Jump to content

Hidden Os


Doctor
 Share

Recommended Posts

Alright so here's my problem, I was going through old shmoocon lectures when I stumbled upon int0x80 giving a lecture on antiforensics. Now he didn't go into much detail on how he did it, but part off his method was two partitions. A clean windows 7 install in the front and his linux install in the back. Now this is the part thats bugging me, he didn't use truecrypt and hidden volumes. What he did was used a boot record loaded onto a flash drive, that when plugged in on startup. Would tell the compter to boot partition 2. What I'm having trouble is writing one, I'm not the best programmer out there, quite frankly I suck. But I realized after looking at an example of the master boot record. That its written generally in x86 assembly, which while I've dipped my fingers into while lurning about how a program operates under the hood that is generally c++,c,etc. I'm pretty crappy with it, so if any of you gents would oblige me some advice or help it'd be much appreciateed.

Link to comment
Share on other sites

No programming required for this.

1. Install Windows on the front part of your hdd/ssd

2. Install Linux to a separate partition on the same device, behind the Windows install

3. Install GRUB (Linux boot loader) to USB drive

Booting from the hdd/ssd uses the MBR on the hdd/ssd, and thus boots Windows not ever showing an option of Linux. Booting from the USB drive boots Linux.

Here are some links that may be helpful, but now Ubuntu can automatically do encrypted root on the install for you.

This is more for appeasing TSA agents that just want to "make sure" your laptop is actually a laptop. It boots Windows, they know what Windows is, no further questions. As kuroigetsushinde indicated, it would be trivial to find the extra Linux partition if you pulled the hdd/ssd and did some simple analysis. But that's not the point. This setup is just to get you through the checkpoint faster with less hassle, while still allowing you to use a different OS.

In the Derbycon talk, I modified the MBR b/c if law enforcement turns on the laptop and wipes the drive, they are the ones who destroyed the evidence, which makes me lol.

Link to comment
Share on other sites

Okay thanks for clarifying that int0x80, I apparently missunderstood your video, derp. Would their be any way combine the two methods and simply encrypt the linux partition and than load to it using the grub?

Perhaps I am misunderstanding this last question. When you boot your Windows install, you are booting from the MBR on the hdd/ssd, which was installed by Windows. When you boot the encrypted Linux install, you are booting to GRUB from the MBR on the USB drive, which was installed by Linux. So yes, you are decrypting the Linux install and loading it starting from GRUB.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...