# Build a Bootable Windows XP disk with SP3 and all critical post-SP3 hotfixes slipstreamed in
# Copyright (c) 2003-2008, Ross Smith. All rights reserved.

# ChangeLog:
# Added jun-sep releases

# $Id$

# requires the Cygwin commands:
#
# basename bash chmod cp cut cygpath echo grep ls make md5sum mkdir mv perl pwd rm test touch tr unzip wget which
# 
# To have these commands, you will need to install the following optional packages:
#
#  make
#  perl
#  unzip
#  wget
#
# optional:
# mkisofs/cdrecord

# Inspiration:
# http://www.windows-help.net/WindowsXP/winxp-sp1-bootcd.html
# See also:
# http://www.theeldergeek.com/slipstream_01.htm

# Windows drive letter for CD drive containing original Windows XP disk
CD		?=D:

# cdrecord device for the CD-R drive to burn the new disk (run 'cdrecord -scanbus' to discover)
CD_DEV		?=1,0,0

# Additional cdrecord options
CDRECORD_OPTS	?=

# Set to Y to wait until you press Enter before burning CD (CD and CD_DEV above refer to the same drive)
PAUSE		?=Y

BBIE_VER?=10
PEBUILDER_VER?=3110a

BBIE_ZIP=bbie$(BBIE_VER).zip
PEBUILDER_ZIP=pebuilder$(PEBUILDER_VER).zip

NU2_MIRRORS=http://69.90.47.6/mybootdisks.com/mybootdisks_com/nu2 \
http://www.hamnerconsulting.com/nu2/mirrorfiles \
http://securitywonks.net/n2u/mirrorfiles \
http://securitywonks.org/n2u/mirrorfiles \
http://nu2.zone-x.com/mirrorfiles \
http://www.web-techs.net/bart \
http://sharkden.com/bart \
http://www.mirror.ac.uk/mirror/ftp.nu2.nu \
ftp://dl.xs4all.nl/pub/mirror/nu2files \
http://ftp.rz.tu-bs.de/pub/mirror/www.nu2.nu/nu2files \
http://downloads.planetmirror.com/pub/nu2files \
ftp://dlsrv3.winboard.org/nu2 \
http://217.160.177.182/nu2files \
http://bartpe.surfnow.nl \
http://gd.tuwien.ac.at/pc/nu2files \
http://nu2.abwehr.net \
http://nu2.gipsvagga.com \
http://nu2.phpwiz.dk \
http://nu2files.osterberg.org \
http://nu2mirror.frashii.com \
http://www.nu2.mostlycreativeworkshop.com/files

DD_MMM_YY=$(shell date +%d-%b-%y)

# http://www.microsoft.com/security/default.mspx

SERVICE_PACK_URL=http://download.microsoft.com/download/d/3/0/d30e32d8-418a-469d-b600-f32ce3edf42d/WindowsXP-KB936929-SP3-x86-ENU.exe
SERVICE_PACK_EXE=$(shell basename $(SERVICE_PACK_URL))

# http://support.microsoft.com/kb/873339: MS04-043: Vulnerability in HyperTerminal could allow code execution
KB873339_URL?=http://download.microsoft.com/download/8/3/e/83e7e311-f8ea-4e59-9b50-64dbfdcb0f1f/WindowsXP-KB873339-x86-ENU.exe
KB873339_EXE?=$(shell basename $(KB873339_URL))

# jun 08:

# MS08-030 – Critical
# Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376)
KB951376_URL?=http://download.microsoft.com/download/a/6/5/a65308a2-7ede-4219-981a-20feb38bfd0e/WindowsXP-KB951376-v2-x86-ENU.exe
KB951376_EXE?=$(shell basename $(KB951376_URL))

# MS08-031 - Critical
# Cumulative Security Update for Internet Explorer (950759)
# replaced by MS08-45
# call :download http://download.microsoft.com/download/2/2/5/2255ad65-47ba-44f1-9e88-feba8f019c55/WindowsXP-KB950759-x86-ENU.exe

# MS08-032 - Moderate
# Cumulative Security Update of ActiveX Kill Bits (950760)
KB950760_URL?=http://download.microsoft.com/download/c/6/e/c6e4b3e0-0af6-4ac8-92f7-5f7e8d471fb2/WindowsXP-KB950760-x86-ENU.exe
KB950760_EXE?=$(shell basename $(KB950760_URL))

# MS08-033 – Critical
# Vulnerabilities in DirectX Could Allow Remote Code Execution (951698)
KB951698_URL?=http://download.microsoft.com/download/3/1/5/315c86ba-2910-47f0-9f02-b5616511536d/WindowsXP-KB951698-x86-ENU.exe
KB951698_EXE?=$(shell basename $(KB951698_URL))

# MS08-035 – Important
# Vulnerability in Active Directory Could Allow Denial of Service (953235)
KB949269_URL?=http://download.microsoft.com/download/5/f/a/5fa7006d-023f-496f-9c85-796fb82dfd16/WindowsXP-KB949269-x86-ENU.exe
KB949269_EXE?=$(shell basename $(KB949269_URL))

# MS08-036 – Important
# Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762)
KB950762_URL?=http://download.microsoft.com/download/1/4/3/1438b520-8200-466d-9daf-4de18bd4dc0f/WindowsXP-KB950762-x86-ENU.exe
KB950762_EXE?=$(shell basename $(KB950762_URL))

# jul 08:

# MS08-037 – Important
# Vulnerabilities in DNS Could Allow Spoofing (953230)
KB951748_URL?=http://download.microsoft.com/download/f/5/f/f5f31962-0215-44e6-be41-02818b4373f3/WindowsXP-KB951748-x86-ENU.exe
KB951748_EXE?=$(shell basename $(KB951748_URL))

# aug 08:

# MS08-045 - Critical
# Cumulative Security Update for Internet Explorer (953838)
KB953838_URL?=http://download.microsoft.com/download/3/9/3/3933471e-a08e-4640-8980-d3d3eb5b3c34/WindowsXP-KB953838-x86-ENU.exe
KB953838_EXE?=$(shell basename $(KB953838_URL))

# MS08-046 – Critical
# Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution (952954)
KB952954_URL?=http://download.microsoft.com/download/a/1/9/a19c9aff-bd94-4fc1-98ff-db432358f902/WindowsXP-KB952954-x86-ENU.exe
KB952954_EXE?=$(shell basename $(KB952954_URL))

# MS08-048 - Important
# Security Update for Outlook Express and Windows Mail (951066)
KB951066_URL?=http://download.microsoft.com/download/3/a/f/3afd84f3-729c-4f54-9d38-e77c5112ae0d/WindowsXP-KB951066-x86-ENU.exe
KB951066_EXE?=$(shell basename $(KB951066_URL))

# MS08-049 – Important
# Vulnerabilities in Event System Could Allow Remote Code Execution (950974)
KB950974_URL?=http://download.microsoft.com/download/5/d/d/5dd0ab05-b357-4175-bd93-894903f07579/WindowsXP-KB950974-x86-ENU.exe
KB950974_EXE?=$(shell basename $(KB950974_URL))

# MS08-050 – Important
# Vulnerability in Windows Messenger Could Allow Information Disclosure (955702)
KB946648_URL?=http://download.microsoft.com/download/4/d/8/4d84fd95-9124-461a-95eb-6b5908b6fe62/WindowsXP-KB946648-x86-ENU.exe
KB946648_EXE?=$(shell basename $(KB946648_URL))

# sep 08:

# MS08-052 - Critical
# Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)
KB938464_URL?=http://download.microsoft.com/download/7/8/1/78141dc7-3b1d-42f3-9aa2-4dca79ad739b/WindowsXP-KB938464-x86-ENU.exe
KB938464_EXE?=$(shell basename $(KB938464_URL))

# MS08-053 - Critical
# Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution (954156)
KB954156_URL?=http://download.microsoft.com/download/2/b/2/2b252ed6-39fe-423d-a74e-d48c85d24c2a/WindowsMedia9-KB954156-x86-ENU.exe
KB954156_EXE?=$(shell basename $(KB954156_URL))

# MS08-054 - Critical
# Vulnerability in Windows Media Player Could Allow Remote Code Execution (954154)
KB954154_URL?=http://download.microsoft.com/download/b/6/6/b662a844-9aa2-4b80-8713-27a6c0da16d8/WindowsMedia11-KB954154-x86-ENU.exe
KB954154_EXE?=$(shell basename $(KB954154_URL))

KBS=\
946648 \
949269 \
950760 \
950762 \
950974 \
951066 \
951376 \
951698 \
951748 \
938464 \
952954 \
953838 \
954154 \
954156

# doesn't work :(
#define kbexe
#KB$(1)_EXE=$(shell basename $$(KB$(1)_URL))
#endef

#$(foreach kb,$(KBS),$(eval $(call kbexe,$(kb))))

define kbtouch
KB$(1)_TOUCH=$$(KB$(1)_EXE).touch
endef

$(foreach kb,$(KBS),$(eval $(call kbtouch,$(kb))))

define kbsetup
KB_EXES+=$$(KB$(1)_EXE)
endef

$(foreach kb,$(KBS),$(eval $(call kbsetup,$(kb))))

KB_TOUCHES=$(KB_EXES:.exe=.exe.touch)

WGET?=wget -N

CYGPATH_EXE:=$(shell which cygpath)

BUILD_DIR:=$(shell pwd)
BUILD_DIR_WIN:=$(shell $(CYGPATH_EXE) -m -s "$(BUILD_DIR)")

CD_DIR_WIN=$(BUILD_DIR_WIN)/$(CD_DIR)

LOCAL_MAK?=$(shell ls local.mak 2>/dev/null)

ifneq ('$(LOCAL_MAK)', '')	
include local.mak
endif

#ifeq ('$(VOLID)', '')	
#	#Get the volume ID from the CD volume label itself (the CD must be in the drive)
#	VOLID=$(shell cmd /c vol $(CD) | grep "Volume in" | cut -b 23-34)
#endif

ifeq ('$(VOLID)', '')	
	# Volume ID of new disk (11 characters max)
	#      12345678901
	VOLID=xpsp3
	#$(error Please define the VOLID variable: VOLID=A_11CHAR_ID make)
endif

# Label to display after CD is burned
CD_LABEL=Windows XP SP3 + Hotfixes as of $(DD_MMM_YY) ($(VOLID))

CD_DIR=$(VOLID)_cd
I386=$(CD_DIR)/I386
SVCPACK_DIR=$(I386)/svcpack
BOOT_DIR=$(VOLID)_boot_image
BOOT_IMG=image1.bin

VOLID_ISO=$(VOLID).ISO

BOOT_TOUCH=$(BOOT_DIR).touch
PEBUILDER_TOUCH=$(PEBUILDER_ZIP).touch
SERVICE_PACK_TOUCH=$(SERVICE_PACK_EXE).touch
VOLID_ISO_TOUCH=$(VOLID_ISO).touch
VOLID_TOUCH=$(VOLID).touch

.PHONY:	all  
all:	cdrecord

XP2MD5S=

$(VOLID_TOUCH):
	@echo Copying $(CD) to $(CD_DIR)...
	mkdir -p $(CD_DIR)
	xcopy $(CD)\\ $(CD_DIR)\\ /e /r /y
	touch $@

define md5sum
	if [ -f md5s.txt ] ;\
	then \
		echo Verifying MD5 checksum for $(1).. ;\
		grep -i $(1) md5s.txt | md5sum --check - || exit 1;\
	fi
endef

$(SERVICE_PACK_EXE):
	@if [ ! -e $(CD_DIR)/I386/sp3.cab ] ;\
	then \
		echo Downloading $(SERVICE_PACK_URL)... ;\
		$(WGET) $(SERVICE_PACK_URL) ;\
		$(call md5sum,$(SERVICE_PACK_EXE)) ;\
		chmod +rx $@ ;\
	fi

$(SERVICE_PACK_TOUCH):	$(SERVICE_PACK_EXE)
	@# Don't update if the disk already has SP3
	@if [ ! -e $(CD_DIR)/I386/sp3.cab ] ;\
	then \
		echo Integrating $(SERVICE_PACK_EXE) into $(CD_DIR_WIN)... ;\
		chmod +rx $< ;\
		./$< /quiet /integrate:"$(CD_DIR_WIN)" ;\
	fi
	touch $@

define kbapply

$(info Preprocessing $(1)...)

$$(KB$(1)_EXE):
	@echo Downloading $$(KB$(1)_URL)...
	$(WGET) $$(KB$(1)_URL)
	@$(call md5sum,$$(KB$(1)_EXE))
	@chmod +rx $$(KB$(1)_EXE)

$$(KB$(1)_TOUCH):	$$(KB$(1)_EXE) $(SERVICE_PACK_TOUCH)
	@chmod +rx $$(KB$(1)_EXE)
	-@if [ ! -e $(SVCPACK_DIR)/KB$(1).cat ] ; \
	then \
		echo Integrating $$(KB$(1)_EXE) into $(CD_DIR_WIN)... ;\
		./$$(KB$(1)_EXE) /quiet /integrate:"$(CD_DIR_WIN)" ; \
	fi
	@#if [ ! -e $(SVCPACK_DIR)/KB$(1).cat ] ; \
	@#then \
	@#	/bin/false ;\
	@#fi
	@# Note: KB885835 and KB885250 share the same file (mrxsmb.sys), so they can't be applied together.
	@# This script solves this issue by ignoring KB885835's version of the file (5.1.2600.2541, xpsp_sp2_gdr.040919-1056, dated 10-27-2004, 448,128 bytes),
	@# and using KB885250's version (5.1.2600.2598, xpsp_sp2_gdr.041130-1729, dated 1-18-2005, 451,584 bytes) as it is newer.
	@if [ "$(1)" = "885835" ] ; \
	then \
		perl -pi.bak -e 's/mrxsmb\.sys/;mrxsmb\.sys: replaceed by KB885250/i' $(SVCPACK_DIR)/HFINT.dat ; \
	fi
	touch $$(KB$(1)_TOUCH)

.PHONY:	KB$(1)

KB$(1): $$(KB$(1)_TOUCH)

endef

$(foreach kb,$(KBS),$(eval $(call kbapply,$(kb))))

$(info Preprocessing finished)

#################################

define download
	@for url in "$(2)" ; \
	do \
		echo Downloading $$url/$(1)... ;\
		$(WGET) $$url/$(1) && break ;\
	done
endef

# from <http://nu2.nu/bbie/>

$(BBIE_ZIP):
	$(call download,$@,"$(NU2_MIRRORS)")

bbie.exe:	$(BBIE_ZIP)
	unzip -o $(BBIE_ZIP) $@
	chmod +rx bbie.exe
	touch $@

$(BOOT_TOUCH):	bbie.exe
	mkdir -p $(BOOT_DIR)
	bbie.exe $(CD)
	mv image*.bin $(BOOT_DIR)
	touch $@

# patched mkisofs from pebuilder <http://www.nu2.nu/pebuilder/>

$(PEBUILDER_ZIP):
	$(call download,$@,"$(NU2_MIRRORS)")

mkisofs.exe:	$(PEBUILDER_ZIP)
	unzip -o $(PEBUILDER_ZIP) $@
	chmod +rx $@

download:	${KB_TOUCHES}

$(VOLID_ISO_TOUCH):	\
		$(VOLID_TOUCH) \
		$(SERVICE_PACK_TOUCH) \
		${KB_TOUCHES} \
		$(BOOT_TOUCH) \
		mkisofs.exe
	cd $(CD_DIR) && \
	PATH="$$PATH:.." mkisofs.exe \
		-iso-level 4 \
		-force-uppercase \
		-volid "$(VOLID)" \
		-A MKISOFS \
		-sysid "DOS" \
		-b "$(BOOT_IMG)" \
		-no-emul-boot \
		-boot-load-size 4 \
		-hide "$(BOOT_IMG)" \
		-hide "boot.catalog" \
		-o "../$(VOLID_ISO)" \
		"../$(BOOT_DIR)" \
		.
	touch $@

cdrecord.exe:	$(PEBUILDER_ZIP)
	unzip -o $(PEBUILDER_ZIP) $@
	chmod +rx $@

.PHONY:	cdrecord
cdrecord:	$(VOLID_ISO_TOUCH)	cdrecord.exe
ifneq ('$(PAUSE)', '')	
	@echo
	@echo Insert a blank CD-R/CD-RW/DVD±R/DVD±RW into the following drive
	@-PATH="$$PATH:." cdrecord --scanbus | grep "$(CD_DEV)" | cut -b 2-
	@echo and press [Enter] to continue
	@echo -e \\a
	@read dummy
endif	
	PATH="$$PATH:." cdrecord -dev=$(CD_DEV) -v $(CDRECORD_OPTS) $(VOLID_ISO)
	@echo
	@echo "Please label this disk '$(CD_LABEL)'"

.PHONY:	tidy
tidy:
	rm -fr \
		$(VOLID_TOUCH) \
		$(SERVICE_PACK_TOUCH) \
		${KB_TOUCHES} \
		$(BOOT_TOUCH) \
		$(BOOT_DIR) \
		$(CD_DIR) \
		$(BBIE_ZIP) \
		$(PEBUILDER_ZIP)

.PHONY:	clean
clean:	tidy
	rm -fr \
		$(VOLID_ISO_TOUCH) \
		$(VOLID_ISO)

.PHONY:	realclean
realclean:	clean
	rm -fr \
		bbie.exe \
		cdrecord.exe \
		mkisofs.exe \
		$(SERVICE_PACK_EXE) \
		${KB_EXES}

.PHONY:	undo
undo:	
	rm -f *.exe.touch $(SVCPACK_DIR)/*

.PHONY:	md5sum md5s
md5sum:	md5s.txt

md5s:	md5s.txt

md5s.txt:	*.exe
	md5sum [Ww]indows*.[Ee][Xx][Ee] | sort -k 2 >md5s.txt