Kon-Boot

Kon-Boot is a software to bypass Linux and Windows logon. It uses a kind of bootkit technology to bypass the logon so you do not need to enter any password. However, due to missing payload, Kon-Boot is not a full qualified bootkit. There is no technical information about Kon-Boot available from the author, so I am publishing Kon-Boot now as open source under the European Union Public License (EUPL). Take it, use it. Enjoy reading!

Peter Kleissner, Software Guru & Anti-Software Stealing Researcher

Overview

Kon-B00t is distributed as floppy image. Please take a look on its sector occupation:

  Sector 0    0000h:7C00h   1 sector        Boot Sector.asm     Boot Sector (loads other code, initialization)
  Sector 1    9XXXh:0000h   9 sectors                           Linux & Windows logon bypassing code
  Sector 10   41 KB:FC00h   2 sectors       (not included)      palette data (VGA)
  Sector 12   41 KB:0000h   126 sectors     (not included)      raw picture data (VGA)
  Sector 137  0000h:2C00h   2 sectors       VGA Code.asm        VGA code (displays picture etc.)

http://pastebin.ca/1507709 Boot Sector.asm
http://pastebin.ca/1507666 VGA Code.asm

Reversing the boot sector

I downloaded the floppy version (FD0-konboot-v1.1-2in1.img) because it makes it easier to extract the bootloader and any further sectors or files of Kon-B00t. Using a simple hex-editor I can extract the boot sector and store it as Boot Sector.bin. For generating the disassembly I use the Netwide disassembler with following options:

C:\Company Folders\Stoned-Project\Kon-Boot>ndisasm -a -b 16 -p intel "Boot Sector.bin" > "Boot Sector.asm"

http://pastebin.ca/1507709
http://pastebin.ca/1507666