DEV Community

ISSAC
ISSAC

Posted on

OpenPetya

#bootloader #assembly #cybersecurity #security

A Proof-of-Concept bootkit inspired by Petya ransomware, written in Assembly, C, and C++

Introduction

OpenPetya is an educational project designed to study how bootkits and low-level ransomware operate internally.

The project focuses on:

  • custom MBR bootloading
  • multi-stage boot process
  • Protected Mode transition
  • NTFS Master File Table (MFT) encryption
  • Salsa20-based cryptography
  • password validation and restoration workflow

OpenPetya is NOT intended to be an exact reimplementation of either Petya or NotPetya. Instead, it is a simplified Proof-of-Concept designed for learning and research purposes.

Disclaimer

This project was developed purely for educational and research purposes.

The goal of OpenPetya is to study:

  • bootkits
  • operating system internals
  • low-level malware techniques
  • bootloader architecture

Do NOT use this project for illegal activities or against systems you do not own or explicitly have permission to test.

The author is NOT responsible for any misuse of this software.

Build

You can build the project using the commands below.

make            # Build mbr.bin and stage2.bin
./build.exe     # Build OpenPetya.exe
Enter fullscreen mode Exit fullscreen mode

Usage

Warning: Please execute it in your virtual machine!

The commands below shows how to install custom MBR and stage-2 bootloader (Administrative privilege is required):

OpenPetya.exe --list
OpenPetya.exe --drive 0 --install mbr.bin stage2.bin
Enter fullscreen mode Exit fullscreen mode

Demonstration (Windows 7)

Screenshots

GitHub repository:

GitHub logo iss4cf0ng / OpenPetya

A Proof-of-Concept bootkit inspired by Petya ransomware, written in Assembly, C, and C++

OpenPetya

A Proof-of-Concept bootkit inspired by Petya ransomware, written in Assembly, C, and C++

If you find this project helpful or informative, I would truly appreciate a ⭐ on the repository. Your support would be a great motivation for me to continue improving this tool.

Overview

OpenPetya is an educational project designed to study how bootkits and low-level ransomware operate internally.

The project focuses on:

  • custom MBR bootloading
  • multi-stage boot process
  • Protected Mode transition
  • NTFS Master File Table (MFT) encryption
  • Salsa20-based cryptography
  • password validation and restoration workflow

OpenPetya is NOT intended to be an exact reimplementation of either Petya or NotPetya. Instead, it is a simplified Proof-of-Concept designed for learning and research purposes.

It is worth mentioning that OpenPetya does not include Command-and-Control (C2) functionality. In addition, OpenPetya stores plaintext MFT backup data inside hidden sectors after encryption. This behavior is intentionally designed for educational purposes because those features are…


View on GitHub


Top comments (0)