OSDev.org

The Place to Start for Operating System Developers
It is currently Tue Sep 25, 2018 4:40 pm

All times are UTC - 6 hours




Post new topic Reply to topic  [ 9 posts ] 
Author Message
 Post subject: write to BIOS Flash ROM
PostPosted: Mon Apr 30, 2018 11:28 pm 
Offline

Joined: Tue Apr 24, 2018 2:07 am
Posts: 6
i'm trying to write a program that is installed onto BIOS but when i tryed to run black screen of death happens and i lost my computer. what is wrong in my source below:
Code:
cli
mov ax,0B108h
xor bx,bx
mov di,0090h
int 1Ah
push cx
or cl,00110000b
mov ax,0B10Bh
xor bx,bx
int 1Ah

mov ax,0F000h
mov es,ax
xor di,di
mov cx,0010h
mov al,11h
cld
rep stosb

pop cx
mov ax,0B10Bh
xor bx,bx
mov di,0090h
int 1Ah
sti
wbinvd


Top
 Profile  
 
 Post subject: Re: write to BIOS Flash ROM
PostPosted: Mon Apr 30, 2018 11:45 pm 
Offline
Member
Member
User avatar

Joined: Sat Mar 31, 2012 3:07 am
Posts: 3264
Location: Chichester, UK
I've no idea what your code does, but if it did overwrite the BIOS then you have probably bricked your computer permanently. You could ruin a lot of computers trying to get this right.

Again, given your username and the nature of your query, I have to wonder about your motives. Along with your previous query, you seem to be very interested in techniques typically used by malware.


Top
 Profile  
 
 Post subject: Re: write to BIOS Flash ROM
PostPosted: Tue May 01, 2018 12:32 am 
Offline

Joined: Tue Apr 24, 2018 2:07 am
Posts: 6
iansjack wrote:
I've no idea what your code does, but if it did overwrite the BIOS then you have probably bricked your computer permanently. You could ruin a lot of computers trying to get this right.

Again, given your username and the nature of your query, I have to wonder about your motives. Along with your previous query, you seem to be very interested in techniques typically used by malware.

My code only install a code onto BIOS. This is no malware, is only for educacional purposes.
I only want to inject my code onto Flash ROM BIOS.


Top
 Profile  
 
 Post subject: Re: write to BIOS Flash ROM
PostPosted: Tue May 01, 2018 1:01 am 
Offline
Member
Member
User avatar

Joined: Sat Mar 31, 2012 3:07 am
Posts: 3264
Location: Chichester, UK
I wouldn't expect you to say otherwise.

As a matter of interest, is the name "Attacker" just for educational purposes?


Top
 Profile  
 
 Post subject: Re: write to BIOS Flash ROM
PostPosted: Tue May 01, 2018 8:25 am 
Offline
Member
Member
User avatar

Joined: Fri Feb 17, 2017 4:01 pm
Posts: 311
Location: Ukraine, Bachmut
:D Young attacker inclined to education.)
Just an idea for you. If you want that bad to be able to flash SPI NOR chips on computers without bricking them down, try something other than common PCs. Like Rock64 board for example. It's a very cute armv8 64-bit mini-PC, with an impressive feature set for such a low price (upcomming Rock64Pro is even meatier). There, the ROM code is permanently present and it is not possible to get rid of of it, ;) and brick the board too. But it almost does nothing, the real FW should take control and do stuff. You can play with the SPI NOR chip which is btw HUGE there - 128Mbit!!! and if you screw it up, the board still will be able to boot from eMMC, SD so that you could recreate NOR chip content and keep learning. for educational purposes, of course. :)

But you are just a kind of script kiddie willing to become a c00l h4ck3r... shame on you! :mrgreen:

_________________
future big goal: ANT - NT-like OS for mips, arm and x86.
current smaller goal: efify - UEFI for a couple of boards (mips and arm).


Top
 Profile  
 
 Post subject: Re: write to BIOS Flash ROM
PostPosted: Tue May 01, 2018 10:14 am 
Offline
Member
Member
User avatar

Joined: Fri Oct 27, 2006 9:42 am
Posts: 1311
Location: Athens, GA, USA
Attacker wrote:
This is no malware,

Would the defendant like to change their plea? To quote from the (auto-translated) article this code is originally from:

Hacker Magazine, December 2008 wrote:
One of the main directions in the "battle of wits" between the authors of computer viruses and anti-virus programs is associated with the placement of the body of the virus in the RAM. At first glance, everything is trite: the task of the virus is to hide so that they do not find it, the task of the antivirus is to find it.

In the course of the evolution of technologies used both for writing malicious programs and for countering them, quite non-trivial solutions have appeared. The field of activity has long been not limited to the memory management mechanisms that are part of the operating system.

Today, in order to be "at the level", authors, both viruses and antiviruses need an understanding of the principles of program interaction and equipment, such as working with the configuration registers of the chipset, Model-Specific Processor Registers (MSR), the use of memory areas that have special status in terms of memory controller (SMRAM, Shadow, etc.).

The author of this article is not a virologist, much less a "virus writer", but works in the field of hardware and system software development. Therefore, the proposed material is prepared as information about a potential vulnerability, which makes it possible for the virus to "hide" in a non-trivial way. It's about using "shadow" memory or Shadow RAM and representing the virus in the status of the part of the executable BIOS block.


As the article itself states, that code will work only on the circa 2006 model of motherboard it was written for (Gigabyte GA-8i915PL-G with an Intel 915 chipset), on which it disables shadow RAM security features. I am pretty sure you didn't notice that part, assuming you even read the article rather than getting the code third- or fourth-hand from some other script kiddie.

Oh, and look, you didn't get this part of it either:

Hacker Magazine wrote:
Immediately we mention that it's not about modifying the contents of the BIOS ROM (Flash ROM), but about modifying the area of ​​RAM (Shadow RAM), where the contents of ROM BIOS are overwritten during the working session. Therefore, we are not talking about the failure of the motherboard here.


Ooooops. Someone told you some fibs, I think. A nice match for those you've told here...


Attacker wrote:
is only for educacional purposes.


Education for what? There are no legitimate uses for flashing a PC's BIOS with anything except the code the manufacturer provides. For that matter, there are damn few illegitimate ones, really. I am not sure what you mean to learn, other than how to brick a PC.

In any case, writing a BIOS for hardware you didn't have a hand in designing yourself is a fool's errand, as we've explained countless times to others here. Writing a BIOS requires detailed knowledge of the motherboard hardware, and the information in question is a) mostly specific to the exact model of motherboard, meaning the BIOS written based on it won't run on any other mobo, and b) usually proprietary, and thus unavailable to anyone other than the manufacturer.

(Well, them, or anyone willing to commit the money, time, resources, and expertise to spend 2+ years reverse engineering it, a task which involves an oscilloscope, de-soldering wick, datasheets for every IC on the board, and maybe a scanning electron microscope.)

There are a handful of SBCs that use (mostly) open-source hardware (and at least one MIPS/Loongson-based laptop from China, the Lemote 3A, but good luck finding one of those anywhere outside of the PRC if you aren't Richard Stallman), for which one might conceivably have the necessary information; I don't know of even a single stock x86 PC motherboard for which that is the case.

Note also that Flash devices, even ones not used for emulating disks, are generally block devices due to the nature of NAND flash memory - you can't just insert a snippet of code, you have to write a whole section out, overwriting whatever was there. The less common NOR flash memory can read by bytes, but still erases and writes en bloc. On most mobos flashing the BIOS is an all-or-nothing deal - anything in the flash memory prior to re-flashing is gone, no backsies.

But all that is beside the point, because the code is very definitely malware and nothing but (while it was published as an experimental process, it was done with the understanding that it was part of a pentest to show a vulnerability - one specific to the now twelve-year-old hardware being tested), and you have been caught dead to rights.

_________________
Rev. First Speaker Schol-R-LEA;2 LCF ELF JAM POEE KoR KCO PPWMTF
μή εἶναι βασιλικήν ἀτραπόν ἐπί γεωμετρίαν
Lisp programmers tend to seem very odd to outsiders, just like anyone else who has had a religious experience they can't quite explain to others.


Top
 Profile  
 
 Post subject: Re: write to BIOS Flash ROM
PostPosted: Wed May 02, 2018 9:51 am 
Offline
Member
Member

Joined: Mon Mar 25, 2013 7:01 pm
Posts: 1304
Schol-R-LEA wrote:
Education for what? There are no legitimate uses for flashing a PC's BIOS with anything except the code the manufacturer provides.

The coreboot developers would disagree with you there.

Of course, for a project undertaken by a single person, a motherboard from 2006 may be a bit too ambitious. A motherboard from 1996 may be a simpler task, if you can find one where all of the components are suitably documented (or don't mind reverse-engineering the original ROM).

Schol-R-LEA wrote:
I am not sure what you mean to learn, other than how to brick a PC.

Pick a board with a socketed ROM and dump its contents with an EEPROM programmer. If anything goes wrong, you can reflash the ROM using the programmer and your backup copy. You don't need to rewrite the ROM while it's attached to the motherboard, since you're not writing malware. :wink:


Top
 Profile  
 
 Post subject: Re: write to BIOS Flash ROM
PostPosted: Thu May 03, 2018 8:52 am 
Offline
Member
Member
User avatar

Joined: Fri Oct 27, 2006 9:42 am
Posts: 1311
Location: Athens, GA, USA
Octocontrabass wrote:
Schol-R-LEA wrote:
Education for what? There are no legitimate uses for flashing a PC's BIOS with anything except the code the manufacturer provides.

The coreboot developers would disagree with you there.


OK, I did overlook them. However, they collectively have the resources to figure out the details, and/or convince the manufacturers to provide them, which it seems unlikely that our 'student' would be able to do.

This is above and beyond the fact that Attacker was using code which they clearly didn't understand the purpose of, in a way it wasn't intended, and presumably on a system it wasn't for. Not that it matters much, as I highly doubt that Attacker will be back after they stopped in Tuesday morning to find my earlier post (gee, nothing to say, Attacker? What a shame.).

/me does a quick check Hmmn, it doesn't look like they have an implementation for the Thinkpad T410, pity.

_________________
Rev. First Speaker Schol-R-LEA;2 LCF ELF JAM POEE KoR KCO PPWMTF
μή εἶναι βασιλικήν ἀτραπόν ἐπί γεωμετρίαν
Lisp programmers tend to seem very odd to outsiders, just like anyone else who has had a religious experience they can't quite explain to others.


Top
 Profile  
 
 Post subject: Re: write to BIOS Flash ROM
PostPosted: Wed Sep 12, 2018 4:04 pm 
Offline
Member
Member

Joined: Wed Nov 18, 2015 3:04 pm
Posts: 321
Location: San Jose San Francisco Bay Area
I worked in bios but there is a certain strict protocol for writing to EEPROM BIOS chip. and I think it varies by manufacturer model.
I did not specifically worked with flash code but that is as far as I know but I do remember i peaked at the code and it did not look simple at all. There are some GPIO pins that can fool you by giving into illusion that writing into certain segment i.e. F000 but that could simply be empty address space or physical memory depending on how the hardware is wired up.
Bottom line, flashing ROM is not straightfwd!

Thanks.,

_________________
key takeaway after spending yrs on sw industry: big issue small because everyone jumps on it and fixes it. small issue is big since everyone ignores and it causes catastrophy later. #devilisinthedetails


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 9 posts ] 

All times are UTC - 6 hours


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group