BIOS Disassembly Ninjutsu Uncovered - Preface
BIOS Disassembly Ninjutsu Uncovered - Preface
BIOS Disassembly Ninjutsu Uncovered - Preface
THE AUDIENCE
This book is primarily oriented toward system programmers and computer security
experts. In addition, electronic engineers, pc technicians and computer enthusiasts can also benefit
a lot from this book. Furthermore, due to heavy explanation of applied computer architecture (x86
architecture) and compression algorithm, computer science students might also find it useful.
However, nothing prevents any people who is curious about BIOS technology to read this book
and get benefit from it.
Some prerequisite knowledge is needed to fully understand this book. It is not mandatory,
but it will be very difficult to grasp some of the concepts without it. The most important
knowledge is the understanding of x86 assembly language. Explanation of the disassembled code
resulting from the BIOS binary and also the sample BIOS patches are presented in x86 assembly
language. They are scattered throughout the book. Thus, its vital to know x86 assembly language,
even with very modest familiarity. Its also assumed that the reader have some familiarity with C
programming language. The chapter that dwell on expansion ROM development along with the
introductory chapter in BIOS related software development uses C language heavily for the
example code. C is also used heavily in the section that covers IDA Pro scripts and plugin
development. IDA Pro scripts have many similarities with C programming language. Familiarity
with Windows Application Programming Interface (Win32API) is not a requirement, but is very
useful to grasp the concept in the Optional section of chapter 3 that covers IDA Pro plugin
development.
THE ORGANIZATION
The first part of the book lays the foundation knowledge to do BIOS reverse engineering and
Expansion ROM development. In this part, the reader is introduced with:
a. Various bus protocols in use nowadays within the x86 platform, i.e. PCI, HyperTransport and
PCI-Express. The focus is toward the relationship between BIOS code execution and the
implementation of protocols.
b. Reverse engineering tools and techniques needed to carry out the tasks in later chapter, mostly
introduction to IDA Pro disassembler along with its advanced techniques.
c. Crash course on advanced compiler tricks needed to develop firmware. The emphasis is in
using GNU C compiler to develop a firmware framework.
The second part of this book reveals the details of motherboard BIOS reverse engineering and
modification. This includes indepth coverage of BIOS file structure, algorithms used within the
BIOS, explanation of various BIOS specific tools from its corresponding vendor and explanation
of tricks to perform BIOS modification.
The third part of the book deals with the development of PCI expansion ROM. In this part,
PCI Expansion ROM structure is explained thoroughly. Then, a systematic PCI expansion ROM
development with GNU tools is presented.
The fourth part of the book deals heavily with the security concerns within the BIOS. This
part is biased toward possible implementation of rootkits within the BIOS and possible
exploitation scenario that might be used by an attacker by exploiting the BIOS flaw. Computer
security experts will find a lot of important information in this part. This part is the central theme
in this book. Its presented to improve the awareness against malicious code that can be injected
into BIOS.
The fifth part of the book deals with the application of BIOS technology outside of its
traditional space, i.e. the PC. In this chapter, the reader is presented with various application of the
BIOS technology in the emerging embedded x86 platform. In the end of this part, further
application of the technology presented in this book is explained briefly. Some explanation
regarding the OpenBIOS and Extensible Firmware Interface (EFI) is also presented.
is needed. This is due to the inherent problems that occurred with the windows port of the GNU
tools when trying to generate a flat binary file from ELF file format.
i
iv
1
1
7
9
9
9
11
15
17
18
Chapter 2
19
19
22
28
37
Chapter 3
48
48
53
61
61
74
77
81
Chapter 5
83
83
83
85
86
99
113
113
115
116
129
Chapter 6
BIOS Modification
6.1. Tools of the Trade
6.2. Code Injection
6.3. Other Modifications
173
173
174
184