Meowthra Posted October 5, 2015 Share Posted October 5, 2015 OS X El Capitan 10.11.6 XCPM for Haswell-ULT xcpm_bootstrap Patch Haswell (0x3c) = 0x04 Crystalwell (0x46) = 0x08 Haswell-ULT (0x45) = 0x10 Broadwell-H (0x47) = 0x40 Broadwell (0x3d) = 0x80 Skylake (0x4e) = 0x200 Skylake-DT (0x5e) = 0x1000 ffffff80003f547b (0x1f547b) jmp to ffffff80003f54cd(0x1f54cd) xcpm_cpu_model: Haswell-ULT 0x1f547b 0F8883000000 to EB5090909090 Find E86878FCFF4885C00F8883000000 Replace E86878FCFF4885C0EB5090909090 MSR(0xE2) PatchFind0F308B4BD80F3248C1E22089C0Replace9090909090909048C1E2209090 Fake CPUFAMILY To IVYBRIDGEFindBBDC82B210ReplaeBB35E8651F org.chameleon.Boot.plist <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Kernel</key> <string>/kernel</string> <key>Kernel Flags</key> <string>-v -f kext-dev-mode=1 rootless=0</string> <key>CsrActiveConfig</key> <string>103</string> </plist> kernel.plist <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>KernelBooter_kexts</key> <string>Yes</string> </dict> </plist> xcpm_bootstrap Opcode Analysis "PATCH:" ffffff80003f5461 movzx ebx, byte [ds:r15+0x4d] ffffff80003f5466 mov eax, dword [ds:r15+0x1a0] ffffff80003f546d mov dword [ds:_xcpm_cpufamily], eax ffffff80003f5473 call _cpuid_features ffffff80003f5478 test rax, rax ffffff80003f547b js 0xffffff80003f5504 "JMP TO xcpm_cpu_model" "xcpm_cpu_model" ffffff80003f54b5 add ebx, 0xffffffbb ffffff80003f54b8 cmp ebx, 0x9 ffffff80003f54bb ja 0xffffff80003f5504 "xcpm_cpu_model=0x10 Haswell-ULT" ffffff80003f54cd mov dword [ds:_xcpm_cpu_model], 0x10 ffffff80003f54d7 mov dword [ds:0xffffff8000a5b0d4], 0x1 ffffff80003f54e1 jmp 0xffffff80003f5547 ffffff80003f54e3 cmp ebx, 0x5e ffffff80003f54e6 jne 0xffffff80003f5504 "xcpm_cpu_model=0x1000 Skylake-DT" ffffff80003f54e8 mov dword [ds:_xcpm_cpu_model], 0x1000 ffffff80003f54f2 mov dword [ds:0xffffff8000a5b0d4], 0x0 ffffff80003f54fc xor r14d, r14d ffffff80003f54ff jmp 0xffffff80003f5587 NULL ffffff80003f5504 mov dword [ds:_xcpm_mode], 0x0 ffffff80003f550e add rsp, 0x8 ffffff80003f5512 pop rbx ffffff80003f5513 pop r14 ffffff80003f5515 pop r15 ffffff80003f5517 pop rbp ffffff80003f5518 ret "xcpm_cpu_model=0x4 Haswell" ffffff80003f5519 mov dword [ds:_xcpm_cpu_model], 0x4 ffffff80003f5523 jmp 0xffffff80003f5547 "xcpm_cpu_model=0x80 Broadwell" ffffff80003f5525 mov dword [ds:_xcpm_cpu_model], 0x80 ffffff80003f552f jmp 0xffffff80003f557a "xcpm_cpu_model=0x400 " ffffff80003f5531 mov dword [ds:_xcpm_cpu_model], 0x400 ffffff80003f553b jmp 0xffffff80003f5547 "xcpm_cpu_model=0x8 Crystalwell" ffffff80003f553d mov dword [ds:_xcpm_cpu_model], 0x8 ffffff80003f5547 mov dword [ds:0xffffff8000a5b0dc], 0x1 ffffff80003f5551 mov qword [ds:0xffffff8000a5b150], 0x0 ffffff80003f555c xor r14d, r14d ffffff80003f555f jmp 0xffffff80003f5587 "xcpm_cpu_model=0x40 Broadwell-H" ffffff80003f5561 mov dword [ds:_xcpm_cpu_model], 0x40 ffffff80003f556b xor r14d, r14d ffffff80003f556e jmp 0xffffff80003f5587 "xcpm_cpu_model=0x200 Skylake" ffffff80003f5570 mov dword [ds:_xcpm_cpu_model], 0x200 ffffff80003f557a mov dword [ds:0xffffff8000a5b0d4], 0x1 ffffff80003f5584 xor r14d, r14d kernel-1011-haswell.zip 3 Link to comment Share on other sites More sharing options...
Andres ZeroCross Posted October 16, 2015 Share Posted October 16, 2015 Where do i need to patch?? to Kernel or another kext Link to comment Share on other sites More sharing options...
maciekish Posted January 4, 2016 Share Posted January 4, 2016 Where do i put this kernel? There is no "System/Library/Kernels" folder in the install USB anymore I tried the following: perl -pi -e 's|\x30\x46\x33\x30\x38\x42\x34\x42\x44\x38\x30\x46\x33\x32\x34\x38\x43\x31\x45\x32\x32\x30\x38\x39\x43\x30|\x39\x30\x39\x30\x39\x30\x39\x30\x39\x30\x39\x30\x39\x30\x34\x38\x43\x31\x45\x32\x32\x30\x39\x30\x39\x30|g' /Volumes/Installer/System/Library/PrelinkedKernels/prelinkedkernel perl -pi -e 's|\x42\x42\x44\x43\x38\x32\x42\x32\x31\x30|\x42\x42\x33\x35\x45\x38\x36\x35\x31\x46|g' /Volumes/Installer/System/Library/PrelinkedKernels/prelinkedkernel But the resulting md5 is the same so nothing was replaced. Is that the right kernel? Cant find anything else Link to comment Share on other sites More sharing options...
Recommended Posts