From: "Thomas Schmitt" <scdbackup@gmx.net>
To: grub-devel@gnu.org
Subject: Re: grub-mkrescue: Problem with MBR partition table at start of EFI partition
Date: Fri, 10 May 2019 15:46:56 +0200 [thread overview]
Message-ID: <13693678472684223855@scdbackup.webframe.org> (raw)
In-Reply-To: <20190510121242.zr46jx7fzd7i6goj@pelzflorian.localdomain>
Hi,
Florian Pelz wrote:
> I would like to test but on this bootable German Windows 10
> 32-bit+64-bit USB install medium, the content is different. How would
> I find the offset in the USB image (you call it offset 454) which I
> should zero out to break Windows?
That would be offset 454 in the EFI boot image: Start LBA field of MBR
partition 1.
You may learn the block address of the image from xorriso:
xorriso -indev "$ISO" -report_el_torito plain 2>/dev/null \
| grep 'El Torito boot img : .* UEFI'
should say something like
El Torito boot img : 2 UEFI y none 0x0000 0x00 1 515
The last number 515 is the 2048-byte block address of the EFI image.
(That's from the japanese ISO mentioned at debian-user.)
If you write four zero bytes at byte 515 * 2048 + 454 = 1055174, then
there is start LBA 0 in the slot of partition 1. This should trigger
the stalled boot process of the Macbook.
But maybe the other bytes from 446 to 461 hamper recognition as partition
table entry. So more similar to the mformat image would be to zeroize
bytes 446 to 509 to clear the partition table, and then to write to bytes
446 to 461 what we see as partition slot 1 in the grub-mkrescue EFI
partition:
80 00 01 00 01 01 12 4f 00 00 00 00 40 0b 00 00
-------------------------------------------------------------------------
If you are at it, i'd like to see a confirmation that the ISO indeed
boots via El Torito from USB stick. (Interesting for GRUB as background
info.)
Please in the end spoil El Torito by zeroizing the address of the
Boot Catalog in the Boot Record at 2048-byte block 17 (decimal). Byte
offset 71 to 74, little endian.
The ISO hexdumped by Chris Murphy has 0x00000016 = 22 :
00008840 00 00 00 00 00 00 00 16 00 00 00 00 00 00 00 00
So
dd if=/dev/zero bs=1 count=4 seek=34887 conv=notrunc of="$ISO"
You will probably see error messages when inspecting by software.
Like
$ xorriso -indev "$ISO" -report_el_torito plain
...
libisofs: WARNING : Wrong or damaged El-Torito Catalog. El-Torito info will be ignored.
Or a clueless assessment without checking the catalog signature:
$ isoinfo -d -i "$ISO"
...
El Torito VD version 1 found, boot catalog is in sector 0
...
Eltorito validation header:
Hid 0
Arch 0 (x86)
ID ''
Key 0 0
Eltorito defaultboot header:
Bootid 0 (not bootable)
Boot media 0 (No Emulation Boot)
Load segment 0
Sys type 0
Nsect 0
Bootoff 0 0
This is still less intrusive than trying to remove the Boot Record
or to camouflage it as something else.
If my theory is right, then EFI should not recognize the USB stick
as a device with EFI partition any more.
Have a nice day :)
Thomas
next prev parent reply other threads:[~2019-05-10 13:48 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-21 13:43 grub-mkrescue: Problem with MBR partition table at start of EFI partition Thomas Schmitt
2019-04-21 17:30 ` Vladimir 'phcoder' Serbinenko
2019-04-21 19:29 ` Thomas Schmitt
2019-04-24 20:32 ` Daniel Kiper
2019-04-25 6:00 ` pelzflorian (Florian Pelz)
2019-04-25 8:18 ` Thomas Schmitt
2019-04-25 9:36 ` pelzflorian (Florian Pelz)
2019-04-30 23:42 ` Vladimir 'phcoder' Serbinenko
2019-05-01 7:33 ` Thomas Schmitt
2019-05-09 20:21 ` Chris Murphy
2019-05-09 21:21 ` Thomas Schmitt
2019-05-10 6:21 ` Thomas Schmitt
2019-05-10 7:09 ` Thomas Schmitt
2019-05-10 12:12 ` pelzflorian (Florian Pelz)
2019-05-10 13:46 ` Thomas Schmitt [this message]
2019-05-10 16:12 ` pelzflorian (Florian Pelz)
2019-05-10 16:27 ` Thomas Schmitt
2019-05-11 10:51 ` pelzflorian (Florian Pelz)
2019-05-11 12:05 ` Thomas Schmitt
2019-05-11 14:20 ` pelzflorian (Florian Pelz)
2019-05-11 17:31 ` Thomas Schmitt
2019-05-11 19:13 ` pelzflorian (Florian Pelz)
2019-05-11 20:39 ` Thomas Schmitt
2019-05-13 21:04 ` Daniel Kiper
2019-05-13 21:55 ` Thomas Schmitt
2019-05-14 6:04 ` Thomas Schmitt
2019-05-15 9:45 ` Daniel Kiper
2019-05-15 10:57 ` Thomas Schmitt
2019-05-16 10:29 ` Daniel Kiper
2019-05-16 12:18 ` Thomas Schmitt
2019-05-20 12:35 ` Daniel Kiper
2019-05-20 14:37 ` Thomas Schmitt
2019-06-15 0:15 ` Chris Murphy
2019-06-15 6:01 ` pelzflorian (Florian Pelz)
2019-05-09 19:51 ` Chris Murphy
2019-05-09 21:06 ` Thomas Schmitt
-- strict thread matches above, loose matches on Subject: below --
2019-05-11 18:15 Michael Schierl
2019-05-11 19:42 ` Thomas Schmitt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=13693678472684223855@scdbackup.webframe.org \
--to=scdbackup@gmx.net \
--cc=grub-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.