Add a Cold Boot Attack to Easy2Boot

Jamil recently contacted me and asked how to get the Cold Boot Attack (video) (skip to the 3 minutes point to save time) code 'scraper.bin' to work on an Easy2Boot USB drive. This allows you to capture the contents of a computer's memory onto a USB drive (even if it has been switched off for several seconds!). The idea is that the computers memory may still contain un-encoded AES encryption codes, passwords, etc. which can be deciphered later, once the memory's data has been safely captured.

Note that scraper.bin also displays the last key presses from the keyboard buffer too!

The idea that we came up with for getting this to work with Easy2Boot is now available for all to use, so check out Tutorial 124!

The following scenario of retrieving data from a system that is switched off seems rather far fetched however and may be something that you would only see Tom Cruise doing in Mission Impossible!:

1. User shuts down PC and walks away
2. Tom approaches system from the ceiling and takes it apart
3. Tom uses freezer spray on the internal DIMMs
4. Tom removes the DIMMs and keeps them cold on top of a frozen cold pack or a small flask of liquid Nitrogen which he has in his utility belt
5. Tom replaced the DIMMs with identical ones which he happens to have with him and leaves the building
6. Tom takes the DIMMs to another system in his lab which takes the same sort of memory
7. Tom quickly fits the DIMMs to his PC and his E2B+'scraper' USB drive and switches on the system - all data from the DIMMs are saved to the USB drive
8. Tom analyses the data, gets all the encryption keys and saves the world!

Please tick 'funny' 'interesting' or 'cool' or add a comment to let me know which posts you most enjoy.

How to add Floppy Disk Images to Easy2Boot

Floppy disk images usually have the .ima or .img file extension.

You can just add these to your E2B USB drive in the usual way by drag-and-drop to any suitable menu folder (e.g. \_ISO\MAINMENU or \_ISO\DOS or \_ISO\UTILITIES or even \_ISO\LINUX, etc.).

Most people will want to boot to DOS (either FreeDos or MS-DOS) in order to run a DOS utility such as a BIOS update utility or a DOS utility such as HWInfo.

The RMPrepUSB Tutorial 33 includes details on how to make such Floppy Disk Images.

When Easy2Boot boots from a .ima or .img image, the USB drive will be mapped as a floppy disk device (i.e. A:). Any hard disks that are present in the system will appear as C:, D:, etc. but of course, the files on them will only be accessible to DOS if they are FAT16 or FAT32, unless you also have a DOS NTFS driver loaded. The whole floppy disk image is loaded into memory so that you cannot change the files in the image file accidentally (note: if you wish to boot directly so that you can change the contents, use a .IMArw file extension as in v1.54 and later versions).

For instance, you can download the DOS version of HWInfo from here and add it to a floppy disk image as follows:

1. Download the latest DOS version of HWInfo and unpack it fully.
2. Download the FREEDOS_288.zip file from Tutorial 33 and unpack it to obtain the FREEDOS_288.ima file.
3. Mount the .ima file using WinImage or ImDisk.
4. Copy the two HWInfo files (.exe and .dat) to the floppy disk image.
5. Quit WinImage/ImDisk and save the changes.
6. Copy the .ima file to your E2B USB drive and give it a suitable name - e.g. \_ISO\MAINMENU\HWInfo.ima

When you boot from the image, type HWINFO at the A: DOS prompt to run the program.

If you prefer, add HWINFO to the bottom of the \fdauto.bat file to make it run automatically.

A ready-made payload file HWINFO.IMA.GZ is available in the Alternate Download - Other Files areas. There is also a CPUINFO.IMA.GZ too.

You can add BIOS utilities in the same way.

If you use the .ima file extension, the USB drive will be accessible from DOS as the first hard disk in the system. Any internal hard disks will be the 2nd, 3rd, 4th etc. Of course, FreeDOS will normally only be able to access them if they are FAT16 or FAT32.

Larger 'floppy' images

If you need a larger image, use ImDisk to create a Dos.img file of whatever size you want as a virtual drive. 

Copy your files onto the virtual drive and then 'Remove' the virtual drive. 

Then copy the Dos.img file to \_ISO\MAINMENU. 

If you like, you can use the contents of RMPrepUSB's FREEDOS_USB_BOOT folder as a source for your bootable FreeDos files (press F3 in RMPrepUSB to see the folder).

Use E2B's FreeDOS floppy image

Here is an easy way to run most DOS-compatible software just by copying the files onto your USB drive.

1. Download HWINFO for DOS and extract the files to a new folder on your E2B USB drive.

Keep the folder name within 8 characters (I used \HWINFO).
You can use the first NTFS partition of the E2B USB drive, but if you have a FAT32 partition on your USB drive, this you will not need to load the NTFS driver (which is a bit flakey!).

2. Now Legacy boot to the E2B DOS menu and run the FreeDOS floppy image.

3. Choose the NTFS option if your files are on the first partition.

4. Now run the program (this assumes the C: drive is the volume with the \HWINFO folder)

C:

cd \HWINFO

HWINFO

Re-install linux onto your Asus EeePC using a USB drive

I have added Tutorial 123 to the RMPrepUSB site for anyone wanting to re-install linux onto their Asus EeePC 701 from a USB drive using the 900MB EeePC 701 ISO download.

The larger EeePC downloads (e.g. v1.7  1.9GB) include images for many more EeePC models which can be run Live or can be installed. These larger ISOs can simply be added to your E2B USB drive as .ISO files. See  Tutorial 123 for more details.

Add 64-bit android for x86 Intel Architecture to your E2B USB drive

You can download various versions of 64-bit android for different Intel platforms from here.

Note that these are Betas and so I would recommend you do not try to install it onto your working Windows system! Luckily, most images contain a Live boot option so we can test it out without installing it.

The downloads are in the form of .zip files and contain a disk image which can only boot via UEFI.

To add these to your E2B drive you need to:

1. Use 7zip or WinRar, etc. to find the live.img payload file which will be inside the .zip download file, e.g. android-4.4.2_r1-ia1-haswell_generic-userdebug.zip has a live.img file under \out\target\product\haswell_generic. I picked this one for my Z87 Haswell system.
2. Extract  the live.img file from the .zip file file to a temporary folder (e.g. C:\temp\live.img).
3. Drag-and-Drop the C:\temp\live.img file onto your MPI_FAT32 Desktop shortcut to automatically create a .imgPTN file
4. Copy the new live.imgPTN file to your E2B USB drive (e.g. to the \_ISO\MAINMENU folder or \_ISO\LINUX folder) and rename it to something more meaningful (e.g. android_x64_442r1.imgPTN)

Now you can boot in MBR mode (or use QEMU or VBOX) and select the new .imgPTN file to swap over the E2B drive to the new partition image and then go and UEFI-boot it from the correct Intel Platform (e.g. a Haswell-based system in my case). 

Note that UEFI booting from VBox will probably fail as it will refuse to boot from an incorrect CPU\chipset platform.

How to add Android x86 + Persistence to your Easy2Boot multiboot USB drive

You can run android x86 on an Intel\AMD x86 system from an ISO with persistence directly from your E2B drive.

The steps are:

1. Download a suitable version of Android x86 as an ISO file. Note that you can obtain versions to match different systems (e.g. eeePC, etc.). Using the wrong version on some systems may result in problems with the mouse or touchscreen, etc.

• android-x86-4.0-r1.1-asus_laptop.iso  for ASUS Laptops/Tablets 
• android-x86-4.0-r1-amd_brazos.iso     for AMD Brazos platform 
• android-x86-4.0-r1-eeepc.iso          for ASUS Eee PC family 
• android-x86-4.0-r1-s103t.iso          for Lenovo S10-3t tablet
• android-x86-4.0-r1-tegav2.iso         for Tega v2(Atom N455)
• android-x86-4.0-r1-thinkpad.iso       for IBM thinkpad tablet
• android-x86-4.0-r1-tx2500.iso         for HP tx2500

2. Copy the ISO file to a MNU folder on your E2B USB multiboot drive (e.g. \_ISO\MAINMENU\MNU or \_ISO\LINUX\MNU).

3. Copy the android_x86_Persistent.mnu file to the same folder as your Android ISO file.

Then Edit the .mnu file so that the ISO filename matches your ISO filename.

4. Create an ext2 file in the E2B root (top level folder) using the RMPrepUSB - Create ext2 FS button - the file name should be \android-rw, but the volume name and size can be whatever you like.

You can instead use Make_ext.exe which is already on the E2B drive. (\_ISO\_Make_Ext.bat).

5. Make all files contiguous using RMPrepUSB - Ctrl+F2.

You can find the android .mnu file in the Alternate Downloads area (link on this page) or in later versions of E2B in the \_ISO\docs\Sample mnu files folder (1.54 or later).

Note that for persistence, we must specify the linux drive name in the kernel parameters. The .mnu code tries to calculate this, but you can override it by typing in the correct letter if it guesses wrongly.

For instance, if you boot from your E2B USB drive on a laptop containing a single HDD, the .mnu file will guess that the USB drive will be 'sdb' once android boots - if this is incorrect, and it will actually be 'sdc' then just type c followed by the [ENTER] key when you are prompted by the E2B menu. If you don't type anything within 2-3 seconds then it will just use the calculated value. If the drive letter is wrong, you just won't get persistence!

Tip: You can tell what drive letter the E2B USB drive is as android boots.

In this case it was a  (sda)

If your mouse is not working in android x86, use the TAB, ESC and ENTER keys as well as other keys to navigate the menus and icons.

Note: I had a few problems booting some of the ISOs in 'Resident' mode on some systems, but the Guest mode seemed to work. Android_x86 also did not seem to like VBox virtual machines much!

See also this video.

UEFI-booting

It seems that the .iso files do not work well with UEFI-booting and there is a separate .img download for UEFI-booting. Simply drag-and-drop one of the EFI .img files onto the MPI_FAT32 desktop shortcut (after installing the MPI Tool Kit), and create a .imgPTN file. This should now UEFI-boot (but won't MBR boot!)

You can also try the E2B Grub2 menu system which can boot to PhoenixOS via UEFI&MBR 32&64 and remix via UEFI&MBR 64-bit.

Please tick 'funny' 'interesting' or 'cool' or add a comment to let me know which posts you most enjoy.

Booting Windows8.1ToGo from a 'Removable-type' of USB Flash drive

I was recently contacted by 'JFL' about getting Windows8ToGo working on his 64GB SanDisk Extreme flash drive.

He was using Windows 8.1 Enterprise as the source and was following my earlier blog here.

The problem was that although he could install Windows OK, it would not boot.

His SanDisk Extreme was listed as being of the Removable type in RMPrepUSB and it was suspected that this may have been the problem because I found some comments from madscye and creosotechris here which sounded suspiciously like something has changed in Win8.1!

Now, in the past, I have had Win7ToGo booting from a USB removable flash drive OK many times. I have also booted Win 8 in the past on a removable USB Flash drive and that had worked OK.

Experiment 1
I already had a  21GB Win8.1ToGo.imgPTN file which I made earlier on my E2B USB HDD and I copied that onto my 32GB USB 3.0 Corsair GT E2B Removable-type drive (after deleting some ISOs to make room!).
I switched partitions using E2B and then I ran BCDBOOT on it to set the BCD correctly to boot from the different drive.
Result: it booted fine under VBox (which treats the USB drive as an HDD) but NOT on my Acer laptop (ever-lasting spinning circle of dots!).

So I did another experiment...

Experiment 2 - fresh install
1. Using DISM, Install Win8.1 Enterprise onto a 16Gb Lexar JumpDrive USB 2.0 which appears as a Fixed Disk (install took about an hour!)
2. Boot from the Lexar USB drive on an Acer Aspire 7741G laptop - go through user setup to Desktop (again very slow!).
3. Reboot and check boots from USB drive OK - all was working fine.
4. Use Bootit.exe to Flip the Bit so the USB drive is now a Removable drive
5. Boot from it on the Acer laptop again
Result: FAIL! (ever-lasting spinning circle of dots)

Experiment 3
1. I re-ran BootIt.exe and flipped back to a Fixed Disk type again
Result: The Lexar boots just fine!

So proof that Win 8.1 ToGo must be run from a Fixed-disk type of  USB drive!

[Update] Win10 (first release) also has same issue. It can be overcome by booting from a VHD file containing WindowsToGo.
Windows 10 Creator now allows us to use Removable or Fixed disk USB drives for flat-file booting - hurrah!
Please tick 'funny' 'interesting' or 'cool' or add a comment to let me know which posts you most enjoy.

E2B Updates

In the last few days there have been a few small changes to E2B.

E2B v1.53 - has TRAD_CHINESE language added (thanks to Andrew :-). It also has a bugfix to the Make_E2B_USB_Drive.cmd script which used the wrong version of grub4dos to install code to the MBR of the E2B USB drive (reported by JF-L). This did not cause a problem unless you tried to boot a .imgPTN file - then you would get an error from E2B Qrun.g4b complaining about 'No Grub4dos installed to the MBR of this drive!' I have now changed the script and also changed Qrun.g4b so any version of grub4dos MBR code can be used. If you have seen this error message, it can be fixed by using RMPrepUSB to reinstall grub4dos to the MBR of your USB drive (recommended) or by updating your E2B USB stick to v1.53.

Info: The version of grubinst.exe used in RMPrepUSB has been modified by me to make it more boot-compatible on a wider range of systems than the standard grubinst.exe (the standard version is called grubinst_new.exe in RMPrepUSB). The boot code in the standard grub4dos MBR does not boot on some systems due to some BIOSes detecting what they think is invalid boot code. The special version of grubinst.exe in RMPrepUSB is limited to installing grub4dos to drives numbered 0-9 only, but fixes this problem, so that these few weird systems will also boot to grub4dos. That is why I recommend you always prepare your E2B USB drive using RMPrepUSB or the Make_E2B_USB_Drive script (and for other reasons too, like FAT32 writes are up to 10% faster on a flash drive if you use RMPartUSB to format them!).

The other update is to the MPI Tool pack - MPI_Tool_Pack_Plus_CloverLite_035. This has been updated to version 035a. It has the latest version of ImDisk now. Also, there was a problem if you tried to run  'RestoreE2B (run as admin).cmd' from Windows Explorer by using right-click+Run as Admin AND if you had not installed RMPrepUSB into it's default location on your Windows system (reported by Anderson - thanks!) - this is fixed in the new version.

P.S. No more language files have been sent to me yet - why not achieve some small amount of fame and world gratitude by translating the E2B strings.txt file into your own language?  Instructions are in a previous blog post here. You can even use Google Translate to do most of the grunt work! If you are German or Spanish speaking, please can you check the existing STRINGS.txt files as there are probably some errors as I used Google Translate to make them!

Another E2B language and @DED-LEGO@

Mr TSAI has kindly sent me a Traditional Chinese language file.

The latest languages will always be in the E2B_LANGUAGE_PACK.zip file located in the Easy2Boot Alternate Download areas.

These are now:
Chinese Simplified
Chinese Traditional
English
German (Beta)
Spanish (Beta)

Memoarfaa has confirmed that the @DED-LEGO@ GFX menu package works with E2B - see the reboot forum posts starting here. You will need to increase the default number of entries from 15 however by re-compiling the file (why not try 100?).

@DED-LEGO@ showing the E2B menu with walking penguin and animated clock, etc.

Please note: E2B does not fully support GFX Menus or @DED-LEGO@/RIPPER menus and I am only willing to spend a few minutes on any issues/questions you may have concerning these.

Easy2Boot v1.52 includes SPANISH, GERMAN and CHINESE support

The Spanish and German STRINGS.txt files probably need some corrections. If you see any problems please just modify the STRINGS.txt file and send me the new version.

Sprechen sie Deutsche?

I have tried to convert E2B into German even though I failed my German O-Level!

If you speak German, please you can check my translation by downloading the German STRINGS.txt file and copying the STRINGS.txt file to your Easy2Boot    \_ISO    folder. This file is already in v1.52.

I expect there are some issues - if so please just edit the STRINGS.txt file and test it.
Then email me the corrected version! Use E2B v1.52 to test it.

Don't forget to test the XP, Vista and Win8 installs to (you can use a dummy ISO file).

Note: first version had a $$STRl1x1 problem when loading Windows Install menu - please re-download the corrected version if you have the old version.

To make a STRINGS.txt file in your own language, see the previous blog for instructions.


Thanks
Steve