14

I've spent a lot of time developing an operating system and working on my low level boot loader. But now I want to take some time off my operating system while not leaving the low-level environment and doing something involving security.

So I chose to build my own standard password utility following the pre-boot authentication scheme. Since I want the software to be at least a little portable I want it to use as little external support as is possible. I figured that I'd be best if I somehow managed to 'hook' into the bios somewhere between the self checks and the int 19 bootstrap from within a running real mode OS.

However finding information on how to modify the bios code proved to be impossible. I've found nothing on how to achieve the before mentioned. I have only found pages describing how to flash your bios.

Does anyone know how I can read/write bios code? Or can someone provide links to pages that describe this?

I know that it's not only possible to brick my device but it is also likely, I'm aware of the risk and willing to take it.

Justin
  • 84,773
  • 49
  • 224
  • 367
Rick
  • 151
  • 1
  • 4

3 Answers3

4

Pinczakko's articles on BIOS reverse engineering are a great place to start looking at this. There was also a book published by the same author but it is now out of print.

I'm not sure if this approach is the best approach towards a secure boot, but the articles on this site are very detailed and should point you towards a method for modifying your BIOS firmware.

Dion
  • 56
  • 1
  • I've come across a few articles of his in the past, I thought he had only written a guide to reverse engineering his bios, but on the link you gave there are several articles, thank you for that! – Rick Aug 20 '11 at 12:03
  • it appears that his article _Award BIOS Code Injection_ is exactly what I was looking for, thanks for the link. as I said before I knew about his reversing article but not about his other articles. – Rick Aug 20 '11 at 14:52
3

I'm not really sure what you are trying to achieve, but:

The BIOS is completely hardware specific - each manufacturer will have their own mechanism for updating / flashing BIOS and so trying to come up with a portable mechanism for updating a BIOS is destined for failure. For example when using Bochs you "update" the BIOS by specifying a different BIOS ROM image.

If you want to modifty / write your own BIOS then its going to be completely specific to that hardware. Your best bet would be to start with something like Bochs as its open source - as you can take a look at the source code for the BIOS (and easily test / debug it) you stand a reasonable chance of understanding the BIOS code and modifying it into something that works, however I suspect this isn't what you are trying to do.

Why not just perform this authentication as your OS boots? If you want to protect the data then you should encrypt it and require that the user supply log in / supply the decryption key on startup.

Justin
  • 84,773
  • 49
  • 224
  • 367
  • I'll look into bochs. I've already implemented a module performing security checks inside my OS although it's only a simple xor/ror/rol encryption (more like an encoding) Now I'm trying to step-up my game, and if I somehow make it portable it can be used to secure operating systems that do not support this natively. Also the problem I face is more of a 'I know want to do but don't know how to do it' kind. I have no idea on how to access the flash memory, when I do I can start experimenting and figuring things out for myself. – Rick Aug 19 '11 at 14:48
2

If you were thinking of working with "legacy" PC BIOS, I would dissuade you from trying for many of the reasons Justin mentioned: 1) legacy BIOS is PC vendor-specific; 2) it is closed source and proprietary; 3) there are no industry standards defining legacy BIOS interfaces for extending the system as you are trying to do.

On the other hand, if you have access to a UEFI-based BIOS PC, you may be able to write your own PEI/DXE driver(s) to implement such a feature. This will at least point you in the right direction:

http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=Welcome

Intel Press book on the topic: Beyond BIOS

Regarding the practicality of read/writing the BIOS, you'll need to identify the SPI part containg the BIOS and get a ROM burner. The SPI part may or may not be socketed; if it is not socketed, you'll need a soldering iron and be able to create a socket/header for the part. You obviously do not want to embark on this project with your primary computer system. Perhaps you could find an older system or a reference board.

William Leara
  • 10,595
  • 4
  • 36
  • 58
  • Thank you for your answer, I'll read the articles you've posted and see if they help me. I'm afraid they don't though since all the machines I have use legacy bios. – Rick Aug 20 '11 at 11:14