home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Freaks Macintosh Archive
/
Freaks Macintosh Archive.bin
/
Freaks Macintosh Archives
/
Textfiles
/
zines
/
hir
/
hir3 Folder.sit
/
hir3 Folder
/
HIR3-3.TXT
< prev
next >
Wrap
Text File
|
1997-12-29
|
7KB
|
126 lines
/"-_-"-_-"-_-"-_-"-_-"-_-"-_-"-_-"-_-"-_-"-_-"-_-"-_-"-_-"-_-"-_-"-_-"-_-"\
\ H A C K E R S I N F O R M A T I O N R E P O R T /
/ \
\ The Joys of The Personal Computer CMOS /
"-_-"-_-"-_-"-_-"-_-"-_-"-_-"-_-"-_-"-_-"-_-"-_-"-_-"-_-"-_-"-_-"-_-"-_-"
By Axon
Ahoy! Axon here. I Figured it would be a good thing to teach all you guys
a few things about the Personal Computer CMOS (Complimentary Metal Oxide
Semiconductor). Actually, Complimentary Metal Oxide is what most Integrated
Circuits are made of, however, when one refers to "THE CMOS", they are either
Stupid, or they are talking about the Personal Computer's way of storing
configuration Settings.
The CMOS is part of the modern computer's hardware that saves many things,
such as the specifications of your hard drive, what floppy drives you have,
and various other settings like the password used for protected boot-ups.
Potentially, this brings up a lot of cool ideas. I don't know much about the
data format of the CMOS memory, but I know that traditionally in the IBM AT
computers, when the CMOS was introduced, there were 64 bytes of memory on the
chip.
Before the CMOS was nothing. There were jumpers, or switches on the mother-
boards of computers. These switches PHYSICALLY held setup values such as
what types of floppy drives, and video settings. There was no password. A
severe drawback to this system was that in order to change these values, one
needed to pull the case off of the computer, search for the switches, which
were scarcely ever located in a single place. Usually they were near the
device they affected. If the switches were jumpers, which they usually were,
you needed small fingers or a pair of tweezers to adjust them. It was clear
that there must be a better way of doing things. With a lot of hard thinking
and determination, IBM toyed with the idea of using computer memory to store
the settings that the Jumpers were used for.
Memory is volatile. When you shut off power, the bits that are stored are
hosed, lost forever. The CMOS is no exception. All computers with a CMOS
chip also have a battery of some sort that support it while the computer is
off. These batteries can be NiCd or Lithium. Disconnecting the battery from
the motherboard will erase all settings the CMOS held (sometimes the battery
needs to stay disconnected for as long as 2 hours for the CMOS data to vapor-
ize. Also, there is usually a jumper near the CMOS chip. I will discuss the
battery later, right now I will focus on identifying the chip itself.
Usually, the chip has 28 pins. Most of the time it isn't soldered onto the
motherboard, it actually fits in a DIP socket on the board, and looks like
a long sandwich to me. There will usually be a sticker on the top that says
"AWARD", "Ami, or American MEgatrends", or "Phoenix". possibly others. This
is the chip you are concerned with. Look for a jumper near it (within 1 inch)
For those idiots out there, a jumper is a little black...thing, that is about
1/8" by 1/4" by 1/4" inch (roughly, I don't have one with me to measure,
unless i take apart the computer i am typing this on.) It has 2 holes that
will fit over pins on the motherboard. chances are, only one hole of the
jumper is on a pin, and the other hole could fit onto a pin if you pulled it
off and re-aligned it. If you do this, and leave it there for a while, it
shorts out the power connection to the CMOS, casuing it to lose its data.
The battery, which, as i said earlier, can be removed to erase CMOS data, is
usually found near the CMOS chip, but not always. It may look like an over-
size watch battery. I've seen various other shapes and sizes though. Some
look like half of a AA battery, some look like 3 small batteries held
together with shrink material, and others look like brown boxes that are not
even mounted on the motherboard, but mounted somewhere else in the case, with
wires running to a pin connector socket on the motherboard (These are replace-
ment batteries for the batteries that are soldered directly to the motherboard
at the factory. Soldered on batteries are a pain, and clearing the CMOS is
easiest if you find the jumper.
Why in the world would you want to clear a CMOS? Well, for one, if you, or
someone you are working for, happens to forget a startup password, clearing
the CMOS is a viable option. If you can get into the setup program, write
down all the information (memory size, hard drive specs, floppy specs, and
any other settings there are) before resetting the CMOS. Of course there are
some other reasons why a hacker would want to be able to do this, but we shall
leave that up to your imagination.
Along the way I've come up with a pair of cute little programs in QuickBasic
that will extract CMOS data from a standard AT machine, and to put it back.
I'd imagine you could hex edit the data file it saves, or use a program like
game guru to compare multiple saved CMOS data files. Who knows, maybe you'll
find a way to do some cool stuff to the data before you put it back into the
CMOS. This may or may not work on your computer, as there has been a lot
more data stored on the CMOS chips lately. Call the manufacturer of your
BIOS and they may be able to tell you where the CMOS data is at (and then
you can change the source code respectively).
------------[ HiR CMOS DATA EXTRACTION SOURCE CODE BEGINS HERE ]--------------
OPEN "CMOS.DAT" FOR OUTPUT AS #1
FoR CMOSAddress% = 0 TO 63
OUT &H70, CMOSAddress%
CMOSByte$ = CHR$(INP(&H71))
PRINT #1, CMOSByte$
NEXT CMOSAddress%
CLOSE #1
END
-------------[ HiR CMOS DATA EXTRACTION SOURCE CODE ENDS HERE ]---------------
As you can see, the computer will push the CMOS Address to be read into 70h,
then reads the byte from 71h. Note, since there is only 64 bytes, the program
only pushes addresses 0-63 into 70Hex. To the best of my knowledge, the CMOS
data will always be read and written using 70h for the address, and 71h for
the data. The only thing that might change is the number of bytes that the
CMOS Stores. Find out for sure from your BIOS/CMOS Manufacturer, though, and
make adjustments to the code as nessecary.
-------------[ HiR CMOS DATA INSERTION SOURCE CODE BEGINS HERE ]--------------
OPEN "CMOS.DAT" FOR INPUT AS #1
FoR CMOSAddress% = 0 TO 63
CMOSByte$ = INPUT$(1,1)
OUT &H70, CMOSAddress%
OUT &H71, ASC(CMOSByte$)
NEXT CMOSAddress%
CLOSE #1
END
--------------[ HiR CMOS DATA INSERTION SOURCE CODE ENDS HERE ]---------------
OBviousely, Both of these programs are just core code, and are by no means
supposed to be used alone, but can be modified a little and combined to make
a fully functional CMOS Backup program, CMOS Data Modification program, and
anything else (Evil or not) that you can think of. Happy hacking!