You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
First of all, congratulations for this great project. Modern viruses hook on using BIOS or microcode, so it is nice to have a bootcade parser to parse BIOS mbr. I dream we could have the same tools for networking microcode.
I only migrated to OpenBSD recently, for learning purpose, so pardon my ignorance. OpenBSD is meant to be secure, but would rather like to be able to test my MBR.
i know that bootcode_parser does not support OpenBSD, but would you be interested for surpporting OpenBSD?
Under OpenBSD, the boot is a 3-stage process:
Master Boot Record (MBR) and GUID Partition Table (GPT). The fdisk(8) man page contains the details.
Partition Boot Record (PBR). The first 512 bytes of the boot disk's OpenBSD partition contain the first stage boot loader biosboot(8). It is installed by the installboot(8) utility.
Second stage boot loader /boot. The PBR loads the boot(8) program which has the task of locating and loading the kernel.
I have been trying to use bootcode_parser with OpenBSD 6.2 x64 standard install:
er.py --type MBR --input /usr/mdec/mbr
WARNING - [/usr/mdec/mbr] [MBR] No known code signature were found, this is highly suspicious.
WARNING - [/usr/mdec/mbr] [MBR] Suspicious behaviours were detected: [u'Invalid string offset: 0x0', u'JMP or CALL before relocation', u'Unknown Interrupt : 0x16']
Do you think it would be possible/interesting to add a signature for OpenBSD mbr? The fact is that it jumps to a second stage boot.
What do I need to submit a signature and does it make sense?
Kind regards,
The text was updated successfully, but these errors were encountered:
Having a signature for OpenBSD makes perfect sense from what I can understand of its boot process.
You'll need to reverse engineer the MBR and PBR to properly whitelist its code section(s) so as to make a signature from it.
If you can provide a sample MBR and PBR, I can take a look.
Hello,
First of all, congratulations for this great project. Modern viruses hook on using BIOS or microcode, so it is nice to have a bootcade parser to parse BIOS mbr. I dream we could have the same tools for networking microcode.
I only migrated to OpenBSD recently, for learning purpose, so pardon my ignorance. OpenBSD is meant to be secure, but would rather like to be able to test my MBR.
i know that bootcode_parser does not support OpenBSD, but would you be interested for surpporting OpenBSD?
Under OpenBSD, the boot is a 3-stage process:
I have been trying to use bootcode_parser with OpenBSD 6.2 x64 standard install:
Do you think it would be possible/interesting to add a signature for OpenBSD mbr? The fact is that it jumps to a second stage boot.
What do I need to submit a signature and does it make sense?
Kind regards,
The text was updated successfully, but these errors were encountered: