• Award_Flash_Decoding

Decoding Award BIOS Flash Access Code

• Get BIOS from /dev/mem
  • dd if=/dev/mem of=/tmp/whatever bs=64k count=1 skip=15
• find $@AWDFLASH
• just after the 'H' are some pointers within the current 64KiB segment
• the first is unknown
• the second is the unlock routine
• the third is the lock routine

• disassemble the unlock routine ... use [http://www.jukie.net/~bart/blog/20070504205042 bios-disassembler]

• use your knowledge of PCI and whatnot to figure out what the assembly code is doing

helper script

This finds the entry point of the unlock function. Written in [http://www.minimalinux.org/arena/ Arena].

fd = fopen(argv[1], "r");
if (fd == null)
        return;

for ( i = 0; i < 4096; i++) {
        paragraph = fread(fd, 16);

        line = strstr(paragraph, "$@AWDFLASH");
        if( (!is_void(line)) && (line == 0) )
        {
                pa = cstring(paragraph);
                lo = mgetchar(pa, 12) & 0xff;
                hi = mgetchar(pa, 13) & 0xff;
                printf("0x%02x%02x\n", hi, lo);
        }
}