Hi,
I’ve been doing some experiments with modding my Thinkpad Phoenix BIOS. To that end, I was dabbling around in the PXE option ROMs and tried changing a few letters in menus and prompts (“Press Ctrl+S” → “Press CtrL+S”, for example). I then found that when I flashed this BIOS, the PXE module wouldn’t even load or show the name of the adapter in the boot menu like it usually does.
In my head changing the case of a letter in a string shouldn’t break the code, unless maybe there’s a checksum problem somewhere.
Am I totally off or should I check for checksums?
This is an educational exercise, I’d love to learn something…
Thanks!
R
Yes, look for the Checksum-8 of the entire Option ROM module. It usually has to be "00".
The localisation of the Byte, where you can correct the Checksum, depends on the sort of Option ROM module.
I had that suspicion. To that end, I tried taking two neighboring bytes in a string and adding 1 to the first, subtracting 1 from the second. That should leave an additive checksum unchanged, but it still broke the module…
Thoughts?
R
If you change any byte, which function you do not know, you will make the module unusable. You have to correct the Checksum-8 by changing the special checksum correction byte.
Thanks, that put me on the right track. It seems the checksum of the option rom itself needs to be zero, as well as the entire BIOS checksum (did the first one with a hex editor, the second with phnxcksm.exe). I was able to change some text strings to prove the concept.
R