2005-04-13-0852Z


Been working on something I've been wanting to do for many, many years: hack the BIOS on my computers. For starters, I just want to set the NVRAM defaults to something sane; for some reason, on powerout, the NVRAM always gets trashed on one of the computers, so the setting for coming "on" after powerout never works. And I want boot-from-LAN always enabled.

Intensive Google searching finally found a command to dump the ROM:

$ dd if=/dev/mem of=/tmp/bios.dat bs=1024 skip=960 count=64

It even works under Cygwin, but you have to be Administrator. If you've set up sshd on your Cygwin box, you can ssh -l administrator localhost, dump the ROM, then exit back out to your normal user account. Pretty cool, huh?

Only problem is, I have reason to doubt, under Linux at least, that this is really the true complete BIOS dump; something tells me part of it contains a list of boot devices:

jcomeau@USER ~
$ cmp -b -l zero_bios.dat billy_bios.dat | wc
    335    1622    7351

jcomeau@USER ~ $ strings billy_bios.dat > /tmp/billy_strings.txt

jcomeau@USER ~ $ strings zero_bios.dat > /tmp/zero_strings.txt

jcomeau@USER ~ $ diff /tmp/*_strings.txt 40a41,44 > Seagate Technology 1275MB - ST3 > WDC WD2000BB-22GUA0 > SAMSUNG CD-ROM SC-148 > HL-DT-ST GCE-8525B

Most of the differences are between offsets 5476 to 5766, and 6593 to 6867 (decimal), according to the full cmp output. The others look like timestamps or serial numbers which could indicate real differences in the BIOS binaries; these machines were identical, purchased at the same time from Wal-Mart.com.

Back to blog or home page

last updated 2013-01-10 20:36:10. served from tektonic