Hello,
First of all, congratulations for this great project. Modern viruses hook on using BIOS or microcode, so it is nice to have a bootcade parser to parse BIOS mbr. I dream we could have the same tools for networking microcode.
I only migrated to OpenBSD recently, for learning purpose, so pardon my ignorance. OpenBSD is meant to be secure, but would rather like to be able to test my MBR.
i know that bootcode_parser does not support OpenBSD, but would you be interested for surpporting OpenBSD?
Under OpenBSD, the boot is a 3-stage process:
- Master Boot Record (MBR) and GUID Partition Table (GPT). The fdisk(8) man page contains the details.
- Partition Boot Record (PBR). The first 512 bytes of the boot disk's OpenBSD partition contain the first stage boot loader biosboot(8). It is installed by the installboot(8) utility.
- Second stage boot loader /boot. The PBR loads the boot(8) program which has the task of locating and loading the kernel.
I have been trying to use bootcode_parser with OpenBSD 6.2 x64 standard install:
er.py --type MBR --input /usr/mdec/mbr
WARNING - [/usr/mdec/mbr] [MBR] No known code signature were found, this is highly suspicious.
WARNING - [/usr/mdec/mbr] [MBR] Suspicious behaviours were detected: [u'Invalid string offset: 0x0', u'JMP or CALL before relocation', u'Unknown Interrupt : 0x16']
Do you think it would be possible/interesting to add a signature for OpenBSD mbr? The fact is that it jumps to a second stage boot.
What do I need to submit a signature and does it make sense?
Kind regards,
Hello,
First of all, congratulations for this great project. Modern viruses hook on using BIOS or microcode, so it is nice to have a bootcade parser to parse BIOS mbr. I dream we could have the same tools for networking microcode.
I only migrated to OpenBSD recently, for learning purpose, so pardon my ignorance. OpenBSD is meant to be secure, but would rather like to be able to test my MBR.
i know that bootcode_parser does not support OpenBSD, but would you be interested for surpporting OpenBSD?
Under OpenBSD, the boot is a 3-stage process:
I have been trying to use bootcode_parser with OpenBSD 6.2 x64 standard install:
Do you think it would be possible/interesting to add a signature for OpenBSD mbr? The fact is that it jumps to a second stage boot.
What do I need to submit a signature and does it make sense?
Kind regards,