Oct
12

Controller Card Detection at Boot POST – Mod/Flash the BIOS ROM Firmware

So then, you have the 6-chanel RAID PCI card that you bought off eBay and a couple of old, horded hard drives. Stoked, you’re ready to create your very own super hard drive with one terabyte of disk space! You install the hardware and boot your computer waiting for the BIOS to finish the POST. Suddenly, the Windows (or Linux) boot screen displays when you are expecting the controller card’s BIOS to kick in to configure the RAID drive. Maybe it was a mistake. You restart the computer hoping for the best. Alas, the RAID setup option doesn’t appear again. Too bad you bought this brand-less card from China (eBay) without any documentation. So then, what now?

Has this scenario ever happened to you before? The BIOS does not recognize the hardware but the operating system does after the power-on-self-test. This problem is kind of like a chicken-or-the-egg dilemma. I mean, its only great that Windows recognizes the controller card if you’re booting from the motherboard’s integrated disk controller. But what if you want to boot from a hard disk that is connected to a secondary controller card? This exact scenario happened to me a couple days ago. It literally took me two whole days of research, agony, and forum scourging. But I finally found the answer. Who’s to blame for this bug?

 


In my situation, I blame HP/Compaq (or AwardBIOS for that matter). The independent Chinese manufacturer that makes my SATA controller card actually produces an outstanding product. PCs from HP/Compaq, eMachines/Gateway, Dell, and others are made for consumers, not power users. These companies cripple the BIOS since most of their consumers will not use advanced features like WOL for S5 or duel controller card support. They leave computer enthusiasts to build their own PCs if they want such functionality. But for us budget-minded hackers, we must find ways to deal with these setbacks. This particular setback is solved by – drum roll please – hacking BIOS firmware!

BIOS Firmware/BIN/ROM

First things first, please update your BIOS. A BIOS update just may be the fix to your controller-detection problem. You'll save a lot of time, gnashing of teeth, and bad-flash anxiety if you do that. You may not even have to "darken the console" to a DOS prompt since modern flashers usually update in Windows. Except, you won't be able to brag to your colleagues that you've hacked your BIOS.

Go to the website of your PC maker, type in your computer model number, and see if there are any BIOS updates. If there is a BIOS update, try it out. If there is not a BIOS update or the update didn't fix your problem, continue reading. You're about to go down a deep dark path. As a disclaimer, BIOS hacking is very dangerous. You can potentially render your motherboard unusable. So, don't say I didn't warn you!

Still here? Great! If you were able to locate the BIOS update in the previous step, look for the firmware file. This is usually a file that ends in "*.rom" or ".bin". Sometimes, the likes of HP/Compaq obscure the file in an installation executable. In that case, you'll have to swipe the firmware file from the temporary files directory (TEMP) while the installation is running or use a utility like IZArc to extract the contents. I had to use the latter for my HP computer. If your manufacturer did not release a BIOS update or any BIOS firmware, your options are either Google or extracting your current BIOS. For the second option, try to find a program that will let you do that in the "BIOS Utilities" section below. Most of the time, a BIOS flasher will also let you capture/dump the firmware as well. Good luck!

Peripheral Hardware Boot ROM

Whatever hardware you're installing – most likely a controller card – you're going to need a BIOS add-on ROM from the manufacturer of that device. If you're lucky, the manufacturer distributes it on their website. Some make it easier and may even bundle it with the operating system drivers! If not, it will be a bit harder. Like I said, Google is your friend. In my case, the RAID card used a VIA VT6421 chip and VIA hid the ROM with their driver zip file.

BIOS Manufacturer

With the ROMs for your BIOS and device in hand, you'll need to find out who made your BIOS chip. You can pry open your computer cassis and search through the motherboard for familiar names. But as these consumer-grade PCs are usually a small ATX form factor variant, this will be difficult. Better yet, just turn on your computer and use your camera phone to take a picture of your POST screen. You might have to press TAB, F1, F2, or DEL. Chances are that American Megatrends (AMI) or Phoenix Technologies (also Award Software International) made your BIOS chip. For me, it was Phoenix/Award.

BIOS Utilities

Now that you know your manufacturer, you need to download the necessary utilities to hack the firmware. First, make sure that you use a utility that explicitly specializes in your particular manufacturer’s firmware. Don’t use an AMI for an AwardBIOS. Second, your choices of hacking software are endless. You can go the grey-hat route and download a program used by the manufacturer’s internal personnel. Google, ISO Hunt, and RapidShare variants are your friends. Or, you can use an open-source release from SourceForge. If you're at lost – or lazy – try these sites.

You'll need at least two tools. You'll need a program that does that actual hacking or configuring. This software will enable you to insert the device ROM into a BIOS ROM. You'll also need a flasher that will load the modified ROM into the actual BIOS chip. If you find one that does both of these functions seamlessly, kudos to you. Please leave a comment for the rest of us!

Note that the latest version does not necessarily mean the best version to use. Sometimes, a certain firmware ROM can only be manipulated by only one version of the BIOS utilities.


Process of My Experience

Now, in my situation, I was able to download the BIOS and device firmware with little impediments. Finding the BIOS manufacturer was easy. AwardBIOS was prominently displayed on the POST screen. I used cbrom (version 2.15) to modify the ROMs and WinFlash (version 1.86.2.HP) to flash the BIOS. Basically, the process is to verify, patch, verify, flash, and verify.

Verify I

It is imperative that you dump the modules of a valid BIOS firmware for your computer so that you have something to compare to the hacked BIOS. That way, you'll minimize the possibility of flashing a badly patched ROM. With cbrom, the command is

CODE:

  1. CBROM.EXE BIOSFirmware.bin /D

The result should look something like this:

CODE:

  1. No. Item-Name         Original-Size   Compressed-Size Original-File-Name
  2. ================================================================================
  3.   0. System BIOS       20000h(128.00K)151D5h(84.46K)Buc317.BIN
  4.   1. XGROUP CODE       0F280h(60.62K)0A8ADh(42.17K)awardext.rom
  5.   2. ACPI table        04B5Ah(18.84K)01B32h(6.80K)ACPITBL.BIN
  6.   3. EPA LOGO          0168Ch(5.64K)002AAh(0.67K)AwardBmp.bmp
  7.   4. YGROUP ROM        0D7E0h(53.97K)06ABDh(26.68K)awardeyt.rom
  8.   5. GROUP ROM[ 0]     080D0h(32.20K)03183h(12.38K)_EN_CODE.BIN
  9.   6. GROUP ROM[ 1]     090F0h(36.23K)037B9h(13.93K)_FR_CODE.BIN
  10.   7. GROUP ROM[ 4]     09050h(36.08K)0369Eh(13.65K)_SP_CODE.BIN
  11.   8. Other(405D:0000)  02000h(8.00K)01381h(4.88K)_DMI.BIN
  12.   9. Other(4066:0000)  0F300h(60.75K)0057Bh(1.37K)_RT.BIN
  13.  10. Other(4064:0000)  00510h(1.27K)00409h(1.01K)_Xsetup.BIN
  14.  11. LOGO BitMap       4B30Ch(300.76K)00C2Ah(3.04K)HPQ-IMB1.BMP
  15.  12. LOGO1 ROM         4B30Ch(300.76K)01755h(5.83K)CPQ-IMB1.BMP
  16.  13. VGA ROM[1]        0C000h(48.00K)07713h(29.77K)BWG_1348.DAT
  17.  14. PCI ROM[A]        0F400h(61.00K)0955Ah(37.34K)RAID1022.bin
  18.  15. PCI ROM[B]        03600h(13.50K)02534h(9.30K)AHCI.bin
  19.  16. PCI ROM[C]        0E000h(56.00K)08B21h(34.78K)BA1240L2.lom
  20.  17. Other(4067:0000)  01D31h(7.30K)00C76h(3.12K)PPMINIT.ROM
  21.  
  22.   Total compress code space  = 95000h(596.00K)
  23.   Total compressed code size = 52CB1h(331.17K)
  24.   Remain compress code space = 4234Fh(264.83K)
  25.  
  26.                           ** Micro Code Information **
  27. Update ID  CPUID  |  Update ID  CPUID  |  Update ID  CPUID  |  Update ID  CPUID
  28. ------------------+--------------------+--------------------+-------------------

If you get less than 5 listed modules, something may be wrong. You might want to try another cbrom version.

Patch

Next, patch the BIOS ROM with the device ROM. If your DOS prompt gets buggy or funny looking, you may have to try another cbrom version. In my situation, I ran the command

CODE:

  1. CBROM.EXE BIOSFirmware.bin /PCI RAIDFirmware.rom

Verify II

Dump the module listing again and compare it to your first dump screen. This is the next screen I saw.

CODE:

  1. No. Item-Name         Original-Size   Compressed-Size Original-File-Name
  2. ================================================================================
  3.   0. System BIOS       20000h(128.00K)151D5h(84.46K)Buc317.BIN
  4.   1. XGROUP CODE       0F280h(60.62K)0A8ADh(42.17K)awardext.rom
  5.   2. ACPI table        04B5Ah(18.84K)01B32h(6.80K)ACPITBL.BIN
  6.   3. EPA LOGO          0168Ch(5.64K)002AAh(0.67K)AwardBmp.bmp
  7.   4. YGROUP ROM        0D7E0h(53.97K)06ABDh(26.68K)awardeyt.rom
  8.   5. GROUP ROM[ 0]     080D0h(32.20K)03183h(12.38K)_EN_CODE.BIN
  9.   6. GROUP ROM[ 1]     090F0h(36.23K)037B9h(13.93K)_FR_CODE.BIN
  10.   7. GROUP ROM[ 4]     09050h(36.08K)0369Eh(13.65K)_SP_CODE.BIN
  11.   8. Other(405D:0000)  02000h(8.00K)01381h(4.88K)_DMI.BIN
  12.   9. Other(4066:0000)  0F300h(60.75K)0057Bh(1.37K)_RT.BIN
  13.  10. Other(4064:0000)  00510h(1.27K)00409h(1.01K)_Xsetup.BIN
  14.  11. LOGO BitMap       4B30Ch(300.76K)00C2Ah(3.04K)HPQ-IMB1.BMP
  15.  12. LOGO1 ROM         4B30Ch(300.76K)01755h(5.83K)CPQ-IMB1.BMP
  16.  13. VGA ROM[1]        0C000h(48.00K)07713h(29.77K)BWG_1348.DAT
  17.  14. PCI ROM[A]        0F400h(61.00K)0955Ah(37.34K)RAID1022.bin
  18.  15. PCI ROM[B]        03600h(13.50K)02534h(9.30K)AHCI.bin
  19.  16. PCI ROM[C]        0E000h(56.00K)08B21h(34.78K)BA1240L2.lom
  20.  17. Other(4067:0000)  01D31h(7.30K)00C76h(3.12K)PPMINIT.ROM
  21.  18. PCI ROM[D]        0F800h(62.00K)0792Ah(30.29K)RAIDFirmware.rom
  22.  
  23.   Total compress code space  = 95000h(596.00K)
  24.   Total compressed code size = 5A5DBh(361.46K)
  25.   Remain compress code space = 3AA25h(234.54K)
  26.  
  27.                           ** Micro Code Information **
  28. Update ID  CPUID  |  Update ID  CPUID  |  Update ID  CPUID  |  Update ID  CPUID
  29. ------------------+--------------------+--------------------+-------------------

Notice how everything remained exactly the same except for the 18th entry and the code sizes/spaces. Many times in this second verification, the DOS prompt went awry or cbrom appeared to have truncated the firmware to no modules at all. In this case, I used a different versions of cbrom.

Flash

If everything looks good, flash the BIOS. WinFlash makes it really simple to do it in a familiar Windows interface. However, if you have a lot running that can potentially crash and interrupt the flashing process, you may want to use the AwdFlash DOS version with a system startup disk or use WinFlash with Bart PE.

I've got to say, BIOS flash options are confusing with little documentation. Google is your friend. The only setting I used was the option to update the MainBlock. Everything else was left unchecked. Above all, try not to update the BootBlock if possible. I hear this executable block is your only cure for a bad flash.

I used this tutorial and this tutorial for WinFlash instructions.

Verify III

This verification is basically restarting the system and confirming that the POST completed without a hitch and the controller card BIOS screen appeared.

  • If the post failed, congratulations! Since most motherboards do not include a detachable BIOS chip, you get to shell out money for a new motherboard! Make sure you get one with a power user's BIOS. No really, if you didn't overwrite the BootBlock, you may still be able to flash an unmodified BIOS firmware. You did save a copy of an unhacked ROM didn't you? 🙂
  • If the controller card BIOS screen didn't appear, see if you can now enable it in the motherboard's CMOS setup. Also, check your chipset maker's documentation for a secret keystroke to get in their controller card BIOS.
  • Lastly, if the POST was successful and the controller card BIOS screen appeared, you're in business! Have fun!

Other Notable Sources

If you enjoyed this post, make sure you subscribe to hacker not cracker via RSS feed or email update!



Additional Reading

Comment View Comments from Other Readers

Popular Posts

Featured Posts

Related Posts

Recent Posts

What's Your Reaction?


Subscribe to this Blog:

Reader Reactions Elsewhere


 

One Response to “Controller Card Detection at Boot POST – Mod/Flash the BIOS ROM Firmware”

  1. downloadonlinefree.net Says:

    Pretty! This was a really wonderful post. Thank you for supplying this information.

 
© 2006 and web design of Allan Ray Barizo from [art] [⁄app].
This site is best viewed with FF and at least 1024x768 resolution.