I'm attempting to rescue a PC motherboard with a corrupt BIOS. The BIOS chip is an SOIC-8 surface mount package and I'm trying to use a chip clip along with a CH341 programmer. My main issue is getting the clip to attach and then stay on the chip. It will attach correctly about 1 in 20 attempts but will ping off before I can completely read the current chip contents.
Is there a technique to doing this or are these clips just terrible ?
Can anyone download from wch dot cn at the moment?
#CH341 #CH340 #GreatFirewall #Embedded #Hardware #HardwareHacking #Electronics #ESP32
Is That The Moon Worming Its Way Into Your BIOS?
When facing a malware situation, the usual "guaranteed solution" is to reinstall your OS. The new developments in malware world will also require you to have a CH341 programmer handy. In an arguably inevitable development, [Kaspersky Labs] researchers have found an active piece of malware, out in the wild, that would persist itself by writing its bootstrap code into the BIOS chip. It doesn't matter if you shred the HDD and replace it with a new one. In fact, so-called MoonBounce never really touches the disk at all, being careful to only store itself in RAM, oh, and the SPI flash that stores the BIOS code, of course.
MoonBounce is Microsoft-tailored, and able to hook into a chain of components starting from the UEFI's DXE environment, through the Windows Loader, and finishing as a part of svchost.exe, a process we all know and love.
This approach doesn't seem to be widespread - yet, but it's not inconceivable that we'll eventually encounter a ransomware strain using this to, ahem, earn a bit of extra cash on the side. What will happen then - BIOS reflashing service trucks by our curbsides? After all, your motherboard built-in BIOS flasher UI is built into the same BIOS image that gets compromised, and at best, could be disabled effortlessly - at worst, subverted and used for further sneaky persistence, fooling repairpeople into comfort, only to be presented with one more Monero address a week later.
Will our hardware hacker skills suddenly go up in demand, with all the test clip fiddling and SOIC-8 desoldering being second nature to a good portion of us? Should we stock up on CH341 dongles? So many questions!
This week's installment of "threat vectors that might soon become prevalent" is fun to speculate about! Want to read about other vectors we might not be paying enough attention to? Can't go wrong with supply-chain attacks on our repositories! As for other auxiliary storage-based persistence methods - check out this HDD firmware-embedded proof-of-concept rootkit. Of course, we might not always need the newfangled ways to do things, the old ways still work pretty often - you might only need to disguise your malicious hardware as a cool laptop accessory to trick an average journalist, even in a hostile environment.
Thanks to Brendan Dolan-Gavitt on Twitter for highlighting this to us!
Main image courtesy Kaspersky Labs.
BIOS Flashing Journey Writeup Puts Tutorials To Shame
A couple of weeks ago, [Doug Brown] bought a Ryzen motherboard, advertised as "non-working" and discounted accordingly. He noticed that the seller didn't test it with any CPUs old enough to be supported by the board's stock BIOS revision, and decided to take a gamble with upgrading it.
Not having a supported CPU in hand either, he decided to go the "external programmer" route, which succeeded and gave this board a new life. This is not why we're writing this up, however. The reason this article caught our eye is because [Doug]'s research leaves no stone unturned, and it's all there to learn from. Whether through careful observation or thorough research, this article covers all the important points and more, serving as an example to follow for anyone looking to program their BIOS.
For instance, [Doug] correctly points out a design issue with these common programmers resulting in 5 V getting onto the 3.3 V data lines, and fixes it by rewiring the board. Going through all the letters in the ICs part number, something that many of us would dismiss, [Doug] notices that the flash chip is 1.8 V-only and procures a 1.8 V adapter to avoid the possibility of frying his motherboard. After finding out that the 1.8 V adapters don't work for some people, he reverse-engineers the adapter's schematics and confirms that it, indeed, ought to work with the specific parts on adapter he received.
Noting another letter in the part number implying the flash chip might be configured for quad-SPI operation, he adds series resistors to make sure there's no chance of the programmer damaging the BIOS chip with its hardwired pinout. This is just an example of the insights in [Doug]'s article, there's way more that we can't mention for brevity, and we encourage you to check it out for yourself.
With this level of care put into the process, it's no surprise that the modification was successful. The kind of inquisitiveness shared here is worth aspiring to, and writeups like this often surpass general-purpose tutorials in their insights and usefulness. What's your "successfully making use of something sold as non-working" story?
If you're looking for other insightful BIOS stories, we've covered someone reverse-engineering their BIOS to remove miniPCIe card whitelisting. We've typically covered BIOS modification stories in laptops, since there's more incentives to modify these, but a lot of laptop BIOS articles will apply to desktop motherboards too, such as this supervisor password removal story or this LibreBoot installation journey by our own [Tom Nardi].
Thank you [Sidney] for sharing this with us!
#computerhacks #repairhacks #bios #ch341 #ch341a #motherboard #ryzen
