commit ec5727b595c87a7299207009f7c3b50a5fccbaa5 parent 2a79c902c496a813126d8d492615c6b5882fdd66 Author: nolash <dev@holbrook.no> Date: Tue, 24 Apr 2018 18:32:08 +0200 recovered lost r.sh Diffstat:
| A | mbr-decrypt-and-hide/r2.sh | | | 37 | +++++++++++++++++++++++++++++++++++++ |
1 file changed, 37 insertions(+), 0 deletions(-)
diff --git a/mbr-decrypt-and-hide/r2.sh b/mbr-decrypt-and-hide/r2.sh @@ -0,0 +1,37 @@ +#!/bin/bash + +read dev part dataoffset size pass < data +if [ -z $dev ] || [ -z $part ] || [ -z $dataoffset ] || [ -z $size ] || [ -z $pass ]; then + exit 4 +fi + +secsize=`blockdev --getss $dev` +if [ $? != 0 ]; then + exit 2 +fi + +tmpdir=`mktemp -d` +if [ $? != 0 ]; then + exit 3 +fi + +mbroffset=$((446+(($part-1)*16))) + +echo inoffset is $dataoffset +echo $pass > ${tmpdir}/.pass +sizehex=`hexdump -e '1/4 "%08x"' -s$((dataoffset+8)) -n4 $dev` +offset=`printf "%d" 0x$sizehex` + +dd if=$dev of=$dev skip=$((($offset*512)+512032)) bs=1 count=16 seek=$mbroffset +dd if=$dev skip=$((dataoffset+16)) bs=1 count=$size | ccrypt -d -c -k ${tmpdir}/.pass > ${tmpdir}/part +dd if=${tmpdir}/part of=$dev seek=$offset + +shred data +rm data + +read -p "Please tell me where to copy the scripts (empty for no copy): " path +if [ -z path ]; then + exit 0 +fi + +cp -v w.sh r.sh $path