Saturday, 12 April 2014

Booting from multiple UEFI partition images with Easy2Boot - testing so far...

Progress is being made on the MakePartImage.cmd script to convert ISOs and bootable USB drives into images for Easy2Boot. The actual code in Easy2Boot has not needed to be changed for a week now, I am just working in the conversion of ISOs and USB drives into partition images that will boot as .imgPTN files.

For most ISOs, you can drag-and-drop the ISO onto a Desktop shortcut for MakePartImage.cmd and just hit [Enter] about 4-6 times to accept the default suggestions (FAT/NTFS, size of image, image name and location and syslinux version if required + any 'fixups'.)

So far I have tested these ISO conversions, they are all on my 32GB USB flash drive and they all work (black=MBR mode, red= also boots in UEFI mode).
  • 12.Hiren.s.Boot.CD.15.2.imgPTN
  • android-x86-1.6-r2.imgPTN
  • DLC.Boot.2013.imgPTN
  • DLCD_Ultimate.2014.v1.imgPTN
  • dsl-4.11.rc2.imgPTN
  • Fedora17.imgPTN
  • Fedora-18-i686-Live-LXDE.imgPTN
  • Fedora-Live-LXDE-i686-19-1.imgPTN
  • HBCD_DLC 2.0.imgPTN
  • HPACUOFFLINE.imgPTN (made from a working USB Flash drive)
  • zorin-os-8.1-core-64.imgPTN
  • 7601.17514.101119-1850_x64fre_server2012_eval_en-us-GRMSXEVAL_EN_DVD.imgPTN
  • bitdefender-rescue-cd.imgPTN
  • Fedora-Live-Desktop-x86_64-19-1.imgPTN
  • Fedora-Live-Desktop-x86_64-20-1.imgPTN
  • linuxmint-14.1-cinnamon-dvd-64bit.imgPTN
  • pmagic_2013_06_15.imgPTN (allows changes to be saved too!)
  • Sabayon_Linux_14.05_amd64_Minimal.imgPTN
  • korora-20-x86_64-gnome-live.imgPTN
Since they are booting from a 'flat filesytem', if the OS supports it, changes can be saved to the same partition. If you want this feature in say, the Partition Magic image, remember to make the image size larger than the ISO files actually need, to allow extra room for the extra files that it will save.

I found a few that wouldn't fully boot inside VBox (using DavidB's VMUB utility to boot from the USB drive), but they did work on a real system. Some were even more fussy about booting in UEFI mode from VBox, although most UEFI-booted successfully  (much to my surprise!). They did all boot on a real system however.

I have made some more changes to the MakePartImage.cmd script and found quite a few more problems that needed solving. The user can now choose the version of syslinux that is needed (it defaults to installing version 4 if syslinux/isolinux is detected). For instance, I found the HP Tools image (made by MakePartImage from a working USB flash drive) needed to have an older version of syslinux 3.75 installed.

The MakePartImage script also attempts to 'fix-up' any config files it finds, to correct them for the E2B image boot method. For instance, the volume name of the image is different (you can't have a volume name of 'Fedora-Live-Desktop-x86_64-19-1' as a FAT32 volume label!), it also changes cheat code kernel parameters such as 'CDLABEL' to 'LABEL' and 'media=cdrom' to 'media=USB' as well as updating any occurrence of the volume UUID in the config files to match the new volume UUID of the image.

So far I have tested these images as FAT32 volumes. I don't really intend to support NTFS volumes (due to problems with syslinux installing to NTFS volumes on older versions), but Windows Install ISOs with large Install.wim files will work on NTFS volumes, as should WinPE ISOs.

I found that Windows get very confused if you change the disk image of the E2B drive inside Virtual Box and then exit Virtual Box! Even though the partitions have been changed, Windows quite happily carries on accessing the files inside it as if it still had the original partitions! DavidB has fixed this in the latest versions of VMUB now.

The MPI Toolkit download is on the site in the Downloads area as usual.

Thursday, 10 April 2014

Adding HP Utility ISOs to E2B

HP utility ISOs such as the HP ProLiant Offline Array Configuration Utility are non-standard format. HP provide a special HP format tool to convert them for use with a single-boot USB drive. The one I looked had just had a compaq, system, punchout and usb folder.

I have added a .mnu file to support these linux-based ISOs into v1.32, however, you need to extract the ISO contents and so you can only have one 'payload' at a time on your E2B USB drive, due to folder name conflict.

The basic .mnu file for hpacuoffline-8.75-12.0.iso for instance is (one line is very long!):

# Extract the ISO contents (\usb folder is not required)
# Place this .mnu file in any E2B menu folder (e.g. \_ISO\MAINMENU)

title HP ProLiant Offline ACU Image\n
kernel /system/vmlinuz rw root=/dev/ram0 media=usb ramdisk_size=353272 init=/bin/init loglevel=3 ide=nodma ide=noraid pnpbios=off usrramfs=1 vga=791 splash=silent showopts nox2apic
initrd /system/initrd.img

The important change is to use media=usb. If this does not work for your HP ISO, you will need to look at the \system\isolinux.cfg file to see what parameters are required in your .mnu file; however the basic menu format should be maintained  (i.e. kernel command followed by an initrd command).

However, with v1.32 of E2B you will be able to use partition images, and so you can have any number of HP utilities on your E2B USB drive

1. Prepare a spare USB Flash drive using the HP Format utility and an HP ISO as instructed by HP
2. Make an image of the USB Flash drive using MakePartImage.cmd (you may need to pick an earlier version of syslinux when prompted)
3. Add the .imgPTN file to your E2B drive (e.g .to the \_ISO\MAINMENU folder)
4. Repeat for all other HP ISOs.

Wednesday, 9 April 2014

Easy2Boot and .imgPTN file development proceeds...

I have decided to not call the file extension '.imgEFI' for the partition images for UEFI booting. Instead they will be called .imgPTN which stands  for 'ParTitioN images'.

The new feature in E2B 1.32 (release version) is actually pretty powerful! It will swap in a new single-partition image to replace all of the E2B partitions instantly. You can then boot to whatever was in the new partition. Most UEFI systems will only boot if the first partition is a FAT32 partition (or is a GPT drive). Once you have finished, you can use the grub4dos boot menu in CSM mode to return the USB drive back to the 'E2B' partition state and carry on using E2B in the normal way.

The Windows script I am working on, MakePartImage.cmd, will convert ISOs, a folder or drive contents to a partition image file, which you then can just drop onto the E2B USB drive and it will appear in the menu just like any other menu item.

MakePartImage works best on non-grub4dos payloads that don't have a menu.lst file because it adds it's own menu.lst file into the image - if a menu.lst is present, you will be prompted to append it to  the MPI menu or delete it.

If  any .imgPTN file is over 4GB, then the E2B USB drive will need to be formatted as NTFS. UEFI booting is still possible as long as the image partition itself was formatted as FAT32.

As long as the biggest file inside the image is below 4GB and the image is a FAT32 partition image, then you can also UEFI-boot it (if image is UEFI-boot capable, of course!). If some files are over 4G, then only MBR (non-UEFI) booting is possible, as the .imgPTN image must be in the NTFS format (however, it is possible to have a FAT32+NTFS dual partition arrangement with later versions of E2B - see here for more details).

MakePartImage will also attempt to convert isolinux-based source files (ISOs) to syslinux-based ones. It will also rename any overlay file it finds in \LiveOS to match the new drive label and UUID too. It also warns you about any LABEL= and UUID= cheat codes in the syslinux config files - though you will have to change these manually if there are any. [Edit: Now it automatically converts these!]

Basically, if you have a single partition (FAT32 or NTFS) USB Flash drive (or HDD) that works correctly, then you should be able to easily convert it to an .imgPTN file and boot from it using Easy2Boot. You can thus convert all you flash drives into images and add them to Easy2Boot (if they don't work as ISOs in E2B).

You can use MakePartImage.cmd to automatically convert the following types of payloads to working .imgPTN files:
  1. Windows Install ISOs
  2. Multi-boot ISOs such as Hirens, DLCD, etc.
  3. WinPE v2+ based Windows ISOs
  4. Various Linux ISOs (Lubuntu, Ubuntu, Fedora, CentOS, Deft8, etc. just work)
  5. UEFI-capable utilities such as KonBoot or EasyRE
  6. Any working single-partition USB drive that is in FAT32 or NTFS format.

Linux ISO conversion
Some linux ISOs may not boot in MBR\BIOS\CSM mode, due to the change from an ISO(CD) to a disk filesystem(USB drive). In these cases, you can edit the image to fix the problem (just mount the .imgPTN file in ImDisk). However, they probably boot fine in MBR mode as an ISO under the E2B menu, so you don't really need to get them working from the CSM menu.
Some linux ISOs may not boot as .imgPTN images in UEFI mode. Typically you will need to change the grub .conf file to fix these UEFI images.

The most common fixes are:

1. Look in all .cfg, .conf and .lst files for CDLABEL and change CDLABEL to LABEL
2. Where a value for CDLABEL was defined, change it to the Volume label of the image: - e.g.
    Was: root=root=live:CDLABEL=SL-65-x86_64-LiveMiniCD
    Change to: root=live:LABEL=LIVE
3. Look for UUID= in the .cfg, .conf and .lst files. Change the value to that which is listed at the top of the CSM Menu when you boot from the .imgPTN. e.g.
   Was: root=live:UUID=%UUID%
   Change to: root=live:UUID=xxxx-yyyyy
where xxxx-yyyy is the UUID in the Easy2Boot CSM menu.
4. Lastly, if all else fails (for MBR booting only), add a grub4dos menu entry in the \menu.lst file which uses the correct kernel and initrd commands and parameters. e.g.

title Boot YlmF 3.0 (Windows Like OS) \n Image made from the ISO file Ylmf_OS_3.0.iso
kernel /casper/vmlinuz file=/cdrom/preseed/ubuntu.seed boot=casper floppy.allowed_drive_mask=0 splash
initrd /casper/initrd.img

[Edit: Now it automatically converts these! You shouldn't need to edit ant .cfg or .conf files.]

I have not had to do any sector editing to restore my E2B drives for several days now, so the partition swapping is looking fairly robust and reliable! I just have to go through a selection of different payload files (ISOs) to test them out and check they work.

If you have any favourite UEFI ISOs or other UEFI-enabled payloads, please contact me tell me what they are and I will test them for you. This way they should work for you when I finally release v1.32 of E2B!

Monday, 7 April 2014

Easy2Boot will soon support UEFI booting!

Easy2Boot soon will support booting of FAT32 UEFI disk images!

To make these image files you need to run a Windows script...

Example 1: lubuntu-13.10-desktop-amd64.iso
1. Run the MakePartImage.cmd Windows script to create an image file - e.g. LUBU64.imgEFI
2. Copy the file to your E2B drive \_ISO\MAINMENU folder

Example 2: KonBoot 2.4
1. Make a KonBoot 2.4 USB EUFI drive using a spare flash drive. You can use the batch file provided by KonBoot or just make a single partition USB FAT32 drive using RMPrepUSB. Make sure the \EFI folder is present.
2. (optional) Test that the USB drive boots via UEFI
3. Run the MakePartImage.cmd Windows script to create an image file from the USB drive - e.g. KonBoot24.imgEFI. As an alternative you can skip steps 1 and 2 and just point MakePartImage.cmd at the KonBoot folder on you C: drive that contains just the EFI folder - e.g. C:\temp\KonBootV2.4
4. Copy the image file to your E2B drive \_ISO\MAINMENU folder

Example 3: Windows 8.1
1. Run the MakePartImage.cmd Windows script to create an image file - e.g. Win81x64.imgEFI
2. Copy the file to your E2B drive \_ISO\MAINMENU folder

Note: Due to the file size limitation of FAT32, the \Sources\Install.wim or Install.esd file cannot be over 4GB.

You can also make an .imgEFI file from a working FAT32 USB Flash drive using RMPrepUSB - Drive->File (use P1, P1, 0) - but see the easy2boot website for instructions as you need to add some grub4dos files first.

Some linux ISOs won't boot from a FAT32 filesystem unless the files are modified. You can use Fedora Live-USB Creator to make a working USB Flash drive and then use the contents of that Flash drive in your .imgEFI. You just need to ensure that the volume label of the image is the same as that of the USB stick. To get the USB Flash drive working, some editing of the .conf and .cfg files may be necessary to get both MBR and UEFI booting to work. Once a USB Flash drive works, the same image should work when copied into a .imgEFI file using the MarkPartImage.cmd script, as long as the FAT32 volume names are the same.

Now we have prepared our Easy2Boot drive ready to use for MBR or UEFI booting and we can boot any one of the images via UEFI (and most via MBR too) - sweet!

 Here is how to use it:

1. Boot from the target system via MBR\CSM booting to the Easy2Boot menu

2. Select one of the .imgEFI images - this will change the MBR on the drive and load the new CSM Menu (after some warnings about the possibility of it destroying your E2B drive!)

3. From the CSM Menu, you can instantly switch back to E2B Mode, or run the payload files in the current MBR mode (works for Windows and KonBoot, etc. but not linux) OR...

4. Choose Reboot and boot from the USB drive via UEFI BIOS mode - it should immediately boot to the selected EFI payload (e.g. CentOS, Deft8, Lubuntu, KonBoot or Win8.1 install in UEFI mode).

5. To change back to E2B again, reboot from the USB drive via MBR\CSM booting - you will see the CSM Menu- choose Switch and it will immediately restore the E2B partitions and load the E2B menu.

The advantages of this process is that this should be 100% compatible with most UEFI BIOSes as it uses a single FAT32 volume. It is also a very simple concept. Switching modes is virtually instantaneous.
The 'cons' are that you can easily accidentally 'destroy' the MBR of your E2B USB drive if anything goes wrong and it does not boot in MBR mode. Secondly, you have a file size limit of 4GB which may apply to files like install.wim (the .imgEFI file can be bigger if your E2B drive is NTFS, but the individual files inside the image cannot be larger than 4GB). Another disadvantage is that you have to prepare an .img file first (though this takes only a minute or so when using the MakePartImage script, even for a 4Gb Windows 8 ISO).

For some EFI images - e.g. KonBoot and Windows Installs, you can run them in MBR mode and UEFI mode, thus you don't need to have both the .ISO files  and the .imgEFI files on your E2B drive for these. The linux images however won't boot in MBR mode unless you add a grub4dos boot menu entry to run the correct kernel/initrd commands (the files are already in 'flat-file' format in the FAT32 image).

If anyone is interested in trying out a very early Alpha, please let me know. You may need to be experienced in Disk Sector editing if you run into trouble (but only your USB E2B drive will be affected) but by using Disk Doctor in RMPrepUSB it is quite easy to put back the E2B MBR should anything go very wrong!

Installing Windows from a USB Hard Drive without needing a Helper USB Flash drive

Using .imgEFI images also has the side-affect that you dont' need to use a USB Removable Flash 'Helper' drive to install Windows. If you format the image as FAT32 then you can install Windows from an E2B USB Hard disk both in MBR mode or UEFI mode. However, you are limited to install.wim files of less than 4GB.

If you format the .imgEFI image file as NTFS, you can only install Windows in MBR mode but the install.wim file can be of any size and at least you don't need a Helper Flash drive.

More information on the easy2boot site here.

MakePartImage now installs syslinux to the PBR if it sees a \syslinux folder in the image. This allows you to run linux in MBR mode. The file extension .imgPTN is now recognised as well as .imgEFI (deprecated). It makes more sense to call it .imgPTN as it is just an image partition and does not necessarily have to contain EFI files or support UEFI booting.

Friday, 4 April 2014

New XP unattended install feature for E2B v1.32

The next release version of E2B 1.32 will have a new feature which will allow the user to select or automatically use an unattend.txt answer file (or winnt.sif file) with the XP Install ISO that is picked by him/her. This was previously only possible using the WinPE method of install, but now you can do it using the 2-Step DPMS install method too.

You can either have one specific unattend.txt file for each XP ISO file which will be automatically used, or you can configure E2B so that it prompts you to manually select an unattend file from a list of files. This means you can auto-install to a hard drive, however if you specify any extra driver files or other files in the unattend answer file for XP Setup to copy, this probably won't work (unless you add them into the ISO).

E2B will copy your answer file to the F6 virtual floppy disks and rename it to winnt.sif so that it is automatically picked up during the start of XP Setup. Due to the way this works, the DOS floppy can only contain 8.3 filenames and so the .sif files must be of 8.3 format too. However, the file that the user picks from a list is actually a batch file with a .AUTO file extension and this file can be of any filename length.

For full details, see here.

I will place a TEST version in the Downloads area as usual.

P.S. Rev2 - You can now also run a .cmd file from the USB E2B drive automatically after installation. This .cmd file can call another .cmd file on yourUSb drive to complete the installation by 'xcopying' over a large folder from your USB drive to your target system and then running a script to install drivers and applications. You must write the copy code cmd file and add the installation folder yourself.

Note: Although you should re-boot back to the E2B drive after Step1 and select Step 2, I have found that this is not always necessary and you can allow the system to boot from the hard disk after Step 1. 

Thursday, 3 April 2014

End of Windows XP - good news for some?

There has been a lot of talk about the end of Microsoft support on April 8th 2014 for Windows XP SP3.

Who ate all the TeleTubbies?

Recently, there have been some articles on why you should switch to a newer, supported OS like Windows 8.1. However, I suspect that many people and small businesses will continue to use XP for at least 6 month to a year. I know that many people in 'poorer' countries still install and use XP illegally. I also know that in these countries, many computer shops openly pre-install XP (activated but unlicensed!) for their customers.

XP may still be used in many pieces of equipment that you use: disk copiers, stage lighting consoles, recording/mixing desks, data servers that 'just sit there and work', card payment systems, etc. It has been said that 95% of the worlds ATMs run XP (embedded) - though I doubt these are updated with the latest hotfixes every week or even once a year!.

So the question is, will XP really die after April 2104?... Of course not!

Many people will continue to use XP for many years. However, there is one thing that the end of MS support does mean, and that is the end of XP drivers for new products. Why is that such a big deal?...

Many businesses and education establishments demand XP drivers, because their systems and applications still run on XP. This, in turn, puts pressure on the chipset manufacturers and specialised peripheral manufacturers to develop and release XP drivers and associated software.

Over recent years, it has been harder to find XP drivers for new systems, but now it will be impossible. Chipset, peripheral and card manufacturers now have a perfect excuse to not supply XP drivers for their new products because XP is no longer supported by Microsoft. In fact, these manufacturers had actually ceased to 'support'  XP since late 2013 for any of their new products.

So it will be a death by attrition. As old hardware dies and is replaced by newer hardware, there will be a dearth of XP drivers for any new hardware.

Windows 8 has been around since August 2012 and there is now a good driver base for all hardware and peripherals (at least for all hardware younger than 5-6 years of age). However, most of the people running XP will have older peripherals such as old printers, scanners, etc. It is hard to find drivers for these old peripherals now for Win7/8, as the manufacturers don't write and release drivers for kit they no longer sell.

Equally, A lot of XP software does not run under Win7/8 very well (which is why companies have held onto their old XP systems and their bespoke software and hardware). If you have an old XP laptop, the special drivers for these (e.g. hotkeys, special trackpad features, power managent, docking bays, etc.) will not be available for Win7/8. These hardware drivers won't work in a VM running XP on a Win7/8 system either!

So changing from XP to Win8.1 actually involves more expense than just paying for a new OS. For XP users it involves:

1. A new system (Win7/8 won't run too well on low-memory PCs and no drivers for old laptops)
2. A new OS
3. New peripherals (no drivers for older printers/scanners and special peripherals for midi/recording/video capture, etc.)
4. A lot of time getting it all to work from the IT department
5. Training costs

This is all good news for the poor old PC industry which has been in decline over the last few years.

So what can we look forward to after April 2014? My guess is:

1. Increased sales of PC and related software and hardware products
2. Increase in hacks for activating Win 7/8 illegally
3. XP-alike versions of linux gaining in popularity
4. Increase in jobs for consultants who specialise in upgrading systems, writing/converting software and training.

Maybe it's time for me to buy shares in PC World and Microsoft...

Easy2Boot, linux ISOs and persistence

It is possible to boot the following linux ISOs with persistence from your E2B USB drive:

linuxmint, XiaOpan, ubuntu, YLMF, Puppy, Slax, Ubuntu, LUbuntu, Fedora, Backtrack 5, BitDefender Rescue (old versions only), geebox, kali linux, kaspersky, PCLinuxOS, Porteus, StartOS and XBMCbuntu.

They can all be on the same E2B drive and all boot using different persistence files. The E2B drive justs needs the one partition for E2B (partition #3 and partition #4 which should both be unused/free).

You can even have multiple persistence files used by the same one ISO. For example, you could have a Bob_Ubuntu.mnu for Bob and a Mary_Ubuntu.mnu for Mary - both would boot from the same Ubuntu ISO but use different persistent files.

You normally will need to copy and edit a small .mnu file and make an ext2 file using RMPrepUSB for each ISO.

For more details, please see here.

Wednesday, 2 April 2014

Adding the Kaspersky Rescue ISO to Easy2Boot (with persistent updates)

You can easily download and add the kav_rescue_10.iso or krd.iso file to your E2B drive easily. Just copy it to the \_ISO\MAINMENU folder.

(Note: if using krd.iso, do not use parentheses ( ) or any other strange characters in the .iso filename - esp. when using agFM - 'Kaspersky' option to boot it).

Download here.

Note: When converting to .imgPTN file for UEFI+MBR booting (do not add rEFInd, say No to prompt:
          'Timeout in 10 seconds       (default=N )... AUTO-CORRECT? (Y/N) : ' 
          to not Auto-convert .cfg files).

See new Kaspersky Forum if any queries and Forum post here.

When you first run it, you will want to update the virus definitions. When you do so however, it will store the updates on an internal hard disk of the system that you booted the E2B USB drive from, instead of storing them on the E2B USB drive. This means that when you boot on a different system, you will have to download the updates all over again (if the system has an internet connection).

IMPORTANT: The key to the whole procedure is to ensure that Kaspersky linux mounts all the storage devices as volumes by selecting a drive to scan FIRSTThis will not be done if you do not select a drive to scan when prompted, or if you use the 'Skip' button when prompted if the volume is 'dirty'.
Allow it to mount the disks...

Once all the volumes have been mounted, you should see the icons on the Desktop - if not then it won't find the Updates on the USB drive and you will have to reboot!

Make sure you see desktop icons for the USB drive (e.g. sdb1).

MBR-booting from krd.iso with persistence

The instructions to get persistent updates to stay on the E2B USB drive are:

1. Download a recent ISO file from - it should be under 'Distributive' and called  kav_rescue_10.iso or krd.iso.

2. Copy it to a menu folder, e.g. \_ISO\MainMenu folder (or \_ISO\ANTIVIRUS or any other menu folder where you want it to be listed).

Create an empty folder called "\Kaspersky Rescue Disk 10.0" on the E2B USB drive now.
Note: For krd.iso 2018 versions, the folder name has changed to \KRD2018_Data. Use this exact name and exact capitalisation.

3. Boot from the ISO menu entry. Ensure that your USB drive (sdb1) volume has been mounted and appears as an icon on the Desktop as well as the C: drive icon (don't abort any dialogs!). If they are not there then reboot and try again.

On first boot to Kaspersky from E2B using this menu, download the updates (you will obviously need an internet connection). They will usually be automatically stored on internal Hard Disk C: by Kaspersky but if it finds the "\Kaspersky Rescue Disk 10.0" folder on the E2B drive, it may copy the updates there instead.

4. When the download of the updates have finished, if the USB \Kaspersky Rescue Disk 10.0 folder is empty, copy the whole "\Kaspersky Rescue Disk 10.0" folder which now contains the updates from C: or sda1 (the internal HDD) to sdx1 which is the USB drive partition 1 (if you only have one hard disk, the USB drive will be sdb1).

Now rename the "C:\Kaspersky Rescue Disk 10.0" folder on the hard disk to something else like 'Junk' to get rid of it.

IMPORTANT: Ensure the update folder \Kaspersky Rescue Disk 10.0 does NOT exist on the Target hard disk in any volume. It must only exist on the E2B USB drive, otherwise it may update the wrong folder.

5. On the next boot, the updates should be found to be already present on USB drive (check you can see the drive icon on the Desktop).


If you find that the Updates are old or not present...

1. Ensure you can see the sdx1 icon on the Desktop to show it has been mounted as a volume by Kaspersky.

2. Ensure any target system you test does not already have the \Kaspersky Rescue Disk 10.0 folder anywhere on any HDD in the system - if so delete it and reboot from USB.

Always shutdown Kaspersky linux nicely or updates may not be saved!

E2B USB Drive contents when it is all running smoothly are:

\Kaspersky Rescue Disk 10.0 (or \KRD2018_Data) for 2018+ versions.

Kaspersky 2018 with UEFI (using a two-partition E2B drive)

Converting the ISO to a FAT32 .imgPTN file is easy, however the \KRD2018_Data folder is not found by Kaspersky Rescue if it is in the boot partition, so we cannot simply create this folder inside the new .imgPTN partition (but see section below if you want to do this).

Create or use the second partition of the E2B drive which should have at least 1GB of free space available or else it will not be used (exact size TBD - it works if 4.1 GB free on a 7GB volume).

Then simply create an empty \KRD2018_Data folder on the 2nd partition of the E2B drive and use a .imgPTN23 file extension for the krd imgptn file.

IMPORTANT: For UEFI booting press 'N' for No' when prompted by MakePartImage to AUTOCORRECT the .cfg files because the EFI boot files are signed.

Use Switch_E2B.exe to switch to the krd2018.imgptn23 file.

Edit the \menu.lst file (the large on inside the large .imgPTN file) to add these lines to the bottom of the file:

#use lang=ru for russian

title KAV 32-bit\nBoot to Kaspersky Rescue
kernel /boot/grub/k-x86 net.ifnames=0 lang=en dostartx backstore=alldev
initrd /boot/grub/initrd.xz

title KAV 64-bit\nBoot to Kaspersky Rescue
kernel /boot/grub/k-x86_64 net.ifnames=0 lang=en dostartx backstore=alldev
initrd /boot/grub/initrd.xz

The two partitions on the E2B drive should now be:
Partition 1: Contains a \boot folder and \System folder + other E2B files + \menu.lst (modified)
Partition 2: Contains empty \KRD2018_Data folder

Now you can UEFI or MBR boot (using the new menu entries) and ensure you have an internet connection so that it can download the latest updates. Check that there are now files in the \KRD2018_Data\Bases folder...

If updates do not appear to be persistent, delete any folder on any drive named \KRD2018_Data  except for the folder on the second partition of the E2B USB drive.

You can use the terminal command:
find / -name 'KRD2018_Data'
to find where the data files are located after updating/downloading the updates.

UEFI boot files

Recent Kaspersky 18 UEFI boot files and menus in the ISO are signed and checked (they have .sig files). If you modify the .cfg menu files then it will not UEFI boot. For this reason choose N = for do not AutoCorrect when prompted by MakePartImage when you make the .imgPTN file.

For E2B Fixed-disk USB drives only...

If your USB drive is a hard drive/fixed disk type, you will need to modify the kav-menu.cfg file for persistence, so to work around the signed file issue, find a Ubuntu 64-bit ISO and copy the files from the \EFI\BOOT folder to the same folder on the E2B drive thus overwriting \EFI\BOOT\bootx64.efi on the FAT32 partition. Just Ubuntu's bootx64.efi and grubx64.efi are required for UEFI64 booting.

You will need to modify \boot\grub\x86_64-efi\cfg\kav-menu.cfg to add the backstore=alldev cheat code for persistence to work if you are booting from a USB hard disk


menuentry "${kav}" {
linux /boot/grub/k-x86_64 net.ifnames=0 lang=${lang} dostartx backstore=alldev
initrd /boot/grub/initrd.xz

menuentry "${kav_nomodeset}" {
linux /boot/grub/k-x86_64 net.ifnames=0 nomodeset xforcevesa lang=${lang} dostartx backstore=alldev
initrd /boot/grub/initrd.xz

#menuentry "${kav_rescue_text}" {
# linux /boot/grub/k-x86_64 net.ifnames=0 lang=${lang} nox nomodeset
# initrd /boot/grub/initrd.xz

menuentry "${hardware_info}" {
linux /boot/grub/k-x86_64 net.ifnames=0 lang=${lang} docache loadsrm=000-core.srm,003-kl.srm nox hwinfo docheck
initrd /boot/grub/initrd.xz

source /boot/grub/${grub_cpu}-${grub_platform}/cfg/boot_from_hard.cfg

Kaspersky 2018 UEFI & MBR  + persistence

As found by Ahmed (see comments), if your E2B USB drive is of the Removable type, you can create a persistent backup store using the Kaspersky linux script in the KRD Desktop Start Menu - System menu, but this does not work when booting from Fixed-disk USB drives (e.g. Corsair GTX, SilverStone M.2 or when using a VM under VirtualBox\QEMU where the USB drive appears as a Fixed-disk).

For persistence to work, you must use a Removable-type USB flash drive unless you modify the .cfg menus...

Note: Only recent versions of KRD2018 include the 'Create persistent volume' menu feature.

1. Drag-and-drop the latest version of KRD2018 onto the MPI_FAT32 Desktop shortcut to create a large .imgPTN file. I chose a size of 2200MB (or 3GB for safety) and a name of KRD2018_2019_08.imgPTNAUTO. You must allow enough free space for the updates (I found that 2000MB was not quite enough by about 16MB!). Do NOT AUTO-CORRECT the configuration files when prompted by MakePartImage as this makes them unsigned.

2. Copy the krd.imgPTN23 file to your E2B \_ISO\ANTIVIRUS folder, make it contiguous and use SWITCH_E2B.exe to switch in the new partition.
If using a Fixed-disk E2B USB drive then do not use the CSM    '1 Boot from this drive (MBR mode)'    boot menu entry if you need persistence because it will not use the backstore=alldev cheat code and you will not get persistence if using a fixed-disk USB drive. 
Instead, add the two new menu entries shown above to the E2B CSM \menu.lst file and the kav-menu.cfg file.

3. Now MBR-boot on a real system to the E2B Removable drive (do not use a VM unless you have the backstore=alldev cheat code in the menu).

4. Accept the licence agreements and perform an update if prompted.

5. Quit the AV scan.

6. Run System - Create persistent volume from the Start Menu and create a file of the suggested size - just follow the prompts (do not create a Backup as this will use up all the free space!).

There seems to be a problem with the suggested min and max sizes, so choose a size somewhere between the two  limits suggested by the script.

7. You should be prompted to reboot - so do so.

8. You may see this message if the updates are not stored on a disk :-( ...

Now use the Terminal, you should see that the mount command shows /livemnt/boot is on your E2B USB drive...

and the backstore folder should be apparent...

UEFI-boot error when using Virtual Box?

Note: if testing using a Virtual Machine you may need to remove or rename the \System folder because some VMs UEFI-boot from this MAC UEFI boot folder instead of from the \EFI\boot folder.

This message can also indicate that you need to update the \EFI\boot folder with the Ubuntu EFI boot files as described above because one or more the .cfg files are not original (e.g. they have been edited or altered) and their signatures will no longer match.

KRD.ISO UEFI booting

From a fresh boot to agFM/grubfm/Ventoy or any grub2-based menu system - press TAB key and then c and type set check_signatures=no and then press ESC key and then select and load krd.iso.

Kaspersky signed files

If you are interested in why Kaspersky has added signed file checking (.sig files) for .cfg files, even for UEFI unsecure booting, see here.

Tuesday, 1 April 2014

Easy2Boot update for installing XP onto modern systems

The current 'released' DriverPack Mass Storage driver pack included in E2B+DPMS is rather old. If want a more recent driver pack, you can download the most recent one from the last post on the forum here (search for TechDud posts and '7z downloads).

There is a problem with the latest current 'nightly' build DP_MassStorage_wnt5_x86-32_1403071.7z

It would not work when installing XP on a Z87 chipset (Intel Series 8) mainboard.

I have modified the INI file, and you can download the new DPMS version from here.

Just unzip it to the \_ISO\e2b\grub\DPMS folder of your E2B drive (if you already have a \_ISO\e2b\grub\DPMS\DriverPack.ini file then delete it and the whole D folder first).
Note: You need at least E2B v1.31 for the new driver pack to work.

E2B v1.32 will have better DPMS driver selection (thanks to chenall who has modified the chkpci utility for me). If your ISO has '2k' or '2k3' in the filename, it will assume it is a Win2k or Win2k3 driver and look for the correct driver. If not, chkpci will only retrieve XP drivers from the DriverPack.ini file.

For XP installs, this means that whereas previously you may have been presented with a choice of several different mass storage drivers for your system (some of which could be Win2K3 orWin2K drivers), now you should only get one driver (for each different type of controller in your system).

Saturday, 29 March 2014

Using and remembering strong passwords

Do you use a password manager? It seems to me there is no perfect solution, whether cloud-based like LastPass or locally-based like KeePass. See here for a recent review from PC Pro (Jan 2014) of some of the best choices available.

If cloud based, do you trust the security of the central server or for that matter, the source of the WiFi hot-spot that you happen to be connected to whilst in StarBucks or your hotel? Also, the apps tend not to be free.

If you use a local database, you have to store it somewhere in the cloud so you can access it when you are away from your own systems (e.g. at work or in a cyber cafe or at another office). Also, you have to ensure that the database, which may be kept on various 'local disks', are all synchronised. Keeping your entire password database on a mobile phone is not the most secure of scenarios either!

What we need to do is generate a 'long and strong' password, that is not easily subject to a 'dictionary attack', for each site we use - but make it easily 'recall-able/remember-able'. A few years ago I was looking for a 'hash' algorithm which would create a strong password from a master password 'salt' and another unique 'character string', when I found  Nic Wolff at this site had already done it!

The mechanism is simple and secure (as no password data is passed across the web). It is not as convenient as using a proper password manager (no auto-fill, syncing, etc.) but it is free and you are in control and there are no management/sync/security issues. You can also use it on your mobile devices too (or even off-line if you save the html source file somewhere handy).

Do you use the same password for several sites? Well, use this generator and you can still use just the same password (as a 'master password')  but it will generate a unique, strong password for each different site.

As I could never remember the URL for Nic's site, I simply copied and modified his code and added it to a page on my easy2boot site here. Try it out (no data is sent or recorded - honest!).

Feel free to add Nic's code to your own site and modify it, or just use my page to generate your passwords (accessible from the Easy2Boot SiteMap page).

You can make up your own 'rules' on how you use it - for instance, you could precede the Master password with the first letter of the site (e.g. Bmypwd for Barclays and Nmypwd for Nat West, etc.). Or add a letter and a number. Just think of a rule and stick to it for all sites and passwords.

If only there was a nice, easily-remembered URL that everyone could use... If I get enough +ve feedback, maybe I will register one just for this type of password generation with a nice short, easily remembered name.

[Edit 2014-03-30] It seems there is already a Chrome Extension called PassWordChameleon which does pretty much exactly what Nic's code does (not sure which came first!). He also has a website but it's certificate is no longer valid.

There is still the outstanding problem of changing the password however. It is good practise (and often you are forced) to change or reset your password. So we still have a problem with this method because we would need 3 or 4 'secret password' keys and we would have to try each in turn until we found the one that we used previously. Some sites would still use the first secret password key, other sites where we have to change the password, would require a new secret password.

An idea for all sites that require a login and password

Wouldn't it be a better idea, if instead of requesting a single weak password which can be dictionary attacked, sites provided a similar 'salt+password' hash technique? For example, the site would ask us for TWO words or phrases and then hash them first before sending the hash to the site's server. That way a strong password is always sent across t'internet even if we only enter in two 'weak' ones. Or, the website could just prompt for a password as normal but then hash it with the site's name to make a strong password which is the password that is actually sent to the website server and recorded. That way we can use the same password for all sites, but the 'actual' password is a strong password which is different for all sites (and each site could encode it in a different way too).

- o -

P.S. Many years ago, when Phishing sites were just starting to spring up, I wrote a letter which was published in the UK publication Computer Weekly, suggesting that Phishing could be prevented if we told the site during registration, of a preferred phrase or picture etc. that we would recognise when we accessed the same site at a later date. That way, after we provided a user name, but before we entered the password, we could check that the site was the correct one because we would recognise the phrase or picture that it would display to us. Roll on a few years and now a great many sites use this anti-Phishing security feature which I believe I was (at least, one of) the first to suggest. I wish I had patented it now!