Skip to content

aguinet/miasm-bootloader

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Bootloader emulation with Miasm (case of NotPetya)

Dependencies

  • pip install -r requirements.txt
  • Miasm v0.1.1: git clone --depth=1 --branch=v0.1.1 https://github.com/cea-sec/miasm

Run

The src/emulate_mbr.py script can emulate the bootloader, and has some options to carry some experiments:

$ python /path/to/emulate_mbr --help

Usage: emulate_mbr.py [options] disk.raw

Options:
  -h, --help            show this help message and exit
  --dry                 Dry run: do not write modifications to disk
  --skip-encryption     Do not execute the encryption code (leave the data in
                        clear)
  --verbose-bios        Verbose message from the BIOS
  --verbose-bios-data   Verbose message from the BIOS, including data
                        read/written throught the BIOS interrupts
  --log-miasm-newblocks
                        Miasm: log new encountered blocks
  --emulate-encrypted-hdd
                        Emulate the fact that the hard drive has already been
                        encrypted
  --dump-keystream      Dump the keystream used for encryption
  --hook=HOOK           Hook to set after encryption: find_key (find key in
                        memory), patch_bootloader (patch the bootloader to use
                        the key still in memory) or none (default)

The disk.raw.bz2 file is a disk example with a NotPetya bootloader and a simple NTFS partition. Beware that the size of the decompressed file is ~1GB.

Authors

About

x86 bootloader emulation with Miasm (case of NotPetya)

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages