Welcome to the dark corner of BIOS reverse engineering, code injection and various modification techniques only deemed by those immensely curious about BIOS

Tuesday, April 21, 2009

BIOS Binary File Editing with Vim in Linux

I didn't realize it until just now that Vim actually has a quite neat binary file editing mode. Let's have a quick look into this mode. First, you have to start Vim and tell it explicitly that you want to edit a binary file. This is important because if you don't do it, the file is guaranteed to be tampered by Vim in a way that you don't expect it to. To do it, open the file by using the '-b' switch like this:
vim -b [file name]
For example let's have a look at a sample BIOS file:
pinczakko@opusera:~/temp/bios_reversing$ vim -b 8IPE775P.BIN
This is the result: Now, that doesn't look like a convenient way of editing a binary file. Therefore, let's convert it into a better looking file called the xxd file by using the following Vim command:
This is what we got: At this point, you can edit the hex values in the middle column shown in the figure above. The drawback of Vim is the changes cannot be reflected immediately in the other columns. Assuming that you have finished editing the binary file, you should convert the xxd file back to its original binary form. This is accomplished with the following vim command:
:%!xxd -r
After that, you should save it back with the
Vim command. The help that comes with Vim explain the details of the procedure in section 23.4, under section 23 (Editing Other Files). More experiments still need to be done to ensure that Vim is reliable enough for binary editing. But this is a very good starting point.

Thursday, April 2, 2009

My BIOS Security Presentation on AI3 Meeting 2006

With all the fuss around BIOS rootkit in CanSecWest, I have to say that it's already a long known fact. In 2006 I presented the possibility in AI3 Meeting in ITB (Bandung Institute of Technology). These are the presentation contents: [+/-] Read Details