How to completely backup the old bios for future investigation ? (ALSO BIOS SECURITY TIP/IDEA !!)

Hello,

The old bios chip seems to be working.

However the bios chip might be corrupted or infected with a bios
virus ?!

So I want to investigate the bios chip.

What is the best way to completely backup the BIOS and compare it with
other versions ?

So far I can think of this method, but is it thorough enough ?

1. Use bootdisk and afudos tool to backup the bios to a rom image.

2. Download/find corresponding bios version from the internet or
harddisk (could ofcourse still be modified but unlikely... best to
redownload it to make absolutely sure though maybe the internet
bios version is already changed ! haha, so compare to disk is also
good ! =D)

3. BINARY COMPARE ROM IMAGES/FILES.

Then see if there are any differences...

This is a simple and short test.

However I have seen people write about "protected" areas of the bios
chip...

Do these "protected" area's exist... are they backed up as well ?

Can a virus penetrate these "protected" area's ?

What about the remaining unused memory ?

Can virus hide there ? HMMM ?!?

Ofcourse a little bit of the bios would have to be changed for the
virus to jump to unused memory... so it would probably still be
detected.

And finally:

What tools are available on the internet to investigate bios rom
images/file more thoroughly... maybe even at the command/programming
level ?!

Having a look at it could be interesting anyway... and the binary
compare seems a really smart way to check/make sure it wasn't altered.

However I have heard somebody tell a story about a virus which shortly
****ed up your computer... and then after a while it would completely
VANISH.... it would simply restore everything back to normal.

So that all evidence would be gone ?!

By the time you come at the store with "dead motherboard" it would
suddenly be alive again =D

Funny story isn't it.

Well for me that's ofcourse not the case... my old motherboard is as
dead as it can be... confirmed in other post/thread/testings.

YES.

AND TO ALL VIRUS WRITES I SAY:

1. PLEASE DON'T WRITE VIRUSSES THAT'S BAD AND NASTY AND NOT NICE !

2. PLEASE DON'T USE THIS TECHNIQUE TO VANISH. ALWAYS LEAVE A TRACE SO
YOU WILL BE CAUGHT THAT'S GOOD FOR YOU AND ME AND THE WORLD =D

3. AND ADVICE TO HARDWARE MANUFACTURERS:

BUILD IN A MODIFICATION DETECTION METHOD WHICH CAN'T BE RESET.

FOR EXAMPLE:

BUILD IN A COUNTER WHICH KEEPS TRACK OF THE NUMBER OF MODIFICATIONS to
the BIOS CHIP.

THIS COUNTER SHOULD BE IMPOSSIBLE TO RESET.

WHEN THE USER FLASHES THE NEW COUNTER VALUE IS STORED TO DISK OR
SOMETHING.

Then later... if the counter value does not match the counter value on
disk... or on a piece of paper for all I care... then the USER KNOWS
the BIOS CHIP WAS MODIFIED WITHOUT HIS CONSENT !

SOMETHING ELSE CHANGED IT !

YES THE COUNTER IDEA IS GOOD IDEA TO CATCH BIOS VIRUSSES AND OTHER
UNALLOWED BIOS CHANGES ! HA-HA.

It's a nice start to improve BIOS SECURITY

Bye,
Bye,
Skybuck.

Skybuck The Destroyer wrote:
>
> 3. BINARY COMPARE ROM IMAGES/FILES.
>
> Then see if there are any differences...
>

<<snip>>

I can guarantee you that the backed-up image will
be different than the downloaded file. Certain
parts of the BIOS are "volatile" and they change
the first time that the computer POSTs, after
the BIOS is flashed.

So if you do compare them and see that they are
different, don't panic if the parts that
are different, are the DMI or ESCD sections.
These should be closer to the end of the
device (high addresses). The code at the beginning
of the files to be compared, should be the
same.

00000 Normal code modules
...
DMI/ESCD
FFFFF Boot block is near the end.

You can do the comparison, as long as you realize
that parts of the BIOS will be different. And there
is nothing wrong with that.

HTH,
Paul

On Jun 12, 12:28 pm, Paul <nos...@needed.com> wrote:
> Skybuck The Destroyer wrote:
>
> > 3. BINARY COMPARE ROM IMAGES/FILES.
>
> > Then see if there are any differences...
>
> <<snip>>
>
> I can guarantee you that the backed-up image will
> be different than the downloaded file. Certain
> parts of the BIOS are "volatile" and they change
> the first time that the computer POSTs, after
> the BIOS is flashed.
>
> So if you do compare them and see that they are
> different, don't panic if the parts that
> are different, are the DMI or ESCD sections.
> These should be closer to the end of the
> device (high addresses). The code at the beginning
> of the files to be compared, should be the
> same.
>
> 00000 Normal code modules
> ...
> DMI/ESCD
> FFFFF Boot block is near the end.
>
> You can do the comparison, as long as you realize
> that parts of the BIOS will be different. And there
> is nothing wrong with that.
>
> HTH,
> Paul

Ok thanks for the tip... good to know that...

However is it really the thruth ?

I mean gjez...

Aren't these settings stored in some special kind of RAM that's
powered by the battery ?!?!?!?!?

Are you actually telling me... everytime I change my hardware... and
the ESCD updated message of windows appears that some parts of the
BIOS got actually FLASHED ?!!!!!!!!!!!!

You know I am against FLASHING ! =D

Isn't that was the CMOS is for ?

CMOS IS NOT BIOS ?

CMOS is supposed to be the RAM powered by the battery ?

I am confused !

Bye,
Skybuck.

Skybuck The Destroyer wrote:

>
> Are you actually telling me... everytime I change my hardware... and
> the ESCD updated message of windows appears that some parts of the
> BIOS got actually FLASHED ?!!!!!!!!!!!!
>

Yes. A small portion of the BIOS is reprogrammed. It
should happen each time the hardware configuration is
changed. The BIOS compares the hardware during POST,
to the previously recorded configuration. And the
BIOS updates the DMI/ESCD, with the new information.

CMOS RAM is too small to record DMI/ESCD, so they put it
in the flash instead. It means a slight nuisance, if
comparing a backup BIOS image, to one you have
downloaded.

Paul

Skybuck The Destroyer wrote:

> It's a nice start to improve BIOS SECURITY
>
> Bye,
> Bye,
> Skybuck.


You are being a ****, you know it!


Keep straight!




Best regards,

Daniel Mandic

Well,

I am not touching anything inside my PC anymore.

My PC working better than ever !

Even the FreeCell sound bug is gone ?!

Last time when I build my PC as soon as I messed around with the bios that
bug was created or something.

SO I AM STAYING AWAY FROM EVERYTHING RELATING TO THE BIOS CHIP LOL.

NO MORE INVESTIGATIONS FROM MY PART until I get problems or something.

To bad for the investigation... but it's not worth it.

Everything working A.O.K and I am just fine with that =D

Besides virus infection in bios a bit far fetched

possible but unlikely... though now I might not ever know.

But I don't wanna know as long as my PC works OK

Sorrrrryy but my investigation stop right here =D LOL.

IF IT AINT BROKE DONT MESS WITH IT I SAY ! =D WIEEEE.

Bye,
Skybuck.

On Thu, 14 Jun 2007 16:01:55 +0200, "Skybuck Flying" <>
wrote:

>IF IT AINT BROKE DONT MESS WITH IT I SAY ! =D WIEEEE.


Better get that brain looked at then.

On Tue, 12 Jun 2007 03:18:57 -0700, Skybuck The Destroyer
<> wrote:

>Hello,
>
>The old bios chip seems to be working.
>
>However the bios chip might be corrupted or infected with a bios
>virus ?!
>
>So I want to investigate the bios chip.
>
>What is the best way to completely backup the BIOS and compare it with
>other versions ?
>

RTF_A8N32-SLI_M !!

John Lewis