Sunday, October 13, 2013

How To ... Reconstruct your Firmware from an Invalid Backup

If you're stuck with an invalid backup of your factory firmware because you followed some other geek's flawed instructions ;), the best solution is to reconstruct your firmware by replacing the first 2 MB of code in your backup ROM image with the first 2 MB of code from the default C710 firmware (bios.bin in the shellball). This replaces the Intel Management Engine, which is the part that's trashed in the backup, but keeps the rest of your original ROM intact.

You want to keep the rest intact because the firmware contains the serial number of your C710 which is used by Google in some manner - I don't know exactly how.  So, anyway, here's the Intel Management Engine:


Un-zipped, this file should be exactly 2048 kb or 2 MB. You need to replace the first 2 MB of your ROM backup with this 2 MB. So, the resulting COMBINED.ROM file will still be 8 MB in size. Then you can flash the COMBINED.ROM and you should be back to factory (or close enough).  

There are many ways to accomplish this, I used a Hex Editor to open my BACKUP.ROM and 01_SI_ALL.BIN, selected all of 01_SI_ALL.BIN, copied it to the clipboard, pasted it over the first 2 MB of BACKUP.ROM and then saved the new combined file as COMBINED.ROM.  Describing the process was more difficult than performing it, trust me.  And there are much simpler methods using the command line, but I hate typing, so you're on your own there! ;)

Special thanks to Chusheng Zheng for giving me a push to finally document this stuff!


  1. As you suggested I read the bios while jumper not set, still the content of 0x1000 is 0xFF, does that mean I need to replace it with this binary?

  2. You could do that or just read it again with the jumper bridged. It's confusing I know, but you can only make a valid backup with hardware write-protect DISABLED, which means with the jumper bridged (or shorted, connected, etc.).

  3. Isn't it possible to provide the original firmware with an invalid/zeroed serial number?
    I love my C7 with Arch and Win7 (KVM) but since I have no backup of the original I have no way of turning back. (Don't even ask why!)

  4. Hey there! :) Well, I think the real question should be "Why would you want to go back?" But, I won't go there either because I would never release anything without explaining how to reverse it beforehand (having tested it myself). But, I'm fanatical about such things, I admit.

    Yes, I will do so just for you! I failed to comprehend why Google refused to do so on many occasions (possibly licensing issues?). Although I would suggest that you manually hack in your serial number with a hex editor before flashing it to insure full functionality. I'll include instructions on how to do that too. Check back here later.

    1. It's not really about the why, it's about having the ability to switch back even without the original firmware.
      But thanks a bunch, I owe you!

    2. I've run into a little snag that I didn't foresee - I forgot about the hardware ID also being in the firmware image. But, I'm still working on it! So don't give up on me! :)

  5. The C710 firmware package is finally live, sorry about the wait! I actually had it ready like a week ago, but then the primary HDD on my desktop/gateway failed (a Windows box) so I haven't had internet access. :( Anyway, it's on the homepage.