How to dump BIOS data to a file

Question

I want to dump the BIOS data of my laptop to a file. The only solution I found is the following command:

dd if=/dev/mem bs=X skip=Y count=1

X and Y are different in suggested solutions by different people because there are different BIOS types.

Is there a way to find the exact address of BIOS data in /dev/mem? Can I use dmidecode to find the address range of BIOS in memory? And does Linux dump all BIOS data in RAM or just a special part of it?

If Linux can dump BIOS data to RAM, can the root user also access the BIOS directly?

Answer 1

You can try using biosdecode.

It is a command line utility to parses the BIOS memory and prints information about all structures (or entry points) it knows of. It finds out information about hardware such as:

• IPMI Device
• Type of memory and speed
• Chassis Information
• Temperature Probe
• Cooling Device
• Electrical Current Probe
• Processor and Memory Information
• Serial numbers
• BIOS version
• PCI / PCIe Slots and Speed

etc.

Things to consider:

• biosdecode parses the BIOS memory and prints the information about all structures.
• Decoding BIOS data is the same as dumping a computer's DMI. The DMI table mainly describes what the system is currently made of.
• Data provided by biosdecode is not in a human-readable format.

Viewing the contents on screen

You will need to use dmidecode command for dumping a computer’s DMI (SMBIOS) table contents on screen.

$ sudo dmidecode --type 0 

Search the man page for more information:

$ man dmidecode

Yes, the kernel keeps only the information it needs from the BIOS in the RAM. However you can make real-time BIOS calls from the root user using C applications that include embedded ASM (Assembly code), etc.

You can read more about the Linux kernel and a system's BIOS in this article from Linuxmagazine titled: Linux and the BIOS.

Answer 2

I think what you're looking for is flashrom. Provided that your system is supported, you can read your BIOS content by issuing

# flashrom -r <outputfile>

If you only want to save the so called CMOS RAM (those extra-bytes you save configuration to, like alarm on RTC et al) the kernel's nvram driver and device might help you:

config NVRAM
     tristate "/dev/nvram support"
     depends on ATARI || X86 || (ARM && RTC_DRV_CMOS) || GENERIC_NVRAM
     ---help---
       If you say Y here and create a character special file /dev/nvram
       with major number 10 and minor number 144 using mknod ("man mknod"),
       you get read and write access to the extra bytes of non-volatile
       memory in the real time clock (RTC), which is contained in every PC
       and most Ataris.  The actual number of bytes varies, depending on the
       nvram in the system, but is usually 114 (128-14 for the RTC).

       This memory is conventionally called "CMOS RAM" on PCs and "NVRAM"
       on Ataris. /dev/nvram may be used to view settings there, or to
       change them (with some utility). It could also be used to frequently
       save a few bits of very important data that may not be lost over
       power-off and for which writing to disk is too insecure. Note
       however that most NVRAM space in a PC belongs to the BIOS and you
       should NEVER idly tamper with it. See Ralf Brown's interrupt list
       for a guide to the use of CMOS bytes by your BIOS.

       On Atari machines, /dev/nvram is always configured and does not need
       to be selected.

       To compile this driver as a module, choose M here: the
       module will be called nvram.

Answer 3

If other tools are not available or cannot be used, here is a way to make an educated guess as to what region of memory to dump.

For instance, from within a VirtualBox VM, I successfully dumped its BIOS by doing:

$ grep ROM /proc/iomem # https://www.kernel.org/doc/Documentation/ABI/testing/sysfs-firmware-memmap
000c0000-000c7fff : Video ROM
000e2000-000e2fff : Adapter ROM
  000f0000-000fffff : System ROM
# dd if=/dev/mem of=pcbios.rom bs=64k skip=15 count=1 # 15*64k + 64k

Answer 4

Option bios in dmidecode

dmidecode -t bios

Read the memory from C:0000 to F:FFFF without the need for dmidecode

dd if=/dev/mem bs=1k skip=768  count=256 2>/dev/null | strings -n 8

Answer 5

This worked for me in VirtualBox:

$ grep ROM /proc/iomem

which results in:
000c0000-000c7fff : Video ROM
000e2000-000e2fff : Adapter ROM
000f0000-000fffff : System ROM

System ROM starts at 000f0000, which is 0xF0000.

Open browser and go to http://www.hexadecimaldictionary.com/hexadecimal/0xF0000. This says the decimal value is 983040, which divided by 1024 to get kilobytes is 960 which is the starting point and the value for 'skip'.

The end number is 0xFFFFF which is 1048575 which is just shy of 1024. 1024 - 960 is 64, which is the value of 'count'.

The command to run to dump the bios is thus:

dd if=/dev/mem of=pcbios.bin bs=1k skip=960 count=64

Answer 6

I built something on top of ack's answer, it's just a little bash script that automates the process of converting the hex to decimal for us noobs.

I was finding it annoying converting everything, also his answer doesn't mention that you have to convert the values and where to put them and all that...

so here's a simple explanation:

you have to run:

grep ROM /proc/iomem # this will ouput the ROM hex values...
this will output the other mem values you can dump if that floats your boat.
cat /proc/iomem

once you have the two different hex values ~ looks like this:

fed20000-fed3ffff

you just add a 0x at the front of both of them and separate them with a space like this:

0xfed20000 0xfed3ffff

finally add them to the script that I made like this:

sudo ./memDifference 0x000c0000 0x000ce9ff /home/kali/output

as you can tell, the first bit is the script and the bit at the end is the file you want to output... MAKE SURE YOU ENTER THE VALUES LIKE THIS OR IT WILL NOT WORK ITS A QUICK SCRIPT I MADE.. nothing fancy.

here is the code so you can compile the script:

just do ~ sudo nano memDifference ~ then copy and paste this in there:

#!/bin/bash
action1=$1
action2=$2
action3=$3
part1=$(($action2-$action1))
part1=$(($part1+1))
part2=$(($action1))
part1kb=$(($part1/990))
part2kb=$(($part2/990))
printf '\ndumping memory with dd & /dev/mem with these values:\n\ntotal amount ~ hex: '$action1' / decimal: '$part1kb'kb/s\nstart location ~ hex: '$action2' / decimal: '$part2kb'kb/s''\n\n'
dd if=/dev/mem of=$action3 skip=$part2 bs=1 count=$part1 status=progress

when you're done, make sure you change the permissions of the file ~ memDifference to 777 or at least 755:

sudo chmod 777 memDifference

and that's all folks... I'm such a retard.

anyway, cheers enjoy x

P.S ~ if you want view the hex / unicode / ascii or whatever just use:

xxd output | less

if you want to modify the hex, the best tool is:

hexcurse

its a terminal basked tool and I really like it, works really well!!

Answer 7

My ree tool can extract BIOS ROM extensions. I wrote it initially for DOS for laptop assembly, to dump BIOS settings for dump/restore; it is available for Linux too, and included in most distributions.