installation kit modified during installation

Doru Georgescu headset001 at
Thu Aug 27 07:08:54 UTC 2020

Short version: 

Byte 480 of the Ubuntu desktop 20.04.1 LTS installation kit has been modified during installation. Is this by design? 

Detailed version: 

I use to create my usb stick install kit with:

# dd if=downloads/ubuntu-20.04.1-desktop-amd64.iso of=/dev/sdd
and it worked for me.

I also use to verify the install kit before and after install with:

# cmp downloads/ubuntu-20.04.1-desktop-amd64.iso /dev/sdd
and this also worked for me until now. It exits with end of file error, because the kit is shorter than /dev/sdd.

Now, however, for the first time, there is a difference after install at byte 480, line 4.

The kit has been created on a compromised system.

However, I have doubts that it has been modified by malicious code.

So I ran:

# mount /dev/sdd1 mnt
# mount -o loop ubuntu-20.04.1-desktop-amd64.iso mnt1
# find mnt/ -exec bash -c 'file={}; cmp $file ${file/mnt/mnt1}' \; | grep differ
and found no difference, only that cmp does not compare directories.

# lsblk -fm /dev/sdd
sdd  iso966 Ubuntu 20.04.1 LTS amd64
│                 2020-07-31-16-51-12-00                                          7,2G root  disk  brw-rw----
│    iso966 Ubuntu 20.04.1 LTS amd64
│                 2020-07-31-16-51-12-00                                          2,6G root  disk  brw-rw----
│    vfat         C26E-047E                                                       3,9M root  disk  brw-rw----
     ext4   writable
                  a83a9b1c-36cb-4312-9aba-0359f74c0374                            4,7G root  disk  brw-rw----
What could be the cause? Should I worry about this?

Also aked here: 

More information about the Ubuntu-devel-discuss mailing list