(sorry for not posting this in bugs, but I cant for some reason although its way more than 3 days from my reg)
Backtrack 3 beta overwrited my first partition on my hdd.
Alright, Ive been complaining about BT3 overwriting my /dev/sda1 on startup on this forum before, but I had no proof.
Well now I do:
I downloaded BT3, burned, booted it up, tried few features like Firefox &internet connection etc., nothing dangerous, rebooted the machine and whoa, /dev/sda1 damaged.
Later I datadumped the whole crashed partition on some other disk, installed new system (now using it) and viewed the old partition in hex editor.
on the very beginning there is a block of some data, usually zeroes also ascii text tty4, tty5 ... etc... then theres plain text data obviously made by BT3:
Code:
version 2.6.21.5 (root@bt) (gcc version 4.1.2) #2 SMP Sat Aug 25 19:01:21 GMT 2007
BIOS-provided physical RAM map:
sanitize start
sanitize end
copy_e820_map() start: 0000000000000000 size: 000000000009fc00 end: 000000000009fc00 type: 1
copy_e820_map() type is E820_RAM
copy_e820_map() start: 000000000009fc00 size: 0000000000000400 end: 00000000000a0000 type: 2
copy_e820_map() start: 00000000000f0000 size: 0000000000010000 end: 0000000000100000 type: 2
copy_e820_map() start: 0000000000100000 size: 000000000fef0000 end: 000000000fff0000 type: 1
copy_e820_map() type is E820_RAM
copy_e820_map() start: 000000000fff0000 size: 0000000000003000 end: 000000000fff3000 type: 4
copy_e820_map() start: 000000000fff3000 size: 000000000000d000 end: 0000000010000000 type: 3
copy_e820_map() start: 00000000ffb00000 size: 0000000000500000 end: 0000000100000000 type: 2
BIOS-e820: 0000000000000000 - 000000000009fc00 (usable)
BIOS-e820: 000000000009fc00 - 00000000000a0000 (reserved)
BIOS-e820: 00000000000f0000 - 0000000000100000 (reserved)
BIOS-e820: 0000000000100000 - 000000000fff0000 (usable)
BIOS-e820: 000000000fff0000 - 000000000fff3000 (ACPI NVS)
BIOS-e820: 000000000fff3000 - 0000000010000000 (ACPI data)
BIOS-e820: 00000000ffb00000 - 0000000100000000 (reserved)
0MB HIGHMEM available.
255MB LOWMEM available.
Entering add_active_range(0, 0, 65520) 0 entries of 256 used
Zone PFN ranges:
DMA 0 -> 4096
Normal 4096 -> 65520
HighMem 65520 -> 65520
early_node_map[1] active PFN ranges
0: 0 -> 65520
On node 0 totalpages: 65520
DMA zone: 32 pages used for memmap
DMA zone: 0 pages reserved
DMA zone: 4064 pages, LIFO batch:0
Normal zone: 479 pages used for memmap
Normal zone: 60945 pages, LIFO batch:15
HighMem zone: 0 pages used for memmap
DMI 2.3 present.
ACPI: RSDP 000F7380, 0014 (r0 IntelR)
ACPI: RSDT 0FFF3000, 0028 (r1 IntelR AWRDACPI 42302E31 AWRD 0)
ACPI: FACP 0FFF3040, 0074 (r1 IntelR AWRDACPI 42302E31 AWRD 0)
ACPI: DSDT 0FFF30C0, 3A1A (r1 INTELR AWRDACPI 1000 MSFT 100000C)
ACPI: FACS 0FFF0000, 0040
ACPI: PM-Timer IO Port: 0x4008
Allocating PCI resources starting at 20000000 (gap: 10000000:efb00000)
Built 1 zonelists. Total pages: 65009
Kernel command line: vga=0x317 initrd=/boot/initrd.gz ramdisk_size=6666 root=/dev/ram0 rw chexpand=256 autoexec=xconf;kdm BOOT_IMAGE=/boot/vmlinuz
Local APIC disabled by BIOS -- you can enable it with "lapic"
mapped APIC to ffffd000 (0120a000)
Enabling fast FPU save and restore... done.
Enabling unmasked SIMD FPU exception support... done.
Initializing CPU#0
PID hash table entries: 1024 (order: 10, 4096 bytes)
Detected 1700.130 MHz processor.
Console: colour dummy device 80x25
Dentry cache hash table entries: 32768 (order: 5, 131072 bytes)
Inode-cache hash table entries: 16384 (order: 4, 65536 bytes)
Memory: 248352k/262080k available (6006k kernel code, 13132k reserved, 1918k data, 388k init, 0k highmem)
virtual kernel memory layout:
fixmap : 0xffe16000 - 0xfffff000 (1956 kB)
pkmap : 0xff800000 - 0xffc00000 (4096 kB)
vmalloc : 0xd0800000 - 0xff7fe000 ( 751 MB)
lowmem : 0xc0000000 - 0xcfff0000 ( 255 MB)
.init : 0xc08c6000 - 0xc0927000 ( 388 kB)
.data : 0xc06dd83d - 0xc08bd3ac (1918 kB)
.text : 0xc0100000 - 0xc06dd83d (6006 kB)
Checking if this processor honours the WP bit even in supervisor mode... Ok.
...
and so on.
Probably BT3 for some reason mixed ramdisk with sda1, because further in the dump I can find some firefox data - cache, history, chrome:/ links etc. etc.
Conclusion:
BACKRTRACK 3 BETA CAN OVERWRITE YOUR HARD DRIVE.
Please check startup scripts.
You can ask me for detailed info or the datadump, because its now some
time since this all happened and Im not pissed of that much.
[BT3b BUG] bt3 overwrites hdd
Posting Permissions