During one of my adventures at the scrapyard, I picked up a 486 motherboard – the BEK-tronic BEK-V429S. As it turns out, this board had fake cache chips installed! If you want to see the full story, here is the video in which I discover that fake chips.
But how is it possible that seemingly nobody caught on and identified the fake cache earlier? The company or individual who owned this board clearly didn’t know that the cache chips on the board were fake. Well, the secret is the BIOS – which ALWAYS reports that 256K of level 2 cache is installed even when there is not a single cache chip installed – or fake cache chips.
The BIOS has been modified. Altered! Coders added a function that overwrote the value that was returned by the algorithm that detects the cache size. After I published the video, some of my viewers were quick to provide solutions on how to revert this mishap. As it turns out, as little as three bytes would have to change to restore the original functionality of the BIOS.
Needless to say, I needed to try it! But instead of just patching those few bytes in a HEX editor, I wasted to understand what was going: Welcome to the hell of assembly language!
This is the offending instruction. Instead of calling the method located at 00000DF00, the call should be redirected to 000009E23. This is accomplished by changing the bytes at the corresponding locations:
0x24FE: 00 -> 23
0x24FF: BA -> 79
And then we need to change one more byte: The checksum! The very last byte in the file needs to change from 12 -> 30. The memory location of the last byte is 0xFFFF. Below is the image I received from a viewer outlining the change. He also compares BIOS version 1.2 with 2.01r. As you can see, 1.2 calls directly the cache size calculation routine, while version 2.01r is rerouted to a helper function that always returns the same value. And that is why BIOS 2.01r always reports 256K of L2 cache. There is also another source for more details (if you prefer text) – a gist post with enough decompiled code to see what is happening in the modified BIOS.
With this minimal change, the BIOS will return the correct cache size again! If you want to learn more, and I would appreciate if you’d watch my video about this topic, then please reserve about 45 minutes in your calendar!
Of course, I have not forgotten to share the Excel sheet! Below is the file that can calculate the checksum of AWARD BIOSes. I think the only limitation is that the BIOS must be uncompressed. Otherwise, this excel sheet will be of no help.
