Re: Write-protect sctors?

You can use the badblocks command also.

With badblocks you can check the surface from the partition in Linux and
detect defects.
badblocks -o bad.txt /dev/
-o creates a file with the bad blocks found.
-b with the block size as its argument, only needed if fsck can not
determine the block size.
-w should not be used, it writes the disk and destroys the information,
while it verifys the write operation



On Wed, 2006-08-30 at 15:56 +0200, Andreas Ferrari wrote:
Hi scott

Hav you checked your disk?
You can simply do that by booting from a Knoppix CD or something similar
and the just dd the whole disk to /dev/null.
If there is a read error dd wil report it and will abort, if that
happens its better to buy a new disk.

a simple example: dd if=/dev/xdX of=/dev/null
Note: replace xdX wiht your disk

regards

Andreas Ferrari

scott schrieb:
scott wrote:

Bill Church wrote:

It sounds very crazy. Did you ever actually identify if there was a
rootkit installed? Did you try booting to a live CD of another
distribution and investigating the disks from that live CD?

Remember that partitioning does modify the existing data on the disk,
just the partition table, unless you chose to do a full format that
data is still there. However, the chances of it actually being able
to effect anything that's not directly referencing that data by
executing it seems improbable. I wouldn't think that simply copying a
file over that location couldn't spawn a process, of course nothing
is impossible.

There is a BIOS function that is supposed to protect the boot sector,
it's usually disabled by default on most systems. I imagine it would
be possible for someone to modify the CMOS and protect any sectors
they wish, but the attacker would undoubtedly need to have advanced
knowledge of your system, BIOS, hard disk and geometry to make this
attack possible. I highly doubt this is the case.

It sounds like you may have a defective hard disk, I would try a disk
diagnostic first, or maybe attempt to install another OS or
distribution.

-Bill

----- Original Message -----
From: scott Sent: Mon, 8/28/2006 11:23am
To: focus-linux@xxxxxxxxxxxxxxxxx
Subject: Write-protect sctors?

I had a probable rootkit in ubuntu dapper that proved to be more
persistent than I thought possible.I did rkhunter and showed some
anomalies in /dev/...Trying to track those dir's down proved
elusive,even with root enabled(in ubuntu,root is disabled by
default.You can still sudo, but no su without certain switches,)the
dir's effectively hid from my view.
So I decided to reinstall a clean slate.This is when I encounter
problems that don't make sense.
As the install progresses to the partitioning of the disc,I opt for
the erase whole disc option.It progresses to a certain point and then
quits with an error..repeatedly.
I filed a bug report with launchpad,but my question is this:Can any
malware you are aware of write-protect certain segments of a
HD,without BIOS support?Or is there a BIOS trojan that I'm not aware
of in Linux?Is this even possible with a hardened system?
Is this even possible in any system,Windows included?
What I.m asking is : Can any malware write-protect sectors on a HD
that survive repartioning?
Sounds really crazy,huh?
Thanks,Scott

It was a problem in ubiquity, in that it never resolved to a mount
point when installing.

But my point is that I eventually got the same install cd to actually
install.Now if something was trying to protect itself,only after many
attempted overwrites did I succeed,that would
seem...Almost...logical,..Maybe.!?

The hard drive is fine,as far functioning,anyway.

I also know that you have to have (presumably,)BIOS access to write-
protect sectors of a HD.

Didn't Joanna Rutkowska demonstrate a BIOS virus,or POC,at one
time?Not likely,or probable,that this was my problem,but could it be
done....theoretically?Especially in a `nix environment?

I think not.But I have been wrong so many times in my life,that I like
to think anything is possible.

If ya want to do it bad enough,at least.
Any other thoughts on this matter?
Regards,Scott

Hi again.
I also know that BIOS is ROM,not RAM.
Therefore,it seems that I would have to do a BIOS flash for this to happen?

Regards...again,and thanks,Scott


--
Walter Lamagna
Ten Roses Buenos Aires
+54.11.4372.2250/2949
Ext.31

Relevant Pages

  • Windows on Mac - how to.
    ... No-nonsense instructions for those "in the know". ... A custom slipstreamed CD is required to install XP on a Mac. ... This procedure WILL WIPE YOUR iMAC DISK CLEAN. ... Partition the disk in two using the OSX CD: ...
    (uk.comp.sys.mac)
  • Re: xp on intel Mac from usb stick?
    ... Would it be possible to run windows xp native from a usb stick? ... A custom slipstreamed CD is required to install XP on a Mac. ... partition managers but if you're feeling adventurous you may ... This procedure WILL WIPE YOUR iMAC DISK CLEAN. ...
    (comp.sys.mac.apps)
  • Re: Reminder: Windows XP Runs Natively On Intel Macs
    ... All it does is pick a partition to use as the boot volume--it's not a bootloader. ... All the BIOS does is initialize the hardware and pass off to the bootloader. ... put the Vista install DVD in the drive, ...
    (comp.sys.mac.advocacy)
  • Re: Reminder: Windows XP Runs Natively On Intel Macs
    ... "insert the XP CD or the Vista DVD when the ... partition, my current Vista partition, and the DVD drive containing ... This is why you have to select a boot volume in the BIOS. ... put the Vista install DVD in the drive, ...
    (comp.sys.mac.advocacy)
  • Re: Dual Boot 98SE and XP on two hard drives with PartitionMagic
    ... >> I have never used the boot manager tools of Partition Magic ... >> on a slave disk. ... > 6) Install XOSL via a bootable floppy ... Primary master disk, primary partition 1, hidden: ...
    (microsoft.public.windowsxp.setup_deployment)