Page 1 of 1

How are Intel bios varified?

Posted: Mon Oct 17, 2011 11:26 pm
by fdm
I have an old Gateway with an Intel EA81510A motherboard and would like to replace the dumbed-down OEM bios with retail Intel bios. I am aware I can use the recovery procedure to accomplish this, but unfortunately I have been unable to locate any floppy disks to use. Intel uses signed bios, so instead of targeting the bios I have taken to reversing the dos flasher. From what I have gathered online, it is supposed to verify the bios via the 3 digit vendor code(15A for Gateway, 86A for Intel). With this, I used softice to locate how/where the vendor string is loaded in memory and how the program accesses it later. To pass the vendor check, I shortened a random string and used the freed space to add the version and id from the retail Intel bios. Then I changed the segment and address that the program uses to access the detected id string to point to my new inlined one. I tested this patch with Gateway bios and 15A set as the vender string, and it was able to successfully flash. Then I tried to flash unmodified retail Intel bios with 86A as the vender code and it returned Authentication failure, the same error I get if I try to modify the bio's headers. Since I am unsure what to make of this, I thought maybe someone here might have some insight on what other information it might be gathering from my board to determine that might make it fail validation.

Re: How are Intel bios varified?

Posted: Tue Oct 18, 2011 3:30 pm
by edwin
The short answer is: we don't know and we don't need to know since we can use the recovery method to flash it.

The long answer: if you change each and every occurance of the 86A inside a bios string in the file into 15A and make sure the checksum of the file is correct, you can succesfully flash that file using the Intel flasher provided by Gateway. Why you want to do that is beyond me, the retail Intel bios does not have all that much more options than the Gateway one as far as I can tell. Intel boards from that era cannot be overclocked in any way, shape or form... I remember seeing issues with the IDE controller when using a retail Intel bios on a Gateway board for this model. Be careful.

Re: How are Intel bios varified?

Posted: Tue Oct 18, 2011 6:53 pm
by fdm
Thanks for the reply, though it was a bit disheartening. I don't have any delusions of bypassing the integrity checks, so I am not hoping to update the video bios or anything like that. Just looking to have a bit of fun with it since it's gone unused anyway. You did reveal some new attack points for me to try, so thanks very much for that.