Chapter 32: Viruses Infecting BIOS

image from book  Download CD Content

Overview

The processor is the heart of your computer while BIOS, without a doubt, is its soul. BIOS firmware determines all system capabilities. Thus, the capabilities of your PC can be extended considerably if you insert into BIOS a custom module that does something useful. For example, this module can protect the computer against intrusion, prevent the operation of the antivirus scanners , or unlock hidden capabilities, thus overclocking the machine to unimaginable speeds. In other words, hacking BIOS is not only possible but also useful. The more you hack BIOS, the more you strive to hack it! Hacking it is extremely interesting and cognitive. This is a real school of programming that provides unlimited possibilities for self-expression. The main issue here is your imagination ! Only the hardware limits your boundless thought. You can freely switch to the protected mode, manipulate each register, and do whatever you like. In this chapter, I'll show you how.

For experiments described in this chapter, you'll need a motherboard with Flash BIOS on it. Any BIOS model will work (Fig. 32.1). I'll mainly describe Award BIOS, the most correct and popular one; however, owners of other models will find lots of interest here. For such users, I have prepared a universal method of insertion for all BIOS models.

image from book
Figure 32.1: Different types of Flash memory chips

Recognizing the BIOS chip is easy because it has a holographic label, which must be removed to locate the marking. The marking is a long sequence of digits, appearing, for example, as follows : 28F1000PPC-12C4. Having detected the marking, go to http://www.datasheetarchive.com and fill the query string. You'll receive a PDF file with a detailed description of the chip (the so-called datasheet). Now, it is necessary to find an identical or compatible chip of Flash memory, over which you'll carry out you experiments. Such a chip can be purchased or removed from a dead motherboard.

For hot-swapping BIOS (in other words, replacing a BIOS chip on the operating motherboard), poor hackers wrap cotton thread around the chip ( otherwise , it is easy to create a short circuit and ruin not only the BIOS chip but also the entire motherboard). Note that richer hackers use special tools for this purpose, called a chip extractor and BIOS Saviour (Fig. 32.2). These tools were invented after the epidemic of infamous Chernobyl virus, and you can purchase them in shops for advanced radio and computer fans or over the Internet.

image from book
Figure 32.2: BIOS Saviour simplifies removal of the chip from the operating motherboard

In addition, you'll need the documentation for the chipset of the motherboard. Intel and AMD provide the datasheets for free. Other manufacturers (for example, VIA and SiS) do not publish this information openly, so the hacker must spend lots of time and effort before he or she finds anything of any interest.

The set of utilities for flashing BIOS can be downloaded from the site of the BIOS or motherboard manufacturer. Some manufacturers (for example, Intel and ASUS) enter lots of modifications into BIOS, and "native" utilities cease to work with such BIOS versions as a result. Therefore, the hacker has to use the toolset supplied with the motherboard. In addition, you'll need any assembler (MASM, TASM, FASM, or NASM), disassembler (IDA Pro, the fourth version of which is distributed freely), and a HEX editor (HIEW or Hex Workshop).



Shellcoder's Programming Uncovered
Shellcoders Programming Uncovered (Uncovered series)
ISBN: 193176946X
EAN: 2147483647
Year: 2003
Pages: 164

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net