About the GeekBench results…

You must have seen the two Geekbench reports, one of a new MacBook Pro and one of a new iMac. News everywhere. Never had so much traffic before as other people, blogs and news sites like Engadget and Macrumors picked it up and linked to my blog. Thanks for that btw.

Anyway. Rest assured folks. I did not stupendously produce some do-it-yourself fake GeekBench results. You as regular here should know that by now, but new visitors may not know me that well and may think that I have made them myself. Yeah right. Like I have time for something stupid like that. I mean come on. What a waste of time and energy. Not going to happen here.

What is going on then? Listen. We have seen leaked parts of a new iPhone already, right? So when was the last time you have seen any bit of evidence that Apple is working on a hardware refresh for Mac products? Not ever I guess. And what happens after parts have been leaked?

First things first. How come we don’t see any Mac hardware parts getting leaked? It that because the supply chain and the factory workers are put under stricter control? Like talk about your work, and it is over and out. Exit. Do not return for work the next day.

Controlled leak
I tell you. What happened here is what I call a controlled leak. Apple leaking data to inform a cheer number of MacBook Pro users that the new hardware is here. The most important bit being that Apple did not merge the Pro line with the MacBook Air. Both are here to stay. Both with their own unique form-factor. But the new MacBook Pro comes with a new design. Oh what a surprise.

Right. I would have been more surprised when Sir Ive and his team had done nothing. Did not improve it. Didn’t do their homework, and didn’t put the new MacBook Pro on a diet. Not spec wise course, because it is faster, produces less heat (hello fan) but also comes with more RAM now. Apparently.

And getting rid of the optical drive to accomplice this is fine by me. Giving it a stunning display is even better. Even at a somewhat lower density, less than the new iPad. Lowering the weight and extending the battery life, after Intel did their part, is also cool. Not to mention that it is running cooler – thanks to Intel’s Ivy Bridge processors. Comes with a special edition of Mountain Lion, with Intel HD 4000 support, pre-installed on it. Well. Isn’t that what we pro users are looking for? I certainly do. What about you?

The only downside is the price. As always. It’s better alright, but still a lot of money. That and getting a Melkco sleeve for it. Another $200-$250 probably. Guess where my money will be spent on.

My take on all this is that someone at Apple’s PR department did a great job. And they had to do something, because all I have been seeing lately is new hardware from so called “competitors”. Stuff that may lure people away from Apple products. Ok. Maybe only people who look at the price tag, but wasn’t it about time for Apple to step up the plate and leak some interesting data? Letting people know that the MacBook Pro is worth every penny. Even more so with a “refreshed” design. And let’s face it people. There can only be one MacBook Pro, because the rest is, and always will be… the rest of the pack.

p.s. I personally don’t give a BEEP about USB3. A Thunderbolt speed improvement is much more interesting. Especially now that Fire…. Wait what? Right. I don’t care about FireWire either. Oops.

So. Now it is time for me to enjoy a well deserved vacation. Yup. Holidays are here so have a great time folks!

Take care,

-Sam

ACPI errors in UEFI-BIOS

I have explained how to enable debug info in an earlier blog writeup, and this boot argument helped me in the past to see if things are working, or that I had to fix a bug or two. And since the ACPI tables in Asus products are never shy of bugs… let’s have a closer look at one of them in particular. This in the hope that you learn something new today. First the error message:

ACPI: Error (psargs-0464): [RAMB] Namespace lookup failure, AE_NOT_FOUND

Obviously something is wrong. Open your dsdt.dsl and look for RAMB. Here it is:

    Scope (_SB)
    {
        Name (RAMB, 0xDCB94018)
        OperationRegion (\RAMW, SystemMemory, RAMB, 0x00010000)
        Field (RAMW, ByteAcc, NoLock, Preserve)
        {
            DSAF,   256, 
            PAR0,   32, 
            PAR1,   32, 
            PAR2,   32, 
            PINX,   32, 
            PADD,   2048
        }

Right. Just a silly error. I know that, but using a backslash there (\RAMW) puts the OperationRegion and Field combo in different name space (\). Meaning that RAMW cannot reach the value of object RAMB. This because it resided in the _SB name space, instead of the root where everything is reachable, but also pollutes the global name space.

The Fix
The fix is really easy. We have three options.

1.) The best option is to replace RAMB with 0xDCB94018. And we can do this, because the value won’t change. Not until the next UEFI-BIOS update, but since ACPI table changes are usually pointless for us hack folks -> don’t bother.

2.) Alternatively we could either move RAMB to the global name space, or add the missing backslash. Effectively putting it in the correct name space.

More bugs
This was my fix for bug number one (1) but there are more bug. Six more to be precise – in the 3203 BIOS alone. Hey. Don’t look at me. Asus should fix them, or AMI. What do I know. Sure. It would have been nice when their QA validation process was better, but it isn’t like your board/OS won’t boot.

I am sure that Asus is paying attention (Raja rings HQ) so we should see a fix for this bug, and possibly the others as well, in a near future BIOS update. And maybe. Just maybe. Maybe is us being nice to Asus a good thing. Maybe then good things will happen – a friendly reminder to the fact that register 0xE2 is locked when it shouldn’t

No more white iPad for me…

Went out shopping today with two friends. Always fun. Except for the part that you have to pay at the checkout. Anyway. I will skip the boring part, but what I can tell you is that I came home with something that I hadn’t planned on buying today.

The problem with my ‘old’ New iPad is that it is white, and holding mine next to a black model made me realize that I had bought the wrong one. The white bezel is distracting and makes it look smaller. Not to one of my friends. Problem solved. Enter my new New iPad 32 GB (WiFi only model).

Also needed a new case for it. A nice one. Right. Me and my expensive taste. Lovely. Love leather stuff – think car interiors and sofa’s – simply because that is so elegant. So natural. So nice. Enter my new hand made leather Melkco Premium case.

A bit expensive maybe, but this is me. I am Dutch girl alright, but far from cheap. I like classy stuff. Which is why my iPhone now also smells like a cow. Err. New car

Power Management in Lion 10.7.4

I don’t have much time – need to go shopping – but check this out:

1.) Edit the Kernel Flag. Open the file with the following terminal command:

sudo nano /L*/P*/SystemC*/com.apple.Boot.plist

And make sure you have this in it: -v debug=0xff

2.) Reboot

3.) Check the on-screen output – just before it switches to graphics mode – for the following line:

AppleLPC::start – registering with plugin with ASPM Support false

Meaning that only the lowest P-State and the Intel Turbo Modes are being used. AICPUPM.kext is doing nothing. What you see with MSRDumper.kext is what the UEFI-PM module is doing.

Notes
The above error message is a _kprintf method only, and thus it won’t get logged in any log file (not calling IOLog).

I have EIST and C-State reporting disabled in the EUFI-BIOS settings. I also instructed RevoBoot to drop all SSDT tables, and this like forever already. Why? because only then I know that AppleIntelCPUPowerManagement.kext is doing the work, and not something the UEFI-PM module.

And to see what SMC keys you are missing, enable debug mode in /S*/L*/Ext*/FakeSMC.kext/C*/Info.plist Here’s what you should have:

                <key>SMC Device Emulator</key>
                <dict>
                        <key>CFBundleIdentifier</key>
                        <string>org.netkas.FakeSMC</string>
                        <key>Configuration</key>
                        <dict>
                                <key>debug</key>
                                <true/>
                                <key>Keys</key>
                                <dict>
                                        <key>$Num</key>
                                        <array>
                                                <string>ui8</string>
                                                <data>AQ==</data>
                                        </array>

Oh and when you use FileGuard, then add the two lines in: /Extra/FileGuard/Files/S*/L*/E*/FakeSMC.kext/C*/Info.plist
I’m sure that you knew this already, but just as a friendly reminder.

Update
So many people are looking for help, here and elsewhere, and yet I see not a single comments whatsoever about that message. Hmm. Maybe I am wasting my time here. Or maybe people don’t care about PM anymore. Fine by me… but if you want someone to help you, then help her to help you

Lost two brand new drives…

Ok. So I got two brand new 256 GB SSD’s for my RAID testing for RevoBoot. So sweet.

Right. If I hadn’t made the stupid mistake to flash the latest firmware in them. Now… Well. Guess what? The UEFI-BIOS doesn’t seem to recognize the drives anymore! Hello!

And this days before I go on a holiday. Great timing Sam. Fabulous job girl. Not.

Still wondering what I did wrong. Nah. This wasn’t me doing anything wrong. All I did was to click on that fancy button. But then again. Apple said: “You are holding it wrong” when I had issues with my iPhone. Remember?

/me ducks

Update
I can swap them for two new drives, today. Which is great news. Problem is. It’s only a two-hour train trip (4 hours in total). Now I wish I had bought them in Amsterdam, and not in what’s that name again? A little town called Raalte. Right All this for a 50 Euro discount (train trip costs 22 Euro). No idea how to get there. Now I get them Monday. When my drives arrive there in time. Pffft.

I also need to get myself a Dr. Dre Pro white head phone, and that before Tuesday. Which for you info is sold out temporarily. Great. Not to mention that they are much more expensive in Amsterdam. Like everything else it seems. I don’t get it. When I order it from some freaking stupid little town, sometimes even up in Belgium, I get it much cheaper. note that we are talking about almost 100 Euro discount for the headphone. Grrr.

This is what you get when you make last minute decisions, and work so darn hard to get stuff going.

Okay. Found one. Just 319 Euro. I don’t know but that sounds like an awful lot of money for a headphone. Heck it is. Sure. I love music, and stuff from Dr. Dre but now I wish I hadn’t used one from a friend the other day. I tell you the sound quality is blowing you away. Well that and the looks of it. I mean I am a girl after all

Lion OS X 10.7.4

Apple had to fix their FileVault error and so they did. Enter OS X 10.7.4 No issues here.

1.) Geekbench score is fine.
2.) Power management is working – all fine and dandy with RevoBoot.
3.) AppleIntelSNBGraphicsFB.kext was patched by my FileGuard patch script.
4.) AppleHDA.kext was patched by my FileGuard patch script.

What a boring upgrade BTW.

Asus 3K UEFI-BIOS modifications – part deux

Hi folks. It’s me again with an update. Hopefully this time without messing things up again. Sorry about that. Let’s see. Ok. You all know how hard I have been trying to get past this error:

Security verification failed.

The first thing I did – obviously – was to search for the text with the following terminal command:

grep -ire "Security verification failed" *.ROM

And poof. There it was:

Binary file 97AF1D95-203C-42DE-8D6B-D13EB7E5A55A_1_300.ROM matches

That’s the module with the text in it. Easily found. What I did next was to load the module in HexEdit with:

open 97AF1D95-203C-42DE-8D6B-D13EB7E5A55A_1_300.ROM

Scroll down to the end of the file to see the name of the module, being: PEfirmwareupdateEfi

Which we would be coding like this:

static EFI_CHAR16 const ModuleName[] =
{
0x50, 0x00, 0x45, 0x00, 0x66, 0x00, 0x69, 0x00, 0x72, 0x00, 0x6D, 0x00, 0x77, 0x00, 0x61, 0x00,
0x72, 0x00, 0x65, 0x00, 0x75, 0x00, 0x70, 0x00, 0x64, 0x00, 0x61, 0x00, 0x74, 0x00, 0x65, 0x00,
0x45, 0x00, 0x66, 0x00, 0x69, 0x00
}

Ok. So now we know the filename of the module, and the module name. Not really interesting, so let us continue with another terminal command:

objdump -m i386:x86-64 -b binary -D 97AF1D95-203C-42DE-8D6B-D13EB7E5A55A_1_300.ROM

That will give you the output. The same output that I posted here earlier today. Be it without my comments. And that is the last part that I want to share with you today. Before going back to hacking. Anyway. What you need to do is really simple. A three step process:

1.) Search for a text string in HexEdit, or any other hex-editor. Example “The file format is not correct.“

2.) Note the start address of the text i.e. in this case 0x18f4

3.) Search for #0x18f4 in the assembly output file and paste the text into it.

We’re almost done for today. But not before saying thank you to Dave for his tip (yesterday) about using BSUPDATER.EXE

Thing is. I tried to flash my mod BIOS but it failed. Also tried to flash it with afudos.exe (in DOS) but that also failed. Then I decided to wait for Dave to return from his holiday and to go work with Bryan on RevoBoot improvements. Had a great time. Thanks for that Bryan!

Anyway. Dave returned a week later and he sent me his e-mail reply, after which I started digging again. Quickly realizing that it was me who needed the kick this time. Gosh. I was so stupid. Why didn’t I look at it earlier. Why didn’t I compare BSUPDATER V.126 with V.130 earlier? So silly. Only v1.30 has the security strings data in it. Yup. Had one of these Duh moments again

     a98:	48 89 4c 24 08       	mov    %rcx,0x8(%rsp)
     a9d:	48 83 ec 38          	sub    $0x38,%rsp
     aa1:	e8 62 0a 00 00       	callq  0x1508
     aa6:	85 c0                	test   %eax,%eax
     aa8:	0f 84 c9 00 00 00    	je     0xb77			// Return 0 (OK)
     aae:	48 8b 4c 24 40       	mov    0x40(%rsp),%rcx
     ab3:	48 8b 09             	mov    (%rcx),%rcx
     ab6:	e8 c9 09 00 00       	callq  0x1484
     abb:	85 c0                	test   %eax,%eax
     abd:	75 16                	jne    0xad5
     abf:	48 8d 0d 2e 0e 00 00 	lea    0xe2e(%rip),%rcx        # 0x18f4 // The file format is not correct.
     ac6:	e8 09 f9 ff ff       	callq  0x3d4
     acb:	b8 00 10 00 80       	mov    $0x80001000,%eax
     ad0:	e9 a4 00 00 00       	jmpq   0xb79			// Return 0x80001000
     ad5:	48 8b 4c 24 40       	mov    0x40(%rsp),%rcx
     ada:	48 8b 09             	mov    (%rcx),%rcx
     add:	e8 e2 09 00 00       	callq  0x14c4
     ae2:	89 44 24 20          	mov    %eax,0x20(%rsp)
     ae6:	81 7c 24 20 00 08 80 	cmpl   $0x800800,0x20(%rsp)
     aed:	00 
     aee:	74 13                	je     0xb03
     af0:	48 8d 0d d5 0d 00 00 	lea    0xdd5(%rip),%rcx		# 0x18cc // Failed to securely load BIOS.
     af7:	e8 d8 f8 ff ff       	callq  0x3d4
     afc:	b8 01 10 00 80       	mov    $0x80001001,%eax
     b01:	eb 76                	jmp    0xb79			// Return 0x80001001
     b03:	8b 05 03 19 00 00    	mov    0x1903(%rip),%eax	# 0x240c
     b09:	25 00 00 00 80       	and    $0x80000000,%eax		// Error 0x80000000
     b0e:	85 c0                	test   %eax,%eax
     b10:	74 28                	je     0xb3a			// OK
     b12:	8b 54 24 20          	mov    0x20(%rsp),%edx
     b16:	48 8b 4c 24 40       	mov    0x40(%rsp),%rcx
     b1b:	48 8b 09             	mov    (%rcx),%rcx
     b1e:	e8 51 0b 00 00       	callq  0x1674
     b23:	85 c0                	test   %eax,%eax
     b25:	75 13                	jne    0xb3a			// OK
     b27:	48 8d 0d 9e 0d 00 00 	lea    0xd9e(%rip),%rcx		# 0x18cc // Failed to securely load BIOS.
     b2e:	e8 a1 f8 ff ff       	callq  0x3d4
     b33:	b8 01 10 00 80       	mov    $0x80001001,%eax		// Error 0x80000001
     b38:	eb 3f                	jmp    0xb79			// Return 0x80001001
     b3a:	8b 54 24 20          	mov    0x20(%rsp),%edx
     b3e:	b9 04 00 00 00       	mov    $0x4,%ecx
     b43:	e8 3c 0c 00 00       	callq  0x1784
     b48:	85 c0                	test   %eax,%eax
     b4a:	75 13                	jne    0xb5f			// OK
     b4c:	48 8d 0d 59 0d 00 00 	lea    0xd59(%rip),%rcx		# 0x18ac // Security verification failed.
     b53:	e8 7c f8 ff ff       	callq  0x3d4
     b58:	b8 02 10 00 80       	mov    $0x80001002,%eax		// Error 0x80000002
     b5d:	eb 1a                	jmp    0xb79			// Return 0x80001002
     b5f:	48 8b 4c 24 40       	mov    0x40(%rsp),%rcx
     b64:	48 8b 09             	mov    (%rcx),%rcx
     b67:	e8 78 09 00 00       	callq  0x14e4
     b6c:	4c 8b d8             	mov    %rax,%r11
     b6f:	48 8b 44 24 40       	mov    0x40(%rsp),%rax
     b74:	4c 89 18             	mov    %r11,(%rax)
     b77:	33 c0                	xor    %eax,%eax		// Return 0
     b79:	48 83 c4 38          	add    $0x38,%rsp
     b7d:	c3                   	retq   
     b7e:	cc                   	int3   
     b7f:	cc                   	int3   
     b80:	48 89 4c 24 08       	mov    %rcx,0x8(%rsp)
     b85:	48 83 ec 48          	sub    $0x48,%rsp
     b89:	c7 44 24 38 00 00 00 	movl   $0x0,0x38(%rsp)
     b90:	00 
     b91:	48 8d 0d 34 0e 00 00 	lea    0xe34(%rip),%rcx        # 0x19cc // Image integrity check failed.
     b98:	e8 37 f8 ff ff       	callq  0x3d4
     b9d:	48 8d 4c 24 50       	lea    0x50(%rsp),%rcx
     ba2:	e8 f1 fe ff ff       	callq  0xa98
     ba7:	89 44 24 28          	mov    %eax,0x28(%rsp)
     bab:	83 7c 24 28 00       	cmpl   $0x0,0x28(%rsp)
     bb0:	74 09                	je     0xbbb
     bb2:	8b 44 24 28          	mov    0x28(%rsp),%eax
     bb6:	e9 a2 01 00 00       	jmpq   0xd5d
     bbb:	4c 8d 05 f2 0d 00 00 	lea    0xdf2(%rip),%r8		# 0x19b4 // BOOTEFI
     bc2:	ba 00 00 04 00       	mov    $0x40000,%edx
     bc7:	48 8b 0d fe 17 00 00 	mov    0x17fe(%rip),%rcx	# 0x23cc
     bce:	e8 c5 04 00 00       	callq  0x1098
     bd3:	89 44 24 3c          	mov    %eax,0x3c(%rsp)
     bd7:	83 7c 24 3c ff       	cmpl   $0xffffffff,0x3c(%rsp)
     bdc:	75 0a                	jne    0xbe8
     bde:	b8 10 00 00 80       	mov    $0x80000010,%eax		// Error 0x80000010
     be3:	e9 75 01 00 00       	jmpq   0xd5d
     be8:	8b 4c 24 3c          	mov    0x3c(%rsp),%ecx
     bec:	48 8b 05 d9 17 00 00 	mov    0x17d9(%rip),%rax	# 0x23cc
     bf3:	48 03 c1             	add    %rcx,%rax
     bf6:	48 89 44 24 30       	mov    %rax,0x30(%rsp)
     bfb:	48 8b 4c 24 30       	mov    0x30(%rsp),%rcx
     c00:	48 83 c1 6a          	add    $0x6a,%rcx
     c04:	41 b8 05 00 00 00    	mov    $0x5,%r8d
     c0a:	48 8d 15 9b 0d 00 00 	lea    0xd9b(%rip),%rdx		# 0x19ac // A1984
     c11:	e8 2e 05 00 00       	callq  0x1144
     c16:	85 c0                	test   %eax,%eax
     c18:	74 0a                	je     0xc24
     c1a:	b8 01 00 00 80       	mov    $0x80000001,%eax		// Error 0x80000001
     c1f:	e9 39 01 00 00       	jmpq   0xd5d
     c24:	48 8b 44 24 30       	mov    0x30(%rsp),%rax
     c29:	48 83 c0 0e          	add    $0xe,%rax
     c2d:	48 89 44 24 20       	mov    %rax,0x20(%rsp)
     c32:	48 8d 15 63 0d 00 00 	lea    0xd63(%rip),%rdx		# 0x199c // SABERTOOTH-Z77
     c39:	48 8b 4c 24 20       	mov    0x20(%rsp),%rcx
     c3e:	e8 d9 04 00 00       	callq  0x111c
     c43:	85 c0                	test   %eax,%eax
     c45:	74 0a                	je     0xc51
     c47:	b8 02 00 00 80       	mov    $0x80000002,%eax		// Error 0x80000002
     c4c:	e9 0c 01 00 00       	jmpq   0xd5d
     c51:	48 8b 44 24 30       	mov    0x30(%rsp),%rax
     c56:	48 83 c0 2c          	add    $0x2c,%rax
     c5a:	48 89 44 24 20       	mov    %rax,0x20(%rsp)
     c5f:	48 8d 15 26 0d 00 00 	lea    0xd26(%rip),%rdx		# 0x198c // ASUS_PRODUCT_IDSABERTOOTH-Z77
     c66:	48 8b 4c 24 20       	mov    0x20(%rsp),%rcx
     c6b:	e8 ac 04 00 00       	callq  0x111c
     c70:	85 c0                	test   %eax,%eax
     c72:	74 0a                	je     0xc7e
     c74:	b8 03 00 00 80       	mov    $0x80000003,%eax		// Error 0x80000003
     c79:	e9 df 00 00 00       	jmpq   0xd5d
     c7e:	48 8b 44 24 30       	mov    0x30(%rsp),%rax
     c83:	48 83 c0 4a          	add    $0x4a,%rax
     c87:	48 89 44 24 20       	mov    %rax,0x20(%rsp)
     c8c:	48 8d 15 ed 0c 00 00 	lea    0xced(%rip),%rdx		# 0x1980 // ASUS
     c93:	48 8b 4c 24 20       	mov    0x20(%rsp),%rcx
     c98:	e8 7f 04 00 00       	callq  0x111c
     c9d:	85 c0                	test   %eax,%eax
     c9f:	74 0a                	je     0xcab
     ca1:	b8 04 00 00 80       	mov    $0x80000004,%eax		// Error 0x80000004
     ca6:	e9 b2 00 00 00       	jmpq   0xd5d
     cab:	48 8d 0d ba 0c 00 00 	lea    0xcba(%rip),%rcx		# 0x196c // Image outdated. 
     cb2:	e8 1d f7 ff ff       	callq  0x3d4
     cb7:	48 8b 44 24 30       	mov    0x30(%rsp),%rax
     cbc:	0f b6 40 0b          	movzbl 0xb(%rax),%eax
     cc0:	85 c0                	test   %eax,%eax
     cc2:	0f 8f 80 00 00 00    	jg     0xd48
     cc8:	e8 83 f7 ff ff       	callq  0x450
     ccd:	48 8b 54 24 50       	mov    0x50(%rsp),%rdx
     cd2:	48 8b 4c 24 30       	mov    0x30(%rsp),%rcx
     cd7:	e8 d0 fa ff ff       	callq  0x7ac
     cdc:	85 c0                	test   %eax,%eax
     cde:	74 1c                	je     0xcfc
     ce0:	48 8b 54 24 50       	mov    0x50(%rsp),%rdx
     ce5:	48 81 c2 00 00 78 00 	add    $0x780000,%rdx
     cec:	41 b8 00 00 04 00    	mov    $0x40000,%r8d
     cf2:	b9 00 00 78 00       	mov    $0x780000,%ecx
     cf7:	e8 2c fb ff ff       	callq  0x828
     cfc:	48 8b 4c 24 50       	mov    0x50(%rsp),%rcx
     d01:	e8 ee fa ff ff       	callq  0x7f4
     d06:	85 c0                	test   %eax,%eax
     d08:	74 1c                	je     0xd26
     d0a:	48 8b 54 24 50       	mov    0x50(%rsp),%rdx
     d0f:	48 81 c2 00 00 1f 00 	add    $0x1f0000,%rdx
     d16:	41 b8 00 00 51 00    	mov    $0x510000,%r8d
     d1c:	b9 00 00 1f 00       	mov    $0x1f0000,%ecx
     d21:	e8 02 fb ff ff       	callq  0x828
     d26:	8b 44 24 50          	mov    0x50(%rsp),%eax
     d2a:	05 00 00 18 00       	add    $0x180000,%eax
     d2f:	8b d0                	mov    %eax,%edx
     d31:	41 b8 00 00 02 00    	mov    $0x20000,%r8d
     d37:	b9 00 00 18 00       	mov    $0x180000,%ecx
     d3c:	e8 e7 fa ff ff       	callq  0x828
     d41:	e8 56 f7 ff ff       	callq  0x49c
     d46:	eb 07                	jmp    0xd4f
     d48:	b8 05 00 00 80       	mov    $0x80000005,%eax		// Error 0x80000005
     d4d:	eb 0e                	jmp    0xd5d
     d4f:	48 8d 0d ee 0b 00 00 	lea    0xbee(%rip),%rcx		# 0x1944 // BIOS update successfully completed.
     d56:	e8 79 f6 ff ff       	callq  0x3d4
     d5b:	33 c0                	xor    %eax,%eax
     d5d:	48 83 c4 48          	add    $0x48,%rsp
     d61:	c3                   	retq 

You may wonder why I think that this is it. That this is what we are looking for. But I am pretty confident now that Andy (PhoenixTools) e-mailed me his findings. Sweet. We’re on the same page.

Not only that because he said to share his source code with me. This way we can try to get PhoenixTools going on OS X. I can’t wait to see what need to be done.

Enjoy the code snippet