Add archbang linux + persistence to E2B

The archlinux ISO must be installed, it is not a 'LiveCD', however archbang does come in LiveCD format. Here is the .mnu file for getting the ISO to boot with a persistent volume.

Files on E2B drive (FAT32 or NTFS or exFAT):
/_ISO/LINUX/MNU/archbang-010316-i686.iso
/_ISO/LINUX/MNU/archbang-010316-i686_persistent.mnu
/arch-rw-010316

GoldMemory test (and other memory tests to add to E2B)

I came across another memory test today. GoldMemory by Michal Tulacek is shareware and available in two versions, standard (limited 30-day free trial shareware <4GB) or Pro ($29 - at least 16GB).

Detect keyboard status and hide menu entries in E2B

We can detect the status of the keyboard using grub4dos to read the BIOS Data area.
For instance, we can tell if CAPS LOCK or SCROLL LOCK was on or not.

Here is a simple grub4dos batch file which will report the keyboard status as detected by the BIOS (not all keys may be reported accurately under a VM):

Run android x86 with persistence from E2B

android-x86-4.4-r5.iso can be added to your E2B USB drive, but to get it booting with persistence, we need to create a .imgPTN file as follows:

'How to add an animated GIF' YouTube video now available

I have added a 10 minute YouTube video on how to add an animated GIF to the Easy2Boot menu.

See http://www.easy2boot.com/configuring-e2b/animation/ for more info.

Let me know if you like these videos by ticking one of the Reactions boxes.
Feel free to suggest a subject for the next one!

Check the CRC of a payload file before running it in Easy2Boot

Nicolas asked me today about checking an ISO (for corruption?) before running it.

In E2B, you can hit SHIFT+CTRL+ENTER to ask E2B to calculate and display the CRC32 value of a payload file that is listed in the menu, but it is up to you to check that it is correct.

If you want to ensure that an ISO or other payload file is not corrupt (or infected?) before you allow E2B to run it, you can use this .mnu file for each payload file:


\_ISO\MAINMENU\RunMemTestCheck.mnu
==================================

# Check the CRC32 value of a payload file and run it if it is correct

iftitle [if exist /_ISO/UTILITIES_MEMTEST/MEMTEST.IMG.gz] Check and run a payload \n Get CRC32 value and run if correct
set ISO=/_ISO/UTILITIES_MEMTEST/MEMTEST.IMG.gz
# expected CRC32 must start with 0x
set EXP_CRC=0x1340BECC

echo Calculating CRC32 of %ISO% - please wait...
crc32 %ISO% > nul
set /A CRC=%@retval% & 0xFFFFFFFF > nul
pause --wait=3 %ISO% - EXPECTED CRC32=%EXP_CRC%, ACTUAL CRC32=%CRC%
if not %EXP_CRC%==%CRC% pause ERROR: CRC is not correct (%CRC% vs %EXP_CRC%)
if not %EXP_CRC%==%CRC% configfile (md)0x3000+0x50
/%grub%/QRUN.g4b %ISO%
boot

Just change the first few lines as required. If the payload file is large, it may take a while to calculate the CRC value. I will add this to the Sample mnu Files folder of the next E2B version (CheckCRC32_and_Run.mnu).

Over 1 million blog views!

I just noticed the total views counter for this blog has just passed 1 million!

Thanks for reading all my ramblings over the last few years!
Steve

Alternate German menu format

The German language files (supplied by Frettt) in E2B have been formatted so that the [hotkey] labels are right-aligned in the menus...

A few people have requested a left-aligned German menu, so Frettt has now provided an alternate STRINGS.txt file which left-aligns the hotkeys.

Petya disk encryption fix

I see on BleepingComputer.com that there is a way to decrypt a hard disk that has been encrypted with the Petya malware (actually, I think only the $MFT is encrypted by this MBR virus). Although Bleeping Computer say to remove the hard disk from the system, I don't see why we cannot just boot the infected system to WinPE from a USB drive (just be careful it does not boot from the internal hard disk!).

I copied the PetyaExtractor.exe program to my E2B USB drive and booted to a Windows 10 32-bit Install ISO. I then ran the PetyaExtractor.exe program which appeared to run OK (but I cannot be sure as I did not have an infected system). It is a 32-bit program, so you need to boot to 32-bit WinPE (or a 64-bit WinPE that has WoW64 support - e.g. ChrisR's WinPESE10).

The idea is that we could then save the sector 55 and 'Nonce' data from sector 54 to the E2B drive using NotePad, and then copy and paste it into the Petya Decrypting site page to get the decryption key.

It also would be trivial to write a grub4dos (E2B) script to save the required data (or even just use dd) and then encode it to base64 by uploading it to a website such as this one. However, it is probably just as easy to just boot to WinPE and use the PetyaExtractor tool.

Why not add the tool and a .txt file with the web links to your 'Swiss-army E2B drive' so that you will have the tool handy if you need to fix someone's system?

30 things I bet you didn't know about Easy2Boot (or were too afraid to ask)!

1. E2B can directly boot from Vista/7/8/10 WindowsToGo .VHD files - just copy them over (requires a copy of Win8.1 bootmgr to be added to the E2B drive - no BCD file is required!).