#!/usr/bin/env python # -*- coding: utf-8 -*-"""filename: scanmbr.py auth

1. #!/usr/bin/env python
2. # -*- coding: utf-8 -*-
3.  
4. """
5. filename:
6. scanmbr.py
7. author:
8. 0xGiddi
9. date:
10. 18 Nov 2017 Sat 18 Nov 02:42:02 IST 2017
11. description:
12. Search a specified MS Windows file and find (and extract)
13. the code that belongs to boot sector (MBR). This is used
14. for "fixing" or "rebuilding" a disk to boot MS Windows.
15. example:
16. ./scanmbr.py "/mnt/windows 7 iso/sources/winsetup.dll" "/tmp/msmbr.bin"
17.  
18. TODO:
19. - !!! Rewrite the whole thing in a proper way... !!!!
20. - Detect multiple signatures in single file
21. - Read file in chunks (for large files)
22. - Fix whole saving thingy
23. - Add Windows 8/10 MBR detection (the MBR is slightly different)
24. """
25.  
26. import sys
27. import re
28.  
29. MBR_SIGNATURES = [
30. {'signature' : re.compile('\x33\xC0\x8E\xD0.{442}\x00{64}\x55\xAA'),
31. 'description' : 'Windows 7 MBR (Empty partition table)',
32. 'codesize' : 446},
33. ]
34.  
35.  
36. def main(inf, outf):
37. try:
38. # This whole thing needs to be rewritten...
39. with open(inf, 'rb') as infile:
40. data = infile.read()
41. for signature in MBR_SIGNATURES:
42. res = signature['signature'].search(data)
43. if res:
44. print "Signature '{desc}' found @ '0x{offset:02X}'".format(desc=signature['description'], offset=res.start())
45. if outf:
46. with open(outf, 'wb') as outfile:
47. outfile.write(res.group()[:signature['codesize']])
48. break
49. except IOError as ex:
50. print "Error parsing file ({err}, {num}".format(err=ex.message, num=ex.errno)
51.  
52.  
53.  
54. if __name__ == '__main__':
55. if not sys.argv[1]:
56. print "Usage: findmbr.py <inputfile> <outputfile>"
57. outfile = None if len(sys.argv) == 2 else sys.argv[2]
58. main(sys.argv[1], outfile)