Jump to content
  • 0
Sign in to follow this  

AsereBLN Booter - Based on Chameleon RC4 / PCEFI10.5


Happy new year to everyone!

I have a little gift for you :) I was quite inactive here in the last weeks... but not dormant at all. I'm done the first major changes to Chameleon. I'm really disappointed regarding the code quality of Chameleon. It's full of possible buffer overflows, quick & dirty hacks... you can notice that there is no one behind, who is supervising the development, who has and keeps the whole picture in mind. The code quality is really bad :( One example is the use of the boolean datatype. You can find boolean_t, bool, BOOL, int, char... used with 0, 1, TRUE, FALSE, true, false, 0, 1, YES or NO, and this even mixed! So I started to cleanup this mess, fixed some bugs and also added new cool features.


  1. First of all I fixed the stupid bug with the fixed Platform UUID.
  2. Fixed a bug regarding PCI-Root-UID different than 0
  3. Fixed a bug regarding the detection of the CPU
  4. Fixed dozens of possible buffer overflows
  5. and all the bugs I forgot to mention

New Features:

  1. You can build Chameleon with GUI-support without the need of an embedded theme (Never understood why this should be necessary). The Booter is a lot smaller now. Only 160 kBytes.
  2. Platform UUID is taken from the BIOS (UUID from SMBIOS Table 1). You can remove PlatformUUID.kext, SMUUID from smbios.plist and also System-ID from com.apple.Boot.plist.
  3. Dynamic memory parameter detecting and injecting like Frequency, Type (DDR2, DDR3), Manufactor, Partnumber, Serialnumber. You can remove all memory related stuff from smbios.plist.
  4. Dynamic PCI-Root-UID detection from PCEFI 10.5
  5. Duvell300's FACP Restart Fix added (from here)


  1. Filenames configured in com.apple.Boot.plist (DSDT=..., SMBIOS=...) must be given with the full path. The Booter does not check automatically the Extra Folder. So if you used DSDT=mydsdt.aml and the mydsdt.aml file is in the Extra folder, then you must use now DSDT=/Extra/mydsdt.aml.
  2. ATI and nVidia Video-ROM-Files must be renamed to <vendorid>_<deviceid>.rom and must be put into the Extra folder. vendorid and deviceid as 4-digit hex values without a leading 0x. For instance, a nVidia 9400 GT (55nm) has the vendorid "0x10DE" and the deviceid "0x0641", so the filename must be "10de_0641.rom". To enable nVidia VGA BIOS File Loading use: UseNvidiaROM=Yes in com.apple.Boot.plist. To enable ATI VGA BIOS File Loading use: UseAtiROM=Yes in com.apple.Boot.plist.

If you use the Booter without the embedded theme, then you must supply a Theme in Extra/Themes/ to have GUI support. The default theme name is "Default". You can configure the theme to be used with Theme="Name" in com.apple.Boot.plist.

Platform UUID is setup by injecting /efi/platform/system-id property. The UUID value from SMBIOS table 1 is used as system-id. If your BIOS does not provide an UUID, then you can configure the UUID with SMUUID in smbios.plist. If you set system-id=No in com.apple.Boot.plist, then the system-id is not injected into the IORegistry. Use this if you want/need to use PlatformUUID.kext or something similar.

The memory parameter detecting should work with P35/X38/X48/P45 memory controllers and the builtin memory controllers of the Core i5/i7 CPU's. Reading of memory SPD (Serial Presence Detect EEPROM) data should work on P55, ICH10? and ICH9. You must remove all memory related keys from smbios.plist (SMmemmanufacter_X, SMmempart_X, SMmemserial_X, SMmemspeed & SMmemtype).

Dynamic PCI-Root-UID should work if your DSDT defines the UID like this: Name (UID, <value>). Default PCI-Root-UID is 0. You can configure the PCI-Root-UID to be used with PCIRootUID=<value> in com.apple.Boot.plist (-pci0, -pci1, PciRoot... does not work anymore).

You should also update boot0 (with fdisk) and boot1h with (dd), because the Chameleon team fixed some bugs there.

The archive contains:

  1. boot - the Booter without debugs, without an embedded theme
  2. boot_with_embedded_theme - the Booter without debugs and with an embedded theme
  3. boot_with_debugs - the Booter with some debug messages
  4. boot0 - the fist stage bootloader (goes into the MBR)
  5. boot1h - the second stage bootloader (goes to the beginning of the Chameleon Booter partition)

I ask everyone to use at least one time the Booter with Debugs and to take photos at every "(Press a key to continue...)" stop (PCI-Bus, CPU, Memory-Controller, SPD) to help me to improve Chameleon further. If you have a running Windows on your Hackintosh, then a TXT-Report made with the CPU-Z programm would be very helpful too. If you encounter problems, then use the Booter with debugs. Do not forget to rename it to boot.

Patch against Chameleon-RC4 is included, but without the memory detection stuff. I'll release it after a grace period. You know... ASEM is also reading here ;)

Any feedback is welcome!

Update Version 1.1.1:

  1. FACP RestartFix is enabled by default if you have an Intel CPU
  2. Memory Manufactor Code Lookup for some common Vendors (OCZ, G.Skill, GeIL, Crossair, Kingston)

Update Version 1.1.2:

  1. Fixed a bug with Memory Manufactor Code Lookup (DDR3: ManufactorID, Parity-Bit)

Update Version 1.1.3:

  1. Added Patriot, Crucial, A-DATA Memory Manufactor
  2. Support for 945 northbridge and ICH8, ICH7 southbridges
  3. SMBus Device Enable for systems there the controller is disabled (Tip from iNDi)
  4. printout a message if theme fails to load due to a missing file
  5. removed a print in non verbose mode to keep the Booter quiet

Update Version 1.1.4:

  1. You can supply a system-id with system-id=<value> in com.apple.Boot.plist
  2. You can prevent the system-id injection with system-id=No in com.apple.Boot.plist
  3. system-type is now supported. Default is 1 (Desktop). Use system-type=2 in com.apple.Boot.plist if you have laptop. (Link)
  4. Removed the setVideoMode(TEXT) in resume.c to make Hibernation work.
  5. Support for 946GZ/PZ, Q963/Q965a and P965 northbridge memory controllers.

Update Version 1.1.6:

  1. Improved system-type injection. ACPI V2 FACP PM_Profile is patched to match system-type.
  2. Fixed a bug with system-id injection (com.apple.Boot.plist).
  3. Supported memory manufactors: Micron, Samsung, Transcend, Apacer, Kingston, PNY, MDT, Corsair, GeIL, takeMS, Buffalo, Mushkin, OCZ, A-DATA, G.SKILL, TeamElite, Patriot and Crucial.
  4. Supported memory controllers: Core i5/i7 IMC, 945G/P, 955X, 945GM/PM, 945GME, 946GZ/PZ, Q963/Q965, P965, P35, X38/X48, 965GM, 965GME and P45.
  5. Supported SMBus controllers: P55, ICH10, ICH9, ICH8 and ICH7.

To set system-type put a system-type= into com.apple.Boot.plist (1=Desktop, 2=Laptop enables Battery, 3=Workstation). Default system-type is 1 (Desktop).

Update Version 1.1.7:

  1. Fixed the font swapping bug (small & console font).
  2. Fixed a problem with disabled MCH MMIO on some mainboards (needed to detect dram frequency).

Update Version 1.1.8:

  1. Fixed the font swapping bug (small & console font) for the Booter with an embedded theme.
  2. Fixed an issue with memory detection for some mainboard (2 slot only mainboards).
  3. Added support for PM45 northbridge memory controller.
  4. Added memory manufactor lookup for: Hynix, Nanya, KingMax, Qimonda and SuperTalent.
  5. Added nVidia GT240 device lookup.
  6. You can now hide HFS partitions too using “Hide Partition?? in com.apple.Boot.plist.
  7. Made the verbose output the using nVidia/ATI ROM’s more useful.
  8. Fixed a bug with sprintf (rek).
  9. Merged hibernation fix from Chameleon repo (46).
  10. Made verbosity at early bootstage useable.
  11. Bugfixes.

Update Version 1.1.9:

  1. Added nVidia ION device lookup.
  2. Added a feature to set/override the nVidia NVCAP value using NVCAP_ key in com.apple.Boot.plist.

If you want to override the NVCAP value, you must determine the PCI DeviceID of your graphic card. For instance: my new GTX260 has the DeviceID 0×05e2. Knowing the DeviceID add this to your com.apple.Boot.plist:


The NVCAP value is exactly 20 bytes long. You have to specify it using ASCII-HEX (0-9,a-f).

Sources under http://github.com/aserebln/Chameleon.


Share this post

Link to post
Share on other sites

Recommended Posts

  • 0

Hey Asere,

would be great if you could include 18seven?s Mac Like keys in the next release.

it will allow us to use mac like key combos at boot e.g. alt+v to boot in verbose and stuff like this...

Share this post

Link to post
Share on other sites
  • 0


ich bin neu hier und ich habe mich hier angemeldet, weil ich ein immenses Problem habe, seit ich AsereBLN 1.1.7 installiert hatte. Da ich ich mich in englisch nicht so korrekt ausdrücken kann, muss ich leider in deutsch schreiben und ich hoffe inständig, dass mir hier jemand helfen kann.+

Wie in meiner Signatur zu erkennen ist, habe ich drei HD´s in meinem Rechner. Die erste HD ist Snow Leopard 10.6.2 (Retail), die Zweite Win7 und die Dritte iPC 10.5.7 Leopard.

Gestern wollte ich AsereBLN 1.1.7 ausprobieren und habe den Bootloader auf meine Snow Leopard HD installiert. Nach einem Neustart lud der Bootloader seine GUI und ich wählte Leopard aus. Das Resultat war, dass meine Grafikkarte nicht erkannt wurde. Beim Login klickte ich auf Neustart und merkte dann, dass wohl meine DSDT nicht geladen wurde, da mein Bios resetet wurde. Also stellte ich meine Bios-Werte wieder her und startete neu. Aber dieses Mal kam ich weder in Snow Leopard noch kam ich zum Leopard Login. Also startete ich von meiner Backup-HD (10.6.2) und installierte Chameleon 2 RC3 + Netkas PC EFIv10.5 wieder auf meine Snow Leopard HD.

So, Snow Leopard startet und läuft wieder wie gewohnt, Win7 sowieso aber Leopard will partut nicht mehr! Ich habe die verschiedensten Kernel Flags durch, die verschiedensten Bios Einstellungen. Ich habe heute sogar iPC 10.5.6 auf ein USB Laufwerk installiert. Nichts! ich habe Chameleon 2 RC3+ Netkas PC EFI v10.5 auf die Leopard HD installiert, die HD im Bios als erste Platte eingestellt und neu gestartet, Chameleon erscheint, ich wähle die Leo HD und starte....

Leopard fängt an zu lasen und kommt bis zu der Stelle bevor die Zeile mit dem IOAPIC erscheint. In dem Augenblick, wo die Zeile mit dem IOAPIC erscheinen müsste , startet der Rechner neu. Das ist aber nicht nur bei meiner internen, lange benutzten Leopard HD der Fall, sondern auch bei meiner heute installierten Leopard Version auf USB-HD.

Ich bin inzwischen soweit zu sagen, dass es nicht an Leopard liegt und nicht am Bootloader. Es stellt sich für mich fast die Frage, inwieweit AsereBLN das System, event. das Bios des Rechners beinflusst! Ich weiß mir keinen Rat mehr. Ich habe alle gängigen Bootloader durch, habe Leopard neu und frisch auf ein USB Laufwerk installiert - immer das Gleiche. Snow Leopard (auch mein Backup-Snow auf einem USB-HD) werden topp geladen und funktionieren. Nur Leopard will nicht mehr. Aber Leopard brauche ich, da sind viele Programme mit entsprechenden Projekten drauf, Einstellungen e.t.c.

Bitte helft mir, dass ich mein Leopard wieder zum laufen bekomme. Wenn selbst eine Neuinstallation nicht mehr trägt, muss ein kleines Wunder her....

In diesem Sinne,

drück ich die Daumen und grübel weiter nach einer Lösung, darauf hoffent, dass man mir hier helfen kann.



My ultimative Website!

Mac Pro (GigaByte G33M-DS2R):

- Q6600 Quad / 4 GB Ram / ALC889A / ICH9R

- 9600 GT 512 MB / Chameleon RC3 + Netkas 10.5 BootFile

- 500 GB Snow Leopard Retail 10.6.2 SATA / 500 GB Leopard 10.5.7 SATA / 320 GB Windows 7 SATA

- USB, FireWire, Bluetooth (Stick), Front-Card-Reader works

- DVD Ram Burner SATA / DVD Lightscribe Burner SATA

Share this post

Link to post
Share on other sites
  • 0

Tried v. 1.1.8, no go on my system.

Something gets corrupted with the booter, system hangs every single boot and even reverting to Chameleon 2 RC4 didn't solve the problem. I was only able to boot in safe mode with an old Boot 132 cd. Reformatting the EFI partition and reinstalling old copies of kexts, plists and DSDT did the job.

Spent the whole weekend getting the system up again.

My console logs started filling up with this error:

Process:         authorizationhost [270]
Path: /System/Library/CoreServices/SecurityAgent.app/Contents/Resources/authorizationhost
Identifier: authorizationhost
Version: ??? (???)
Code Type: X86 (Native)
Parent Process: securityd [22]

Date/Time: 2010-02-07 14:14:26.073 +0000
OS Version: Mac OS X 10.5.8 (9L31a)
Report Version: 6
Anonymous UUID: DD7B41A5-CDC4-413A-BE23-6E219072FB87

Exception Codes: KERN_PROTECTION_FAILURE at 0x000000009012b000
Crashed Thread: 0

Thread 0 Crashed:
0 dyld 0x8fe179f1 ImageLoaderMachO::doBindIndirectSymbolPointers(ImageLoader::LinkContext const&, bool, bool, bool) + 449
1 dyld 0x8fe18261 ImageLoaderMachO::doBind(ImageLoader::LinkContext const&, bool) + 161
2 dyld 0x8fe0d490 ImageLoader::recursiveBind(ImageLoader::LinkContext const&, bool) + 112
3 dyld 0x8fe0d470 ImageLoader::recursiveBind(ImageLoader::LinkContext const&, bool) + 80
4 dyld 0x8fe0d470 ImageLoader::recursiveBind(ImageLoader::LinkContext const&, bool) + 80
5 dyld 0x8fe0d470 ImageLoader::recursiveBind(ImageLoader::LinkContext const&, bool) + 80
6 dyld 0x8fe1062e ImageLoader::link(ImageLoader::LinkContext const&, bool, bool, ImageLoader::RPathChain const&) + 238
7 dyld 0x8fe051ae dyld::link(ImageLoader*, bool, ImageLoader::RPathChain const&) + 158
8 dyld 0x8fe07acf dyld::_main(mach_header const*, unsigned long, int, char const**, char const**, char const**) + 2831
9 dyld 0x8fe01872 dyldbootstrap::start(mach_header const*, int, char const**, long) + 818
10 dyld 0x8fe01037 _dyld_start + 39

Thread 0 crashed with X86 Thread State (32-bit):
eax: 0xa001c340 ebx: 0x8fe17853 ecx: 0x8fe32058 edx: 0x9012b000
edi: 0x900cd504 esi: 0x97a23524 ebp: 0xbfffe5b8 esp: 0xbfffe540
ss: 0x0000001f efl: 0x00010282 eip: 0x8fe179f1 cs: 0x00000017
ds: 0x0000001f es: 0x0000001f fs: 0x00000000 gs: 0x00000037
cr2: 0x9012b000

Binary Images:
0x1000 - 0x1ffff authorizationhost ??? (???) <46e3c661cb71296cbcb87a5debd33caf> /System/Library/CoreServices/SecurityAgent.app/Contents/Resources/authorizationhost
0x2a000 - 0x2cfff com.apple.ExceptionHandling 1.5 (10) /System/Library/Frameworks/ExceptionHandling.framework/Versions/A/ExceptionHandling
0x8fe00000 - 0x8fe2db43 dyld 97.1 (???) <458eed38a009e5658a79579e7bc26603> /usr/lib/dyld
0x90003000 - 0x90007fff libmathCommon.A.dylib ??? (???) /usr/lib/system/libmathCommon.A.dylib
0x900cd000 - 0x9012affb libstdc++.6.dylib ??? (???) <04b812dcec670daa8b7d2852ab14be60> /usr/lib/libstdc++.6.dylib
0x90235000 - 0x90316ff7 libxml2.2.dylib ??? (???) <b3bc0b280c36aa17ac477b4da56cd038> /usr/lib/libxml2.2.dylib
0x90bee000 - 0x90c0cff3 com.apple.DirectoryService.Framework 3.5.7 (3.5.7) <0dc7272ee811169b47b4c682bfc666c6> /System/Library/Frameworks/DirectoryService.framework/Versions/A/DirectoryService
0x90e61000 - 0x90eaafef com.apple.Metadata 10.5.8 (398.26) <e4d268ea45379200f03cdc7c8bedae6f> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata
0x90eb7000 - 0x90ebefe9 libgcc_s.1.dylib ??? (???) <f53c808e87d1184c0f9df63aef53ce0b> /usr/lib/libgcc_s.1.dylib
0x90ec8000 - 0x90f78fff edu.mit.Kerberos 6.0.13 (6.0.13) <e3baa3d7b3ca7fa92082958af0b36973> /System/Library/Frameworks/Kerberos.framework/Versions/A/Kerberos
0x90f7a000 - 0x91001ff7 libsqlite3.0.dylib ??? (???) <aaaf72c093e13f34b96e2688b95bdb4a> /usr/lib/libsqlite3.0.dylib
0x9101b000 - 0x9114efe7 com.apple.CoreFoundation 6.5.7 (476.19) <a332c8f45529ee26d2e9c36d0c723bad> /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
0x91150000 - 0x91157ffe libbsm.dylib ??? (???) <d25c63378a5029648ffd4b4669be31bf> /usr/lib/libbsm.dylib
0x91159000 - 0x91184fe7 libauto.dylib ??? (???) <4f3e58cb81da07a1662c1f647ce30225> /usr/lib/libauto.dylib
0x913b9000 - 0x913f0fff com.apple.SystemConfiguration 1.9.2 (1.9.2) <41d5aeffefc6d19d471f51ae0b15024f> /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration
0x9182e000 - 0x9183cffd libz.1.dylib ??? (???) <5ddd8539ae2ebfd8e7cc1c57525385c7> /usr/lib/libz.1.dylib
0x9199a000 - 0x91ad3ff7 libicucore.A.dylib ??? (???) <f2819243b278259b9a622ea111ea5fd6> /usr/lib/libicucore.A.dylib
0x922af000 - 0x922afffa com.apple.CoreServices 32 (32) <2fcc8f3bd5bbfc000b476cad8e6a3dd2> /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices
0x9230b000 - 0x9232ffff libxslt.1.dylib ??? (???) <adfe90a3d564d824d5ae0fa6df8d6c3f> /usr/lib/libxslt.1.dylib
0x938f3000 - 0x93972ff5 com.apple.SearchKit 1.2.2 (1.2.2) <3b5f3ab6a363a4d8a2bbbf74213ab0e5> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit
0x93974000 - 0x93adbff3 libSystem.B.dylib ??? (???) <ae47ca9b1686b065f8ac4d2de09cc432> /usr/lib/libSystem.B.dylib
0x93cea000 - 0x93d77ff7 com.apple.LaunchServices 292 (292) <a41286c7c1eb20ffd5cc796f791070f0> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices
0x95208000 - 0x9521efff com.apple.DictionaryServices 1.0.0 (1.0.0) <ad0aa0252e3323d182e17f50defe56fc> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/DictionaryServices.framework/Versions/A/DictionaryServices
0x95469000 - 0x95471fff com.apple.DiskArbitration 2.2.1 (2.2.1) <ba64dd6ada417b5e7be736957f380bca> /System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration
0x95473000 - 0x9552dfe3 com.apple.CoreServices.OSServices 228 (228) <bc83e97f6888673c33f86652677c09cb> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices
0x955b0000 - 0x955cefff libresolv.9.dylib ??? (???) <0e26b308654f33fc94a0c010a50751f9> /usr/lib/libresolv.9.dylib
0x95772000 - 0x957a1fe3 com.apple.AE 402.3 (402.3) <dba512e47f68eea1dd0ab35f596edb34> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE
0x95fd4000 - 0x961a5ff3 com.apple.security 5.0.6 (37592) <c7c68c3ba198b36d571d4b1e028a1a77> /System/Library/Frameworks/Security.framework/Versions/A/Security
0x964b6000 - 0x96790ff3 com.apple.CoreServices.CarbonCore 786.11 (786.14) <d5cceb2fe9551d345d40dd1ecf409ec2> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore
0x967b1000 - 0x9683eff7 com.apple.framework.IOKit 1.5.2 (???) <7a3cc24f78f93931731203854ae0d891> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
0x96943000 - 0x96a23fff libobjc.A.dylib ??? (???) <3ca288b625a47bbcfe378158e4dc328f> /usr/lib/libobjc.A.dylib
0x9732e000 - 0x975aafe7 com.apple.Foundation 6.5.9 (677.26) <c68b3cff7864959becfc7fd1a384f925> /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
0x975af000 - 0x97656fec com.apple.CFNetwork 438.14 (438.14) <5f9ee0430b5f6319f18d9b23e777e0d2> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwork.framework/Versions/A/CFNetwork
0xfffe8000 - 0xfffebfff libobjc.A.dylib ??? (???) /usr/lib/libobjc.A.dylib
0xffff0000 - 0xffff1780 libSystem.B.dylib ??? (???) /usr/lib/libSystem.B.dylib

CorruptedFiles folders started to appear on os drive.

Even Windows XP (different disk) complained about a corrupted file on startup.

With little time for deep investigation I've some ideas about the causes of incompatibility:

- realtekR1000.kext (unlikely)

-restart fix (System restarted well without any fix before, started to have random shutdown issues with asere's v. 1.1.7)

- VGA with dual monitor attached (more likely): Dev-id injection is made by DSDT and not EFI string in boot.plist. The booter hung normally short before GUI (and no messages in the logs), shutting down with 2 monitors attached and restarting with just one on seemed to "confuse" the process.

The strange thing I've noticed before: problems started only after complete shutdowns. Just "restarting" the system seemed not harming it in any way.

So maybe Danica Talos suggestions that the booter is affecting the bios or leaving traces on the diskthat harms the boot process is a possibility, especially on 10.5 systems.

BTW, had to reset BIOS with "fail safe defaults" to get it back to work.

And before this system had any issues (even sleep was working).

Hope it helps.

Have a nice day.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.