Re: about extracting grub2 files from mbr

[Isaac Dupree]

I tried looking on Wikipedia and searched Symantec to find out what PGP 
Desktop is exactly, and only found marketing or other non-information. 
Do you know what it is?

In Linux, you can read everything on your disk with a command something like
# dd if=/dev/sda | hexdump -C | less
but that won't tell you much, because a PGP key would look like random 
bytes to you.

What you really need is documentation to *tell* you what form the 
encryption keys are stored or derived in.  And once you have that, you 
shouldn't need to read your disk at all if you don't want to.

(
random thoughts:

Does it require you to enter a password?  The key might be encrypted 
with that password.  The key might be derived from that password.

Is it using an already widely used disk encryption format such as LUKS 
or TrueCrypt?
)

You are quite right that software-only encryption on PCs can't encrypt 
all 440ish bytes of the MBR, unless the system boots some other way than 
from its main disk.

But again, you are trying to understand it, so you should read the 
software's documentation.  If it doesn't have documentation, be afraid 
and assume they did everything wrong (or am I too cynical there?).

If you want a more thorough understanding, you'll also want to find some 
thorough documentation about the boot process at least from 
firmware+motherboard through OS kernel initialization.

-Isaac

On 01/20/2012 07:34 AM, address@hidden wrote:
> Hi all,
> I don't know if I'm asking in the right ML, but I hope so :) I'd like to know
> if there's a way
> to extract what's in the mbr knowing that there is grub2 installed on it.
> Let me explain this in a bettter way: we have adopted in our company a
> Symantec software called
> PGP Desktop to manage disk encryption, which installs a modified grub2 boot
> loader to let
> authorized users to boot the OS. I'm not familiar with bootloaders and how
> they are installed so...
> first thing I wanted to be sure is if the mbr is encrypted (I really doubt it)
> and if there's a way to extract
> everything it is inside to see if it stores the PGP key somewhere in it. Yeah
> I know my question
> seems like "hey, help me hack this one" but I'm just concerned about my
> computers security,
> and since its bootloader is based on grub2 maybe you can/want help me, if not
> no problem.
>
> Thanks a lot.
>
> David
>
> _______________________________________________
> Help-grub mailing list
> address@hidden
> https://lists.gnu.org/mailman/listinfo/help-grub