Wednesday 12 February 2014

Major bug in WinMerge 2.14.0?

If you are using WinMerge 2.14.0 I recommend you use the older 2011 version instead (change the .7z file extension to .exe to install it).

If I compare two folders in WinMerge 2.14.0 and then sort on the  'Comparison result' column, it does not sort the column correctly. This means that some files which are 'Left only' are not sorted to the top or bottom and so if you have a lot of files, you will miss the 'Left only' files as they appear further down the listing and are mixed in with 'Right only' entries! This is a serious bug and so I recommend you to use the 2011 version instead.

P.S. I had this issue on two different Win7 64-bit systems. It seems to depend on which folder you have on the Left and which one is on the Right. If I simply swap over the two folders, then it works correctly (i.e. Left=folderX v. Right=folderY = WORKS OK, Left=folderY v. Right=folderX = DOES NOT SORT CORRECTLY!

Posted by at No comments:

Tuesday 11 February 2014

BIOS type and 64-bit CPU detection features for Easy2Boot

The next version (available soon! v1.28 now available!) will have a BIOS string-detection feature.

You will be able to detect which system E2B is running on and boot the correct ISO file for it.

Suppose you had some EeePC laptops and some Samsung laptops and you want to run a different  .isoPE file for each one (or different linux ISO or Windows Install ISO). Now you can do this using this type of menu:

# Example menu. Look for a BIOS string and then pick correct ISO file
# force.isope01 forces it to run as a .isope01 even if the file is an ISO file
# strings are not case-sensitive - ISO files must be in same folder as this .mnu file
# 0x7ff+0x01 searches 512 bytes at end of BIOS ROM
# 0x680+0x180 searches all of BIOS from 0xD000:0 to 0xFFFF:F (and so will be slower)
# remove > nul text if you want to see the strings that it has found
title Run Win PE ISO \n Auto-detect based on BIOS
set ISO=
call /%grub%/SearchBS.g4b 0x700+0x100 "eeepc" > nul
if "%GOTSTR%"=="1" set ISO=AsusEeePC.iso
if not exist GOTSTR call /%grub%/SearchBS.g4b 0x680+0x180 "samsung" > nul
if "%GOTSTR%"=="1" set ISO=Samsung.iso
if "%ISO%"=="" echo WARNING: BIOS NOT IDENTIFIED!" && pause && configfile /menu.lst
if not "%ISO%"=="" echo BIOS IDENTIFIED - WILL BOOT %ISO% && pause
/%grub%/qrun.g4b force.isope01 $HOME$/%ISO%
boot

All you need to do is specify the BIOS string and the ISO you want to run.
Depending on your ISO, this may work with Windows Install ISOs too (depending on if they require a Product Key in the AutoUnattend.xml file or not!).
0x600+0x40 is a good base address and range to test for Video BIOS ROM strings (C000:0-C800:0).

Note that the line:
/%grub%/qrun.g4b force.isope01 $HOME$/%ISO%
forces the file to run as an .isope01 file, even if the file has a different extension. You can change this as you wish (e.g. use force.iso to make it boot as a plain ISO file or just omit the force.isope01 text completely to run it with whatever file extension you have used in the ISO= variable line).

If you have different Windows 8 ISOs that you want to install depending on which system that you boot the E2B USB drive from, then use a menu like this:

title Install Windows 8 \n Auto-detects based on BIOS type
set ISO=
call /%grub%/SearchBS.g4b 0x700+0x100 "eeepc" > nul
if "%GOTSTR%"=="1" set ISO=AsusEeePCWin8.iso
if not exist GOTSTR call /%grub%/SearchBS.g4b 0x680+0x180 "samsung" > nul
if "%GOTSTR%"=="1" set ISO=SamsungWin8.iso
if "%ISO%"=="" echo WARNING: SYSTEM NOT IDENTIFIED! && pause && configfile /menu.lst
if not "%ISO%"=="" pause --wait=3 SYSTEM IDENTIFIED - WILL BOOT %ISO%
set MFOLDER=/_ISO/WINDOWS/Win8
/%grub%/%LANG%/RunWin8.g4b  Win8
boot

In this case the .ISO files need to be in the \_ISO\WINDOWS\Win8 folder.

Reducing the search area will improve the speed of the string search.

P.S. To experiment in finding strings and reducing the search area, run E2B and get to the grub4dos command console (press p then enter the password 'easy2boot' then press c). Now you can run the grub4dos batch file from the command console, e.g.:

/%grub%/SearchBS.g4b 0x680+0x180 "Inspiron"

This will display any matching strings it finds for 'Inspiron' and their location. If 'Inspiron 530' is displayed, you can try specifying that as the search string. As the exact location of the BIOS string may vary from BIOS version  to BIOS version, it is best to search an area of xxxx+0x80 - don't just use xxxx+0x1 or it may not work on a slightly different BIOS version even if it is the the same system type and mainboard.

Please let me know if you think this might be useful for you and how you might like to use it. For instance, if some of your systems require a different parameter when booting linux but other systems crash when the same parameter is used, you can use this feature to identify which system you have booted from.

CPU 64-bit detection

You can also do a similar thing to detect 64-bit CPUs. Thus you could have an 'Install Windows 8' menu item and it would install Win8 64-bit on 64-bit systems and 32-bit Win8 on 32-bit systems. See Tutorial 72a for more details.

To boot an ordinary payload (ISO, IMA, IMG) file, use the following .mnu file (see 64Bit_Auto_Detect_ISO.mnu)

# Change the 1st, 2nd and 3rd line as required - line 4 may be deleted if no pause required

title Run a 32-bit or 64-bit linux ISO \n Auto-Detect system type and run correct ISO
set ISO=Ubuntu32.iso
checkrange 2,3 is64bit && set ISO=Ubuntu64.iso
pause WILL BOOT %ISO% - Press ENTER key to continue...
/%grub%/qrun.g4b $HOME$/%ISO%
boot

P.S. It would also be possible to change the linux vga parameters for linux livecd ISO booting, based on what vga modes the system supported by the BIOS when E2B was booted. Let me know if you would be interested in this (and give me an example grub4dos menu).

Posted by at No comments:

Saturday 8 February 2014

Com! Magazin Readers (ISOs vom Stick booten)

Welcome, Com! magazine readers. This is just to tell you that the latest version of Easy2Boot is v1.28. The magazine used v1.17 which is now old.
Please obtain the latest version from here. If you want to install XP from an XP Install ISO, download "E2B + Windows XP Mass Storage Drivers [30MB]" - this includes XP 32-bit Mass storage drivers.

Herzlich willkommen, Com! magazin Leser. Dies ist nur zu sagen, dass die neueste Version der Easy2Boot ist v1.28. Das Magazin verwendet v1.17, die jetzt alt ist. 
Erhalten Sie die neueste Version von hier. Wenn Sie von einem XP XP installieren Installieren ISO wollen, laden Sie "E2B + Windows XP Massenspeichertreiber [30 MB]" - dazu gehören XP 32-Bit-Treiber für Massenspeicher.

Posted by at No comments:

Thursday 6 February 2014

Easy2Boot in Com! Magazine

If you subscribe to Com! Magazin (a German computer magazine), look out for an article on Easy2Boot in the 03/2014 issue on Friday 7th February!

http://www.com-magazin.de/news/com-magazin/neue-com-3-2014-da-237003.html



Posted by at No comments:

Easy2Boot v1.27

Note: I just re-tried v1.26 and it is working now! Seems this was a false alarm??? v1.26 and v1.27 should be the same and no need to update to 1.27!

v1.26 seems to have a problem with Win8 Install ISOs if a Helper USB drive is used together with a USB HDD - please update to E2B v 1.27 or later!!!

 The problem seems to be in the \_ISO\e2b\grub\ENG\RunWin8.g4b batch file, but as far as I can tell it has hardly changed for at least 3 previous versions, so I am not quite sure what the problem was. When I added a few lines to debug it, it just started working again!

 v. 1.27 seems to work though, so please update to this new version ASAP.

 Sorry for the inconvenience, I am still trying to figure out why it stopped working....


Posted by at No comments:

Wednesday 5 February 2014

Easy2Boot v1.26 available (with new batch file to make an E2B USB drive)

v1.26 2014-02-05
  1. Small changes so we can have individual XP ISO entries in the Main menu (e.g. 'Install XP Home' and 'Install XP Pro' can be in the main menu with no need to pick the ISO name). Use XP_Inst_from_MainMenu.mnu in sample mnu folder as an example.
  2. A few new sample .mnu files added for OpenElec and XiaOpan
  3. Latest grub4dos version 0.4.5c 2014-01-17
  4. New \_ISO\docs\Make_E2B_USB_Drive.cmd batch file added to automate making of an E2B drive (requires RMPrepUSB to be pre-installed).
The Make_E2B_USB_Drive.cmd batch file is designed to be run from the \_ISO\docs folder.
Download the E2B .zip file, extract it to a temporary folder on your hard disk and then double-click on the Make_E2B_USB_Drive.cmd batch file to make an Easy2Boot USB drive (requires Admin rights). It formats the USB drive (choice of FAT32 or NTFS), installs grub4dos and then copies the E2B files across. Your E2B drive is then ready to boot!

The batch file requires RMPrepUSB to be pre-installed on your system in the default (C:\Program Files) folder.

Make_E2B_USB_Drive.cmd - Initial Drive Selection

Make_E2B_USB_Drive.cmd - E2B drive completed

Posted by at No comments:

Sunday 2 February 2014

Adding Xiaopan to Easy2Boot

Xiaopan is a linux distro used for wireless penetration testing (e.g. cracking WPS). You can add the latest ISO to Easy2Boot in the usual way (i.e. just copy the .iso file to \_ISO\MAINMENU and then run WinContig to make the iso file contiguous). This will work on both FAT32 and NTFS E2B USB drives even though Xiaopan does not support NTFS.


However, if you want to run Xiaopan with persistence, it is easiest to use a FAT32 E2B USB drive.

To make your extensions and changes persistent, Tiny Core needs a directory to store them.

1. Extract the mydata.tgz file from the root of the ISO file using 7Zip
2. Copy the file to the root of the FAT32 USB boot drive
3. Rename the file to xi.tgz

If however, you have an NTFS E2B USB drive, we need to create an ext2 filesystem...

1. Use RMPrepUSB - Create ext2 FS to create an ext2 file of the filename x-rw in the root of the NTFS E2B USB drive (any size you choose).
2. Copy the Xiaopan.mnu file from the \_ISO\docs\Sample mnu files folder to an E2B subfolder (e.g. \_ISO\MAINMENU\MNU) - see below.
3. Move the Xiaopan ISO file to the same folder and rename it to Xiaopan.iso

Now when you boot from the ISO for the first time, use the Control Panel - Backup\Restore applet in Xiaopan and change the backup location from sdb4/ (may differ on your system but it should end in 4) to sdb3/. Now change the wallpaper colour and Exit. There should be no error message (if there is, try using Control Panel - Mount Tool to mount \sdb3 first and then Exit). When you run Xiaopan again, the wallpaper settings should be remembered.

The .mnu file is shown below:
#create an ext2 file in the root of the E2B USB drive called x-rw
#when Xiaopan boots, use the Control Panel - Backup\Restore applet to change the location to partition 3 - e.g. sdb3/

iftitle [if exist $HOME$/XIAOPAN.iso] Xiaopan (with persistence)\n Boot using .mnu file with persistence
if exist CD echo WARNING: Cannot use partnew command! && pause && configfile (bd)/menu.lst
set ISO=XIAOPAN.iso
set PER=x-rw
if "%E2BDEV%"=="" set E2BDEV=hd0 && pause E2BDEV forced to hd0!
#enable parttype output
debug 1
# make empty table entry in 3rd position in ptn table
parttype (%E2BDEV%,2) | set check=
debug off
set check=%check:~-5,4%
if "%check%"=="0x00" partnew (%E2BDEV%,2) 0 0 0
if not "%check%"=="0x00" echo WARNING: PTN TABLE 3 On %E2BDEV% IS ALREADY IN USE - PERSISTENCE MAY NOT WORK! && pause
debug 1
if not exist /%PER% echo WARNING: /%PER% persistence file not found! && pause
errorcheck off
if "%check%"=="0x00" partnew (%E2BDEV%,2) 0x0 /%PER%
errorcheck on
#map ptn 4 to ISO
partnew (%E2BDEV%,3) 0x0 $HOME$/%ISO%
map $HOME$/%ISO% (0xff)
map --hook
root (0xff)
chainloader (0xff)




Posted by at No comments:

Friday 31 January 2014

Transferring ISOs from an XBOOT USB drive to Easy2Boot

If you already have an XBOOT USB drive containing linux ISO files, you may have found that when you copy them to your Easy2Boot USB drive, they don't work.

This is because XBOOT modifies the ISOs. For a typical linux ISO, XBOOT will extract the files from the casper folder of the ISO file and then copy them to a subfolder under the \images folder on the USB drive. XBOOT also modifies the \isolinux\isolinux.cfg file contents (inside the ISO file) to add some cheat codes which will direct the linux kernel to load the squashfs files from a different folder, e.g.

label driverupdates=Use driver update disc
append driverupdates=debian-installer/driver-update=true

is converted to:

label driverupdates=Use driver update disc
append driverupdates=debian-installer/driver-update=true ignore_uuid live-media-path=/images/fdraptor/casper

The cheat codes added by XBOOT may work for some linux distros (or versions) but not for others. This is why it is 'hit-or-miss' as to whether XBOOT will work or not with 'unsupported' ISOs.

To move these XBOOT converted ISOs to an E2B USB drive we need to:

1. Copy the whole \images folder from the XBOOT drive to \images on the E2B drive
2. Move the ISO files to the \_ISO\MAINMENU folder

So if we had 'fdraptor' on our XBOOT drive, we would now have an E2B drive with these folders:
  • \images\fdraptor\casper\ - several files including filesystem.squashfs (700MB)
  • \_ISO\MAINMENU\fdraptor.iso (32MB)
As many linux initial kernels do not support NTFS, XBOOT does not work well on an NTFS drive. If you use these files on an E2B drive, the E2B USB drive needs to be formatted as FAT32 and not NTFS.

Of course, you can just download the original ISOs from the web and copy them to your E2B drive (even on an NTFS E2B drive) and it should work just fine.

The other alternative is to make a .imgPTN file from the XBOOT USB drive by dragging-and-dropping the drive letter onto the MPI_FAT32 desktop shortcut.

Posted by at No comments:

Easy2Boot .mnu files

Usually, when adding payload files to Easy2Boot, you just need to copy the file over and make sure it is contiguous. In some cases you may need to modify the file extension slightly too. However, for some 'special' payload files or if you want persistence when booting from linux ISOs, we need to use a .mnu file.

Below is a list of some of the .mnu files that can be found in the \_ISO\docs\Sample mnu Files folder of the Easy2Boot download in v1.25. More may be added to later versions, so always check for new examples!
Instructions on how to use .mnu files can be found by opening them in Notepad and reading the instructions within.
Read more »
Posted by at No comments:

Thursday 30 January 2014

Make a 'Forensics To Go' 32GB USB Flash drive

If you have a 32GB or larger USB pen and want a ready-made 'Forensic' multiboot USB Flash drive, try the (virtual disk) image provided on 'Hacking Exposed' by David Cowen\Kevin Stokes.  Download is here.


This USB disk image contains two FAT32 partitions, with XBOOT installed ISOs of...
  • SIFT 2.14
  • Kali Linux
  • Paladin 5
  • Raptor 3
on a hidden 2nd partition, and 4GB-worth of the following portable apps and tools on the first partition (which is visible to Windows):

Documents
analyzing-malicious-document-files.pdf
log2timeline-cheatsheet.pdf
Memory-Forensics-Cheat-Sheet-v1.pdf
Network Forensics Cheat Sheet.pdf
SANS-DFIR-Poster-2012.pdf
sbag.users.guide.v.0.24.pdf
SIFT Cheat Sheet and DFIR Curriculum.pdf
USB-Device-Tracking-Artifacts.pdf

Linux Tools
TZworks_64bit
TZworks_32bit
Truecrypt

Mac Tools
FortiClient_Installer.dmg
nmap-6.40-2.dmg
TrueCrypt 7.1a Mac OS X.dmg
TZworks

Portable Apps
PortableApps.com
2XClient
7-ZipPortable
AbiWordPortable
AntRenamerPortable
AutorunsPortable
BabelMapPortable
cdrtfePortable
ClamWinPortable
CommandPromptPortable
ConverberPortable
CrystalDiskInfoPortable
CubicExplorerPortable
DaphnePortable
DatabaseBrowserPortable
EraserPortable
EraserDropPortable
Explorer++Portable
FileAlyzerPortable
FileZillaPortable
FoxitReaderPortable
FrhedPortable
GetSudokuPortable
GoogleChromePortable
grepWinPortable
HDHackerPortable
HijackThisPortable
HWiNFOPortable
InfraRecorderPortable
IniTranslatorPortable
IrfanViewPortable
JkDefragPortable
KasperskyTDSSKillerPortable
KchmViewerPortable
KeePassPortable
KeepNotePortable
KiTTYPortable
McAfeeStingerPortable
Monster2Portable
CamStudioPortable
ChecksumControlPortable
ConvertAllPortable
DiffpdfPortable
Notepad++Portable
PasswordGorillaPortable
PeerBlockPortable
PidginPortable
ProcessExplorerPortable
ProcessHackerPortable
ProcessMonitorPortable
PuTTYPortable
PWGenPortable
RegshotPortable
SIWPortable
SkypePortable
SmartDefragPortable
SpybotPortable
SQLiteDatabaseBrowserPortable
SqlitemanPortable
StickiesPortable
SumatraPDFPortable
SystemExplorerPortable
TeamViewerPortable
ThunderbirdPortable
Toucan
UUID-GUIDGeneratorPortable
VLCPortable
WhoDatPortable
WindowsErrorLookupToolPortable
winMd5SumPortable
WinMTRPortable
WinSCPPortable
WiseDiskCleanerPortable
WiseProgramUninstallerPortable
WiseRegistryCleanerPortable
xpyPortable
CppcheckPortable
KompoZerPortable
NetHackPortable
PeaZipPortable
qBittorrentPortable
RevoUninstallerPortable
PortableApps.comLauncher

Windows Tools
volatility-2.3.1.standalone.exe
WiresharkPortable-1.10.5.paf.exe
Imager_Lite_3.1.1
NirSoft Tools
Password Tools
rrv2.8
Scalpel-2.0
SysinternalsSuite
Tools that require Install
TZworks 32bit
TZworks 64bit
USB Write - EnableProtect
Woanware


To make this USB Flash drive

You need a 32GB or larger USB drive.
1. Download the 8GB (!) USB_Multiboot.zip file from the blog here or the updated image here.
2. Extract the 30GB 'USB image for download.img' file to your system hard disk using 7Zip (or similar utility)
3. Run RMPrepUSB and insert your 32GB (or larger) USB Flash drive
Select the 32GB USB Flash drive in the top drive selection box and click on the File->Drive button.
Enter 1SEC for the file start sector (see screenshot), 0 for the USB start sector and 0 for the length.
After 10 -30 minutes you will have a bootable USB flash drive.

The image is from a 32GB USB Flash drive made using XBOOT. If you wish to add more files to it using XBOOT, you can must first change the partition order over as follows:

1. Run RMPrepUSB and select the 32GB drive
2. Type CTRL-O and select partition 2 when prompted

This will swap over the partitions and make visible the XBOOT 1st FAT32 partition containing the (modified) ISO files:
  • fdraptor.iso
  • hirensbootcd.iso
  • paladin.iso
  • siftworkstationrevusb.iso
You should now be able to run XBOOT and modify the contents.

When you have finished testing the USB drive, use RMPrepUSB - Ctrl-O to change back the partitions and make the applications partition visible to Windows again.

You can either boot from this USB drive on a 'live' system or boot from it (or the original .img file) with the 'target' hard-disk image in VirtualBox.

Note: XBOOT modifies the .ISO files and extracts and removes the squashfs (casper) files into a subfolder under \images. Therefore these .iso files cannot just be 'dropped' onto an Easy2Boot drive as they will not boot correctly. These XBOOT ISOs can be used if you copy the whole \images folder from the XBOOT partition to the root of a FAT32 E2B USB drive (not NTFS - it won't work!) and then move the .iso files to the \_ISO\MAINMENU folder (i.e. the E2B drive will contain a \images folder with subfolders).

Of course, you can download the original ISOs from their websites and simply add them to your Easy2Boot USB drive.

Note: There is a later download here which may have some of the files missing (I have not tested it).

Posted by at No comments:
Subscribe to: Posts (Atom)