Tuesday 8 December 2020

agFM grub2 code to protect your E2B drive from being cloned

 I was asked today for a grub2 menu which would protect the E2B USB drive from being cloned onto another drive.

The lines below can be added into your startup_menu.txt file.

It checks the total drive capacity of your E2B USB drive - if it is not as expected, then it displays a graphics file (candle in this case) and then prompts you to enter a password (3 chances). If the user does not know the password, then it loads a 'guest' menu, but it could just as easily  shutdown or reboot the PC.


You can display any graphics file you like (.png, .jpg, .bpm) and you can change the messages, etc. as you wish.


# Example code for placing in startup_menu.txt menu files

# Checks USB total size (prevents cloning unless identical drive used) - admin must change to correct size

# If disk size is wrong, display a graphics image - user presses ENTER - prompts 3 times for admin password

# If password wrong then load guest_menu.txt menu file

#

# To use, set bmp_path, ADMINPWD and the disk size of your particular E2B USB disk


# get the total capacity of the USB boot drive into variable DSIZE

stat -s DSIZE -z (${bootdev}) -q

if ! [ "${DSIZE}" == "500107862016" ];

then 

set ADMINPWD=e2b

set bmp_path="(hd0,1)/_ISO/MAINMENU/candle2020.jpg";


lua ${prefix}/view.lua;

echo "BAD E2B DISK [$DSIZE]"; 

set POK=1

if ! [ "${POK}" == "0" ]; 

then

echo

echo -n "ENTER PASSWORD: "

read pwd asterisk

if [ "${pwd}" = "${ADMINPWD}" ] ; then set POK=0;fi

fi

if ! [ "${POK}" == "0" ]; 

then

echo

echo -n "ENTER PASSWORD: "

read pwd asterisk

if [ "${pwd}" = "${ADMINPWD}" ] ; then set POK=0;fi

fi

if ! [ "${POK}" == "0" ]; 

then

echo

echo -n "ENTER PASSWORD: "

read pwd asterisk

if ! [ "${pwd}" = "${ADMINPWD}" ] ; then echo; echo "ERROR: BAD PASSWORD [${pwd}] - loading Guest Menu..."; sleep 3; configfile "(${user})/boot/grubfm/guest_menu.txt"; fi

fi

unset ADMINPWD

unset POK

fi

unset DSIZE


This sample code will be included in the next version of agFM in the \e2b\Sample agFM menu files folder.

You startup_menu.txt file will be in plain text and so the ADMINPWD can be seen by anyone, but you can 'encrypt' the startup_menu.txt by compressing it to a .gzip file using 7zip (but keep the file name the same).

The Easy2Boot grub4dos menu can be protected in a similar way (see here).


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)