This is to share my mod practice by referencing the posts (on the bottom of the post) of my Gigabyte Aorus 15p yd laptop. Bios version FB07. (11800H, 32G ram, 3080 16g vram, 1tb ssd). Thanks to all the heros in this forum who have guided us modding the bios.
It’s a shame to gigabyte that users have to mod the bios and tune the laptop to what it’s advertised !
This notes described end to end process of my modding but it assumes you’ve read the references (on the bottom of post) and you understand what a bios modding is supposed to be.
###################start###############
##### get the right FPT tool version.
hwinfo64 to check “motherboard”->“intel ME” to see the Intel ME version is 15.0, build 1716, hot fix 30.
it indicates it needs FPT15.0.30.1716
win+q cmd
right click and run as admin
cd C:\Users\myuser\Downloads\giga-bios\workables\tools
cd FPT15.0.30.1716
###### back up original bios-region
fptw.exe -d biosreg-fb07.bin -bios
copy biosreg-fb07.bin …\BIOS<br />
# note: the backup will vary if the dump done is after a reboot. and there will be no change of dumps if the laptop has not been rebooted when you do the dumps.
# though the dump might vary due to reboot, it should be fine to use the dump to recover or modify.
###### find the bios lock location.
use UEFITool_NE_A59_win32 to open biosreg-fb07.bin to extract PE32 module in setup
(search text “bios lock” from both header and body).
double click the string will get you to the PE32 module under "setup"
right click, extract as is, save as below file:
Section_PE32_image_Setup_Setup.sct
use
Universal IFR Extractor-0.7.exe to open Section_PE32_image_Setup_Setup.sct. extract to below file:
Section_PE32_image_Setup_Setup IFR.txt
search in Section_PE32_image_Setup_Setup IFR.txt of string “BIOS lock” will give you below result:
BIOS Lock, VarStoreInfo (VarOffset/VarName): 0x1C. this is the position we need set to 0 to enable flashing in windows.
also search “Flash Protection Range Registers (FPRR)”, will give you
0x45E14 One Of: Flash Protection Range Registers (FPRR), VarStoreInfo (VarOffset/VarName): 0x683, VarStore: 0x6, QuestionId: 0x9B1, Size: 1, Min: 0x0, Max 0x1, Step: 0x0 {05 91 19 16 1A 16 B1 09 06 00 83 06 10 10 00 01 00}
0x45E25 One Of Option: Disabled, Value (8 bit): 0x0 (default) {09 07 04 00 30 00 00}
0x45E2C One Of Option: Enabled, Value (8 bit): 0x1 {09 07 03 00 00 00 01}
meaning it’s already set to 0, which is expected.
###### disable the bios write protection (set bios lock to 0)
To actually change the BIOS Lock, we can’t do it directly from the operating system, we need an utility called RU:
RU homepage: ruexe.blogspot.com
Download latest version, example RU 5.20.0328 BETA. Extract with password: 174105371023
There should be 3 files inside: RU.efi, RU.exe and RU32.efi
- Grab any USB pendrive (you can use the same from step 1.3), or a card reader with any card you don’t need, very little space is required, 64 MB should be enough depending which filesystem you format it with. In my case I will use a generic USB 85-in-1 card reader with an old 2GB Sandisk Memory Stick Pro Duo.
- Download Rufus, for example Rufus 2.18 or Rufus 2.18 portable,and open it as administrator.
- Select from the device list your pendrive or card, with the following options, and hit Start. It will delete all the data on that device:
Partition scheme and target system type: MBR partition scheme for UEFI
File system: use FAT32. FAT (Default) will fail to format and NTFS will fail to save screenshots from RU itself.
Quick format
Uncheck “Make a bootable disk using”
- Now, browse to the unit with Windows explorer (in my case it’s H: drive) and create the folder EFI on the root of the pendrive and another folder BOOT inside EFI.
- Copy the downloaded file RU.efi to H:\EFI\BOOT and rename it to bootx64.efi
Now you have a bootable USB pendrive with RU.
reboot laptop and press F2 to enter bios.
disable tpm chip, secure boot. and enable UEFI boot (disable support for legacy boot)
in windows, win+r tpm.msc to make sure there is no tpm found in windows.
plugin the usb drive you’ve made to boot to Rufus.
press any key to bypass welcome message.
press “alt=” (no quotes) to enter the full list of parameters.
find “PchSetup” and goto address “0x1C” and change it to 0. ctrl+w to save the change.
goto “0x683” and check if it’s already 0.
power off and reboot.
dump the unlocked bios and test with a flashing.
win+q, cmd, run as admin,
cd C:\Users\myuser\Downloads\giga-bios\workables\tools\FPT15.0.30.1716
fptw.exe -d biosreg-fb07-unlocked.bin -bios
copy biosreg-fb07-unlocked.bin …\BIOS<br />
test flashing of the unlocked bios:
fptw.exe -f biosreg-fb07-unlocked.bin -bios
###### modification of the unlocked bios
UEFITool_NE_A59_win32
open the
biosreg-fb07-unlocked.bin
a) search by text, header and body-> “bios lock” → extract as is.
click the found result, right click “PE32 image section”.
b) then scroll down, until “AMITSE”, expand two level until found “LzmaCustomDecompressGuid”-> “PE32 image section”. right click, extract as is
c) open “Universal IFR Extractor-0.7.exe”, open “Section_PE32_image_Setup_Setup.sct” (generated in step a)). extract. (file name: Section_PE32_image_Setup_Setup IFR.txt)
d) open “Section_PE32_image_Setup_Setup IFR.txt”. search “Form Set”, can find menu id "4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15"
e) in the same file, search "Form: " can give you sense of what are the menus. you could find duplicated menu items, like “main”, “advanced”, “chipset”, “boot”, “save and exit”, etc.
you can also find other menu items from the file, for example, overclocking performance menu, as you can find string “Ref: OverClocking Performance Menu” under “Form: Advanced, FormId: 0x2718 {01 86 18 27 1E 00}”.
as the overclocking menu doesn’t show up in my existing bios menu, I can then tell the “Advanced” menu with formid 0x2718 is the hidden menu.
following same way, you can tell the visible menu and hidden menu below:
hidden -
setup FormId: 0x2710 {01 86 10 27 07 00}
Main FormId: 0x2717 {0F 0F 09 00 02 00 01 00 00 00 FF FF 00 17 27}
Advanced FormId: 0x2718 {0F 0F 1E 00 02 00 02 00 00 00 FF FF 00 18 27}
Chipset FormId: 0x2719 {0F 0F 1F 00 02 00 03 00 00 00 FF FF 00 19 27}
Security FormId: 0x271A {0F 0F 3B 00 02 00 04 00 00 00 FF FF 00 1A 27}
Boot FormId: 0x271B {0F 0F 20 00 02 00 05 00 00 00 FF FF 00 1B 27}
Save & Exit FormId: 0x271C {0F 0F 4E 00 02 00 06 00 00 00 FF FF 00 1C 27}
visible -
Main FormId: 0x2711 {01 86 11 27 09 00}
Advanced FormId: 0x2712 {01 86 12 27 1E 00}
Chipset FormId: 0x2713 {01 86 13 27 1F 00}
Security FormId: 0x2714 {01 86 14 27 3B 00}
Boot FormId: 0x2715 {01 86 15 27 20 00}
Save & Exit FormId: 0x2716 {01 86 16 27 4E 00}
f) open neohex editor to open “Section_PE32_image_AMITSE_AMITSE.sct” (generated in step b))
search “4A 10 59 7B 0D C0 58 41 87 FF F0 4D 63 96 A9 15”. there might be 3 blocks of the search result. you can tell they are the menu items - a block to show all the menus (visibla and hidden), two blocks to show hidden menus.
there might be single line search result which can be ignored.
in the two blocks listing the hidden menus, we can either remove any of them to make them visible, or, to replace any of them to show the ones currently in the block and hide the ones you replace them with.
before editing, make notes of there these blocks start at.
@0004ffa4 - main/all
4a 10 59 7b 0d c0 58 41 87 ff f0 4d 63 96 a9 15 17 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4a 10 59 7b 0d c0 58 41 87 ff f0 4d 63 96 a9 15 18 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4a 10 59 7b 0d c0 58 41 87 ff f0 4d 63 96 a9 15 19 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4a 10 59 7b 0d c0 58 41 87 ff f0 4d 63 96 a9 15 1a 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4a 10 59 7b 0d c0 58 41 87 ff f0 4d 63 96 a9 15 1b 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4a 10 59 7b 0d c0 58 41 87 ff f0 4d 63 96 a9 15 1c 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4a 10 59 7b 0d c0 58 41 87 ff f0 4d 63 96 a9 15 11 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4a 10 59 7b 0d c0 58 41 87 ff f0 4d 63 96 a9 15 12 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4a 10 59 7b 0d c0 58 41 87 ff f0 4d 63 96 a9 15 13 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4a 10 59 7b 0d c0 58 41 87 ff f0 4d 63 96 a9 15 14 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4a 10 59 7b 0d c0 58 41 87 ff f0 4d 63 96 a9 15 15 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4a 10 59 7b 0d c0 58 41 87 ff f0 4d 63 96 a9 15 16 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00
@00050254 - setup
4a 10 59 7b 0d c0 58 41 87 ff f0 4d 63 96 a9 15 10 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00
@000502f4 - hidden
4a 10 59 7b 0d c0 58 41 87 ff f0 4d 63 96 a9 15 17 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4a 10 59 7b 0d c0 58 41 87 ff f0 4d 63 96 a9 15 18 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4a 10 59 7b 0d c0 58 41 87 ff f0 4d 63 96 a9 15 19 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4a 10 59 7b 0d c0 58 41 87 ff f0 4d 63 96 a9 15 1a 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4a 10 59 7b 0d c0 58 41 87 ff f0 4d 63 96 a9 15 1b 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4a 10 59 7b 0d c0 58 41 87 ff f0 4d 63 96 a9 15 1c 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00
@00050904 - hidden
4a 10 59 7b 0d c0 58 41 87 ff f0 4d 63 96 a9 15 17 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4a 10 59 7b 0d c0 58 41 87 ff f0 4d 63 96 a9 15 18 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4a 10 59 7b 0d c0 58 41 87 ff f0 4d 63 96 a9 15 19 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4a 10 59 7b 0d c0 58 41 87 ff f0 4d 63 96 a9 15 1a 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4a 10 59 7b 0d c0 58 41 87 ff f0 4d 63 96 a9 15 1b 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4a 10 59 7b 0d c0 58 41 87 ff f0 4d 63 96 a9 15 1c 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
g) make decision of which menu to show and hide. then put your expected final list as below
-----------------edits / after change ----------------------
@000502f4
4a 10 59 7b 0d c0 58 41 87 ff f0 4d 63 96 a9 15 11 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4a 10 59 7b 0d c0 58 41 87 ff f0 4d 63 96 a9 15 12 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4a 10 59 7b 0d c0 58 41 87 ff f0 4d 63 96 a9 15 13 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4a 10 59 7b 0d c0 58 41 87 ff f0 4d 63 96 a9 15 1a 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4a 10 59 7b 0d c0 58 41 87 ff f0 4d 63 96 a9 15 16 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
@00050904
4a 10 59 7b 0d c0 58 41 87 ff f0 4d 63 96 a9 15 11 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4a 10 59 7b 0d c0 58 41 87 ff f0 4d 63 96 a9 15 12 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4a 10 59 7b 0d c0 58 41 87 ff f0 4d 63 96 a9 15 13 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4a 10 59 7b 0d c0 58 41 87 ff f0 4d 63 96 a9 15 1a 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4a 10 59 7b 0d c0 58 41 87 ff f0 4d 63 96 a9 15 16 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
h) make the edits in “Section_PE32_image_AMITSE_AMITSE.sct” and save as "Section_PE32_image_AMITSE_AMITSE-mod.sct"
i) open both
UEFITool_NE_A59_win32
and
UEFITool_0.28.0_win32
use both tools to open "biosreg-fb07-unlocked.bin"
the “NE” tool is to help locate the “AMITSE”->“PE32 image section” by getting it guid, and use it to find in UEFITool_0.28.0_win32.
in UEFITool_0.28.0_win32, after located the “AMITSE”->“PE32 image section”, right click, “replace as is” → chose the “Section_PE32_image_AMITSE_AMITSE-mod.sct” (just modified in step h)
save the modified bios as “biosregmod.bin” and exit both tools.
########### flash the mod bios ###########
got FPT15.0.30.1716
fptw.exe -f biosregmod.bin -bios
############complete##########
References:
www.bios-mods.com/forum/Thread-Unlocked-…Classic-9th-Gen
www.youtube.com/watch?v=aISCfhK05Rk
www.win-raid.com/t4386f16-OverPowered-TO…de-W-Files.html
forum.notebookreview.com/threads/msi-gt73vr-bios-unlock-mod-factory-restore-clear-cmos-and-prevent-common-issues.812372/
www.win-raid.com/t596f39-Intel-Converged…-and-Tools.html
@metalzhao I’m surprised you have not seen this thread: [REQUEST] Gigabyte Aorus 15P YD
The same laptop and BIOS version. It would allow you to see the differences in your BIOS from what he uploaded. this is hardcore. at least you were able to do your mod. This post is very useful and quite informative. I went through a similar experience