netkas.org forum
December 01, 2020, 10:03:59 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Information for registering users http://forum.netkas.org/index.php/topic,2246.0.html
 
   Home   Help Search Login Register  
Pages: [1]
  Print  
Author Topic: ATI Radeon 4870 - firmware analysis  (Read 11074 times)
akspa420
Not Newbie
*
Offline Offline

Posts: 23


« on: November 26, 2010, 10:00:09 PM »

Before I give up all hope on this card, since I have no cash at the moment, and would really like to safely upgrade to 10.6.5+, I've begun trying to understand the video card bios + added EFI firmware. I'm not a programmer, but have had some fun times with reverse engineering game data files in the past, so I figured I'd take a stab at this, just to see if there's some way to modify the hell out of the card and make it work without using old framebuffers.

I've attached a zip file containing my video bios (RV770.bin), the efi.part file from Zeus 2.2, and the 4870 bios from Zeus 2.2.

The first 64000 bytes (FA00) appear to be the main part of the ATI bios
The efi chunk is 49152 bytes in size
There is one MCuC that follows the EFI block
The MCuC block starts on 0x0001BA00, and is 3C90 in length.

What the hell is an MCuC, and why does it seem that only my card has them at the end of the modified firmware?

There appears to be 213 bytes in between the EFI part and the MCuC block

The MCuC block is 15504 bytes in length.

I ran a comparison on the efi.part file, synced up to the efi part of the RV770.bin file, and found the following tidbits:

There's a set of bytes located at 0xa5e3 in the 4890 efi part, and at 0x19fe3 which differ by two bytes -
the values from the 4870 are 52ee, while the 4890's values are 531e
I don't know what this is for, or what it corresponds to.

From efi.part, at offset 0xB282, data is completely different between the efi data from a 4870 and a 4890.
21374 bytes differ entirely from the two efi parts. I do not know what is contained in the EFI data.

f800 = starting point for EFI in zeus-provided 4870efi.rom file. My bios seems to be shifted by 0x300 bytes.

Is there any sort of tool that can be used to analyze the efi part of the bios? I realize that OSX only looks at the EFI, and disregards the BIOS entirely, so I'm guessing that there may be a way to force the card to be recognized as a specific part by manipulating bytes in the EFI, and leaving everything else as it is.

Like, for instance, would it make any sense at all to create a plist modification that adds our very own custom deviceid in the driver/framebuffer, then edit the firmware on the card to have that very same deviceid - would something like this work? At this point, I'm willing to give any experiment a try, since I still have my trusty 7300GT that came with the system.

* Bios-roms.zip (235.63 KB - downloaded 429 times.)
Logged
Rominator
Hero Member
*****
Offline Offline

Posts: 2346



« Reply #1 on: November 26, 2010, 10:56:02 PM »

You are overlooking and ignoring the issue that makes this the most upsetting.

There is no device id to change to.

The 4870 IS A 4870 because it's device id is 9440. The Apple card uses 9440 and so do all of the flashed 4870s. The primary difference between a 4870 and 4890 is the device id. In fact, there is likely a little resistor that if moved to another position would change a 4890 into a 4870, and would solve half of the 4890 problems.

You are hoping that there is some obvious mistake in the way Zeus has made your ROM...there isn't. All Cindori did was take the method used by Pipomolo42's original discovery and automate it using things we discovered after pippy left our midst. You are in fact barking up wrong tree there.

I am going to guess that you have a ZWxx card or one of the other "johnny come lately" decontented 4870s that came later in model run. You MIGHT be able to fix the issues with card by changing EFI...but you would need to decompress and interpret it to do so. You would need to understand how it fits in with drivers and the PC BIOS it uses as a "backbone." The problems with later, cheaper 4870s are either from the EFI or the drivers (kexts, etc).

If the "MCUC" part surprises you, you haven't done much research into how we got card running. In many posts I told people that "MCUC" must appear TWICE in a ROM for ROM to work. Try searching MR for "MCUC". You do not demonstrate the sort of attention to detail needed to fix this. I doubt very much that I could. It would take a Netkas-level genius to fix this. He would need a lab with a Mac pro or two and several 4870s of different makes. He would need time where nothing else distracted him.  And more importantly he would need MOTIVATION. You are talking about cheapo, offbrand 4870s. The bulk of flashed 4870s are still chugging along happily. Only SOME have shown issues past 10.6.2. So all of that effort to fix some oddball 4870s....NOT GOING TO HAPPEN.

I can't speak for Netkas, but I can tell you that my time will be better spent finding bootscreens on 5xxx ATI cards and creating an EFI ROM for Nvidia Fermi cards. There may still be a copy & paste fix for the cheaper 4870s found by mixing and matching kexts, etc. This will be found more by dumb luck than someone decompressing EFI.

I wish you the best of luck, but I think you might be happier buying a used 5770 off Ebay for $100 or so and flashing that using one of the roms we have provided here. Your cheapo 4870 should sill fetch $60 or more. So, spend hours beating your head on the wall or spend $40 (net) and be done. Your call.

BTW, that guy trying to upload a fix at MR has done so. Try it out.

But basically, any and all OpenGl improvments in later OS aren't going to apply to your 4870...but maybe you don't care.

Another option would be to sell your 4870 to some PC user on Ebay and buy one of the ones we linked to early in 4870 process, the ones that still work perfectly. Your net cost could be under $20 if you play your cards right.
« Last Edit: November 27, 2010, 03:09:04 AM by Rominator » Logged

Before asking a question, check your "Personal Settings" and be sure that you have "Brain Services" set to "On".
akspa420
Not Newbie
*
Offline Offline

Posts: 23


« Reply #2 on: November 27, 2010, 07:52:57 AM »

Well, then I guess I know what I'm saving up for xmas for :/ Oh well, kinda figured that the whole flashing a pc card to a mac would end up being too good to be true at some point in time. I'll fool around with the kexts a bit more and see if I can't find some way to get it working... somehow.

In any case, if you could clarify why the GDDR5 memory tables need to be placed after the EFI part, I'd feel like I might understand the whole firmware mod - just so I know a bit more if I should try some random experiments.
« Last Edit: November 27, 2010, 07:55:59 AM by jimmsta » Logged
Rominator
Hero Member
*****
Offline Offline

Posts: 2346



« Reply #3 on: November 27, 2010, 10:52:19 PM »

The Apple 4870 ROM has PCBIOS-EFIBIOS-MCUC table.

So we did same thing. Oddly enough, MOST ROMs have just enough space between the two for the EFI.

There is a place in PC ROM where it does a "GOTO" for the GDDR5 table. This is FIRST "MCUC". Do some reading of my posts at MR. If you move MCUC, you need to change this address.

Did you try the "exotic 4870 fix" some guy has posted at MR? Might work...who knows?
Logged

Before asking a question, check your "Personal Settings" and be sure that you have "Brain Services" set to "On".
akspa420
Not Newbie
*
Offline Offline

Posts: 23


« Reply #4 on: December 14, 2010, 11:44:12 PM »

This may seem like a stupid question, but here it goes... Why does the second MCUC block have to be placed after the EFI block? Is there any reason why the EFI block cannot just be tacked on to the end of the original bios? Maybe I've overlooked some key information. I really just want to know how these hacks work at all Tongue
Logged
Rominator
Hero Member
*****
Offline Offline

Posts: 2346



« Reply #5 on: December 15, 2010, 09:43:55 PM »

who cares? it works that way

why reinvent the wheel ?
Logged

Before asking a question, check your "Personal Settings" and be sure that you have "Brain Services" set to "On".
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Valid XHTML 1.0! Valid CSS!