Deunan has updated his blog today: I put my ideas to the test and created a BIOS dumping tool for VMUs. Big thanks go (again) to Yuki who helped me out and run it on several cards. So far I’ve collected three BIOSes for J-VMUs: 1.001, 1.002 and 1.005. No luck with my own E-VMU though, I suppose the procedure address is indeed different. Actually, even J-VMUs have the code shuffled a bit depending on the BIOS revision – luckily the tool worked, more or less, in all cases. Dumps for the oldest versions came out corrupted but were still useful in finding out the correct entry point for the second attempt 🙂
I’m going to experiment some more on my VMU, but my chances of finding the right address are about 1/16000. No way am I doing an exhaustive search 🙂
Source: Makaron blog