XR3X

Jump to content


Photo

XP 32-Bit Bootkit


  • You cannot start a new topic
  • Please log in to reply
10 replies to this topic

#1 Ntoskrnl

Ntoskrnl

    Banned

  • Banned
  • 158 posts

Posted 11 April 2014 - 06:22 AM

This is a little something I've been working on in my free time, It's a bootkit that works on XP SP1+ written using FASM. Right now I have no intentions of making it work on other operating systems as I don't have much free time, but I'm sure someone will find it interesting. 

 

Please Login or Register to see this Hidden Content



#2 LeFF

LeFF

    Expert

  • Moderator
  • 830 posts
Contributor

Posted 11 April 2014 - 07:28 AM

It's a bootkit that works on XP SP1+

finally someone made a bootkit specially for windows xp x86... it is so popular on the market these days, especially after microsoft stoped supporting it... :D

but anyway, feels good to see that you are learning something at least... ;) go and make a video on your pdf-presentation...



#3 Ntoskrnl

Ntoskrnl

    Banned

  • Banned
  • 158 posts

Posted 11 April 2014 - 07:36 AM

finally someone made a bootkit specially for windows xp x86... it is so popular on the market these days, especially after microsoft stoped supporting it... :D

but anyway, feels good to see that you are learning something at least... ;) go and make a video on your pdf-presentation...

 

Just re-read the PDF, if you're really stuck I'll make a step-by-step video just for you. :P


Edited by Ntoskrnl, 11 April 2014 - 07:48 AM.

  • polanski.jan likes this

#4 karcrack

karcrack

    Advanced Member

  • Members +
  • 435 posts

Posted 11 April 2014 - 03:42 PM

Why doesn't it work on SP0? Any idea?

I'll be reading the docs soon ;) Expect some rants in the IRC server lol


(PGP ID)

ASM, C, C++, VB6... skilled [malware] developer


#5 sonykuccio

sonykuccio

    Intermediate Member

  • Loyalist
  • 241 posts
  • LocationALU

Posted 11 April 2014 - 04:26 PM

Very interesting... this kind of malware it's very powerfull, the only problems is this kind of tech it's already dead,because nowadays UEFI (Secure Boot) do not let you to install unsigned boot code :(


My brain is going to explode when i close my eyes i see OPCODE :|


#6 Ntoskrnl

Ntoskrnl

    Banned

  • Banned
  • 158 posts

Posted 11 April 2014 - 04:29 PM

Why doesn't it work on SP0? Any idea?

I'll be reading the docs soon ;) Expect some rants in the IRC server lol

 

I believe the boot components were changed between XP SP0 and XP SP1, I can easily make the bootkit work on XP SP0, but I don't have a bochs install running that OS (XP takes about 2 hours to install in bochs). If i get more time I'll add XP SP0 and XP 64-bit functionality (maybe some vista and windows 7). As far as I'm aware XP SP0 and windows 2000 also share a bootloader so I can also add support for that easily. 



#7 Ntoskrnl

Ntoskrnl

    Banned

  • Banned
  • 158 posts

Posted 12 April 2014 - 02:23 AM

Very interesting... this kind of malware it's very powerfull, the only problems is this kind of tech it's already dead,because nowadays UEFI (Secure Boot) do not let you to install unsigned boot code :(

 

There are ways to bypass UEFI secure boot by exploiting the UEFI firmware, but releasing code to do that would be asking to go to jail. 



#8 erik_v4

erik_v4

    Beginner

  • Members +
  • 10 posts

Posted 12 April 2014 - 09:33 AM

@

Please Login or Register to see this Hidden Content

nice mate its not easy to make such a tool


  • Ntoskrnl likes this

#9 Becks

Becks

    Intermediate Member

  • Loyalist
  • 207 posts

Posted 12 April 2014 - 11:54 AM

Pretty nice presentation. I've learned definitely something new ^^

 

Best regards and a nice weekend!


  • x58 likes this

#10 0x01A

0x01A

    Member

  • Members +
  • 84 posts

Posted 12 April 2014 - 09:27 PM

let's jump back to this stuff, thanks for the article, between next time post all content in your site, if you want better seo



#11 Ntoskrnl

Ntoskrnl

    Banned

  • Banned
  • 158 posts

Posted 12 April 2014 - 09:51 PM

Pretty nice presentation. I've learned definitely something new ^^

 

Best regards and a nice weekend!

Thanks! <3

 

 

let's jump back to this stuff, thanks for the article, between next time post all content in your site, if you want better seo

I did post most info on my site, but sadly PDF won't index.