MBR-Structure

What is MBR, it’s Working and Hacking !!

The Master Boot Record (MBR) is an essential component of a computer’s storage system. It is the first sector of an MBR partitioned hard drive that contains the necessary information for the computer to boot up. The MBR is responsible for loading the operating system and other important data that is necessary for the computer to function correctly.

Though, today most of the modern computers donโ€™t use MBR anymore due to its various drawbacks. Instead, we use GPT ( GUID Partitioned Table ) which is more secure, reliable, and has multiple benefits over MBR.

But before moving on any further we should understand what both of these partition schemes do.

What Do GPT and MBR Do?

GPT and MBR are two different ways of storing data in a partition table. You can also call them partition schemes ( like me ๐Ÿ˜ ). These are the first sectors of any computer hard disk. 

They tell the computer how the hard disk is partitioned and how to load the Operating system.

But GPT has MBR support for old systems that rely on MBR and doesn’t understand GPT at all โ—โ—

Importance of MBR

The MBR is a critical component of a computer’s storage system. Without the MBR, the computer would not be able to boot up and function correctly. If the MBR becomes corrupted or damaged, it can cause serious problems, including the inability to boot up the computer or access important data on the hard drive.

In addition, the MBR has limitations. It can only handle up to four primary partitions or three primary partitions and one extended partition. This limitation can be overcome by creating logical partitions within the extended partition.

MBR disadvantages over GPT

Though MBR ruled in the beginning, with rapid technology change the world needed more and more TBs. and our beloved MBR couldn’t stud a chance against the coming, GPT ( GUID Partition Table ).

You can read more about GPT in this article: What is GPT, its Structure and Working โ—โ—

What is GPT, its Structure and Working !!

GPT or GUID Partition Table is a successor of MBR that comes with a lot of amazing features to…

MBR had multiple disadvantages which needed to go, some of them are โ€“

  • Less Partition ( only 4 partitions per hard drive )
  • Low Storage ( MBR only supported hard disks up to 2 TB )
  • Less Reliable ( Data is stored in a single location )

MBR only supported a max of 4 partitions per hard drive. You can only use hard drives which are less or equal to 2 TB. Cherry on the cake Data was stored in a single location.

Structure of MBR

The MBR is located in the first sector of a hard disk drive. It is a small piece of code that is only 512 bytes in size. Within these 512 bytes, the MBR contains four key components:

MBR Structure
MBR Structure

1. The Boot Loader ( Bootstrap Code )

It is the First Sector of MBR, also called Boot Sector, and is the largest sector with a 446-byte length. This sector contains machine code that is responsible for loading the Operating System. Bootloader loads VBR to memory and passes the execution to it. After which the operating system and any required file are loaded by VBR.

Note: Boot Loader contains Disk signature as well thus making it 440 + 6 = 446 bytes long.

2. The Partition Table

The partition table contains information about the partitions on the hard drive. The partition table contains 4 partition entries each being 16 bytes long. Thus, the whole partition table is 64 bytes long.

3. Disk Signature

It is a unique identifier that is assigned to the hard drive at the very first time of its initialization. The value is a randomly generated 32-bit number. Disk Signature is used by Windows to identify each disk and its partitions.

4. The magic number

The Boot Signature ( also known as magic number ) is a 2-byte long value located at the end of the MBR sector. It is used to identify the sector as an MBR and is used by the BIOS to determine if the sector is bootable. If the sector is bootable then BIOS Redirects to The Boot Loader and carries out the booting process. ๐Ÿ˜

Hacking the MBR

The master boot record (MBR) is the first sector ( sector 0 ) of the MBR partitioned styled hard disk and contains executable code.

MBR code is executed before the OS itself. It is very much vulnerable to boot sector viruses or Malware programs that infect the MBR to hide from antivirus programs

Boot Kits ( boot-level rootkits ): Malware programs that infect the MBR to hide from antivirus programs

Microsoft attempt to save MBR ๐Ÿ˜‚

Microsoft attempted to solve the bootkit problem by implementing cryptographic verification of the bootloader in Windows 8 and later. This feature is known as Secure Boot and is based on the Unified Extensible Firmware Interface (UEFI) — the modern BIOS.

Conclusion

In conclusion, the Master Boot Record (MBR) is a critical component of a computer’s storage system. It is responsible for loading the operating system and other important data that is necessary for the computer to function correctly. Understanding the MBR and its components is important for troubleshooting and maintaining a computer’s storage system. Also, you should switch to GPT ( GUID Partition Table ) if possible because of these security flaws in MBR.

Leave a Reply

Your email address will not be published. Required fields are marked *