How to boot a win 7 hard drive that was in Ubuntu system?

[Joel Rees]

On Sat, Apr 8, 2017 at 8:27 PM, Xen <list at xenhideout.nl> wrote:
> Joel Rees schreef op 08-04-2017 6:49:
>>
>> On Sat, Apr 8, 2017 at 12:29 PM, Xen <list at xenhideout.nl> wrote:
>>>
>>> Joel Rees schreef op 08-04-2017 4:39:
>>>
>>>> It really isn't rocket science.
>>>
>>> Trust me, rebuilding the Windows boot configuration store (BCD, boot
>>> configuration data) is rocket science, at least without a tool.

You say that.

I've done it. I don't think I'm a rocket scientist. I admit I have an
unusual selection of tools, though.

But that's not what this thread is about. Now that the OP has solved
his problem, it's about the tools that were being recommended, and I
strongly disagree with some of your advice.

> I really don't know what you are on about.

Well, you recommended a website that, on the face of what I read in
your first post, is typical of the sort of site where people pick up
viruses, worms, backdoors, keyloggers, etc.

Specifically, the server offers a mirror of files that people will
want enough to forget their common sense, and the legality of the
mirroring can easily be questioned.

These kinds of offers are often hosted on servers that provide extra
unwanted services -- like drive-by installation of malware. Maybe I
should have focused more explicitly on that aspect, as well.

You thought you had reason to trust them, I suppose, but it took me
asking to get you to tell the list why. Up until that, it was only, as
you said, trust you, and take the risk of even checking the site out.

And as we talk, you talk as if anti-malware software can safely find
and remove anything bad you get in your system.

The vendors sure don't want it said too loud, but there are always a
number of new ones that they don't have signatures and other patterns
and protocols to detect and safely remove. They are better than
nothing, but they can't protect us when we deliberately go dangerous
places and do dangerous things.

And there were other questions the OP really needed to address first.
You didn't stop to, for example, ask if the restore partition were
still intact.

And there was the question of the active partition that never got asked.

Lots of options besides even going to Microsoft for a download.

Lots of things to do that are actually on topic on this list, in fact.

Even if corenoc.de were as safe as you think it is, there were lots of
things that should have been suggested first.

> The BCD is not the same as the
> MBR. The BCD is sitting on the "System" partition (usually /dev/sda1, so to
> speak) and can only be remade with Microsoft tools or likewise, I don't
> think there is any Linux tool that can do it.

Sure there is, if you know what you're doing.

But I'll admit that I had lost track of the thread at that point. I'm
an old codger, and binary coded decimal came to mind before boot
configuration data. And I wasn't sure why we were talking about that.

Why were we talking about that? The problem was considered to be an
MBR that Microsoft's upgrade tool falsely claimed was reason not to
upgrade. (If we trust Microsoft for everything, why do we not listen
to them at this point and wipe Ubuntu from the system entirely?) Why
were we talking about the boot configuration data?

>> Is there a gparted package in Ubuntu? It would be dead simple to
>> install Ubuntu to a USB, boot the thing, and install gparted on the
>> USB system. Then you have point and click for all sorts of stuff that
>> might happen on the way to repairing your MBR.
>
> You say gparted can restore a Microsoft MBR. I don't know why you would
> trust non-Microsoft tools to do that.

Well, there are some twisty paths in this, but if the OP could have
found a copy of his original MBR somewhere, gparted could lay it down
on the first sector for him.

-- if dd were too scary.

If there were no copy of the original, gparted can lay down a generic
copy that might be good enough to satisfy MSWindows7 when trying to
update to SP1. It'd be worth a try.

And any tool that can write to the MBR is as dangerous as the hand wielding it.

The only thing we might need Microsoft for here is getting an MBR that
the update to SP1 wouldn't complain about.

About the possibility of putting malware in the MBR itself, yeah, it's
possible. But gparted is used by a lot of people, and the source is
open, and it's part of many distributions including Ubuntu. So, if we
trust Ubuntu enough to use it as an OS, that trust might sort-of
transfer to gparted.

And if we trust gparted at all, it can write anywhere on any disk you
have connected, so it would not make sense to get finicky about using
it to lay down a good MBR.

> And I can't test right now because:
>
> $ sudo gparted
> Segmentation fault (core dumped)

As Liam says, that's not good news. You probably want to figure out
why that happens. I'd offer some suggestions, but you seem to think
I'm not trustworthy.

>>> Also, the Windows "bootrec" tool is no different from what fdisk could,
>>> or
>>> would do, or something similar. It is just a command line tool like all
>>> the
>>> rest.
>>
>> Meaning?
>
> Meaning that using it is not equivalent to "trusting people to do stuff for
> me that I want to do myself or want to be able to do myself".

I read that and I don't parse a meaning that makes sense to me in the
context of this discussion.  Did you read me to suggest that
Microsoft's recovery tools would be a bad idea? I look back and don't
see how you could have jumped to that conclusion.

But they aren't really on topic here.

> You mentioned of course the yannabuntu thing. But the bootrec tools is the
> core tool for doing this sort of thing. Anything else is "another tool".

Yeah, I mentioned the yannubuntu thing, mostly because it was the tool
the OP chose to use, and at that point in the thread all I knew about
it was what you can find on the project site on sourceforge. And
without looking elsewhere, there was not enough information on the
project site on sourceforge for me to consider it something to
recommend.

I do wish yannubuntu's tool and his profile were less opaque,
especially since it shows up as somewhat recommended within the
community.

But since you seem to be arguing against my non-existent
recommendation against Microsoft's recovery tools, is it really
relevant here? If you are talking about my unwillingness to look
beyond a tool's project site for a reason to trust that tool, you
should go ahead and talk about it.

I was saying that there were other options that should have been
considered first, here.

>> Digital River was always a company that seemed to be shouting out
>> "Trust ME" when it was doing things that companies I would like to
>> trust would not do.
>
> So you're basically just paranoid all around. The fact that Microsoft can
> test and verify themselves what images these guys are hosting is of no
> relevance to you.

Does Digital River own the server that corenoc.de is hosted on? Or
does Microsoft? Why would Microsoft go to the trouble of verifying
something they ostensibly would not want on the web? And what does
that have to do with trusting what is hosted on corenoc.de?

Unless, I suppose, you think you have reason to believe without
question that the files on corenoc.de actually did come from Digital
river. (He does seem to be saying he'll host ISOs from other sources,
IIRC.)

> No, everyone is suspect now, including Microsoft itself, because they might
> be installing trojans too, who knows.

Yeah, Microsoft is also suspect, but in a different way. They want me
to accept them as a standard when I know quite well that they are not
my standard, and my use of computers does not fit in with the standard
they want to sell.

But, yeah, there is also a finite probability that they have a
backdoor in the various editions/distributions of MSWindows and are
selling access to that backdoor to government agencies. I'm talking
about reported news from non-tech news sources.

And the existence of that backdoor means that there is a finite
possibility that criminal organizations could get access to it as
well. (Which is the reason, even if we trust the government agencies,
we should not be happy about the backdoor.)

> Really *facepalm*.

Don't hide from reality.

Movies do focus on the fantasy aspects of these problems because they
seem dramatic enough to maybe sell a bad plot, but the probabilities
are there.

On the other hand, their backdoor is still less of a problem for the
average user than random malware from unknown sources.

This isn't a binary question, you know. You should weigh probabilities
and take action accordingly.

But, again, we had other options than downloading Microsoft tools from
websites that claim they are not acting in accordance with Microsoft
policies, and those options should have been talked about first.

>> However, you did not post a link to Digital River. You posted a link
>> to a site that claims it hosts images from Digital River and offers no
>> proof.
>
> And what proof could it possibly offer other than Microsoft-hosted SHA
> checksums that you say are untrustworthy?

You knew why you thought they could be trusted, I guess, but we did not.

When you posted that link, you did not mention the checksums. If you
are going to recommend something like that, you should explain why you
think you should trust them. Up front, and clearly.

>> What it does offer, when you ripped into my paranoia, you mentioned
>> it. But then you seemed to indicate that you had not actually checked.
>
> It is not my job to guard against your paranoia. Maybe a psychiatrist, but
> not me, sorry.

If you are giving advice you want people to take seriously, yes it is.

>> I usually use gloves when accessing sites that host ISOs and such of
>> questionable legality because I know that a host that is willing to
>> cross one legal line will likely be willing to cross another moral
>> line. So I made some directories to isolate my work and used wget from
>> within those directories:
>
> That is just your assumption and your 'flaw' here. Sorry, again, can't help
> you with that.

wget has the ability to pull multiple files from a URL. People who
don't know that need to understand that they want to work within a
clean workspace, so they don't have to wonder where a file they don't
recognize came from.

> Seek advice or something, I don't know.
>
>>     mkdir -p isolation/corenoc
>>     cd isolation/corenoc
>>     wget --save-cookies ../cookies
>> http://mirror.corenoc.de/digitalrivercontent.net/
>
>
> Isolating the files (single file, mostly) downloaded using wget as if they
> can spring to action and destroy your system.

One file?

Before I started, I had no way of knowing whether one file would be
sufficient to get the information I was looking for without
downloading the ISO. For all I knew, I might have had to tell wget to
do a recursive pull, and those get really messy. Better to start in a
clean directory where I can know what I need to delete once I'm done.

Better to talk about that where people are likely to look at what I
say and try it at home. Better to talk about generally keeping your
workspace clean and relatively organized, so you know where files on
your disk came from.

> Because HTML files are so volatile, aren't they?

Now that you mention it, if I later didn't remember what that file
was, and looked at it with the default program, and it did contain
some javascript that loaded a keylogger on my machine, that would be
at least as bad as getting the drive-by attack directly from the
website.

Why do you argue against common sense procedure?

>> Used vi to look at the files it saved. Sure, I'm paranoid. I do not
>> want to wonder whether I have a keylogger on my system or not.
>
> Hint: there is no possibility in the chain of commands between wget and
> anything else you do that will install a keylogger on your Linux system here
> okay.
>
> Maybe you should isolate that HTML file in a concrete bunker in case some
> radiation leaks out too.
>
> :-/.

Maybe you should think things out a little farther instead of
resorting to sarcasm.

>> Since you ask, it would be dead easy to set up something like Boot
>> Repair CD, seed it with a backdoor installer for several popular
>> OSses, and then offer it on sourceforge under a pseudonymous username.
>>
>> Yannubuntu has made his connection from the Ubuntu community to his
>> Boot Repair CD pretty clear, but he or she has not made the reverse
>> connection clear at all. That's why I'm asking him or her to post the
>> reverse connection on sourceforge.
>>
>> The ISOs you posted the links to have the same sort of problems, in
>> addition to being technically illegal until someone sues Microsoft and
>> the OEMs and gets a judgment that there is some sort of contract to
>> keep those ISOs available.
>>
>> The fact that you seem to ignore the basic principles I am telling you
>> about makes me rather hesitant to trust what you say on the list, as
>> well.
>
> I still recommend some pills.

You recommend depending too much on antivirus software, too.

>> If you want to get into things a little deeper, you knew that SHA1 has
>> been broken?
>
>
>> (1) Find a good reason to mirror ISOs from Microsoft.
>> (2) At first, host them in perfect condition, along with the SHA1
>> checksums from Microsoft and links to where the checksums can be found
>> on Microsoft's site.
>> (3) Make sure that the checksums are prominent on my mirroring site,
>> and that the means of checking them is also prominent.
>> (4) Troll various lists under various usernames with the information
>> that the ISOs are there and provably safe.
>> (5) Crack one checksum at a time, sufficient to insert a little
>> backdoor into just that one ISO in some rarely examined binary deep in
>> the System directory hierarchy.
>> (6) Substitute the ISO some time after I had quit trolling.
>
> There is just one issue with that under the current example:
>
> that rarely examined binary will never get run by a person running bootrec
> /fixmbr or anything of the kind.

Rarely examined and rarely executed are not the same.

Explaining more than that would be writing too much cookbook for malware here.

> unless that bootrec /fixmbr installed a boot virus (I don't know if it gets
> run by the installer of course, I guess not) (but I'm not sure) your
> proposed exploit would not actually get used in this instance. You were
> talking about protecting your MBR. Well, this is not it.

Malware in MSWindows does not need bootrec to write over the MBR, nor
to write other places that naming here would be providing more
cookbook for malware.

But, yeah, a modified bootrec.exe would be another possible attack strategy.

But, no, the MBR was not even the first thing I was thinking about.

I'm providing too much information here on methods for attacking
MSWindows, which is really OT here.

>> There are some other details about choice of binary to pervert and
>> about the possibility of adding triggers, etc., and the necessity of
>> perverting certain system functions enough that the OS would ignore
>> the changes to just certain binaries. But there's plenty of room in a
>> 2G ISO for that.
>>
>> Public mirroring is relatively safe because the checksums are not the
>> last line of defense. Maybe I have never met most of the Ubuntu
>> developers face to face, but I interact with a lot of people who have.
>> If one of them decides his reputation isn't worth enough to keep him
>> honest, it will get noticed.
>>
>> Even with something as controversial as systemd, the developers have a
>> vested interest in keeping things working correctly at some level, and
>> the openness of the processes partially protects things from certain
>> abuses that can occur in closed commercial environments.
>>
>> But this is a private mirror we are talking about, so the checksums
>> are the only line of defense, and I don't know enough about the person
>> or people hosting corenoc.de to have any good reason to believe they
>> are not playing the game I describe above, or a similar one that I
>> have not described but is significantly more likely. (Which is why I
>> am not providing any hints on how to do it in a public forum.)
>
> You are just forgetting one thing: if any of the images had trojans in them,
> they would
>
> a) quickly get discovered by most virus-scanning software out there most
> likely

How do the vendors find out about the exploits so quickly? Who tells
them where to look? Who gives them samples to analyze?

How do the scanners get programmed to find the malware?

All of that takes time, even if we suppose that the vendors have
already found, in this case, corenoc.de.

> b) result in people talking about it on the net, and
> c) the reputation of that person quickly getting tarnished to the point of
> having to take his content offline because the site is not that easy to find
> if you don't know how (for example because of previous searches) and sites
> that link to it would either remove their links or start calling it out on
> it.

Surely you know that this sort of thing has been done in the past, and
that the perpetrators just disappear and go play with their
brand-shiny-new bot farm that government agencies and anti-malware
vendors then get to go hunting for.

> The "Microsoft" community is much much larger than the Linux community. You
> don't think there are a dozen sites that would quickly determine this to be
> a fraud?

If I talk about how to keep a low profile, I add more to what is
turning into a seminar on harvesting bots for a botfarm. But large
community does not help us protect ourselves from becoming a member of
a botfarm here.

> Moreoever, if these keyloggers or other things exist (i.e. botnet) there
> would be people like myself and others who would get hurt by it. My
> credentials would be stolen and I would find accounts getting hacked most
> assuredly.

Surely you are aware that there are people who have lost money to this
kind of attack, and many of them were not aware of it until it had
been going on for several months? And had been pointed out to them by
someone else?

Etc.

> Now I can't say with a million percent accuracy that my computer
> is not part of a botnet (when it is running Windows).

Why do you limit that to MSWindows?

> I can say that all
> Windows PCs carry Windows Defender which is pretty okay at detecting
> anomalies.

"Pretty okay" here means that it has holes that even I can find, and
I'm not looking.

> I can also say that if this was a pervasive scheme that this
> software would quickly get updated with the means to detect this anomaly. So
> all indications show that this is simply not the case.

Yes, you trust the anti-virus software too much.

> In other words, there is no reason to be worried until there is a reason to
> be worried and since I have had nothing happen to me nor anyone else that I
> would see on the net that would get linked to this download,

You probably wouldn't even see it for several months, if it were
successful. Longer than months, maybe. And then you would have to
spend several months or longer cleaning the mess up.

If you live in a country where a bad credit rating can damage your
ability to make a living, once there is a reason to worry, you're in a
world of hurt.

> It simply means that you have a rather skewed conception of whom you can
> trust and whom you can't, because to you even Microsoft itself is a
> potential culprit as to its own software, most likely.

Obviously, my point of view is skewed from yours. That was apparent
quite a ways back.

> In this context of you not trusting Microsoft OR Windows at all, likely,
> then, at that point, the entirety of Windows turns into one big keylogger
> for you.

Which is why I avoid running MSWindows at home. At work, well, I work
on what they pay me to work on, and I encourage the IT support crew at
work to do their part of the job, as much as I can without
overstepping my authority.

> And in this context, any advice from you as to the usage of Microsoft
> Windows should simply be disregarded.
>
> That's all.
>
> And in the context of this thread, this is my last message here. Seek help
> ;-).
>
> Regards.

And I think you are giving bad advice. Really bad advice. I didn't
want that advice to go to the archives unchallenged.

Whether you seek help to get your attitude of privilege turned around
is up to you, but you are operating from an attitude of privilege that
does not match reality. (... no matter how much Microsoft's salescrew
is happy to refer to it in their sales approach.)

Nobody has a right to expect downloading arbitrary things from the
big, wide Internet and using them is safe.

-- 
Joel Rees

I'm imagining I'm a novelist:
http://joel-rees-economics.blogspot.com/2017/01/soc500-00-00-toc.html
More of my delusions:
http://reiisi.blogspot.jp/p/novels-i-am-writing.html