Tuesday 3 September 2013

'Hide' grub4dos menu.lst and other 'sensitive' files

If you have made a grub4dos bootable USB drive and you have password protected the menu.lst (or maybe just some of the menu entries) using the grub4dos password command, it is really quite easy for someone to hack the menu.lst file and simply remove the password lines just by using Notepad.

Another scenario is that you have set up an expiry date in the menu.lst file, so that when the expiry date is reached, a message will warn the user that it has expired and it should be updated and you don't want this to be circumvented! . See here for details on how to set this up.

Here are two ideas which I use to deter the amateur hacker.

1. Use 7Zip to compress the menu.lst file (or any sensitive .g4b batch files or other files loaded by grub4dos) to GZip format. Ensure that the resultant filename and extension is not changed and grub4dos will still run it just fine.

2. Set the file attribute on the 'sensitive' files (e.g. menu.lst) to Hidden (right-click - properties - Hidden).
You could also set the file attribute to System+Hidden+ReadOnly to make it even more difficult to see in Windows Explorer. You can use the Windows command line and the attrib menu.lst +h +r +s command or use NirSoft BulkFileChanger to do this.

This (compression to Gzip +  attribute change) will also work on most of the grub4dos Easy2Boot files (e.g. all .g4b, .lst and .mnu files and even your \_ISO\MyE2B.cfg file). Just keep the filename and the extension the same. Any file loaded by grub4dos that is detected as being in compressed gzip format is automatically uncompressed by grub4dos when it is read.

Of course, now I have told everyone this, it is no longer a secret!

Footnote: Another format that grub4dos can read is lzma, but not the standard lzma compression used by 7Zip. This format is slightly better because if you open it in NotePad, you don't see any tell-tale header information. For this lzma compression which grub4dos understands, we need to use the Windows lzma.exe utility

1. Download lzma.exe from https://code.google.com/p/grub4dos-chenall/downloads/detail?name=lzma.exe
2. Open command prompt
3. Type
                  lzma.exe e J:\_ISO\MyE2B.cfg J:\_ISO\MyE2B.cfg.lzma
4. Delete the original file and rename the lzma so it is the same name as the original (e.g. MyE2B.cfg).

To decode the compressed file, use the d parameter:

              lzma.exe d J:\_ISO\MyE2B.cfg J:\_ISO\MyE2B.cfg.txt

P.S. 7Zip can also decode the compressed lzma files if you add the .zip extension - 7Zip lists them as LZMA:23 encoded files.

For more details and also a handy drag&drop utility to compress E2B files (without changing the original filename) see Tutorial 72a here. It also has a decompress drag&drop utility included too. Each file selected is checked first to ensure you don't try to double-compress a file by mistake!

No comments:

Post a Comment