Generally in a computer system we can assign 4 primary partitions, or we can assign 3 primary partitions and 1 extended partition with as many logical partitions as you want but withing the range of A – Z and assign any drive letter to the drives in windows. Similarly in linux its from sda-sdz. In the deeper level, to MBR we can describe more detailed and quite understanding way for why only 4 partitions. A MBR stored in 512 bytes of code in first sector of storage device.

The above is the memory map of MBR. This shows how many bytes are allocated in the code and which part of the code does what specific task.
In this section our concern is about the partition table only. That is at address 01BE, which is of 64 bytes. The complete MBR code would look like below.
The highlighted code is the partition table code which is 64 bytes long. Each 16 bytes of code represents 4 partitions.
Partition 1:80 20 21 00 83 FE FF FF 00 08 00 00 00 F8 5F 02
Partition 2:00 FE FF FF 05 FE FF FF FE 07 60 02 02 F0 1F 00
Partition 3:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Partition 4:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
In the first partition from above
80: The first byte represents the bootable or non-bootable status of the partition. If the value is 80 the partition is bootable else if value is 00 it is not.
20 21 00: (Cylinder-Head-Sector Address) The first byte is represents head, Second represents “almost the head” and the last byte represents the Cylinder
83: Represents Partition type in our case XX means
FE FF FF: Cylinder Head Sector Address of the last absolute sector in partition
00 08 00 00: Logical block addressing of first absolute sector in the partition
00 F8 5F 02 : number of sectors in partition in our case (sectors-in decimal)
You can simple do the following:
$file <EXTRACTED_MBR_FILE>
Doing this you will the extracted data with partition info displayed.
https://www.bydavy.com/2012/01/lets-decrypt-a-master-boot-record
Leave a Reply