A new decompilation tool unlocks the potential for 900MHz CPU upgrades in vintage SGI O2 workstations by reverse engineering previously inaccessible PROM firmware.
Reverse Engineering Breakthrough for Vintage Silicon Graphics Hardware
Independent developer Mattst88 has successfully reverse-engineered the boot PROM firmware for Silicon Graphics' iconic O2 workstation, creating ip32prom-decompiler - an open source tool that converts binary firmware into modifiable assembly code. This breakthrough potentially enables long-sought CPU upgrades for the 1990s-era Unix workstations.
{{IMAGE:5}} Visualization of firmware structure showing code (red), data (green), and headers (blue)
The Technical Challenge Since SGI's dissolution in 2009, enthusiasts have been unable to modify the O2's firmware to support faster CPUs like the 900MHz RM7900. The PROM contains critical initialization code that must recognize new processors - functionality that previously required proprietary SGI tooling.
Decompilation Process The decompiler performs sophisticated analysis to reconstruct meaningful assembly code:
- Replaces numeric constants with symbolic names
- Annotates function boundaries and purposes
- Identifies data sections vs executable code
- Handles position-independent code constructs
{{IMAGE:1}} Section structure visualization with string annotations
Key Discoveries Through meticulous analysis, Mattst88 decoded the firmware's segmented structure:
- SHDR headers containing section metadata
- Checksum validation using two's complement arithmetic
- Virtual memory mapping schemes for different firmware components
- Unreachable code paths revealing compiler optimization artifacts
The tool produces reassemblable source files that recreate bit-identical firmware images, verifying the accuracy of the decompilation.
Historical Context The O2 workstation community has pursued CPU upgrades since the early 2000s, with previous successes limited to 600MHz processors. This decompilation removes the final technical barrier to 900MHz upgrades that could nearly triple original performance.
Next Steps With the firmware now human-readable, developers can:
- Implement RM7900 CPU detection routines
- Optimize memory initialization for modern RAM
- Potentially port open firmware alternatives
The complete technical write-up details the reverse engineering process, while the decompiler source code is publicly available under MIT license.
{{IMAGE:3}} Virtual subsection handling in firmware structure
This work demonstrates how reverse engineering can breathe new life into legacy systems when corporate support disappears. For vintage computing enthusiasts, it represents the culmination of two decades of hardware hacking aspirations.
Comments
Please log in or register to join the discussion