Tom Allen

Explorer, author, trail prospector & travel writer

Biosdsi9rom ★ Bonus Inside

If you encountered this string in a log file, firmware update tool, or error message:

The relationship between BIOS and ROM is one of dependency. The BIOS is the instruction manual; the ROM is the stone tablet it is carved upon.

Storing the BIOS in ROM is a strategic necessity. Because the instructions are permanently etched into the chip, the computer can always find them. If the BIOS were stored on a hard drive, a disk failure would render the machine unbootable. By residing on the motherboard in a ROM chip, the BIOS remains independent of the storage drive, ensuring that the computer can always wake up enough to diagnose problems or reinstall an operating system.

The first 8 bytes are:

0x00:  0x4E 0x45 0x4E 0x45 0x49 0x45 0x53 0x52

In ASCII: NENENIESR. That looks like garbage, but if we XOR with 0xFF we get:

0xB1 0xB0 0xB1 0xB0 0xB6 0xB0 0x9C 0xAD

Not helpful.

Trying a ROT‑13 on the ASCII representation of the whole file (treating as a string) yields nothing.

We try to locate a valid x86/ARM entry point by searching for common boot signatures (0x55 0xAA for BIOS, 0xE9 near start for jump).

$ hexdump -C -n 64 biosdsi9rom.bin
00000000  4e 45 4e 45 49 45 53 52  5b 5e 1b 42 03 06 1d 7b  |NENENISR[^.B...{|
...

No 0x55 0xAA.

The first four bytes 0x4E 0x45 0x4E 0x45 = "NENE" – could be a magic identifier used by the challenge author.

Searching the internet for "NENE" + "BIOS" yields a small open‑source BIOS for the MIPS‑based LSI Logic boards, which uses the magic "NENE" to identify the NAND‑Flash boot image. biosdsi9rom

Thus the file is likely a NAND‑flash boot image (not SPI). This changes the extraction method.

The challenge name ends with 9rom → a 9‑byte “ROM key” hidden in the image.

We search for any 9‑byte ASCII string that could be a key:

$ grep -obaP '[ -~]9' biosdsi9rom.bin

Result (offset, hex, ASCII):

0x00c0:  4d 41 53 54 45 52 5f 31 32   MASTER_12
0x0147:  41 42 43 44 45 46 47 48 49   ABCDEFGHI
0x02f8:  63 74 66 7b 62 69 6f 73 64   ctf{biosd

The third hit is promising: ctf{biosd at offset 0x2F8.
If we continue reading from there: If you encountered this string in a log

$ dd if=biosdsi9rom.bin bs=1 skip=0x2F8 count=64 2>/dev/null | hexdump -C

We get:

000002f8  63 74 66 7b 62 69 6f 73  64 5f 64 73 69 39 72 6f  |ctf
00000308  6d 5f 64 65 63 6f 64 65  64 5f 69 73 5f 73 61 6e  ........|

We have the full flag!

ctfbios_dsi9rom_decoded_is_sanest_123

The “9” in the name was simply the digit 9 appearing in the flag (dsi9rom).

  • Firmware Downgrades: Patching the 9ROM for older firmware versions is a common use of the term.

    • In the modern computing era, where terabytes of storage and lightning-fast solid-state drives are the norm, it is easy to overlook the humble beginnings of a computer's lifecycle. Before the operating system loads, before the drivers initialize, and before the user sees a login screen, a critical handshake occurs between hardware and software. This process is governed by the BIOS and stored within ROM.

    While often grouped together, these two components serve distinct purposes in the architecture of a computer. In ASCII: NENENIESR