Inspired by XKCD: MBR Love Note

I am a huge fan of the webcomic, XKCD, which is a very geeky and amusing comic for those of you who haven’t read it. On Friday, the following comic was posted:

And this of course reminded me of when I first started programming — I started with assembly language in 2000 with an 80286 I got out of the trash. I quickly became interested in low-level system programming, and created a number of MBR-based programs and other random programs in assembly. I haven’t programmed in assembly in a couple years, but this was pretty simple once I started going. :)

In any case, the comic has inspired me to write a Windows-based program that can write a “love note” to the MBR and display it when the computer starts. And of course, just for fun it shows the “Missing operating system” message as well. Shown is a screenshot:

Roses are red… missing operating system.

OBVIOUSLY this can be a very dangerous program, and could very well destroy your computer. In fact, I would assume any antivirus program worth its salt would detect this as a virus (I haven’t formally tested this assumption). So, don’t use it unless you really know what you’re doing. The number of people that would fit that description is around 0.001% of the population of computer programmers.

DONT’S:

  • Don’t use this program if you do not know how to uninstall this program
    manually. For that reason, there is no uninstaller.
  • Don’t use this on 64-bit machines or ones with EFI — I really have no idea if it will work on those machines, but I seriously doubt it would. If you don’t know what EFI is, don’t use this program.
  • Don’t use this on machines with GRUB, it will kill your system.
  • Don’t use this on any system that is important to you or one that you do not own/control, it may kill that system, and you will get in trouble.
  • Don’t use this program if you cannot pass the following quiz without any
    references. Especially don’t use this program if you have no idea how to
    decode the answers to the quiz.

Quiz:

  1. What is the difference between an MBR and a boot sector?
  2. What does interrupt 0x19 do?
  3. What offset does the partition table start at in an MBR, and how many bytes is each entry?
  4. What offset is the “signature” of the MBR located at, and what is it?

Quiz Answers (encoded in ROT13)

  1. Obbg frpgbef ner qrsvarq cre cnegvgvba, gurer vf bayl bar (hfrq) ZOE.
  2. Vg vf gur vagreehcg pnyyrq gb obbg sebz n qvfx.
  3. 0k1OR, fvkgrra olgrf
  4. Vg vf ybpngrq ng 0k1sr, naq vf 0k55 sbyybjrq ol 0kNN

How it works
You run love.exe in Windows, and it asks you for a message to put on the MBR. After clicking “destroy”, it does it. It will work in XP as administrator. It actually writes the love note to sector 3, the original MBR to sector 2, and a custom MBR to the MBR that displays the note, waits for a key to be pressed, and then loads the original MBR — at which point the computer will continue booting.

I used NASM to compile the MBR code, and Visual Studio 2005 to compile the Windows
installation program. I’ve never coded with MFC before, and this experience has not
motivated me to do it again anytime in the near future.

If you have any questions/comments/bug reports for this, feel free to contact me.

Download link: http://www.virtualroadside.com/software/

Note: In response to the comment by Criveti Mihai, the binary for the MBR sector actually is in the zip file at src/love/love/mbr.bin .. except if you were to install it via DD, you would need to install a message on sector 3 as well.

Note II: apparently the 4th answer to the quiz was incorrect for the last year or so… heh. Told you it was hard! Anyways, thanks to cm for pointing this out.

57 Responses to “Inspired by XKCD: MBR Love Note”

  1. Anonymous says:

    Assuming one were to install this, and was able to boot at least once afterwards, would using a hex editor to copy the contents of sector 3 to sector 2 constitute an uninstall?
    I’m guessing in a DOS environment, FDISK /MBR would undo this, correct me if I’m wrong… what would windows’s FIXMBR program make of this?

    one more thing, if this program overwrote a GRUB sector, would it be possible to boot a livecd, chroot, and run grub to fix it?

  2. dustin says:

    > Would using a hex editor to copy the contents of sector 3 to sector 2 constitute an uninstall?

    Sector 2 to sector 1. And, just a hex editor wouldn’t work.. a sector editor, yes.

    > I’m guessing in a DOS environment, FDISK /MBR would undo this, correct me if I’m wrong… what would windows’s FIXMBR program make of this?

    Both should work. The partition table is retained on sector 1, so it would just overwrite the executable code.

    > one more thing, if this program overwrote a GRUB sector, would it be possible to boot a livecd, chroot, and run grub to fix it?

    Yes. The partition table is left intact, so it would fix it.

  3. You could also provide it as an image you can write to disk with dd (dd if=loveletter of=/dev/yourdiskhere). And people who wish to try it on real hardware and not qemu or whatever can simply create a backup copy of their MBR (dd if=/dev/mydisk of=mymbr bs=512 count=1) and restore that. That way, there’s no need to wonder about what your little program does ;-). Without having to mess with other disk sectors…

    xkcd ftw :-).

  4. Anonymous says:

    Very cool. To boot a message from floppy, just change the following text and text length, then assemble with NASM and write to boot sector of floppy.

    ??????????????????????????????????????????
    entry start
    start:
    ; get cursor position
    mov ah,#0x03 ; func 3 of int 13h
    xor bh,bh ; clear
    int 0x10

    ; set page number and attribute to be set while displaying
    mov cx,#35 ; msg len
    mov bx,#0x007 ; attr (color, white on black background)
    mov bp,#msg ;mov addr of msg into bp
    mov ax,#0x1301
    int 0x10

    loop1: jmp loop1

    msg:
    .byte 13,10 ; CR,LF
    .ascii “IN UR BIOZ, HANDL’N UR INTERRUPTZ”

  5. Eugen says:

    dude, this is a pebble in the pond of my memories, but i really can’t pass the quiz, though back in the 90s i would’ve stood a decent chance for maybe a 3/4. (or 2/4 :))

    anyway, thumbs up.

  6. SHIT ! says:

    Oh Shit! I just killed my Macbookpro which was running XP on Bootcamp :-s

  7. dan says:

    yeah, to the guy with the bricked MBP, it does say not to use it on a system running EFI :p

  8. cynic says:

    99.999% of computer programmers are skeptical about the claim that this program “could very well destroy your computer”.

  9. Jono says:

    Did you write a program to put sweet nothings in all my .conf files as well ;) (re the comic alt text)

  10. minmshrsht says:

    You are alll fags……and need to get laid!!!!!!

  11. rainbow dude says:

    I think minmshrsht just propositioned me. Bend over, butt boy… I’ll show you what it’s really like to get laid.

  12. TheHolyMacintosh says:

    To the dude with a mac: For the love of all things holy, READ THE INSTRUCTIONS. If you can’t understand the DOs and DONTs, don’t fuck with it. I say this being a very computer literate person, and getting a solid 0/4 on the quiz, so believe the dude when he says that 0.0001% of the COMPUTER PROGRAMMER population is qualified to do this.

    As someone noted, your MacBook uses EFI, and you are specifically told NOT to use this on machines with EFI.

    You = Fail

    Good day to you.

  13. Shawin says:

    I saw this on boingboing. Now, if this gets on digg, I could bet that thousands of idiots will be f**kin up their comps.

  14. Mafi says:

    But in saying that, it’ll remove a large population of Digg, therefore giving the Internet their bandwidth back. Think of it as a blessing, moreso than a problem.

  15. Mark says:

    @Mafi and consequentially @Shawin; For that singular reason, this is the best computer program ever.

  16. Wolfger says:

    “if this gets on digg, I could bet that thousands of idiots will be f**kin up their comps”

    /me goes to digg this…

  17. GargaPotter says:

    @Mafy, @Mark Now I understand why Internet has more speed this morning! :D

  18. Deep-Thought says:

    Can anyone send me a actual mbr written by this program? Or maybe the ASM code?
    I have no Windows and i know how to use dd. ;)

  19. dustin says:

    The sourcecode, and the MBR binary, are both included in the download.

  20. athloi says:

    Can you make it a BHO? We can get that on Digg, and the internet will be nice and peaceful for a few days.

  21. dustin says:

    Well… if you really want to do that, then as stated above, the sourcecode is included. I don’t think its worth my time to do that though. That would be really neat if it worked though. Hmm…

  22. Jim says:

    @Shawin

    It got on Digg…

    …wait, this really is bad, isn’t it?

  23. Anthony says:

    I wish I were literate enough to do this, or at least play around. I agree that many people will have problems, very soon, and as the (probably) most computer-literate person in my town, I may become busy soon….

    Still, I hope many a n00b try this, so, if nothing more, servers will have a bit of a break.

    Also, I am very close to knowing about what needs to be known to work with this, and if I hurry up and learn it, I might be able to charge people for “repairs”…. :D

  24. nitro2k01 says:

    I tried the MBR love letter and, since we have the same computer (Dell Latitude, probably D600) I decided to take a picture. Then I decided to shoot a video. Then I decided to write a blog post.
    And here’s the blog post: (Including the video)
    http://gameboygenius.8bitcollective.com/wordpress/?p=89

  25. Astrocat says:

    Unless the program does physical damage to the harddrive, surely any PC technician worthy of the name would pass as fit to use it… no ?

    And even if the program is so badly written that it can physically ruin a harddrive (which i doubt, somehow) that is entirely different from having a computer destroyed.

    I am not a programmer, but am a PC technician.
    I can’t see any reason why this program would be any problem for me if used either on a computer whose harddisk contains nothing i want to keep , which is due a reformat and reinstall of the OS anyway, or a harddisk with an OS in a similar state whose contents i wouldn;t mind pulling off, using a different harddisk.

    I’ve backed up harddrives with trashed master boot records before (trashed by linux, in those cases) , you just wheel everything out via another harddrive’s OS…. it’s nothing to break a sweat over, if you know what you’re doing.

    Unless,regarding this particular program, there is something I am missing ?
    It is quite possible… i scored a whopping zero on the test as it’s all gobbledygook to me.

  26. Emjayes says:

    sudo find / -name *.conf |xargs -i echo “Sweet nothings” > {}

    Should cover the alt-text

  27. nitro2k01 says:

    Astrocat: The program can’t really physically harm the HD or computer. One can simply restore the MBR. Normally the computer should just boot after the message. The point is that if things actually go wrong, and you’re just a “regular user”, you probably won’t be able to fix it. Therefor, I think Dustin did the right thing not even telling that the computer should actually boot correctly on a standard 32-bit Windows not booting from EFI, after installing this problem. (Still don’t try it and blame me if you don’t know how to fix it) But there might be common software, maybe some antivirus woftare or whatnot that installs itself in the MBR and makes the computer unbootable after instaling the letter, and there you have a group of users who are pissed off because they can’t boot their computers.

  28. DinkMeeker says:

    Re:Emjayes’ cmd: Warning to anyone who runs linux…DON’T run this if you cant figure out what it does…

  29. kewll33tk1d says:

    It worked on the library computer. I did, and I’m not yet 12.

    But, they hide the unit behind a locked door.

    So, I cudn’t boot live and fix it.

    I guess the tech dude can figure it out.

    bwahahahaha

  30. denon says:

    unbelievably geeky.

    Answers (encoded in ROT13) lmfao

  31. ian9outof10 says:

    If only you could require a specific key press before the PC would boot this would be a pretty neat PC protection tool ;)

  32. Gangadhar says:

    This is nice thing. Please help me also..
    i decided to change the MBR. Before loading the OS i want load the image (my photo), after displaying the photo it must load the OS as its erly does.

    ## How to change the MBR code,
    ## How to copy the MBR code of the first sector and write to the other sector. Then how to call this MBR from our changed sector. If any document is there please send me.

  33. Doesnt' work says:

    Doesn’t seen to work with BSD as is, you have to modify your boot loader to allow for this to work properly…

  34. roflmobil says:

    Ralf Brown’s Interrupt List
    Indexed HTML Version – Release 61

    http://www.ctyme.com/rbrown.htm

  35. Fishyfish says:

    The mandriva linux has the option to restore boot-loaders :D

  36. mp says:

    ohhhh… :-/ I SO want to try this.

    But am all too aware I completely lack the skills to fix it should I f*** my PC with it, or to prevent such from happening. Would ask for a compiled version of the floppy-writing ones (I have literally hundreds of the critters in the cupboard), if my only floppy disc drive wasn’t now a very rarely-used USB one.

    However, I am happy it exists.

  37. AA says:

    Okay, which one of you put this on Wikipedia?

  38. Tego says:

    Looking at this it is fun, and yeah lets just make it a bit more dangerous for new users…. the sudo command was a gem. i cant wait to see that someone ran that. & @ the pc technician you fit into another group not mentioned here… those of us who could recover from F$#*^& over our HDs without a trip to the local comp repair place. but we would have to resort to pulling the information and reinstalling. not actually repairing the system. I have only one question what happens if you run this twice? it seems like it would brick the pc by just writing this twice and removing the origional MBR completly ?

  39. Helgi says:

    I’m not sure “sudo find / -name *.conf |xargs -i echo “Sweet nothings” > {}” is going to work, I tried that but only got a file named “{}” with a number of “Sweet nothings” matching the number of .conf files I have on my system.

    But I’m 100% sure this will work,

    for i in `find / -name “*.conf”`;do echo “Sweet nothings” > $i;done

    :)

  40. Joe says:

    Helgi: As a linus newb, feel free to shoot me out of the sky but, woulden’t you still need to sudo the command? Unless you were running as root, which every linux book says is a bad idea.

  41. Juan says:

    Can this be prepackaged in such a way that it auto installs by just viewing in a email (via outlook) or website.
    I would like to put it in someones PC without going to her house (to avoid letting her know who did it)?

  42. Spoom says:

    Juan: I doubt the author intended to create a real virus.

  43. dustin says:

    Juan: See the instructions. If you’re asking such a question, obviously you’re not qualified enough to run it.

  44. EdorFaus says:

    I don’t recall the (complete) answers to 3 and 4, but I did know them some years ago, and know how to look them up and/or otherwise find out when needed…
    Considering that I have, though quite a few years ago, written boot record code myself and put it into the MBR successfully, I’m probably in that 0.001% anyway. :)
    I remember having trouble remembering if the fives or the tens came first though, probably because iirc it depended on whether I read byte by byte or as a single (16-bit) word…

  45. Here is an idea.
    Create a program for learning the multiplication table.
    Start it from the MBR, ask a few 8*6, 7*9, 2*3.
    After a wrong answer start again. Boot-up after giving all good answers.
    There might be 3, 5 or 10 questions.
    Kids will love it… after aproximately 10 years… on their graduate exams… ;-))
    Should work on Windows Vista as probably most modern games are designed for.
    Do you like the idea?

    Marcin Piaskowski

  46. Well, the bootsector stuff (beyond basic definitions) is above my head, so i had to use Leetkey (a nifty, but mostly useless firefox addon. however, it was rather useful here ;) ) to decode the answer.

    Anyway, i want to start programming, i’m starting with BASIC (using QBASIC+DOSbox),

  47. Anonymous says:

    @Joe:
    What do the “linus” books say about writing “Sweet nothings” in all your configuration files?

  48. Maheshjr2000 says:

    Ya, clamav says that this isnt a virus. Maybe that warning of yours should be a bit bigger for the noobs who dont know what an MBR is(let alone how to fix one).

  49. Maheshjr2000 says:

    Oh martin I will see if I can implement your idea :D

Leave a Reply