====== Differences ====== This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
winbootibft [2006/09/19 12:42] mcb30 |
winbootibft [2006/09/20 06:17] (current) mcb30 |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Decoding the iSCSI Boot Firmware Table ====== | ====== Decoding the iSCSI Boot Firmware Table ====== | ||
- | Microsoft has recently raised objections to the publication of information describing the iSCSI Boot Firmware Table (iBFT). They believe that the definition of this table is confidential information, and that anyone who knows how it is constructed can only have obtained such information by signing a non-disclosure agreement. | + | Representatives of Microsoft have recently raised objections to the publication of information describing the iSCSI Boot Firmware Table (iBFT). The iBFT is a data structure used when Windows is booted from an iSCSI disk hosted on a remote computer, or on an iSCSI network-attached storage (NAS) box; a high-level overview is published by Microsoft at http://download.microsoft.com/download/5/b/9/5b97017b-e28a-4bae-ba48-174cf47d23cd/STO026_WH06.ppt. |
- | This document exists solely to prove that this belief is false. | + | The Microsoft representatives seem to have taken the position that the details of this table are confidential, and that anyone with knowledge of its structure must have been privy to information covered by a non-disclosure agreement. |
- | Without revealing any information about the structure of the iSCSI Boot Firmware Table, we will demonstrate that it is trivial to decode, using tools published by Microsoft for this explicit purpose. | + | This web page exists solely to prove that the above position is incorrect. |
+ | |||
+ | Without revealing any information about its structure, we will show that the iSCSI Boot Firmware Table may be decoded using tools published by Microsoft for this exact purpose. | ||
==== Step 1: Obtain the boot-capable Microsoft iSCSI initiator ==== | ==== Step 1: Obtain the boot-capable Microsoft iSCSI initiator ==== | ||
- | This is available from several sources, including Microsoft themselves. For this demonstration, we chose to purchase a copy of winBoot/i from [[http://www.emboot.com|emBoot]]. Here is the emBoot download page: | + | This is available from several sources, including Microsoft itself. For this demonstration, we chose to purchase a copy of [[http://www.emboot.com|emBoot's]] winBoot/i software, which includes a copy of the boot-capable Microsoft iSCSI initiator. Here is the emBoot download page: |
{{ iscsiboot/emboot-download-page.png?200x150 }} | {{ iscsiboot/emboot-download-page.png?200x150 }} | ||
Line 17: | Line 19: | ||
{{ iscsiboot/emboot-zipfile.png?200x150 }} | {{ iscsiboot/emboot-zipfile.png?200x150 }} | ||
- | The zip file contains an executable named WBI_CLIENT_X86_V1_50_B13.EXE.rename. We copied this file out of the archive and renamed it to WBI_CLIENT_X86_V1_50_B13.EXE, and ran it: | + | ==== Step 2: Install the boot-capable Microsoft iSCSI initiator ==== |
+ | |||
+ | The zip file contains an executable named WBI_CLIENT_X86_V1_50_B13.EXE.rename. We copied this file out of the archive, renamed it to WBI_CLIENT_X86_V1_50_B13.EXE, and ran it: | ||
+ | |||
+ | {{iscsiboot/emboot-client-setup1.png?200x150 }} | ||
+ | {{iscsiboot/emboot-client-setup2.png?200x150 }} | ||
+ | {{iscsiboot/emboot-client-setup3.png?200x150 }} | ||
+ | {{iscsiboot/emboot-client-setup4.png?200x150 }} | ||
+ | {{iscsiboot/emboot-client-setup5.png?200x150 }} | ||
+ | {{iscsiboot/emboot-client-setup6.png?200x150 }} | ||
+ | {{iscsiboot/emboot-client-setup7.png?200x150 }} | ||
+ | {{iscsiboot/emboot-client-setup8.png?200x150 }} | ||
+ | {{iscsiboot/emboot-client-setup9.png?200x150 }} | ||
+ | {{iscsiboot/emboot-client-setup10.png?200x150 }} | ||
+ | {{iscsiboot/emboot-client-setup11.png?200x150}} | ||
+ | |||
+ | We found that the iscsibcg.exe utility had been installed into C:\WINDOWS\System32: | ||
+ | |||
+ | {{ iscsiboot/iscsibcg-installed.png?200x150 }} | ||
+ | |||
+ | ==== Step 3: Boot from iSCSI and run iscsibcg ==== | ||
+ | |||
+ | We booted this installation of Windows via iSCSI, opened up a command prompt, and ran the command | ||
+ | |||
+ | iscsibcg /? | ||
+ | |||
+ | which stated that the iscsibcg utility has two main functions, one of which is to "View the contents of the iBFT table": | ||
+ | |||
+ | {{ iscsiboot/iscsibcg-options.png?200x150 }} | ||
+ | |||
+ | Helpfully, the tool even gave the command which we needed to run in order to view the iSCSI Boot Firmware Table, which was | ||
+ | |||
+ | iscsibcg /ShowiBF | ||
+ | |||
+ | Running this command gave us a complete dump of the table, including the raw hex data and a description of each field. To avoid antagonising Microsoft, only a small extract of the output is shown here: | ||
- | {{iscsiboot/emboot-client-setup1.png?200x150 }}{{ iscsiboot/emboot-client-setup2.png?200x150 }}{{ iscsiboot/emboot-client-setup3.png?200x150}} | + | {{ iscsiboot/iscsibcg-showibf.png?200x150 }} |
+ | ==== Conclusions ==== | ||
+ | * At no point during this process did we need to sign any non-disclosure agreement with Microsoft or any other party. | ||
+ | * At no point during this process did we reverse-engineer any piece of software or use it for anything other than its explicitly stated purpose, according to its own documentation. | ||
+ | * The information obtained from this process is entirely sufficient to allow a programmer to write code for generating or parsing an iSCSI Boot Firmware Table. | ||
+ | * It is therefore incorrect for anyone to claim that the structure of the iSCSI Boot Firmware Table is confidential information. | ||