server not being dumped.

 

[Wotwow]

-

Driver 537.09 beta has a new GSP firmware. SETX /M NVreg_EnableGpuFirmware 1 Installing a new driver without saving settings. This will cause the graphics card to flash and possibly a black screen. After a reboot, the GSP turns off. I can't get it to work all the time. NV_REG_ENABLE_GPU_FIRMWARE_MODE_MASK - Use Nvidia Inspector NV_REG_ENABLE_GPU_FIRMWARE_MODE_ENABLED. NV_REG_ENABLE_GPU_FIRMWARE_MODE_DISABLED - This may be a GSP bypass before flashing.

We don't want me to have a plan, but I am limited in several ways, I could be an outcast, but this is destroying everything I have built in the last 6-7 years. I don't want that, and nvidia is nvidia. No, don't act like that. Even leaving personal morality aside (I have no ill will against them on this matter) - they don't deserve that kind of damage.

I've been studying GSP module commands for a while in front of your tool. I want you to know that I am against mining. But people flashing over 600W cards is a lot of fun.

 

[chraac]

The driver 537.09 beta has a new GSP firmware.
SETX /M NVreg_EnableGpuFirmware 1
Install new dririver without saving settings.
This will force the video card to flash and a black screen is possible. After a reboot, it GSP turns off. I can't get it to work all the time.

oh, this flag does not work in open-sourced linux driver i tried, but as you say maybe it's exist in windows since the driver in win is close-sourced

 

[Wotwow]

oh, this flag does not work in open-sourced linux driver i tried, but as you say maybe it's exist in windows since the driver in win is close-sourced

If you use Linux then you are a miner. I am against flashing cards for miners. Take out the cards and sew under Windows.

 

[R-T-B]

NV_REG_ENABLE_GPU_FIRMWARE_MODE_DISABLED

Maybe, but more likely its just telling the card to run in none-GSP mode. AFAIK, GSP is a seperate thing from falcon. And falcon is what is stoping us, not GSP.

If you use Linux then you are a miner.

Yeah, not true at all in my case. And I am outright against playing police with tech either way. But I really doubt most linux users are miners.

But at any rate highly doubtful any of this will work outside the closed binary nvidia driver on linux.

 

[chraac]

If you use Linux then you are a miner. I

Actually, there're way more thing will using cuda in linux other than mining

And falcon is what is stoping us, not GSP.

About falcon, there's a simulator in github that can execute some falcon instruction, also have a disassembler inside.

 

[Deleted member 218758]

I've been studying GSP module commands for a while in front of your tool. I want you to know that I am against mining. But people flashing over 600W cards is a lot of fun.

We can agree on something. It is ok
Even with different perspectives we can agree.

Lets all work together and rush fix this, before 5000 series arrives.
I am just lucky on some things (like trust and friends) - but indeed want this to run, and seen it can run.
I am strongly against the Greenlight program and the way Boardpartners are treated.
This includes personal perspective and public view on the stories i get to hear.

Also i miss EVGA in the market, but its too late now.
This change should have happened 3 years ago , not wait 5 years and see zero progress on Pascal onwards
We have to fix this, and i will help as much as i can.
Currently my lips are tight, till i figure something out myself or read that somebody has figured out (show how, not only talk)
Then i can add more and more help.

This project won't die soon, unless somebody gets annoyed of us.
I very much think that on the signing part i got this. But on the rom layout i'm still amateur.
Need all the help that i/we can get.

If you use Linux then you are a miner.

My linux usage is macOS and Unix
SteamOS is on linux~
But my linux knowledge is very tiny.
I like macOS for such.

Sadly sadly have no ability to write drivers, else we can work a bit on macOS strang too.
Just little knowledge with ACPI and assembly. No programming knowledge.
Couple things have changed recently with/for nvidia~ .

About falcon, there's a simulator in github that can execute some falcon instruction, also have a disassembler inside.

Please link

---

Oh wow, they really removed everything
https://github.com/OhGodAGirl/OhGodADump-NVIDIA This is interesting for you, but not through web.archieve. Its erased.
Here is the zip for linux users. For windows it has file access errors. She also had to wipe her traces. I think she got employed too
Windows tool doesnt function at all for some reason ~ maybe somebody can re'compile and fix code.

It is a fork of somebody's else code.
Its her github soo there is no hiding, but initial dev would like to stay private.
you can layout disassemble Pascal with it and use the code to make a viewer and editor. Tool has edit ability from json.
Also @hellm and maybe @kefi

There is more , but please understand my position~

 

[Wotwow]

Maybe, but more likely its just telling the card to run in none-GSP mode. AFAIK, GSP is a seperate thing from falcon. And falcon is what is stoping us, not GSP.

No. The Falcon is the name for the naive.
It is a defense that is controlled GSP RISC-V.

 

[chraac]

I can just tell you, it's possible

Yeah, believe that many flaw in this trust chain include sw/hw can be use to bypass the sign verification step.

Not the official way, not the damaging way ~ but the open-research and open source way.

Looks there're so many article/tools that talk about the arch about falcon/gsp, maybe we can have a look

 

[Deleted member 218758]

Looks there're so many article/tools that talk about the arch about falcon/gsp, maybe we can have a look

Link all each and everything, for all readers.
While this thread exists, we have to get it working.
Just please don't link leakage stuff - only open source & open research projects.

 

[Wotwow]

This project won't die soon, unless somebody gets annoyed of us.
I very much think that on the signing part i got this. But on the rom layout i'm still amateur.
Need all the help that i/we can get.

I disagree. People have unlocked versions of the nvflash even before your program.
These versions could ignore the CID.
A little more and your instrument will be forgotten.
You do not have a GPS bypass, and those who understand this cannot manage it.
I still do not understand how your program differs from exclusive versions from manufacturers.
I was wondering, but I see that you can't do anything.
There is nothing to expect. You can't do anything anymore.
But those who know how to modify the BIOS through the HEX will certainly be interested in the information.
Farewell.

 

[chraac]

Please link

Here: https://github.com/vbe0201/faucon
This's created by the reswitch group, work on crack the Nintendo switch, which use nvidia tegra soc

 

[Deleted member 218758]

I disagree. People have unlocked versions of the proshvalshchik even before your program.
These versions could ignore the CID.
A little more and your instrument will be forgotten.
You do not have a GPS bypass, and those who understand this cannot manage it.

I purposely left out options.
If i did more, project will be nuked.
I can add more open ability once community figures things out.
it can not come from my lips.

I have wrote already that on falcon i can not help.

I still do not understand how your program differs from exclusive versions from manufacturers.

They dont have exclusive versions.
They (a team) have usually engineers , electrical , firmware and overclocker
One of 3 always helps the other. They make their inhouse versions themselves
We all use one nvflash. Its access to user only differs up to what person runs.
Its still the same nvflash. Some don't like this device check and force options
Some like me, fully disagree and give 90% access.

nvflash is not there to modify falcon.
I can skip check on this section, but its worthless (because bird limits, not nvflash) and only will nuke this thread.
With this version , it's not nvflash that limits.

There is nothing to expect. You can't do anything anymore.

No,
I had to rush release.
Backline is more, but my focus was never breaking GSP.
My focus is working with it,

Breaking it has zero future.
It is patched weekly if needed, and can be patched via driver like you showed.
This is work with zero light at the end. Aka waste of time.
Work with falcon not against. Work open source.