partitionhider

Dangerous and risky bash scripts to conceal and recover partitions using literal writes to MBR
git clone git://git.defalsify.org/partitionhider.git
Info | Log | Files | Refs | README | LICENSE

r.sh (1219B)


      1 #!/bin/bash
      2 
      3 read dev part secsize dataoffset size pass < data
      4 if [ -z $dev ] || [ -z $part ] || [ -z $secsize ] || [ -z $dataoffset ] || [ -z $size ] || [ -z $pass ]; then
      5 	exit 4
      6 fi
      7 
      8 secsize=`blockdev --getss $dev`
      9 if [ $? != 0 ]; then
     10 	exit 2
     11 fi
     12 
     13 tmpdir=`mktemp -d`
     14 if [ $? != 0 ]; then
     15 	exit 3
     16 fi
     17 
     18 mbroffset=$((446+(($part-1)*16)))
     19 
     20 echo $pass > ${tmpdir}/.pass
     21 
     22 cat <<EOF
     23 *** WARNING WARNING WARNING ***
     24 
     25 This will write $(($size-32)) bytes on $dev at sector offset $dataoffset (byte $outbytesoffset)
     26 Any existing data will be destroyed!
     27 
     28 It will also overwrite the MBR partition entry for $dev$part
     29 
     30 EOF
     31 
     32 read -p "proceed? (type uppercase YES): " confirm
     33 if [ -z "$confirm" ] || [ $confirm != "YES" ]; then
     34 	echo "aborted"
     35 	exit 1
     36 fi
     37 
     38 sizehex=`hexdump -e '1/4 "%08x"' -s$((dataoffset+8)) -n4 $dev`
     39 offset=`printf "%d" 0x$sizehex`
     40 
     41 dd if=$dev of=$dev skip=$((($offset*512)+512032)) bs=1 count=16 seek=$mbroffset
     42 dd if=$dev skip=$((dataoffset+16)) bs=1 count=$size | ccrypt -d -c -k ${tmpdir}/.pass > ${tmpdir}/part 
     43 dd if=${tmpdir}/part of=$dev seek=$offset 
     44 
     45 shred data
     46 rm data
     47 
     48 read -p "Please tell me where to copy the scripts (empty for no copy): " path
     49 if [ -z $path ]; then
     50 	exit 0
     51 fi
     52 
     53 cp -v w.sh r.sh $path