LinuxCommandLibrary

intel_bios_dumper

Dump Intel BIOS firmware

SYNOPSIS

intel_bios_dumper.py [-h] [-o OUTPUT] [-O] [-d DUMP_DIR] [-V] [-f FLASH_SIZE]

PARAMETERS

-h, --help
    Show this help message and exit.

-o OUTPUT, --output OUTPUT
    Output file for full dumped BIOS image (default: intel_bios_dumper.rom).

-O, --overwrite
    Overwrite existing output file without prompting.

-d DUMP_DIR, --dump-dir DUMP_DIR
    Dump individual regions to directory instead of full image.

-V, --verify
    Verify dump integrity using region checksums.

-f FLASH_SIZE, --flash-size FLASH_SIZE
    Override autodetected flash size in MiB (e.g., 16, 32).

DESCRIPTION

intel_bios_dumper is a Python-based utility for extracting the complete BIOS/UEFI firmware image from Intel x86 systems. It accesses the SPI NOR flash chip contents directly via /dev/mem memory mapping, parsing the Intel Flash Descriptor (FTD) at offset 0x0 or 0x10,000 to identify region boundaries and sizes.

The tool autodetects flash geometry (8-64+ MB) and supports dumping the full concatenated image or individual regions (e.g., Descriptor, ME firmware, Gigabit Ethernet, BIOS core, EC firmware). This is essential for firmware reverse engineering, vulnerability research, backups, or preparing for tools like me_cleaner.

Key features include checksum verification (-V) for integrity, overwrite protection, and regional dumps to a directory. It requires root privileges and kernel boot parameter iomem=relaxed on modern Linux distributions where /dev/mem access is restricted. Output is a raw binary suitable for flashing back with flashrom.

Primarily targets Intel 4th gen Core (Haswell) and newer, but compatible with many chipsets. Not for AMD or ARM. Usage: sudo intel_bios_dumper.py -o bios.rom.

CAVEATS

Requires root and readable /dev/mem (add iomem=relaxed to kernel cmdline). Intel x86-only; fails on non-Intel. Large flashes may need mem= boot param. Read-only; no flashing support. Potential kernel panic if MMIO conflicts.

REQUIREMENTS

Python 3.6+, intelhex library (pip install intelhex). Tested on Linux x86_64.

EXAMPLE

sudo intel_bios_dumper.py -o backup.rom -V -d regions/
Dumps full ROM to backup.rom, verifies, extracts regions to regions/.

HISTORY

Developed by corna (2019-2023) on GitHub to simplify full BIOS dumps for me_cleaner (Intel ME neutralizer). Evolved from manual /dev/mem reads; v1.0+ adds verification and 64MB+ support. Widely used in firmware modding communities.

SEE ALSO

flashrom(8), chipsec_util(8), me_cleaner(1), intelmetool(1)

Copied to clipboard