jhl::mafipulation

jhl::mafipulation

	Sun, 08 Jul 2012 xfv-4-intel: an Intel .BIO extractor I recently turned an Intel motherboard into a paperweight by nuking the BIOS ROM, and was disappointed to find that Intel's modern EFI-based BIOSes only support updates from an EFI capsule (the infamous .BIO file). Now, without a clean ROM image to program, the original BIOS is never coming back; but with a little reversing it might be possible to get Coreboot up and running and restore my board to useful status... Anyway, I found Christoph Pfisterer's xfv tool, which unpacks EFI firmware volumes and capsules. It was missing a couple of features I needed, like decompression of Intel's "custom" compression mode (actually LZMA), so here is a version suitable for dumping Intel BIOS files: xfv-4-intel.tgz This makes it trivial to recover irreplaceable pieces like the VGA BIOS, as well as useful information like the static ACPI tables. posted at: 23:18 \| path: /reversing \| permanent link to this entry Tue, 08 Nov 2011 Resetting middle-aged Volvo service lights I recently had to fix my 1996 850's mechanical odometer, and have spent some time reverse engineering some bits and pieces to try and read the mileage out of the instrument cluster electronics. While I haven't managed to figure that out yet, I have picked up a bunch of other codes; and one thing that seems to be quite difficult for this era of Volvo is resetting the service light. Here's how to do it with an ELM327 or compatible OBD-II interface. You will need a terminal emulator such as minicom (Mac/Linux) or HyperTerminal (Windows). Hit enter after each command. Connect to the port, turn your ignition to II, and make sure linefeeds are on: > AT L1 Now set up your address as 0x13: > AT RA 13 And since you are talking to the instrument cluster (0x51), set the message header and target address: > AT SH 83 51 15 > AT IIA 51 You can now wake up the cluster controller: > AT SI You should see BUS INIT...OK If so, issue the reset command: > B0 30 If you're not sure it's communicating properly, you can try a gauge test - all the needles are moved to full scale and back: > B0 31 You can reissue AT SI to restart communication at any time. Make sure you issue the reset within a couple of seconds of ATSI finishing, as the controller seems to go back to sleep pretty quickly. I'd be interested to hear from anyone who knows how to extract the odometer data from one of these - I've had no luck with commands A5, A7 or B9 (read data by offset/address, or read data block). posted at: 02:24 \| path: /reversing/volvo \| permanent link to this entry Thu, 07 Apr 2011 ShairPort 0.05 released My girlfriend moved house, and her Airport Express no longer made it with her wireless access point. I figured it'd be easy to find an ApEx emulator - there are several open source apps out there to play to them. However, I was disappointed to find that Apple used a public-key crypto scheme, and there's a private key hiding inside the ApEx. So I took it apart (I still have scars from opening the glued case!), dumped the ROM, and reverse engineered the keys out of it. So, here is ShairPort, an open-source (Perl/C) replacement. shairport-0.05.tar.gz 13/4: Updated to 0.05 - cleaner, more informative error handling. 12/4: Updated to 0.04 - compile fixed on non-x86 platforms 11/4: Updated to 0.03 - bugfix release: broken with IPv6 (Mac troubles with iTunes). You must install IO::Socket::INET6 for Perl to fix this - Debian/Ubuntu users, this is lib-io-socket-inet6-perl. Update: 2013 I'm now maintaining this again. Github repo is here. posted at: 00:00 \| path: /reversing \| permanent link to this entry

org.mafipulation@jhl:mailto index rss