B24Fox wrote on 2023-10-04, 22:30:

13.New Freq in Setup open : not found.
for skip this step press "s" or any another key for continue...

14.Set "Y" as default on exit:for skip this step press "s" or any another key for continue...s

Speaking of BIOS Patcher, does anyone have backups of all the latest files on rom.by? I tried finding the latest version of BIOS Patcher (6.0a15) but all the links to the new versions were dead, including some necessary files BP expects to be present (such as AMIBCP) before it could run. The worst thing is that even Internet Archive did not have any backup of them. The closest I could find is BNTBTC which has a 6.0a10, although the official link for 6.0a9 is still accessible as well as the full microcode file (reall.cod).

Without all the required files I cannot really try BIOS Patcher, so I could only speculate what it might be. These two options may be optional for most so you're presented the choice to skip them.
- I'm not sure about step 13. Maybe it's trying to add some extra options for frequency which may or may not be valid for your processor architecture. Some architectures have hidden yet valid option values, however.
- For step 14 I think it's to change the default N in "Exit without saving" to Y.

EDIT: Experimented with the 6.0a10 from BNTBTC (which has all the necessary files included). With my BIOS and this version of BP, the steps 13 and 14 are automatically skipped as "Not found" and I only see it trying to add some custom modules (for so-called tweak options), that I don't know about the details. The BIOS file was an Award 6.0 for an i865-based board.

If you're trying to patch AMI BIOS, you can use version 6.0 alpha 15 and there is option to remove this annoying "www. ROM. by..." message. This is from "help": "/l - skip displaying www. ROM. by logo in BIOS (useful for some AMI)". But this doesn't work on Award/Phoenix BIOSes for sure.

And not all links are dead for this version, I've found it through some internet digging a couple of months ago. See the attachment - this is what I use instead of old 4.xx versions.

analog_programmer wrote on 2023-10-05, 16:50:

If you're trying to patch AMI BIOS, you can use version 6.0 alpha 15 and there is option to remove this annoying "www. ROM. by..." message. This is from "help": "/l - skip displaying www. ROM. by logo in BIOS (useful for some AMI)". But this doesn't work on Award/Phoenix BIOSes for sure.

And not all links are dead for this version, I've found it through some internet digging a couple of months ago. See the attachment - this is what I use instead of old 4.xx versions.

Many thanks for sharing. Will take a look to see if it has any improvement from older versions with respect to Award 6.0 BIOSes.

LSS10999 wrote on 2023-10-05, 18:14:

Many thanks for sharing. Will take a look to see if it has any improvement from older versions with respect to Award 6.0 BIOSes.

You're welcome.

I haven't noticed any difference specifically for patching Award/Phoenix BIOSes compared to 4.23 or 4.51 versions, but 6.00 alpha15 works on some AMI BIOSes too. I've already pathced successfully two AMI BIOSes and no problems with them.

The bios that I patched, is AWARD; so if BP6 (that suposedly can patch without adding the text) doesn't do AWARD... then... 🙁

Also, I wasn't referring to step 13. or 14. .. but, to the "inexistent" step that needs confirmation between them 😮

I'll attach here the BiosPatcher files that I used.

B24Fox, maybe it's not non-existing step, but rather some conformation bug using "/m" argument in 4.23 version.

P.S. I've once tried to remove this stupidly annoying message manually by extracting all the modules (the original ones and those added by BIOS Patcher) from patched Award BIOS with CBROM, but I couldn't find the full string in them in plain text using hex-editor. I don't know if CBROM extracts BIOS modules in compressed state, but maybe this it the problem. Finally decided that somehow I'll live with it 😁

analog_programmer wrote on 2023-10-05, 16:50:

If you're trying to patch AMI BIOS, you can use version 6.0 alpha 15 and there is option to remove this annoying "www. ROM. by..." message. This is from "help": "/l - skip displaying www. ROM. by logo in BIOS (useful for some AMI)". But this doesn't work on Award/Phoenix BIOSes for sure.

And not all links are dead for this version, I've found it through some internet digging a couple of months ago. See the attachment - this is what I use instead of old 4.xx versions.

analog_programmer wrote on 2023-10-05, 18:35:

B24Fox, maybe it's not non-existing step, but rather some conformation bug using "/m" argument in 4.23 version.

P.S. I've once tried to remove this stupidly annoying message manually by extracting all the modules (the original ones and those added by BIOS Patcher) from patched Award BIOS with CBROM, but I couldn't find the full string in them in plain text using hex-editor. I don't know if CBROM extracts BIOS modules in compressed state, but maybe this it the problem. Finally decided that somehow I'll live with it 😁

-- So.. i used the version you provided + CBROM v2.08 (many thanks!), re-concocted a bios ROM using the same selective patching, and with the /L argument, flashed it, and the PC hangs at POST, displaying only the most upper, and most lower, lines of text.
Luckily, there's the "-" key option to boot with unmoded bios.
I reflashed the previous ROM, and all is back to normal..

I really liked the "AMD K6/2+ 550mhz Found" displayed on there, instead of now, some half-garbled text.. But between that, and UDMA not working, I'll gladly live with this as well : )

--Also, you might be right about about the "phantom" step that needs confirmation, being just a bug.
I started measuring MD5 checksums for ROMs that I identically patched with BP 4.23 , 4.51 and 6alpha15. And no matter if I accepted or skipped the "phantom" step(s), the checksum was the same.
Also, 4.51, besides adding another module to the ROM (Tweak.tmp), also adds another "phantom" step before the step that asks to implement this new module.
6A15, removes this "phantom" step, though..

P.S. I also checked the MD5 checksum of: with or without the /L argument, and it was the same 🤔

B24Fox wrote on 2023-10-05, 23:28:

-- So.. i used the version you provided + CBROM v2.08 (many thanks!), re-concocted a bios ROM using the same selective patching, and with the /L argument, flashed it, and the PC hangs at POST, displaying only the most upper, and most lower, lines of text.
Luckily, there's the "-" key option to boot with unmoded bios.
I reflashed the previous ROM, and all is back to normal..

There's always a possibility that BIOS image file will be sc**wed with this automated unofficial and universal patcher. It's nice that "-" key/no keyboard option works to fix the messed up situation. I always make two versions of patched BIOS file - one without and one with "/s" argument and flash the latter only if there's no trouble with "-" key option version.

B24Fox wrote on 2023-10-05, 23:28:

--Also, you might be right about about the "phantom" step that needs confirmation, being just a bug. I started measuring MD5 ch […]
Show full quote

--Also, you might be right about about the "phantom" step that needs confirmation, being just a bug.
I started measuring MD5 checksums for ROMs that I identically patched with BP 4.23 , 4.51 and 6alpha15. And no matter if I accepted or skipped the "phantom" step(s), the checksum was the same.
Also, 4.51, besides adding another module to the ROM (Tweak.tmp), also adds another "phantom" step before the step that asks to implement this new module.
6A15, removes this "phantom" step, though..

P.S. I also checked the MD5 checksum of: with or without the /L argument, and it was the same 🤔

The "/l" argument for BP 6.00 alpha15 seems to do its job with AMI BIOSes . Thanks for this info! I'll continue to use this version instead of 4.xx.

Just to clarify; the "Tweak.tmp" module, is added since v4.51. So versions 6 also have it.
Of what I tested, only v4.21 doesn't have it. (EDIT: I think I may have ment to say v4.23 .. not v4.21. But can't remember for sure.)

From what I could understand, this module is tasked with unlocking the hidden bios features. (haven't tested though..)
And even if you skip that step (through selective patching /m), and it reports 0.0% on tweak.tmp; it will still be included in the BIOS re-compilation, but it will occupy about 4KB IIRC.. (this can be verified with "CBROM <RomName.bin> /d ")
Just an FYI for anyone having space constraints on their bios chip.

analog_programmer wrote on 2023-10-05, 18:35:

but I couldn't find the full string in them in plain text using hex-editor

This string is encrypted - you can find it in modul.tmp if you XOR every byte from A71 to A8E with 0x72.

kmeaw wrote on 2024-09-09, 00:54:

This string is encrypted - you can find it in modul.tmp if you XOR every byte from A71 to A8E with 0x72.

It seems like "modul.tmp" is part of BIOS Patcher's executable. Do you mean to hex-edit the "modul.tmp" module in patched BIOS (for which BP version)?

Are these the correct bytes to be modified in extracted "modul.tmp" (extraceted from BIOS modified with BIOSParcher 6 alpha 15):

Yes, those are correct bytes. As the key is a single byte, you can see the pattern: "www.ROM.by" - three same characters ('w'), then another ('.'), let's just 3 more now ("ROM") and that character again ('.') - just like the bytes you have in your screenshot - three same characters (05), then another (5C), skpping three more (20 3D 3F) and here we have 50 again.

Let's check the key - 05 XOR 72 = 6E, just as expected: chr(0x6E) = 'w'

kmeaw wrote on 2024-09-09, 08:49:

Yes, those are correct bytes. As the key is a single byte, you can see the pattern: "www.ROM.by" - three same characters ('w'), then another ('.'), let's just 3 more now ("ROM") and that character again ('.') - just like the bytes you have in your screenshot - three same characters (05), then another (5C), skpping three more (20 3D 3F) and here we have 50 again.

Let's check the key - 05 XOR 72 = 6E, just as expected: chr(0x6E) = 'w'

Ok, but then the string "www.ROM.by, BIOS patch v.x.xx" is in range A71-A8D (including). Maybe the string will be omitted if I replace these bytes with 0x6A value (giving 0x08 for "BACKSPACE" char) or 0x65 (0x0D for "CARRIAGE RETURN"). Do you have any suggestions?

And how did you get this "XOR 72" encryption key?

Probably 0x72 value (giving 0x00) would be even better - BIOS procedures for printing strings expect a NUL-terminated input. Another way to avoid the string to be printed is to replace "E8 xx xx BE yy yy E8 zz zz E8 xx xx C3" with "90 90 90 90 90 90 90 90 90 90 90 90 C3", my modul.tmp has those bytes at 0x3B8. "xx xx" is the function that emits a CRLF, "yy yy" is the address of the decrypted string, "zz zz" is the string printing procedure. That way you won't be removing any original author references and your BIOS patcher version could still be identified.

The encryption key "XOR 72" can be seen at the decryption subroutine (it is 197-1A8 in my modul.tmp).

kmeaw, thanks for the clarification! I'll try the string printing procedure NOP-hack.

P.S. According to this

kmeaw wrote on 2024-09-09, 11:40:

Another way to avoid the string to be printed is to replace "E8 xx xx BE yy yy E8 zz zz E8 xx xx C3" with "90 90 90 90 90 90 90 90 90 90 90 90 C3", my modul.tmp has those bytes at 0x3B8. "xx xx" is the function that emits a CRLF, "yy yy" is the address of the decrypted string, "zz zz" is the string printing procedure. That way you won't be removing any original author references and your BIOS patcher version could still be identified.

The encryption key "XOR 72" can be seen at the decryption subroutine (it is 197-1A8 in my modul.tmp).

and my previous picture with string address, I found "BE 71 0A" in "modul.tmp" only once at address 19A, but I can't see something similar to your pattern "E8 xx xx BE yy yy E8 zz zz E8 xx xx C3":

analog_programmer wrote on 2024-09-09, 12:03:

I found "BE 71 0A" in "modul.tmp" only once at address 19A, but I can't see something similar to your pattern "E8 xx xx BE yy yy E8 zz zz E8 xx xx C3":

BE 71 0A is referencing the encrypted string - it is the part of the decryption code. To find the decrypted string reference, search for "71 FA" probably also with a "BE" (mov si,imm16) opcode.
Probably the reason you can't find the pattern is that BP6 does not rely on BIOS subroutines to print strings. You can jump over the printing subroutine by replacing the last occurence of "BE 71 FA" with "E9 0D 00".
Please be careful with this change - I haven't seen the code so I don't know if the virtual dual-bios feature of the BIOS patcher would allow you to roll back if anything goes wrong, so be sure to have a spare good known BIOS flash chip for hotswapping or an external flash programmer around.

I can't read hex-code, I can't use Ghidra to disassemble BIOS modules and I don't have paid IDA Pro version, here's the extracted BIOSPatcher v.6.00 "modul.tmp":

"71 FA" ("BF 71 FA") was found only once - it's where you've marked it on the picture.

You have the printing code located in the "tweak.tmp" module, it is probably located at 0x40 and looks like this: "BB 17 00 B9 1D 00 BA 00 00 BD 71 FA B8 00 13 CD 10".
You can try one the following:
1) replace "CD 10" in tweak.tmp with "90 90" in so the VGA BIOS won't execute the print string;
2) change the line length "B9 1D 00" in tweak.tmp to "B9 00 00" so the input string would be zero-length;
3) inhibit the line length storing code in modul.tmp - that's the pink area on the picture, replace those 4 bytes at 0x1A0 with "90 90 90 90";
4) your idea with encrypting the backspace bytes - VGA BIOS service int 10,13 knows how to interpret BS, BEL, CR and LF.

kmeaw, thank you very much for your analysis of the tweaking BIOS modules! I have T48 programmer, so I can try these suggestions without any problems.

The "BB 17 00 B9 1D 00 BA 00 00 BD 71 FA B8 00 13 CD 10" code is in "tweak.tmp" module at address 40:

P.S. The BIOSPatcher 6.00 executable is non-compressed exe and contains all the hex-codes for printing of the annoying message, so it can be patched 😀