How to boot a win 7 hard drive that was in Ubuntu system?

Joel Rees joel.rees at gmail.com
Sat Apr 8 04:49:48 UTC 2017 

On Sat, Apr 8, 2017 at 12:29 PM, Xen <list at xenhideout.nl> wrote:
> Joel Rees schreef op 08-04-2017 4:39:
>
>> It really isn't rocket science.
>
>
> Trust me, rebuilding the Windows boot configuration store (BCD, boot
> configuration data) is rocket science, at least without a tool.

There are plenty of tools.

If you have to burn a CD, there are Grub super CD and gparted bootable CD.

Is there a gparted package in Ubuntu? It would be dead simple to
install Ubuntu to a USB, boot the thing, and install gparted on the
USB system. Then you have point and click for all sorts of stuff that
might happen on the way to repairing your MBR.

The misnamed trusted boot junk does throw some curve balls at you, but
the OP was talking about MSWindows7.

Trust me. I've done this before. I know it is not exactly adding two
and two, but it is not rocket science. (Unless, I guess, you think
that Estes model rockets is rocket science.)

> Also, the Windows "bootrec" tool is no different from what fdisk could, or
> would do, or something similar. It is just a command line tool like all the
> rest.

Meaning?

It's there. If you ask how to use it on a list that supports that kind
of thing, you can find out how to use it. The options are not that
hard.

And there are other ways of using MSWindows to do this.

Mind you, when I buy a new machine with MSWindows on it, I usually go
to the trouble and expense of using the restore partition to burn
restore media, just in case.  (And then clean the partition out so I
can use it for multi-booting other OSses.)

> But I was responding also of course to your other messages that said that
> you didn't trust the digital river mirror, etc.

Digital River was always a company that seemed to be shouting out
"Trust ME" when it was doing things that companies I would like to
trust would not do.

The fact that they and Microsoft were in some sort of relationship did
not really change that.

However, you did not post a link to Digital River. You posted a link
to a site that claims it hosts images from Digital River and offers no
proof.

What it does offer, when you ripped into my paranoia, you mentioned
it. But then you seemed to indicate that you had not actually checked.

So I checked, partially, and that is why I had been refraining from
directly answering you.

I usually use gloves when accessing sites that host ISOs and such of
questionable legality because I know that a host that is willing to
cross one legal line will likely be willing to cross another moral
line. So I made some directories to isolate my work and used wget from
within those directories:

    mkdir -p isolation/corenoc
    cd isolation/corenoc
    wget --save-cookies ../cookies
http://mirror.corenoc.de/digitalrivercontent.net/

Used vi to look at the files it saved. Sure, I'm paranoid. I do not
want to wonder whether I have a keylogger on my system or not.

Yeah. It has the sha1 checksums. And it has the file numbers nicely
linked in so you can click the link and Microsoft's server will show
you their copy of the file available for those with the correct
non-OEM keys. And you can read the sha1 checksums and check.

I did not download an image and actually check it. 2G is pretty big
and I have other things to do with my bandwidth. And it would have
been relatively meaningless.

> I say that is paranoia.

A little healthy paranoia can help you avoid getting too friendly with a pusher.

> The same as that you are trusting e.g. Ubuntu package sources not to be
> hacked or corrupted...

Since you ask, it would be dead easy to set up something like Boot
Repair CD, seed it with a backdoor installer for several popular
OSses, and then offer it on sourceforge under a pseudonymous username.

Yannubuntu has made his connection from the Ubuntu community to his
Boot Repair CD pretty clear, but he or she has not made the reverse
connection clear at all. That's why I'm asking him or her to post the
reverse connection on sourceforge.

Until I was motivated enough to do so, I had not bothered searching
the web for yannubuntu, specifically because he or she offers so
little information on the project pages or the user profile. I saw
nothing to trust, I saw no reason to look further.

It still lacks source code, and that is still sufficient reason for me
to use other tools instead. And to recommend other tools instead.

The ISOs you posted the links to have the same sort of problems, in
addition to being technically illegal until someone sues Microsoft and
the OEMs and gets a judgment that there is some sort of contract to
keep those ISOs available.

The fact that you seem to ignore the basic principles I am telling you
about makes me rather hesitant to trust what you say on the list, as
well.

If you want to get into things a little deeper, you knew that SHA1 has
been broken?

Not so generally broken so that everything protected with it is
immediately suspect. It took too much processing power.

If I were interested in building a 'bot farm, here's what I would do:

(1) Find a good reason to mirror ISOs from Microsoft.
(2) At first, host them in perfect condition, along with the SHA1
checksums from Microsoft and links to where the checksums can be found
on Microsoft's site.
(3) Make sure that the checksums are prominent on my mirroring site,
and that the means of checking them is also prominent.
(4) Troll various lists under various usernames with the information
that the ISOs are there and provably safe.
(5) Crack one checksum at a time, sufficient to insert a little
backdoor into just that one ISO in some rarely examined binary deep in
the System directory hierarchy.
(6) Substitute the ISO some time after I had quit trolling.

There are some other details about choice of binary to pervert and
about the possibility of adding triggers, etc., and the necessity of
perverting certain system functions enough that the OS would ignore
the changes to just certain binaries. But there's plenty of room in a
2G ISO for that.

Public mirroring is relatively safe because the checksums are not the
last line of defense. Maybe I have never met most of the Ubuntu
developers face to face, but I interact with a lot of people who have.
If one of them decides his reputation isn't worth enough to keep him
honest, it will get noticed.

Even with something as controversial as systemd, the developers have a
vested interest in keeping things working correctly at some level, and
the openness of the processes partially protects things from certain
abuses that can occur in closed commercial environments.

But this is a private mirror we are talking about, so the checksums
are the only line of defense, and I don't know enough about the person
or people hosting corenoc.de to have any good reason to believe they
are not playing the game I describe above, or a similar one that I
have not described but is significantly more likely. (Which is why I
am not providing any hints on how to do it in a public forum.)

-- 
Joel Rees

I'm imagining I'm a novelist:
http://joel-rees-economics.blogspot.com/2017/01/soc500-00-00-toc.html
More of my delusions:
http://reiisi.blogspot.jp/p/novels-i-am-writing.html

More information about the ubuntu-users mailing list