Skip to content

OpenPetya v1.0.0

Latest
Latest

Choose a tag to compare

View all tags
@iss4cf0ng iss4cf0ng released this 24 May 11:53
· 9 commits to main since this release
v1.0.0
f9b5158

Release v1.0.0 : OpenPetya

Initial public release of OpenPetya, a Proof-of-Concept implementation inspired by the original Petya bootkit ransomware.

Educational and research purposes only.

Features

  • Custom MBR bootloader
  • Multi-stage boot process
  • Real Mode → Protected Mode transition
  • NTFS MFT encryption via Salsa20
  • Password-based key derivation and validation
  • Custom bootloader UI
  • Automatic recovery and restoration
  • Original MBR backup/restoration
  • Hidden backup storage
  • BSOD-trigger reboot using undocumented Windows APIs

Components

File Description
OpenPetya.exe Installer and controller application
mbr.bin Custom MBR loader
stage2.bin Stage-2 protected mode bootloader

Workflow Overview

  1. Install custom MBR and Stage-2 payload
  2. Reboot system
  3. Encrypt NTFS MFT using Salsa20
  4. Lock system and display login screen
  5. Validate password
  6. Restore MFT and original bootloader
  7. Boot Windows normally

Technical Highlights

  • Written in Assembly, C, and C++
  • BIOS-based boot process
  • ATA sector-level disk access
  • Protected Mode bootloader environment
  • Salsa20 stream cipher implementation
  • Sector-based metadata management
  • Validation tag mechanism to prevent corruption
  • Use of undocumented Windows APIs:
    • NtRaiseHardError
    • RtlAdjustPrivilege

Important Notes

  • This project does NOT include Command-and-Control (C2) functionality.
  • Network communication was intentionally excluded because it is outside the scope of this educational project.
  • OpenPetya stores backup data in hidden sectors for recovery purposes.

Disclaimer

This project was created for:

  • malware analysis research
  • bootloader research
  • low-level systems learning
  • cybersecurity education

Do NOT use this software for illegal activities.

The author is not responsible for any misuse.

Related Articles

Demonstration

Future Plans

  • Improved recovery workflow
  • Better NTFS parsing
  • More accurate Petya behavior simulation
  • UEFI experiments
  • Additional bootkit research

Thanks

Thanks for checking out this project. Feedback and suggestions are welcome.

Assets 3
Loading