I first got into BIOS modding back in 2009, and since then I've always considered BIOS modding to be the ultimate test of reverse engineering.
I say this because unlike most software reverse engineering for API dependent programs, you no longer have the ability to view the contents of the CPU registers, nor do you have access to any kind of debugging. Getting the results you desire without these two crutches makes this very difficult. If you'd like to follow along with this tutorial by using the same BIOS that I am, then here's where you can download it.
One of the primary tools I use for modding Insyde BIOS is Andy's Phoenix tool. This tool allows you to unpack, extract, insert, and replace all the different modules that make up your BIOS. It keeps all the check sums updated, which pretty much makes the modding process fool proof. You can download it here.
The other tools I use are IDA Pro for any disassembling and HxD for any hex-editing
So lets get started on my second BIOS modding tutorial. The splash screen logo is the image that appears
when your computer is starting up. Since I have an HP laptop, my computer's splash screen logo is an HP logo. Most computer companies follow this trend. Here's a picture of what mine looks like:
Unpack your BIOS installer so that you have access to your BIOS ROM. Lets start off by opening your BIOS ROM with Andy's tool and press the Advanced button. We want to enable the ability to make modifications to modules. So these are the settings I changed. I also checked No SLIC because otherwise we would have to select a SLIC table in order to repack our changes. I'm fine with my BIOS current SLIC table.
Press Done to get back to the main screen of Andy's tool. Then press the Go button. When this message comes up, don't press Ok yet.
Now we can edit our BIOS's modules. So we have to find out which module actually contain the splash screen logo. Download "X Search" here and run it. Click Browse and select the DUMP folder produced by Andy's tool when it opened your BIOS image. Now depending on the type of image decoder(s) are in your BIOS, you'll need to search for that type of format in "X Search"s search box. If you have a jpeg decoder, then search for JFIF, for bmp search for BM, and for PCX search for this hex sequence 0A 05 01 in ascii notation. Special thanks to Florin9doi for that information. If you don't know what decoder your BIOS has, then just search for all of them. You can search for several words at once by separating them with spaces. Ex: JFIF BM
Mine found a lot of modules containing those words, but only one of them is my actual splash screen logo. Try opening up all the listed modules with MS Paint until you find the right one. If you have t
ruble with this part then try renaming the file extension to .jpg, .bmp, or .pcx. Just make sure you name it back to .ROM when you finished editing it. The 609DDF84-0816-46AA-92E8-3ED9A7AFC4CA_0_882.ROM file contain mine.
If your really having trouble finding which module contains your logo, then I'd recommend you look through your DUMP file using the latest version of Ubuntu. It's default file browser, Nautilus, automatically parses through the files your currently looking at and displays a thumbnails of all multimedia files. So here's it automatically determining which file contains my logo:
Now you can freely edit the image. The only restriction is that there's a limited amount of space in your BIOS. The largest image I was able to get working was a very low quality 640 x 480. Andy's tool will give you an error if your new logos too big. Here's a logo that I did as a quick demonstration:
Thank you
for any error comment below
I say this because unlike most software reverse engineering for API dependent programs, you no longer have the ability to view the contents of the CPU registers, nor do you have access to any kind of debugging. Getting the results you desire without these two crutches makes this very difficult. If you'd like to follow along with this tutorial by using the same BIOS that I am, then here's where you can download it.
The other tools I use are IDA Pro for any disassembling and HxD for any hex-editing
So lets get started on my second BIOS modding tutorial. The splash screen logo is the image that appears
when your computer is starting up. Since I have an HP laptop, my computer's splash screen logo is an HP logo. Most computer companies follow this trend. Here's a picture of what mine looks like:
Unpack your BIOS installer so that you have access to your BIOS ROM. Lets start off by opening your BIOS ROM with Andy's tool and press the Advanced button. We want to enable the ability to make modifications to modules. So these are the settings I changed. I also checked No SLIC because otherwise we would have to select a SLIC table in order to repack our changes. I'm fine with my BIOS current SLIC table.
Press Done to get back to the main screen of Andy's tool. Then press the Go button. When this message comes up, don't press Ok yet.
Now we can edit our BIOS's modules. So we have to find out which module actually contain the splash screen logo. Download "X Search" here and run it. Click Browse and select the DUMP folder produced by Andy's tool when it opened your BIOS image. Now depending on the type of image decoder(s) are in your BIOS, you'll need to search for that type of format in "X Search"s search box. If you have a jpeg decoder, then search for JFIF, for bmp search for BM, and for PCX search for this hex sequence 0A 05 01 in ascii notation. Special thanks to Florin9doi for that information. If you don't know what decoder your BIOS has, then just search for all of them. You can search for several words at once by separating them with spaces. Ex: JFIF BM
Mine found a lot of modules containing those words, but only one of them is my actual splash screen logo. Try opening up all the listed modules with MS Paint until you find the right one. If you have t
ruble with this part then try renaming the file extension to .jpg, .bmp, or .pcx. Just make sure you name it back to .ROM when you finished editing it. The 609DDF84-0816-46AA-92E8-3ED9A7AFC4CA_0_882.ROM file contain mine.
If your really having trouble finding which module contains your logo, then I'd recommend you look through your DUMP file using the latest version of Ubuntu. It's default file browser, Nautilus, automatically parses through the files your currently looking at and displays a thumbnails of all multimedia files. So here's it automatically determining which file contains my logo:
Now you can freely edit the image. The only restriction is that there's a limited amount of space in your BIOS. The largest image I was able to get working was a very low quality 640 x 480. Andy's tool will give you an error if your new logos too big. Here's a logo that I did as a quick demonstration:
Thank you
for any error comment below
where can i get the andys tool
ReplyDeletefor future wanderers:
DeleteAndy's Tool is here: http://xdel.ru/downloads/bios-mods.com-tools/Andy%20P%20%28MDL%29%20Phoenix-Insyde-EFI%20SLIC%20Tool/
My problem is not sorted on hp pavailion laptop. Please provide assistance.
ReplyDeleteis their a way to slip uefi into old bios or do upgrade without changing bios chip?
ReplyDeletecan i update bios to uefi on older bios that has no official uefi update...