Could you dump more sectors of the disk, please? Something like this command under Linux
dd if=dev/sda of=bitlock2full.dat bs=512 count=64
currently stuck in procedure 07B0 where more sectors of the infected disk are required
it is also possible to patch the sector you posted so then every password will match (even bare ENTER keypress without any password) if you wish...
Code: Select all062C B80300 mov ax,0003
062F CD10 int 10
0631 E8BE00 call 06F2 ; read 3 sectors starting from sector 4 into ES:BX where BX=2000h
0634 89DE mov si,bx ; save 2000h into si, the 3 sectors are loaded there
0636 E89000 call 06C9 ; read 8 sectors starting from sector 8 seems to be VGA font and load the font
0639 E86E00 call 06AA ; prints something to the screen
063C E8BF00 call 06FE ; converts some word value to hexa ascii and prints to the screen, then prints some CPUID values converted to ASCII
063F 57 push di
0640 B400 mov ah,00 ; wait for keystroke and get it
0642 CD16 int 16
0644 5F pop di ; restore 800h = buffer for store the password
0645 3C0D cmp al,0D ; ENTER pressed?
0647 741A je 0663
0649 3C20 cmp al,20 ; character below space char
064B 72F2 jb 063F
064D 3C7E cmp al,7E ; character after 7Eh
064F 77EE ja 063F
0651 AA stosb ; store into buffer
0652 50 push ax ; print the char to the screen
0653 2C30 sub al,30
0655 D410 aam 10
0656 D509 aad 09
0659 00060029 add [2900],al
065D 58 pop ax
065E E82501 call 0786
0661 EBDC jmp 063F
0663 E84A01 call 07B0 ; here continue afte ENTER pressed
0666 83F800 cmp ax,0000
0669 743A je 06A5 ; wrong password? then reset system
066B BA8000 mov dx,0080 ; here go when password OK
066E B80102 mov ax,0201
0671 B90700 mov cx,0007
0674 BB007E mov bx,7E00
0677 CD13 int 13
0679 B90200 mov cx,0002
067C B80102 mov ax,0201
067F BB007C mov bx,7C00
0682 CD13 int 13
0684 8A07 mov al,[bx]
0686 32870002 xor al,[bx+0200]
068A 8807 mov [bx],al
068C 43 inc bx
068D 81FB007E cmp bx,7E00
0691 75F1 jne 0684
0693 B90100 mov cx,0001
0696 B80103 mov ax,0301
0699 BB007C mov bx,7C00
069C CD13 int 13 ; write MBR to the disk
069E 6661 popad
06A0 EA007C0000 jmp 0000:7C00 jump to bootstrap code of the MBR
06A5 FA cli
06A6 B0FE mov al,FE
06A8 E664 out 64,al ; reset system
06F2 B90300 mov cx,0003
06F5 B80402 mov ax,0204
06F8 BB0020 mov bx,2000
06FB CD13 int 13
06FD C3 ret
06C9 BA8000 mov dx,0080
06CC B90800 mov cx,0008
06CF B80802 mov ax,0208
06D2 BB0010 mov bx,1000
06D5 CD13 int 13
06D7 89DD mov bp,bx
06D9 8A4712 mov al,[bx+12]
06DC 3C7E cmp al,7E
06DE 7401 je 06E1
06E0 C3 ret
06E1 B411 mov ah,11 ; INT 10 - VIDEO - TEXT-MODE CHARGEN - LOAD USER-SPECIFIED PATTERNS (PS,EGA,VGA). AX = 1100h. ES:BP -> user table
06E3 B000 mov al,00
06E5 B9FF00 mov cx,00FF
06E8 BA0000 mov dx,0000
06EB B710 mov bh,10
06ED B300 mov bl,00
06EF CD10 int 10
06F1 C3 ret
06AA 31C9 xor cx,cx
06AC 56 push si
06AD AC lodsb
06AE 3C00 cmp al,00
06B0 7409 je 06BB
06B2 81F9FF07 cmp cx,07FF
06B6 7403 je 06BB
06B8 41 inc cx
06B9 EBF2 jmp 06AD
06BB 5E pop si
06BC B80113 mov ax,1301
06BF 31D2 xor dx,dx
06C1 BB0F00 mov bx,000F
06C4 89F5 mov bp,si
06C6 CD10 int 10
06C8 C3 ret
07B0 BE0028 mov si,2800
07B3 B90800 mov cx,0008
07B6 E8DAFF call 0793
07B9 00E0 add al,ah
07BB 3A060029 cmp al,[2900]
07BF 7402 je 07C3
07C1 31C0 xor ax,ax
07C3 C3 ret
0793 56 push si
0794 FC cld
0795 BBFFFF mov bx,FFFF
0798 AC lodsb
0799 51 push cx
079A B90800 mov cx,0008
079D 30C3 xor bl,al
079F D1EB shr bx,1
07A1 7304 jnb 07A7
07A3 81F301A0 xor bx,A001
07A7 E2F6 loop 079F
07A9 59 pop cx
07AA E2EC loop 0798
07AC 89D8 mov ax,bx
07AE 5E pop si
07AF C3 ret
