w.sh (2839B)
1 #!/bin/bash 2 3 if [ -z $2 ]; then 4 echo "usage: $0 <device> <partition-number>" 5 echo 6 echo eg. device /dev/sda5 is specified /dev/sda 5 7 exit 1 8 fi 9 10 which ccrypt 2> /dev/null || exit 2 11 which blockdev 2> /dev/null || exit 2 12 which hexdump 2> /dev/null || exit 2 13 14 DEV=$1 15 PART=$2 16 17 tmpdir=`mktemp -d` 18 if [ $? != 0 ]; then 19 exit 3 20 fi 21 22 mbroffset=$((446+(($PART-1)*16))) 23 24 sizehex=`hexdump -e '1/4 "%08x"' -s$((mbroffset+8)) -n4 $DEV` 25 echo $sizehex 26 OFFSET=`printf "%d" 0x$sizehex` 27 OFFSET_DATA=$(($OFFSET+1000)) 28 29 insize=`blockdev --getsize64 $DEV$PART` 30 if [ $? != 0 ]; then 31 exit 4 32 fi 33 secsize=`blockdev --getss $DEV` 34 if [ $? != 0 ]; then 35 exit 4 36 fi 37 38 outbytesoffset=$(($secsize*$OFFSET)) 39 40 echo "mbroffset $mbroffset" 41 # ccrypt prepends a magic number of 32 bytes at start of file 42 insize=$((insize+32)) 43 44 cat <<EOF 45 *** WARNING WARNING WARNING *** 46 47 This will write $(($insize+(4*$secsize))) bytes on $DEV at sector offset $OFFSET (byte $outbytesoffset) 48 Any existing data will be destroyed! 49 50 It will also zero the MBR partition entry for $DEV$PART 51 52 EOF 53 54 read -p "proceed? (type uppercase YES): " confirm 55 if [ -z "$confirm" ] || [ $confirm != "YES" ]; then 56 echo "aborted" 57 exit 1 58 fi 59 read -sp "encryption password: " pass 60 echo 61 echo $pass > ${tmpdir}/.pass 62 63 echo using tmpdir ${tmpdir} 64 echo "dumping data..." 65 dd if=$DEV$PART of=${tmpdir}/foo 66 if [ $? != 0 ]; then 67 exit 5 68 fi 69 70 echo "encrypting data..." 71 ccrypt ${tmpdir}/foo -k ${tmpdir}/.pass 72 if [ $? != 0 ]; then 73 exit 6 74 fi 75 76 # TODO: check if its on a boundary 77 78 echo "writing data..." 79 dd if=$DEV of=$DEV skip=$mbroffset seek=$((($secsize*$OFFSET_DATA)+32)) bs=1 count=16 80 dd if=${tmpdir}/foo.cpt of=$DEV seek=$((($secsize*$OFFSET_DATA)+16+32)) oflag=seek_bytes 81 if [ $? != 0 ]; then 82 exit 7 83 fi 84 85 shred ${tmpdir}/foo.cpt 86 87 # create a file fs to write the encrypted scripts to 88 mkdir ${tmpdir}/mnt 89 dd if=/dev/zero of=${tmpdir}/scripts_blocks bs=$secsize count=1000 90 if [ $? != 0 ]; then 91 exit 8 92 fi 93 94 mkfs.ext4 ${tmpdir}/scripts_blocks 95 if [ $? != 0 ]; then 96 exit 9 97 fi 98 99 mount ${tmpdir}/scripts_blocks ${tmpdir}/mnt 100 if [ $? != 0 ]; then 101 exit 10 102 fi 103 104 # create a tar of the scripts 105 cp w.sh r.sh ${tmpdir}/mnt 106 if [ $? != 0 ]; then 107 exit 11 108 fi 109 cat <<eof > ${tmpdir}/mnt/data 110 $DEV $PART $secsize $((($secsize*$OFFSET_DATA)+32)) $insize $pass 111 eof 112 113 umount ${tmpdir}/mnt 114 if [ $? != 0 ]; then 115 exit 12 116 fi 117 118 # encrypt the scripts 119 ccrypt ${tmpdir}/scripts_blocks -k ${tmpdir}/.pass 120 if [ $? != 0 ]; then 121 exit 13 122 fi 123 dd if=${tmpdir}/scripts_blocks.cpt of=$DEV seek=$OFFSET 124 if [ $? != 0 ]; then 125 exit 14 126 fi 127 128 shred ${tmpdir}/.pass 129 shred ${tmpdir}/scripts_blocks.cpt 130 rm ${tmpdir} -rf 131 132 echo "removing partition entry" 133 dd if=/dev/zero of=$DEV seek=$mbroffset bs=1 count=16 134 if [ $? != 0 ]; then 135 exit 15 136 fi 137 138 read -p "Remove script files? (type uppercase YES):" y 139 if [ $y == "YES" ]; then 140 shred w.sh 141 shred r.sh 142 rm -v w.sh 143 rm -v r.sh 144 fi