[flashrom] success hacking DELL Dimension 4100

Andrew Goodbody ajg4tadpole at gmail.com
Wed Mar 13 00:14:29 CET 2013

On 12/03/13 16:59, Bertho Grandpied wrote:
> Some time ago, "Andrew Goodbody" noted :
>>> I'm pretty sure that the detection of FWH devices requires
>>> writing to the address space used and you cannot do that as
>>> you cannot set the BIOS WE bit in the chipset. So unless you
>>> can get around the SMI protection of that bit then there is
>>> no way to detect the chip in use. Even if you did detect it,
>>> you still could not program it.
> And I responded :
>> I'll check whether the BIOS also has locked access to SMRAM
>> - usually it wasn't done at the time. If the SMRAM is
>> accessible from outside SMM, it would be straightforward to
>> bypass the protection (just replace an RSM instruction as
>> the SMI "handler" ;-)
> Which was done successfully a mompent ago... BIOS was not locking the SMM settings on this Intel board fortunately, so replacing a plain RSM instruction at the SMI origin (A000:8000) took just a couple minutes' hacking, then for sure Flashrom was able to detect the FWH, to dump and also to update the flash image successfully :=)

Good work. Well done.


More information about the flashrom mailing list