partitionhider

Dangerous and risky bash scripts to conceal and recover partitions using literal writes to MBR
git clone git://git.defalsify.org/partitionhider.git
Log | Files | Refs | README | LICENSE
commit e8df5e1e5998ecbcbb4b4f5512819d2759c181a3
parent 7f7abfcc42d7b62b82d39523183ec9b0d95910ff
Author: root <root@sostenuto.localdomain>
Date:   Tue, 24 Apr 2018 23:47:10 +0200

confirm on restore

Diffstat:

Mmbr-decrypt-and-hide/README.md | 6+++---


Mmbr-decrypt-and-hide/r.sh | 18+++++++++++++++++-


Mmbr-decrypt-and-hide/w.sh | 2+-


3 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/mbr-decrypt-and-hide/README.md b/mbr-decrypt-and-hide/README.md
@@ -1,4 +1,4 @@
-# sh-decrypt-and-hide
+# mbr-decrypt-and-hide
 
 ***WARNING WARNING WARNING***
 
@@ -50,7 +50,7 @@ The procedure will:
 * dump and encrypt a partition
 * dump the partition table entry for that partition
 * create an ext4 fs with the two scripts, plus device/partition information, the data offset, encryption password and size of data, and encrypt it
-    - this fs will be 1000 times the sector size.
+    - this fs will be 1000 times the sector size. When encrypted 32 magic ccrypt bytes will be prepended.
 * write this data to the start sector pos of the partition, immediately following each other:
     - the encrypted script/data fs
     - the partition table entry
@@ -77,7 +77,7 @@ The procedure will:
 
 # requirements
 
-This code has been successfully run using:
+This code has been known to successfully run using:
 
 - linux 4.15.13 (ARCH)
 - bash 4.4.19
diff --git a/mbr-decrypt-and-hide/r.sh b/mbr-decrypt-and-hide/r.sh
@@ -17,8 +17,24 @@ fi
 
 mbroffset=$((446+(($part-1)*16)))
 
-echo inoffset is $dataoffset 
 echo $pass > ${tmpdir}/.pass
+
+cat <<EOF
+*** WARNING WARNING WARNING ***
+
+This will write $(($size-32)) bytes on $dev at sector offset $dataoffset (byte $outbytesoffset)
+Any existing data will be destroyed!
+
+It will also overwrite the MBR partition entry for $dev$part
+
+EOF
+
+read -p "proceed? (type uppercase YES): " confirm
+if [ -z "$confirm" ] || [ $confirm != "YES" ]; then
+	echo "aborted"
+	exit 1
+fi
+
 sizehex=`hexdump -e '1/4 "%08x"' -s$((dataoffset+8)) -n4 $dev`
 offset=`printf "%d" 0x$sizehex`
 
diff --git a/mbr-decrypt-and-hide/w.sh b/mbr-decrypt-and-hide/w.sh
@@ -47,7 +47,7 @@ cat <<EOF
 This will write $(($insize+(4*$secsize))) bytes on $DEV at sector offset $OFFSET (byte $outbytesoffset)
 Any existing data will be destroyed!
 
-It will also overwrite the partition entry for $DEV$PART
+It will also zero the MBR partition entry for $DEV$PART
 
 EOF