Welcome to the dark corner of BIOS reverse engineering, code injection and various modification techniques only deemed by those immensely curious about BIOS

Saturday, July 12, 2014

How Boot Firmware Development and Driver Development Differs--PCI Bus Implementation Case Study

This post is not BIOS/UEFI specific per-se. However, it has a very close relation to it because it delves deep into Windows device driver architecture.

Most of BIOS/UEFI modules are aware of the CPU architecture, motherboard chipset and all supporting logic in which it runs. However, the same assumption cannot be made for an OS, such as Windows. Therefore, BIOS/UEFI modules mostly can take for granted the CPU and bus architecture in which it will run. The same is not true for a device driver. For example, a PCI or PCIe explansion card can be used in the same operating system but runs on entirely different CPU architecture. This means device driver creator couldn't and shouldn't assume the CPU architecture and bus architecture in which it will eventually run.

This series of posts by Windows PnP subsystem developer is very enlightening in this respect:
http://blogs.msdn.com/b/doronh/archive/2010/05/05/arbitration-and-translation-part-1.aspx
http://blogs.msdn.com/b/doronh/archive/2010/05/06/translation-and-windows.aspx
http://blogs.msdn.com/b/doronh/archive/2010/05/06/arbitration-and-translation-part-3.aspx

This hopefully shed some light in system software developments :)

Sunday, May 11, 2014

(Cross) Compiling My Sample PCI Expansion ROM Code

My sample PCI Expansion ROM code over at Low Cost Embedded x86 Teaching Tool is no longer compile-able on recent x64 Linux distributions. This is due to the fact that the default GCC toolchain in those Linux distros doesn't support output in the form of the particular ELF32 i386 required by the source code. Other possible problem is the GCC toolchain doesn't support 16-bit code output anymore, as required by the linker script.

For trouble free source code compilation, you're advised to download and build Coreboot cross compiler, see: http://www.coreboot.org/Build_HOWTO#Known_issues. Just invoke:

make crossgcc

in the directory where you download Coreboot (Coreboot root directory) to build the cross compiler. You'll also need to alter the Makefile of the PCI Expansion ROM code to use the newly built cross compiler. The toolchain components that you need to change in the Makefile is pretty much everyone of them, i.e: CC, LD, AS and OBJCOPY. The cross compiler should be located in the /util/crossgcc/xgcc/bin directory, once you have completed building the cross compiler. If you are still unsure about the path of the cross compiler toolchain, open the .xcompile file in Coreboot root directory.

Gentle Introduction to Coreboot

I've just stumbled upon this series of articles by  Lennart Benschop about Coreboot. It's a very smooth introduction to Coreboot that explains Coreboot components from a high level view and proceed toward more specific parts of it. You can read it over here. Note that Coreboot specific stuff starts at "Column" no.4. Have a nice reading :-)

Monday, February 17, 2014

NSA BIOS Backdoor Article Part 2: BULLDOZER is up

You can read the complete article at: NSA Backdoor Part 2, BULLDOZER: And, Learn How to DIY a NSA Hardware Implant

This is the excerpt:
This article is the second part of a series on NSA BIOS Backdoor internals. This part focuses on BULLDOZER, a hardware implant acting as malware dropper and wireless communication “hub” for NSA covert operations.

Thursday, January 30, 2014

NSA BIOS Backdoor Article Part 1

OK. This is part one of my controversial article series of the year :P

NSA BIOS Backdoor a.k.a. God Mode Malware Part 1: DEITYBOUNCE
This first part focuses on the DEITYBOUNCE malware described in the NSA ANT Server document.
I won't spoil the details here. Head to the link above for the details :-).

Thursday, January 9, 2014

System Address Map Initialization Part 2 Article

Finally, System Address Map Initialization Part 2 article is up. Check out :  http://resources.infosecinstitute.com/system-address-map-initialization-x86x64-architecture-part-2-pci-express-based-systems/. It's a lengthy article. There could be minor error coz I didn't have enough time to review some parts of the detail close to the end of it.

Monday, January 6, 2014

PDF of My Past Articles on Infosecinstitute

You can download the PDF version of my past articles on Infosecinstitute via these links:
https://sites.google.com/site/pinczakko/bios-articles
and
https://sites.google.com/site/pinczakko/miscellaneus

Future articles will be available as PDF as the embargo lifts up.