-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathhboot-ng.py
82 lines (68 loc) · 2.11 KB
/
hboot-ng.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
#!/bin/env python
#
# (c) RootedCON 2016
# Authors: Javier Olascoaga <[email protected]>, Román Ramírez <[email protected]>
#
# Usage: run on boot to get a "sentinel" file, and then check this signature to detect tampering
# of your boot or first disk sectors.
#
import re, os, sys
import hashlib
boot_device = '/dev/sda'
sector_count = 10
sector_size = 1024
SENTINEL_SIGNATURE_FILE = '/etc/sentinel.sig'
ALGORITHM = 'sha512'
msg = {
'error': { 'msg': 'SENTINEL-KO', 'code': -1 },
'ok': { 'msg': 'SENTINEL-OK', 'code': 0 },
}
DEBUG=True
def debug(data):
if DEBUG:
print data
def _hash(data):
m = hashlib.new(ALGORITHM)
m.update(data)
return m.hexdigest()
def get_sectors():
with open(boot_device, 'rb') as f:
return f.read(sector_count * sector_size)
def new_run():
resDump = get_sectors()
resSignature = _hash(resDump)
debug("resDumpBlock=[%s] resSignature=[%s]" % (resDump, resSignature))
try:
with open(SENTINEL_SIGNATURE_FILE, "w") as f:
f.write(resSignature)
return True
except Exception as e:
debug("ERROR: %s" % str(e))
return False
def verify():
signature = None
resDump = get_sectors()
resSignature = _hash(resDump)
debug("resDumpBlock=[%s] resSignature=[%s]" % (resDump, resSignature))
try:
with open(SENTINEL_SIGNATURE_FILE, "rt") as tfile:
if resSignature == tfile.readline().strip():
return True
return False
except Exception as e:
debug("ERROR: cannot verify signature: %s"% str(e))
return False
def run():
if not os.path.isfile(SENTINEL_SIGNATURE_FILE):
debug("SENTINEL FILE DOES NOT EXIST")
return new_run()
else:
debug("Sentinel file already exists...")
if verify() == False:
print msg['error']['msg']
return msg['error']['code']
else:
print msg['ok']['msg']
return msg['ok']['code']
if __name__ == '__main__':
sys.exit(run())