Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
ok folks, i know what the MBR is, and where the 1st copy is. on some OS's the 512bytes of MBR is on disk in two locations, block 1 and another place, i believe on windoze the copy is made to the end of the boot part.
i am looking to dd the MBR copy, like dd if=/dev/sda of=mbr.copy bs=512 count=1 skip=210987 where block 210988 is the MBR copy on disk, etc.
The problem I see with picking a particular location, such as block 210987, is ensuring that the block is marked as used or reserved and does not get reallocated for another purpose. In the examples given of copying the MBR to a file, especially coupled with the MD5 hashing as suggested by unSpawn, you get a stored copy (as a 512 byte file) that can be put anywhere, on any backup media, and then used to restore the MBR when needed.
i am looking to dd the MBR copy, like dd if=/dev/sda of=mbr.copy bs=512 count=1 skip=210987
where block 210988 is the MBR copy on disk, etc.
Are we here talking about the new PT not the MBR? "Skip" is not necessary unless you wanted to do-copy the end of the disk that contains the backup table under the GPT implementation --since you have already declared "count=1".
Under the GPT (GUID Partition Table) there is no more MBR considerations, no 4partition limit, no 'logical' partition --all partitions are equally both 'primary & logical'. Every partition is identified by its Globally Unique IDentifier hash, not by its cylinder location. Is this what we are talking about by the need to issue the option "skip=nnnnn" ?
The GPT resides about the first 2MB of the disk, maintains backup record at first block of later partition, and finally keeps backup record at the last 2mb of the disk. See wiki on GPT and UEFI.