partitionhider

Dangerous and risky bash scripts to conceal and recover partitions using literal writes to MBR
git clone git://git.defalsify.org/partitionhider.git
Info | Log | Files | Refs | README | LICENSE

w.sh (2839B)


      1 #!/bin/bash 
      2 
      3 if [ -z $2 ]; then
      4 	echo "usage: $0 <device> <partition-number>"
      5 	echo
      6 	echo eg. device /dev/sda5 is specified /dev/sda 5
      7 	exit 1
      8 fi
      9 
     10 which ccrypt 2> /dev/null || exit 2
     11 which blockdev 2> /dev/null || exit 2
     12 which hexdump 2> /dev/null || exit 2
     13 
     14 DEV=$1
     15 PART=$2
     16 
     17 tmpdir=`mktemp -d`
     18 if [ $? != 0 ]; then
     19 	exit 3
     20 fi
     21 
     22 mbroffset=$((446+(($PART-1)*16)))
     23 
     24 sizehex=`hexdump -e '1/4 "%08x"' -s$((mbroffset+8)) -n4 $DEV`
     25 echo $sizehex
     26 OFFSET=`printf "%d" 0x$sizehex`
     27 OFFSET_DATA=$(($OFFSET+1000))
     28 
     29 insize=`blockdev --getsize64 $DEV$PART`
     30 if [ $? != 0 ]; then
     31 	exit 4
     32 fi
     33 secsize=`blockdev --getss $DEV`
     34 if [ $? != 0 ]; then
     35 	exit 4
     36 fi
     37 
     38 outbytesoffset=$(($secsize*$OFFSET))
     39 
     40 echo "mbroffset $mbroffset"
     41 # ccrypt prepends a magic number of 32 bytes at start of file
     42 insize=$((insize+32))
     43 
     44 cat <<EOF
     45 *** WARNING WARNING WARNING ***
     46 
     47 This will write $(($insize+(4*$secsize))) bytes on $DEV at sector offset $OFFSET (byte $outbytesoffset)
     48 Any existing data will be destroyed!
     49 
     50 It will also zero the MBR partition entry for $DEV$PART
     51 
     52 EOF
     53 
     54 read -p "proceed? (type uppercase YES): " confirm
     55 if [ -z "$confirm" ] || [ $confirm != "YES" ]; then
     56 	echo "aborted"
     57 	exit 1
     58 fi
     59 read -sp "encryption password: " pass
     60 echo
     61 echo $pass > ${tmpdir}/.pass
     62 
     63 echo using tmpdir ${tmpdir}
     64 echo "dumping data..."
     65 dd if=$DEV$PART of=${tmpdir}/foo 
     66 if [ $? != 0 ]; then
     67 	exit 5
     68 fi
     69 
     70 echo "encrypting data..."
     71 ccrypt ${tmpdir}/foo -k ${tmpdir}/.pass 
     72 if [ $? != 0 ]; then
     73 	exit 6 
     74 fi
     75 
     76 # TODO: check if its on a boundary
     77 
     78 echo "writing data..."
     79 dd if=$DEV of=$DEV skip=$mbroffset seek=$((($secsize*$OFFSET_DATA)+32)) bs=1 count=16
     80 dd if=${tmpdir}/foo.cpt of=$DEV seek=$((($secsize*$OFFSET_DATA)+16+32)) oflag=seek_bytes
     81 if [ $? != 0 ]; then
     82 	exit 7
     83 fi
     84 
     85 shred ${tmpdir}/foo.cpt
     86 
     87 # create a file fs to write the encrypted scripts to
     88 mkdir ${tmpdir}/mnt
     89 dd if=/dev/zero of=${tmpdir}/scripts_blocks bs=$secsize count=1000
     90 if [ $? != 0 ]; then
     91 	exit 8
     92 fi
     93 
     94 mkfs.ext4 ${tmpdir}/scripts_blocks
     95 if [ $? != 0 ]; then
     96 	exit 9
     97 fi
     98 
     99 mount ${tmpdir}/scripts_blocks ${tmpdir}/mnt
    100 if [ $? != 0 ]; then
    101 	exit 10
    102 fi
    103 
    104 # create a tar of the scripts
    105 cp w.sh r.sh ${tmpdir}/mnt
    106 if [ $? != 0 ]; then
    107 	exit 11
    108 fi
    109 cat <<eof > ${tmpdir}/mnt/data
    110 $DEV $PART $secsize $((($secsize*$OFFSET_DATA)+32)) $insize $pass
    111 eof
    112 
    113 umount ${tmpdir}/mnt
    114 if [ $? != 0 ]; then
    115 	exit 12
    116 fi
    117 
    118 # encrypt the scripts
    119 ccrypt ${tmpdir}/scripts_blocks -k ${tmpdir}/.pass
    120 if [ $? != 0 ]; then
    121 	exit 13
    122 fi
    123 dd if=${tmpdir}/scripts_blocks.cpt of=$DEV seek=$OFFSET
    124 if [ $? != 0 ]; then
    125 	exit 14
    126 fi
    127 
    128 shred ${tmpdir}/.pass
    129 shred ${tmpdir}/scripts_blocks.cpt
    130 rm ${tmpdir} -rf
    131 
    132 echo "removing partition entry"
    133 dd if=/dev/zero of=$DEV seek=$mbroffset bs=1 count=16
    134 if [ $? != 0 ]; then
    135 	exit 15
    136 fi
    137 
    138 read -p "Remove script files? (type uppercase YES):" y
    139 if [ $y == "YES" ]; then
    140 	shred w.sh
    141 	shred r.sh
    142 	rm -v w.sh
    143 	rm -v r.sh
    144 fi