====== Differences ====== This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
winbootibft [2006/09/19 12:42]
mcb30
winbootibft [2006/09/20 06:17] (current)
mcb30
Line 1: Line 1:
 ====== Decoding the iSCSI Boot Firmware Table ====== ====== Decoding the iSCSI Boot Firmware Table ======
  
-Microsoft ​has recently raised objections to the publication of information describing the iSCSI Boot Firmware Table (iBFT).  ​They believe that the definition of this table is confidential informationand that anyone who knows how it is constructed can only have obtained such information ​by signing a non-disclosure agreement.+Representatives of Microsoft ​have recently raised objections to the publication of information describing the iSCSI Boot Firmware Table (iBFT).  ​The iBFT is a data structure used when Windows is booted from an iSCSI disk hosted on a remote computeror on an iSCSI network-attached storage (NAS) box; a high-level overview ​is published ​by Microsoft at http://​download.microsoft.com/​download/​5/​b/​9/​5b97017b-e28a-4bae-ba48-174cf47d23cd/​STO026_WH06.ppt.
  
-This document exists solely ​to prove that this belief is false.+The Microsoft representatives seem to have taken the position ​that the details of this table are confidential,​ and that anyone with knowledge of its structure must have been privy to information covered by a non-disclosure agreement.
  
-Without revealing any information about the structure ​of the iSCSI Boot Firmware Table, we will demonstrate that it is trivial to decode, ​using tools published by Microsoft for this explicit ​purpose.+This web page exists solely to prove that the above position is incorrect. 
 + 
 +Without revealing any information about its structure, we will show that the iSCSI Boot Firmware Table may be decoded ​using tools published by Microsoft for this exact purpose.
  
 ==== Step 1: Obtain the boot-capable Microsoft iSCSI initiator ==== ==== Step 1: Obtain the boot-capable Microsoft iSCSI initiator ====
  
-This is available from several sources, including Microsoft ​themselves.  For this demonstration,​ we chose to purchase a copy of winBoot/i from [[http://​www.emboot.com|emBoot]]. ​ Here is the emBoot download page:+This is available from several sources, including Microsoft ​itself.  For this demonstration,​ we chose to purchase a copy of [[http://​www.emboot.com|emBoot's]] winBoot/i software, which includes a copy of the boot-capable Microsoft iSCSI initiator.  Here is the emBoot download page:
  
 {{ iscsiboot/​emboot-download-page.png?​200x150 }} {{ iscsiboot/​emboot-download-page.png?​200x150 }}
Line 17: Line 19:
 {{ iscsiboot/​emboot-zipfile.png?​200x150 }} {{ iscsiboot/​emboot-zipfile.png?​200x150 }}
  
-The zip file contains an executable named WBI_CLIENT_X86_V1_50_B13.EXE.rename. ​ We copied this file out of the archive ​and renamed it to WBI_CLIENT_X86_V1_50_B13.EXE,​ and ran it:+==== Step 2: Install the boot-capable Microsoft iSCSI initiator ==== 
 + 
 +The zip file contains an executable named WBI_CLIENT_X86_V1_50_B13.EXE.rename. ​ We copied this file out of the archiverenamed it to WBI_CLIENT_X86_V1_50_B13.EXE,​ and ran it
 + 
 +{{iscsiboot/​emboot-client-setup1.png?​200x150 }} 
 +{{iscsiboot/​emboot-client-setup2.png?​200x150 }} 
 +{{iscsiboot/​emboot-client-setup3.png?​200x150 }} 
 +{{iscsiboot/​emboot-client-setup4.png?​200x150 }} 
 +{{iscsiboot/​emboot-client-setup5.png?​200x150 }} 
 +{{iscsiboot/​emboot-client-setup6.png?​200x150 }} 
 +{{iscsiboot/​emboot-client-setup7.png?​200x150 }} 
 +{{iscsiboot/​emboot-client-setup8.png?​200x150 }} 
 +{{iscsiboot/​emboot-client-setup9.png?​200x150 }} 
 +{{iscsiboot/​emboot-client-setup10.png?​200x150 }} 
 +{{iscsiboot/​emboot-client-setup11.png?​200x150}} 
 + 
 +We found that the iscsibcg.exe utility had been installed into C:​\WINDOWS\System32:​ 
 + 
 +{{ iscsiboot/​iscsibcg-installed.png?​200x150 }} 
 + 
 +==== Step 3: Boot from iSCSI and run iscsibcg ==== 
 + 
 +We booted this installation of Windows via iSCSI, opened up a command prompt, and ran the command 
 + 
 +  iscsibcg /? 
 + 
 +which stated that the iscsibcg utility has two main functions, one of which is to "View the contents of the iBFT table":​ 
 + 
 +{{ iscsiboot/​iscsibcg-options.png?​200x150 }} 
 + 
 +Helpfully, the tool even gave the command which we needed to run in order to view the iSCSI Boot Firmware Table, which was 
 + 
 +  iscsibcg /ShowiBF 
 + 
 +Running this command gave us a complete dump of the table, including the raw hex data and a description of each field. ​ To avoid antagonising Microsoft, only a small extract of the output is shown here:
  
-{{iscsiboot/​emboot-client-setup1.png?​200x150 }}{{ iscsiboot/​emboot-client-setup2.png?​200x150 }}{{ iscsiboot/​emboot-client-setup3.png?​200x150}}+{{ iscsiboot/iscsibcg-showibf.png?​200x150 }}
  
 +==== Conclusions ====
  
 +  * At no point during this process did we need to sign any non-disclosure agreement with Microsoft or any other party.
 +  * At no point during this process did we reverse-engineer any piece of software or use it for anything other than its explicitly stated purpose, according to its own documentation.
 +  * The information obtained from this process is entirely sufficient to allow a programmer to write code for generating or parsing an iSCSI Boot Firmware Table.
 +  * It is therefore incorrect for anyone to claim that the structure of the iSCSI Boot Firmware Table is confidential information.
  

QR Code
QR Code winbootibft (generated for current page)