[Request] Gigabyte Aero 17 HDR XD Bios Unlock

The following is not entirely clear to me: I believe that BDMaster already gave me all the relevant information (see 1. below). Moreover, I found certain instructions (see 2. below). However, I do not fully understand what to do with the information. Do I have to extract the relevant bios section, search for FormId etc, patch the extracted bios section and then reinsert it? Many thanks!

1.
Gygabyte Aorus 17G FB02


PchSetup [4570B7F1-ADE8-4943-8DC3-406472842384], {24 1F F1 B7 70 45 E8 AD 43 49 8D C3 40 64 72 84 23 84 17 00 EC 06 50 63 68 53 65 74 75 70 00}

0x45F85 One Of: Flash Protection Range Registers (FPRR), VarStoreInfo (VarOffset/VarName): 0x683, VarStore: 0x6, QuestionId: 0x9B1, Size: 1, Min: 0x0, Max 0x1, Step: 0x0 {05 91 19 16 1A 16 B1 09 06 00 83 06 10 10 00 01 00}
0x45F96 One Of Option: Disabled, Value (8 bit): 0x0 (default) {09 07 04 00 30 00 00}
0x45F9D One Of Option: Enabled, Value (8 bit): 0x1 {09 07 03 00 00 00 01}
0x45FA4 End One Of {29 02}


0x514BC One Of: BIOS Lock, VarStoreInfo (VarOffset/VarName): 0x1C, VarStore: 0x6, QuestionId: 0xDE4, Size: 1, Min: 0x0, Max 0x1, Step: 0x0 {05 91 85 16 4D 10 E4 0D 06 00 1C 00 10 10 00 01 00}
0x514CD One Of Option: Disabled, Value (8 bit): 0x0 {09 07 04 00 00 00 00}
0x514D4 One Of Option: Enabled, Value (8 bit): 0x1 (default) {09 07 03 00 30 00 01}
0x514DB End One Of {29 02}


FPRR : 0x6DD

BIOS Lock : 0x1C

From 0x01 to 0x00


Setup, FormId: 0x2710 {01 86 10 27 07 00}

Main, FormId: 0x2717 {0F 0F 09 00 02 00 01 00 00 00 FF FF 00 17 27}
Advanced, FormId: 0x2718 {0F 0F 1E 00 02 00 02 00 00 00 FF FF 00 18 27}
Chipset, FormId: 0x2719 {0F 0F 1F 00 02 00 03 00 00 00 FF FF 00 19 27}
Security, FormId: 0x271A {0F 0F 3B 00 02 00 04 00 00 00 FF FF 00 1A 27}
Boot, FormId: 0x271B {0F 0F 20 00 02 00 05 00 00 00 FF FF 00 1B 27}
Save & Exit, FormId: 0x271C {0F 0F 4E 00 02 00 06 00 00 00 FF FF 00 1C 27}


0x27C65 Form: Main, FormId: 0x2711 {01 86 11 27 09 00}
0x2844C Form: Main, FormId: 0x2717 {01 86 17 27 09 00}
0x27D91 Form: Advanced, FormId: 0x2712 {01 86 12 27 1E 00}
0x28701 Form: Advanced, FormId: 0x2718 {01 86 18 27 1E 00}
0x28138 Form: Chipset, FormId: 0x2713 {01 86 13 27 1F 00}
0x357F8 Form: Chipset, FormId: 0x2719 {01 86 19 27 1F 00}
0x28162 Form: Security, FormId: 0x2714 {01 86 14 27 3B 00}
0x4DAF4 Form: Security, FormId: 0x271A {01 86 1A 27 3B 00}
0x282A8 Form: Boot, FormId: 0x2715 {01 86 15 27 20 00}
0x4E024 Form: Boot, FormId: 0x271B {01 86 1B 27 20 00}
0x4E31F Form: Boot, FormId: 0x27D5 {01 86 D5 27 20 00}
0x2839A Form: Save & Exit, FormId: 0x2716 {01 86 16 27 4E 00}
0x4E367 Form: Save & Exit, FormId: 0x271C {01 86 1C 27 4E 00}



@4FFA0 - all form list
4A10597B0DC0584187FFF04D6396A91517270000000000000000000000000000
4A10597B0DC0584187FFF04D6396A91518270000000000000000000000000000
4A10597B0DC0584187FFF04D6396A91519270000000000000000000000000000
4A10597B0DC0584187FFF04D6396A9151A270000000000000000000000000000
4A10597B0DC0584187FFF04D6396A9151B270000000000000000000000000000
4A10597B0DC0584187FFF04D6396A9151C270000000000000000000000000000
4A10597B0DC0584187FFF04D6396A91511270000000000000000000000000000
4A10597B0DC0584187FFF04D6396A91512270000000000000000000000000000
4A10597B0DC0584187FFF04D6396A91513270000000000000000000000000000
4A10597B0DC0584187FFF04D6396A91514270000000000000000000000000000
4A10597B0DC0584187FFF04D6396A91515270000000000000000000000000000
4A10597B0DC0584187FFF04D6396A91516270000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000

@50250 - Setup
4A10597B0DC0584187FFF04D6396A91510270000000000000000000000000000 >> Setup

@502F0 - block list, short ID’s + footer
4A10597B0DC0584187FFF04D6396A91517270000000000000000000000000000
4A10597B0DC0584187FFF04D6396A91518270000000000000000000000000000
4A10597B0DC0584187FFF04D6396A91519270000000000000000000000000000
4A10597B0DC0584187FFF04D6396A9151A270000000000000000000000000000
4A10597B0DC0584187FFF04D6396A9151B270000000000000000000000000000
4A10597B0DC0584187FFF04D6396A9151C270000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000

@50900 - block list, long ID’s + footer
4A10597B0DC0584187FFF04D6396A915172700000000000000000000000000000000000000000000
4A10597B0DC0584187FFF04D6396A915182700000000000000000000000000000000000000000000
4A10597B0DC0584187FFF04D6396A915192700000000000000000000000000000000000000000000
4A10597B0DC0584187FFF04D6396A9151A2700000000000000000000000000000000000000000000
4A10597B0DC0584187FFF04D6396A9151B2700000000000000000000000000000000000000000000
4A10597B0DC0584187FFF04D6396A9151C2700000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000

>>>>>>>> After Modifies >>>>>>>

Visible:
Form: Main, FormId: 0x2711 << swap 0x2717 (swapped into locked list)
Form: Advanced, FormId: 0x2712 << swap 0x2718 (swapped into locked list)
Form: Chipset, FormId: 0x2713 << swap 0x2719 (swapped into locked list)
Form: Security, FormId: 0x2714 << leave visible
Form: Boot, FormId: 0x2715 << leave visible
Form: Save & Exit, FormId: 0x2716 << swap 0x271C (swapped into locked list)

Hidden:
Form: Main, FormId: 0x2717 >> swap 0x2711 (swapped into locked list)
Form: Advanced, FormId: 0x2718 >> swap 0x2712 (swapped into locked list)
Form: Chipset, FormId: 0x2719 >> swap 0x2713 (swapped into locked list)
Form: Security, FormId: 0x271A << leave hidden
Form: Boot, FormId: 0x271B << swap 0x2716 (swapped into locked list)
Form: Save & Exit, FormId: 0x271C << unblock

@502F0 - block list, short ID’s + footer
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 17 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 << 11 27 Swap
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 18 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 << 12 27 Swap
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 19 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 << 13 27 Swap
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 1A 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >> Blocked
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 1B 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 << 16 27 Swap
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >> Unblocked
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

@50900 - block list, long ID’s + footer
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 17 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 << 11 27 Swap
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 18 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 << 12 27 Swap
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 19 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 << 13 27 Swap
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 1A 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >> Blocked
4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15 1B 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 << 16 27 Swap
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >> Unblocked
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00


Patch :

O:50300:1127
O:50320:1227
O:50340:1327
O:50380:1627
O:50390:000000000000000000000000000000000000
O:50910:1127
O:50938:1227
O:50960:1327
O:509B0:1627
O:509C8:000000000000000000000000000000000000


2.
*** For the Pro’s and those who know (BIOS Editing) - General Aptio V Mod Guide *** : OverPowered TONGFANG CyberPower Machrevo MACHENIKE - Unlocked BIOS Guide W/ Files


If you want to do this mod on your own, or attempt to learn how to do it, here’s how it’s done in general since all systems are little different.
I will try to provide good detail here in text, but much less images and or walk through, because as mentioned this is mainly for "Those who know"
This type of modifications, apply to many AMI Aptio V BIOS, some are more involved than this, others less, but this is the general idea/method for Aptio V

If you are in the “wanting to learn” category, please do not attempt this without a CH341A flash programmer + SOIC8 test clip cable, for BIOS recovery
Everyone should own a set of these tools anyway, there’s no excuse they cost less than $6 total shipped. Order now and wait 3-5 weeks for delivery.
Or pay more and get them shipped faster, or from local sellers, and hopefully they’ll arrive long before you ever need them!

For this example, I will be using Mechrevo GK5CN6Z BIOS

1. Open BIOS region in UEFITool NE, Extract AMITSE (PE32 Module) As-Is & Setup (PE32 Module) As-Is
2. Using Universal IFR Extractor attached below, open the setup PE32 module and click extract, this is the Setup IFR output (Human legible text output of the BIOS settings and it’s variables)
3. Open the IFR in notepad and copy the highlighted portion of the Form Set ID as shown in the image below, paste this into a saved notepad file you’ll add menu info into on next step. This will be our main Form Set ID, how we locate the majority of the menu entries in AMITSE module.


4. Create a new menu.txt file in your work folder. Open and past that ID from step #3 as "Form Set ID"

5. Back to the IFR txt, search and find each menu ID, Main, Advanced, Chipset and so on, there will be duplicates of most, some 3-4 (Boot usually). Using search term “Form: Chipset” for example will help you quickly locate everything. Copy each one and shorten down into manageable and useful info for this mod like you see in my example below. You only need the name of each, and it’s form ID, so you will be copying and pasting, then cutting out unnecessary info. Near the top of the IFR, you’ll find a set of menu names (Setup, Main, Advanced, Chipset etc) This is the list of the main hidden ones in these BIOS, and this is also the list of menus you see at root of setup module in AMIBCP (So you know later, those are ones to edit in AMIBCP)


Each actual menu ID is circled in red, this is it’s Form ID in hex (backwards). This will be used later to quickly ID the lines you want to edit/remove/swap/add etc.

6. Once you have all your menu ID’s and info saved into your notepad file, open AMITSE PE32 module in your favorite hex editor, using search for hex terms input your main form set ID and “Find All” Depending on BIOS, you should find 15-30 or so results (Some less, most in the middle of that range, this BIOS has 19)
* Please note * If extracting body resulting file extension = .EFI and to be sure to replace body / If extracting as-is resulting file extension = SCT and be sure to replace as-is
This applies to all the mod-BIOS-files as well, some I included AMITSE As-Is=SCT and some have AMITSE Body=EFI


7. First result usually not anything we need to look at, but go ahead and click through to each result for a quick glace. You noticed the chunks/blocks of several in a row/right after each other correct, and did you catch the menu form ID’s too in each one? If not, I’ve circled them in the below example, so you can now notice where to easily locate them. Once you see this often enough you will recognize immediately. I’ve also outlined two of the chunks/blocks of ID’s I mentioned, these are sets of either available, visible, or hidden menus


8. Make a notation in your menu text where each of these sets of ID chunks is located (Hex address), you should have two, some BIOS three. After that, go back to hex and copy each set of ID’s in their entirety to your menu text file. Be sure to select and copy/paste the correct amount of bytes, so each begins with the form Set ID and ends evenly, example image below. Paste each set to their corresponding hex address location in your menu text, then then arrange the hex into neat format like you see in my image example at #5 This makes for easier editing later.


9. Now, lets find the short block list and it’s location. Search AMITSE PE32 module for 19 27 (chipset) via hex, we know this one is blocked so it will help us quickly locate the short block list. You should find 2-3 results, if more that’s OK (Be sure to uncheck “Ignore Case” in your search box if you can, this will provide less incorrect results). Once you’ve located the correct one, you’ll see several other menu ID’s with the 19 27, all in a short row of 3-6 or so ID’s. In the image example below, I’ve circled the short block list entirely in red and each individual blocked menu ID in blue. Copy this blocks starting address (First ID) into your menu text, and then also copy all the contents (just all menu ID’s) via hex to the menu text as well like you see in my example at #5


10. Now, your menu txt file should look nearly identical to my example at #5 image, except for the edits at the bottom. Now, edit yours marking which menus at the top area you want to reveal, or hide, or swap and then make an edits section like I’ve done at the bottom of my #5 example image. Then make your edits there, looking back to the top as needed, whatever you remove fill in exact same amount with 00. Once done, save file with a modified moniker, and you’re now done with hex edits.

11. Open BIOS region in UEFITool regular version, replace AMITSE PE32 As-Is module with your modified file.

12. Open modified BIOS region in AMIBCP, go to “Root” of Setup, here you will rename any menus you want to rename, and set Access Level to User. Save BIOS with final modified moniker once you are done, this will be your finished mod BIOS


13. If you are doing this mod for someone else, as long as it’s the same exact model and BIOS version, you can extract (As-Is) AMITSE PE32, Setup PE32, and AMITSE/SetupData >> SetupData Submodule from your final mod BIOS and insert into others BIOS regions to do the mod for them. This would be exact same as the mod files linked on this guide. But you must always make sure it’s same model and same BIOS version, due to these modules change sizes/contents between BIOS version and definitely do not match between the models.

AMITSE PE32 = your main menu lock/unlocks
AMITSE/SetupData/SetupData = your AMIBCP Access Level changes
Setup PE32 = your AMIBCP textual menu name changes

Ok. Now, I am scared :slight_smile:

I did the following:

1. I followed the General Aptio V Mod Guide (posted above) and extracted AMITSE (PE32 Module) As-Is & Setup (PE32 Module) As-Is using latest UEFITool NE A59.
2. With Universal IFR Extractor I opened the Setup PE32 module and extracted this section.
3. Thereafter, I created a new menu.tax file and copied Form Set ID as well as further Main, Advance, Chipset IDs.
4. Notwithstanding the upgrade of the Bios version, it appears that nothing has changed (as compared to the menu.txt file posted by BDMaster – thanks so much again, BDMaster!!). In other words, the hex locations for the menu items are apparently still the same.
5. Therefore, I opened the extracted AMITSE PE32 module with WinHex and performed exactly the same patches mentioned in BDMaster’s menu.txt file. I changed nothing else.
6. Subsequently, I opened my unlocked (but otherwise unmodified) FPTW bios dump file (uploaded above) with the old UEFITool version 0.26 and replaced the existing AMITSE PE32 module with the hex-edited version of the AMITSE PE32 module.
7. I opened the newly created newfinalbiosmod.bin file with AMIBCP 5.02.0031 but at first sight it seems to me that no renaming or other modifications are mandatory. IS THIS CORRECT? Are the changes suggested by Lost_N_Bios optional? In any case, I did not perform any changes with AMIBCP yet.
8. I have attached my newfinalbiosmod.bin to this post.
9. I did not modify the Setup PE32 module or any other bios sections and did not perform an as-is replacement of such sections with UEFITool. It seems to me that this is only required if you do not modify the bios yourself but use the files provided by someone else. (At least that’s how I understand the Lost_N_Bios tutorial.)

Is there any way for me to check whether my newfinalbiosmod.bin file is “good” prior to flashing it?

Many thanks!!

https://www.mediafire.com/file/265n4bip0nh0wcv/newfinalbiosmod.bin/file

No. I can only confirm that you did everything right.

Thank you so much, Sweet Kitten.


I will now firstly figure out how to perform a full bios backup. I already checked that I can order a CH341A programmer with Amazon (without long delivery times).

Yes!! It worked.

1.
As a precaution, I did a bios backup with AFUWin. Not sure whether this would have helped in case of a bad flash.

2.
I have the full advanced menu back.

3.
I can enable overclocking in Advanced / Overclock Performance Menu so that it is now possible to undervolt with XTU or Throttlestop.

4.
I hope this relatively detailed description will help others with Gigabyte laptops.

@Tiz Did you ever get a modded BIOS flashed? I’m trying to figure out how to disable Secure Boot on the same laptop as you, “Gigabyte Aero 17 HDR XD 11th gen”.

Yes. Two times. The second time (after the bios upgrade), I disabled secure boot, unlocked the OEM bios (i.e. the flash lock). Subsequently, I modded the bios myself. And then I flashed the modded bios so that I can now undervolt.

To disable secure boot you have to do what I described in post #17:

"1. I managed to boot RU. For this purpose, I only deleted the security variables in the original bios screen but did not enable Legacy OS boot. With normal UEFI boot, RU initially did not work/boot via USB stick. However, I attached a Lexar card reader, inserted a SDcard prepared with RU and then it booted."

In other words, you have to clean the security variables. There is no entry which says "disable secured boot" but cleaning the security variables has the same effect. Remember to reenable the security variables after you removed the flash lock with RU. Otherwise, Windows will probably not boot.

I’ve never used a modded bios before, because I’ve never had a computer with such a locked-down bios. If I understand your posts correctly, I use RU.exe from github<dot>com/JamesAmiTw/ru-uefi to unlock the BIOS, then make a backup with AFUWin, and then use fptw.exe to flash the modded BIOS you linked to in Post #22, correct. Wanna make sure I get it right, how to flash the modded BIOS before I try anything, especially since my laptop for some reason refuses to updated to the stock FB07 BIOS.

Lightmaster, the modding is - unfortunately - more difficult than you think. In particular, you must NOT "and then use fptw.exe to flash the modded BIOS you linked to in Post #22, correct.". This would cause all kinds of trouble/ruin your laptop (as explained in one of the tutorials linked in this thread). You need to modify your very own bios because it is not completely identical to my bios (although the laptops are the same).

You have two choices:

You either modify your own bios on the basis of the instructions in this thread = hours of reading and processing. This is possible. I did it.

Or you ask someone in this forum to help you (and maybe offer a donation to this person). Unfortunately, I cannot do it for you because (i) I have a full-time job/not sufficient time b/c the holiday season is over and (ii) I do not want to take the responsibility if something goes wrong and your laptop is ruined.

Good luck!

Yea, I started reading through some of those linked tutorials and saw not to use fptw.exe to flash anything except its own backups.

Clearing the security variables was sufficient to get linux to boot and to get rEFInd working. Got the dual boot that was my main goal. Also, while the bios file from Gigabyte wouldn’t update the bios itself, I was able to extract that executable and manually install the bios using the tool packaged inside Gigabyte’s executable. Still couldn’t get the EC FW to update to F0004 though.

Hi guys. I have Aero 17 HDR XC 10th gen. slightly different model. My question is: is after mode in your bios user password option available? I don’t have password in Windows because all my life in all my computers i had password in bios. Year ago I bought my aero 17 and sadly there is no such option in the bios. I the bios I have only administrator password option. Before I start all that procedure to mod my bios i would like to know if after mod user password will be available. Thanks.

Hey guys!
I’ve been following up all the thread but I’m kind of stuck at the part of RU.efi.
I already booted it up and hit ATL + C. But I can not find the PCHSetup in the menu that displays after pressing ALT + C.
I tried looked at the guide in the other link, but those forums were shut down and no longer available.
Maybe I’m missing something.
Thank you in advance.

You need to press UEFI Variables(Alt=) and find “PchSetup” inside.

I tried pressing right after that menu (of ALT+C Config) ALT+= for the option of UEFI Variables. But every time I try to hit it, it froze and won’t let me continue.
I deleted all the Factory Default Keys in the bios, since it wouldn’t let me install arch Linux on the first time.I also have disabled options under trusted computing (used for tpm and secure boot for windows 11)