This project is an attempt to reverse engineer the Lenovo DOSFLASH.EXE
tool that is used to flash new BIOS and Embedded Controller firmware.
The DOSFLASH tool is a djgcc compiled program with a 32-bit executable
inside it, so this project extracts the 32bit and examines it.
There is a radare project for the 32-bit flat executable.
There is also a hypervisor to run the flat executable with extensive
trapping and debug output on what it is doing.
make kvm_flat
./kvm_flat g2uj23us.dosflash.flat.orig dosflash.config.fake 2>&1 |less
The theory is that the DOSFLASH program must interface with the hardware
to perform the flashing, and that this would show up as a trap in the
hypervisor - There is no physical hardware access from the hypervisor,
so any access will trap.
Current status is that the dosflash code is starting the SMI sequence
to flash the image but it now needs a valid reply packet. So, it seems
like it could be time to start running data replays on real hardware
(currently pending hardware availabilty)