BIOS

---[2.1.1 - Hardware     
        
Back in the 80's the BIOS firmware was contained in ROM or PROM 
chips, which could not be altered in any way, but nowadays, this 
firmware is stored in an EEPROM (Electrically Erasable 
Programmable Read-Only Memory). This kind of memory allows the user
to reflash it, allowing the vendor to offer firmware updates in 
order to fix bugs, support new hardware and to add new 
functionality.

---[2.1.2 - How it works?
  
The BIOS has a very important role in the functioning of a 
computer.
It should be always available as it holds the first instruction
executed by the CPU when it is turned on. This is why it is stored
in a ROM.
        
The first module of the BIOS is called Bootblock, and it's in 
charge of the POST (Power-on self-test) and Emergency boot 
procedures. POST is the common term for a computer, router or 
printer's pre-boot sequence. It has to test and initialize almost 
all the different hardware components in the system to make sure 
everything is working properly.
        
The modern BIOS has a modular structure, which means that there are
several modules integrated on the same firmware, each one in charge
of a different specific task; from hardware initialization to 
security measures.
        
Each module is compressed, therefore there is a decompression 
routine in charge of the decompression and validation of the 
others modules that will be subsequently executed.  

After decompression, some other hardware is initialized, such as 
PCI Roms (if needed) and at the end, it reads the sector 0 of the
hard drive (MBR) looking for a boot loader to start loading the 
Operating System.

---[2.2 - Firmware file structure
        
As we said before, the BIOS firmware has a modular structure. When 
stored in a normal plain file, it is composed of several LZH
compressed modules, each of them containing an 8 bit checksum.
        
However, not all the modules are compressed, a few modules like the
Bootblock and the Decompression routine are obviously uncompressed 
because they are a fundamental piece of the booting process and 
must perform the decompression of the other modules. Further, 
we will see why this is so convenient for our purposes.
        
Here we have the output of Phnxdeco (available in the Debian 
repositories), an open source tool to parse and analyze the Phoenix
BIOS Firmware ROMs (that we'll going to extract at 3.1.1):


+-------------------------------------------------------------------------+
| Class.Instance (Name)     Packed --->  Expanded      Compression  Offse |
+-------------------------------------------------------------------------+

B.03 (    BIOSCODE)   06DAF (28079) => 093F0 ( 37872)  LZINT ( 74%)  446DFh
B.02 (    BIOSCODE)   05B87 (23431) => 087A4 ( 34724)  LZINT ( 67%)  4B4A9h
B.01 (    BIOSCODE)   05A36 (23094) => 080E0 ( 32992)  LZINT ( 69%)  5104Bh
C.00 (      UPDATE)   03010 (12304) => 03010 ( 12304)   NONE (100%)  5CFDFh
X.01 (     ROMEXEC)   01110 (04368) => 01110 (  4368)   NONE (100%)  6000Ah
T.00 (    TEMPLATE)   02476 (09334) => 055E0 ( 21984)  LZINT ( 42%)  63D78h
S.00 (     STRINGS)   020AC (08364) => 047EA ( 18410)  LZINT ( 45%)  66209h
E.00 (       SETUP)   03AE6 (15078) => 09058 ( 36952)  LZINT ( 40%)  682D0h
M.00 (       MISER)   03095 (12437) => 046D0 ( 18128)  LZINT ( 68%)  6BDD1h
L.01 (        LOGO)   01A23 (06691) => 246B2 (149170)  LZINT (  4%)  6EE81h
L.00 (        LOGO)   00500 (01280) => 03752 ( 14162)  LZINT (  9%)  708BFh
X.00 (     ROMEXEC)   06A6C (27244) => 06A6C ( 27244)   NONE (100%)  70DDAh
B.00 (    BIOSCODE)   001DD (00477) => 0D740 ( 55104)  LZINT (  0%)  77862h
*.00 (      TCPA_*)   00004 (00004) => 00004 (   004)   NONE (100%)  77A5Ah
D.00 (     DISPLAY)   00AF1 (02801) => 00FE0 (  4064)  LZINT ( 68%)  77A79h
G.00 (  DECOMPCODE)   006D6 (01750) => 006D6 (  1750)   NONE (100%)  78585h
A.01 (        ACPI)   0005B (00091) => 00074 (   116)  LZINT ( 78%)  78C76h
A.00 (        ACPI)   012FE (04862) => 0437C ( 17276)  LZINT ( 28%)  78CECh
B.00 (    BIOSCODE)   00BD0 (03024) => 00BD0 (  3024)   NONE (100%)  7D6AAh


We can see here the different parts of the Firmware file, 
containing the DECOMPCODE section, where the decompression routine
is located, as well as the other not-covered-in-this-paper 
sections.
        
        
---[2.3 - Update/Flashing process
    
The BIOS software is not so different from any other software.
It's prone to bugs in the same way as other software is. 
Newer versions come out adding support for new hardware, features 
and fixing bugs, etc. But the flashing process could be very 
dangerous on a real machine. The BIOS is a fundamental component 
of the computer. It's the first piece of code executed when a 
machine is turned on. This is why we have to be very carefully when
doing this kind of things. A failed BIOS update can -and probably
will- leave the machine unresponsive. And that just sucks.
	
That is why it's so important to have some testing platform, such 
as VMWare, at least for a first approach, because, as we'll see,
there are a lot of differences between the vmware version vs. the
real hardware version.