Welcome to the dark corner of BIOS reverse engineering, code injection and various modification techniques only deemed by those immensely curious about BIOS

Monday, April 26, 2010

Fixes and Update to AMI BIOS Reverse Engineering Article

I've made some fixes to the AMI BIOS Reverse Engineering article. The fixes mostly deal with the interpretation of the "headers" of the component in the decompressed AMI System BIOS module a.k.a AMI 1B module (near the end of section 4.4 until the end of the article). I have add some new information regarding the structure of AMI system BIOS as well. Anyway, I built 2 utilities to work with the AMI system BIOS module. The first one, to split the AMI system BIOS module into its components (or to "extract" one component from it) and the second one to insert a modified AMI system BIOS module's component into the AMI system BIOS module. You can download their source code here (both utilities source code are lumped together into one compressed file). The explanation about the utilities can be found here. I don't have enough time yet to make an article to explain them. Well, it should be clear from the source code even though they were quick hacks.
Post a Comment

8 comments:

Anonymous said...

Darmawan Salihun,

Thank you for posting this! I look forwards to an article if you choose to write one.

AMI's lack of good, public tools had made me sad and I hope to be able to use your tools and perhaps extend them. Have you considered putting your software somewhere like http://github.com? This is a great way to encourage other to contribute.

Thanks again!

-Aaron

Darmawan Salihun said...

Hi Aaron,

You can download the MMTool (akin to CBROM for Award BIOS) and AMIBCP tool (akin to Modbin for Award BIOS) from the BIOS Workshop section in the rebelshaven forum (move one level up in the rebelshaven link in the post above).

Darmawan Salihun said...

As for putting it up on github. I'll do that later along with the article. Also, I forgot to say that MMTool and AMIBCP are tools specifically used for AMI BIOS.
PS: Well, I messed up my response ;).

Anonymous said...

Darmawan,

Thanks for the pointers. Those tools look helpful as well.

I tried running ami_1b_splitter against a flash image I extracted with flashrom (from the linux bios/core boot project). This is an image of the full 4MB flash and it was obviously not what ami_1b_splitter was looking for. Do you know how to extract / detect the 1b module from the full flash image?

Thanks,

Aaron

Darmawan Salihun said...

You should use MMTool to extract the 1B module. Open the BIOS binary image with MMTool and then look at the left-most column. You should see the "1B" marker there which marks the 1B module. Just extract it using the extraction tab in MMTool. The extracted file is the "expected" file to be processed by the ami_1B_splitter (in fact that's why it's called ami_1B_splitter).

RustyGuy said...

Hi, I'm trying to reverse engineer and AMIBIOS8 to disable post error codes. I've spent a few weeks with no success.

I've read your award and ami articles. and I noticed that you made a little script to create and relocate the segments in award bios. but not in AMI.

I've succesfully found the post routine start in my 1b.bin module which I extracted using ami_1b_splitter (thanks a lot for that) but the address just does'nt match.

so I wonder if you have an ida script to allocate the code segments in the 'proper' place for AMIBIOS8?

if you have a second please check the posts by 'RUSTYGUY' at http://www.rebelshavenforum.com/sis-bin/ultimatebb.cgi?ubb=get_topic;f=52;t=000049;p=22#000342

thanks in advance for your time and patience

Anonymous said...

Not sure why but I cant find the link to download. anyone have the link?

Darmawan Salihun said...

You can download it at https://sites.google.com/site/pinczakko/download (executable) or at https://sites.google.com/site/pinczakko/source-code (source code)