Below is a list of tools that I developed throughout the BIOS reverse engineering process:

BREAD (BIOS Reverse Engineering & Advanced Debugging) is an 'injectable' real-mode x86 debugger that can debug arbitrary real-mode code (on real HW) from another PC via serial cable.

mdump is a lightweight memory dump tool that can be used to dump the entire memory of a system over a serial cable. It is designed to be minimally invasive and can be booted or injected into a system to perform memory dumps.

Example output:

$ ./mdump /dev/ttyUSB0 output_file.bin $((4<<20))
Waiting to read 4194304 bytes...
Device /dev/ttyUSB0 opened for reading...
Dumping memory: [################################] done =)
Received CRC-32: ce18133e
Calculated CRC-32: ce18133e, match?: yes
Checking output file...
Success!

find_gaps is a small C utility that looks for gaps (sequences of 0xFF or 0x00) in a given file of at least the specified size. This is useful for finding potential spots in the ROM that can be used to inject code.

Example output:

$ ./find_gaps
Usage: ./find_gaps <offset> <min_length> <filename>

$ ./find_gaps 0 5000 post.rom
Found sequence at offset 180980, length 9479 bytes
Found sequence at offset 307343, length 29557 bytes
Found sequence at offset 336933, length 5779 bytes
Found sequence at offset 345607, length 8691 bytes

find_asm.sh is a small shell script that searches for one (or more) assembly (16-bit) instructions for a given file.

Example output:

$ ./tools/find_asm.sh post.rom
mov eax,0x80000002
^D # Press Ctrl+D to finish

Offset 70934:
00000000  66B802000080      mov eax,0x80000002
00000006  0FA2              cpuid
00000008  E84300            call 0x4e
0000000B  66B803000080      mov eax,0x80000003
00000011  0FA2              cpuid
00000013  E83800            call 0x4e
00000016  66B804000080      mov eax,0x80000004
0000001C  0FA2              cpuid
0000001E  E8                db 0xe8
0000001F  2D                db 0x2d

skip_string.sh is a small shell script that generates a 'skip list' for ndisasm using the strings command. This list contains the strings offsets that are then ignored by ndisasm.

sdtlist is a tool that, given the 1B module of an AMIBIOS8 BIOS, lists all the SMM handlers (i.e., the SMM Dispatch Table) present in that module and their respective physical positions in the file.

The main idea is to be able to explore the existing modules and modify them freely as needed.

Below is a list of games I made to run in the BIOS:

Nim is a BIOS game where each player takes turns removing sticks from a row. The game starts with a pre-determined number of sticks, and players can remove as many sticks as they like on their turn, but they must remove at least one. The player who removes the last stick loses the game.

The computer will only fully boot if the player wins the game, which can be a difficult and time-consuming task. As a result, this game was made solely for entertainment purposes.

Video: https://youtu.be/4SEeUinVLCQ

BIOS Nim is a tiny-BIOS/bootblock (with emphasis on tiny) made to work on PCWare IPM41-D3/Intel DG41WV motherboards where its only purpose is: to run the NIM game via serial port, without RAM.

Demo video: https://youtu.be/oCrixs5SdVk

Below is a list of tools focused on 'security':

2FA is a tool for two-factor authentication in BIOS via TOTP, so authentication is required when turning on the computer.

Although for some it may seem useless, I really liked this idea and decided to go ahead: requiring a physical device (e.g., smartphone) to turn on the computer seemed like a good idea, and that's why I did it. It amazes me that this doesn't already exist on modern PCs.

Video: https://youtu.be/ycLIlmRGP6M

Below is a diverse list of random code that might be interesting/useful:

BASIC is an attempt to bring the IBM (Cassette) BASIC 1.0 back to modern PCs as an OptionROM. Once injected into the computer, a new interrupt (int 0xC8) will be available, and when invoked, the original IBM BASIC will be executed.

Video: https://youtu.be/ugK_S9CgUto