Sunday, October 13, 2013

How To ... Reconstruct your Firmware from an Invalid Backup

If you're stuck with an invalid backup of your factory firmware because you followed some other geek's flawed instructions ;), the best solution is to reconstruct your firmware by replacing the first 2 MB of code in your backup ROM image with the first 2 MB of code from the default C710 firmware (bios.bin in the shellball). This replaces the Intel Management Engine, which is the part that's trashed in the backup, but keeps the rest of your original ROM intact.

You want to keep the rest intact because the firmware contains the serial number of your C710 which is used by Google in some manner - I don't know exactly how.  So, anyway, here's the Intel Management Engine:

Download

Un-zipped, this file should be exactly 2048 kb or 2 MB. You need to replace the first 2 MB of your ROM backup with this 2 MB. So, the resulting COMBINED.ROM file will still be 8 MB in size. Then you can flash the COMBINED.ROM and you should be back to factory (or close enough).  

There are many ways to accomplish this, I used a Hex Editor to open my BACKUP.ROM and 01_SI_ALL.BIN, selected all of 01_SI_ALL.BIN, copied it to the clipboard, pasted it over the first 2 MB of BACKUP.ROM and then saved the new combined file as COMBINED.ROM.  Describing the process was more difficult than performing it, trust me.  And there are much simpler methods using the command line, but I hate typing, so you're on your own there! ;)

Special thanks to Chusheng Zheng for giving me a push to finally document this stuff!

Posted by at
Labels: , , , , , , , , ,

7 comments:

  1. DashesyOctober 20, 2013 at 10:44 PM

    As you suggested I read the bios while jumper not set, still the content of 0x1000 is 0xFF, does that mean I need to replace it with this binary?

    ReplyDelete
  2. Barry S. SchultzOctober 21, 2013 at 11:17 AM

    You could do that or just read it again with the jumper bridged. It's confusing I know, but you can only make a valid backup with hardware write-protect DISABLED, which means with the jumper bridged (or shorted, connected, etc.).

    ReplyDelete
  3. SchokobecherOctober 25, 2013 at 1:18 PM

    Isn't it possible to provide the original firmware with an invalid/zeroed serial number?
    I love my C7 with Arch and Win7 (KVM) but since I have no backup of the original I have no way of turning back. (Don't even ask why!)

    ReplyDelete
  4. Barry S. SchultzOctober 25, 2013 at 2:20 PM

    Hey there! :) Well, I think the real question should be "Why would you want to go back?" But, I won't go there either because I would never release anything without explaining how to reverse it beforehand (having tested it myself). But, I'm fanatical about such things, I admit.

    Yes, I will do so just for you! I failed to comprehend why Google refused to do so on many occasions (possibly licensing issues?). Although I would suggest that you manually hack in your serial number with a hex editor before flashing it to insure full functionality. I'll include instructions on how to do that too. Check back here later.

    ReplyDelete
    Replies
    1. SchokobecherOctober 26, 2013 at 6:37 PM

      It's not really about the why, it's about having the ability to switch back even without the original firmware.
      But thanks a bunch, I owe you!

      Delete
    2. Barry S. SchultzOctober 29, 2013 at 3:51 PM

      I've run into a little snag that I didn't foresee - I forgot about the hardware ID also being in the firmware image. But, I'm still working on it! So don't give up on me! :)

      Delete
  5. Barry S. SchultzNovember 6, 2013 at 1:13 PM

    The C710 firmware package is finally live, sorry about the wait! I actually had it ready like a week ago, but then the primary HDD on my desktop/gateway failed (a Windows box) so I haven't had internet access. :( Anyway, it's on the homepage.

    ReplyDelete

Subscribe to: Post Comments (Atom)