BIOS image unpacker or extractor
Solution 1
http://www.phrack.org/issues.html?issue=66&id=11 describes ASUS unpacker of 1MB *.ROM files:
ASUS BIOS is based on AMI BIOS so we used AMIBIOS BIOS Module Manipulation Utility, MMTool.exe, to extract the Main BIOS module. Open downloaded .ROM file in MMTool, choose to extract "Single Link Arch BIOS" module (ID=1Bh), check "In uncompressed form" option and save it. This is uncompressed Main BIOS module.
Solution 2
The file format is entirely proprietary so you are not likely going to be able to find its format or a program that can read it.
From within windows you can still use the dos debug command to unassemble the bios in the F000:0000 block, but these days, the system bios is much larger than 64 or 128k, so only some of it is visible in that area of memory ( the 16 bit compatibility part ). Where the rest of it is kept is entirely up to the bios, and making it visible typically involves setting a bit in a hardware register somewhere that changes a block of ram addresses into the full bios ROM. The details of that are chipset specific, but it is going to be accessible only in protected mode. Manipulating the hardware registers and accessing that memory are not possible in user mode.
Related videos on Youtube
16 : 47
01 : 59
06 : 33
09 : 20
13 : 04
Comments
-
osgx over 1 year
I want to see unpacked PC BIOS image code. First way which I see is to download BIOS Flash update from vendor, but it is packed. How can I unpack it? Vendors interested are Gigabyte, ASUS, Supermicro, HP. Second way is to dump the current BIOS fully. Can I dump BIOS image while using Windows or Linux?
Example of ASUS 1MB ROM
0000:0000 | 41 53 55 53 54 45 4B 00 00 00 00 00 00 00 00 00 | ASUSTEK......... 0000:0010 | FF FF FF FF FF FF FF FF FF FF FF FF 08 C0 01 00 | ЪЪЪЪЪЪЪЪЪЪЪЪ.ю.. 0000:0020 | F1 3F 5C A4 08 00 90 CB FF FF 11 90 00 00 00 00 | Я?\╓..░кЪЪ.░.... 0000:0030 | 01 00 00 00 07 0A 00 00 08 20 09 04 7A 06 01 00 | ......... ..z... 0000:0040 | 5A 7F 06 83 01 00 00 00 11 00 00 00 D0 1F 00 00 | Z..┐........п... 0000:0050 | 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | . .............. 0000:0060 | 00 00 00 00 A1 00 00 00 01 00 02 00 07 0A 00 00 | ....║........... 0000:0070 | 1A 00 00 00 00 00 00 A4 08 04 08 20 01 04 00 00 | .......╓... .... 0000:0080 | 01 00 00 00 7A 06 01 00 00 00 00 00 00 00 00 00 | ....z........... 0000:0090 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 0000:00A0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 0000:00B0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 0000:00C0 | 66 48 29 C4 14 A1 20 3E 9C F1 87 83 AA 14 FB DA | fH)д.║ >°Я┤┐╙.Шз 0000:00D0 | 09 83 A3 33 EA F8 B0 68 00 B2 20 2A 9E AA C7 CD | .┐ё3ЙЬ╟h.╡ *·╙гм 0000:00E0 | C7 E7 0C 17 05 C7 27 D7 A5 1B 9B 01 29 4A 41 E0 | гГ...г'в╔.⌡.)JAЮ 0000:00F0 | 58 54 D4 57 11 A4 A8 26 66 D9 AA 9F B0 C8 5E 09 | XTтW.╓╗&fы╙÷╟х^. 0000:0100 | 2A 7C 3A 08 0F C7 CF 17 A8 78 8E 3C 19 C4 18 CE | *|:..го.╗x▌<.д.н 0000:0110 | B7 DE 2D 5F 71 5D C9 C9 16 51 7A 43 D0 3A 25 E0 | ╥ч-_q]ии.QzCп:%ЮThis looks not like ready-to-disassemble code (just checked, there are a wild mix of fp and int machine codes). Maybe it is encrypted?
-
Breakthrough almost 13 yearsASUS provides the raw BIOS images for download I think.
-
osgx almost 13 yearssoandos, to learn SMM stackoverflow.com/q/6852824/196561
-
