How to hack PC BIOS — CFG Unlock

If you want to transfer your Windows PC into Hackintosh by OpenCore, you’d better unlock your BIOS. The OSX like Big Sur needs to use register #2.

— === M E N U === —

🔬1. Test BIOS Locking Status
🌫🌫🌫🌫Download the Shell
🌫🌫🌫🌫Test Tool
🌫🌫🌫🌫Test BIOS Lock
💍2. Find CFG Lock Address
🌫🌫🌫🌫BIOS Tool: Ru.efi
🌫🌫🌫🌫Viewer+Converter of BIOS Image
🌫🌫🌫🌫Find the Address of CFG Lock
🔓3. Unlock CFG

🔬1. Test BIOS Locking Status

< === Menu

• A bootable disk formatted by Fat32. Don’t waste your time to create a new one. Your OpenCore bootable USB stick is fine.

Boot folder: /efi/boot

So we need to collect all of the files in this folder. My OpenCore USB:

Let replace a general UEFI shell with the same name. You can remove it now.

Download the Shell

• https://github.com/tianocore/edk2/blob/UDK2018/ShellBinPkg/UefiShell/X64/Shell.efi

Copy shell.efi to boot folder and rename it to BootX64.efi.

Test Tool

The OpenCore has a tool to test your BIOS lock, called VerifyMsrE2.efi. Copy the file to the boot folder and rename it as v2.efi. (🤔Don’t you see it has a ridiculously long name?!)

Setup BIOS

Restart and press F2. (Mine is F2) Let’s change BIOS settings:

• Set your password for BIOS
• Disable Secure Boot
• Enable F12 to boot options

Save.

Test BIOS Lock

F12, let’s choose USB. Shell will pop up:

Shell> v2.efi

Here is your best news: LOCKED! 😫

💍2. Find CFG Lock Address

< === Menu

BIOS Tool: Ru.efi

RU.EXE + RU.EFI

Download the latest beta and unzip with the corresponding password.

Copy Ru.efi to the boot folder.

Viewer+Converter of BIOS Image

• UEFITool (opens new window)(Make sure it’s UEFITool and not UEFIExtract)
• Universal-IFR-Extractor

Please download them to a tool folder.

I rename the ifr…exe to ifr.exe because its name is too long.

BIOS Image

Please download a BIOS update file from your motherboard supplier in the same folder. If it is ZIP or EXE file, please decompress it until you see the image file. For example,

Find the Address of CFG Lock

Open UEFITool:

Ctrl+F: Search for “CFG Lock”

It founds:

Open the link:

Extract as is: Save to your tool folder

Give a name

Open a CMD: Move to your tool folder.

tools> ifr sec.sct sec.txt
Input: sec.sct
Output: sec.txt
Protocol: UEFI

Open sec.txt with your text editor:

Search for “cfg lock”:

I got “0x3E”. This is my lock. Please write down yours on a piece of paper or use your phone to shoot it down.

🔓3. Unlock CFG

< === Menu

Restart and go to USB: ru.efi

Press any key to continue.

Alt+=: List

CpuSetup.

0x3E: 01 ← Locked. You need to move to your address, probably a few pages after.

Spacebar → 00 → Enter

Ctrl+W: Save

Alt+Q: Quit

Restart to USB again: v2.efi

Oh, yeah! Unlocked… Now, you’ve stepped in the door of a BIOS engineer.