The latest articles on DEV Community by ISSAC (@iss4cf0ng). https://dev.to/iss4cf0ng https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3954014%2F9bde5d72-9e66-48bd-a663-4973a2763ee7.jpeg https://dev.to/iss4cf0ng en ISSAC Wed, 27 May 2026 09:30:13 +0000 https://dev.to/iss4cf0ng/openpetya-1bee https://dev.to/iss4cf0ng/openpetya-1bee <p>A Proof-of-Concept bootkit inspired by Petya ransomware, written in Assembly, C, and C++</p> <h2> Introduction </h2> <p>OpenPetya is an educational project designed to study how bootkits and low-level ransomware operate internally.</p> <p>The project focuses on:</p> <ul> <li>custom MBR bootloading</li> <li>multi-stage boot process</li> <li>Protected Mode transition</li> <li>NTFS Master File Table (MFT) encryption</li> <li>Salsa20-based cryptography</li> <li>password validation and restoration workflow</li> </ul> <p>OpenPetya is NOT intended to be an exact reimplementation of either Petya or NotPetya. Instead, it is a simplified Proof-of-Concept designed for learning and research purposes.</p> <h2> Disclaimer </h2> <p>This project was developed purely for educational and research purposes.</p> <p>The goal of OpenPetya is to study:</p> <ul> <li>bootkits</li> <li>operating system internals</li> <li>low-level malware techniques</li> <li>bootloader architecture</li> </ul> <p>Do <strong>NOT</strong> use this project for illegal activities or against systems you do not own or explicitly have permission to test.</p> <p>The author is <strong>NOT</strong> responsible for any misuse of this software.</p> <h2> Build </h2> <p>You can build the project using the commands below.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>make <span class="c"># Build mbr.bin and stage2.bin</span> ./build.exe <span class="c"># Build OpenPetya.exe</span> </code></pre> </div> <h2> Usage </h2> <p> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fiss4cf0ng.github.io%2Fimages%2Farticle%2F2026-5-23-OpenPetya%2F6.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fiss4cf0ng.github.io%2Fimages%2Farticle%2F2026-5-23-OpenPetya%2F6.png" width="787" height="467"></a> </p> <blockquote> <p>Warning: Please execute it in your virtual machine!</p> </blockquote> <p>The commands below shows how to install custom MBR and stage-2 bootloader (Administrative privilege is required):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight batchfile"><code><span class="kd">OpenPetya</span><span class="err">.exe</span> <span class="na">--list </span><span class="kd">OpenPetya</span><span class="err">.exe</span> <span class="na">--drive </span><span class="m">0</span> <span class="na">--install </span><span class="kd">mbr</span>.bin <span class="kd">stage2</span>.bin </code></pre> </div> <h2> Demonstration (Windows 7) </h2> <h3> Screenshots </h3> <p> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fiss4cf0ng.github.io%2Fimages%2Farticle%2F2026-5-23-OpenPetya%2F4.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fiss4cf0ng.github.io%2Fimages%2Farticle%2F2026-5-23-OpenPetya%2F4.png" width="799" height="339"></a> </p> <p>GitHub repository: </p> <div class="ltag-github-readme-tag"> <div class="readme-overview"> <h2> <img src="https://assets.dev.to/assets/github-logo-5a155e1f9a670af7944dd5e12375bc76ed542ea80224905ecaf878b9157cdefc.svg" alt="GitHub logo"> <a href="https://github.com/iss4cf0ng" rel="noopener noreferrer"> iss4cf0ng </a> / <a href="https://github.com/iss4cf0ng/OpenPetya" rel="noopener noreferrer"> OpenPetya </a> </h2> <h3> A Proof-of-Concept bootkit inspired by Petya ransomware, written in Assembly, C, and C++ </h3> </div> <div class="ltag-github-body"> <div id="readme" class="md"> <div class="markdown-heading"> <h1 class="heading-element">OpenPetya</h1> </div> <p>A Proof-of-Concept bootkit inspired by Petya ransomware, written in Assembly, C, and C++</p> <p> <a rel="noopener noreferrer nofollow" href="https://camo.githubusercontent.com/13d9789fd3a90d50aabec2dd2b6052299b36b09bf15373cd7145bbfdb410a6b6/68747470733a2f2f697373346366306e672e6769746875622e696f2f696d616765732f6d656d652f52696f2f342e706e67"><img src="https://camo.githubusercontent.com/13d9789fd3a90d50aabec2dd2b6052299b36b09bf15373cd7145bbfdb410a6b6/68747470733a2f2f697373346366306e672e6769746875622e696f2f696d616765732f6d656d652f52696f2f342e706e67" width="200/"></a> </p> <p>If you find this project helpful or informative, I would truly appreciate a ⭐ on the repository. Your support would be a great motivation for me to continue improving this tool.</p> <div class="markdown-heading"> <h1 class="heading-element">Overview</h1> </div> <p>OpenPetya is an educational project designed to study how bootkits and low-level ransomware operate internally.</p> <p> <a rel="noopener noreferrer nofollow" href="https://camo.githubusercontent.com/63a9fb6c26dcea24663d5d5657a06344110f7d2a248c76f9585c262f16192d64/68747470733a2f2f697373346366306e672e6769746875622e696f2f696d616765732f61727469636c652f323032362d352d32332d4f70656e50657479612f352e706e67"><img src="https://camo.githubusercontent.com/63a9fb6c26dcea24663d5d5657a06344110f7d2a248c76f9585c262f16192d64/68747470733a2f2f697373346366306e672e6769746875622e696f2f696d616765732f61727469636c652f323032362d352d32332d4f70656e50657479612f352e706e67" width="700/"></a> </p> <p>The project focuses on:</p> <ul> <li>custom MBR bootloading</li> <li>multi-stage boot process</li> <li>Protected Mode transition</li> <li>NTFS Master File Table (MFT) encryption</li> <li>Salsa20-based cryptography</li> <li>password validation and restoration workflow</li> </ul> <p>OpenPetya is <strong>NOT</strong> intended to be an exact reimplementation of either Petya or NotPetya. Instead, it is a simplified Proof-of-Concept designed for learning and research purposes.</p> <p>It is worth mentioning that OpenPetya does not include Command-and-Control (C2) functionality. In addition, OpenPetya stores plaintext MFT backup data inside hidden sectors after encryption. This behavior is intentionally designed for educational purposes because those features are…</p> </div> </div> <br> <div class="gh-btn-container"><a class="gh-btn" href="https://github.com/iss4cf0ng/OpenPetya" rel="noopener noreferrer">View on GitHub</a></div> <br> </div> <br> bootloader assembly cybersecurity security