Doctor Posted February 17, 2012 Share Posted February 17, 2012 Alright so here's my problem, I was going through old shmoocon lectures when I stumbled upon int0x80 giving a lecture on antiforensics. Now he didn't go into much detail on how he did it, but part off his method was two partitions. A clean windows 7 install in the front and his linux install in the back. Now this is the part thats bugging me, he didn't use truecrypt and hidden volumes. What he did was used a boot record loaded onto a flash drive, that when plugged in on startup. Would tell the compter to boot partition 2. What I'm having trouble is writing one, I'm not the best programmer out there, quite frankly I suck. But I realized after looking at an example of the master boot record. That its written generally in x86 assembly, which while I've dipped my fingers into while lurning about how a program operates under the hood that is generally c++,c,etc. I'm pretty crappy with it, so if any of you gents would oblige me some advice or help it'd be much appreciateed. Quote Link to comment Share on other sites More sharing options...
kuroigetsushinde Posted February 18, 2012 Share Posted February 18, 2012 (edited) ??? you sure you dont wanna go the tc fde hidden os route? its much safer , anyone with that flash drive can access your unencrypted "hidden" partition Edited February 18, 2012 by kuroigetsushinde Quote Link to comment Share on other sites More sharing options...
int0x80 Posted February 20, 2012 Share Posted February 20, 2012 No programming required for this. 1. Install Windows on the front part of your hdd/ssd 2. Install Linux to a separate partition on the same device, behind the Windows install 3. Install GRUB (Linux boot loader) to USB drive Booting from the hdd/ssd uses the MBR on the hdd/ssd, and thus boots Windows not ever showing an option of Linux. Booting from the USB drive boots Linux. Here are some links that may be helpful, but now Ubuntu can automatically do encrypted root on the install for you. http://madduck.net/docs/cryptdisk/ http://www.debian-administration.org/articles/179 http://billstclair.com/matrix/ar01s06.html#crypto This is more for appeasing TSA agents that just want to "make sure" your laptop is actually a laptop. It boots Windows, they know what Windows is, no further questions. As kuroigetsushinde indicated, it would be trivial to find the extra Linux partition if you pulled the hdd/ssd and did some simple analysis. But that's not the point. This setup is just to get you through the checkpoint faster with less hassle, while still allowing you to use a different OS. In the Derbycon talk, I modified the MBR b/c if law enforcement turns on the laptop and wipes the drive, they are the ones who destroyed the evidence, which makes me lol. Quote Link to comment Share on other sites More sharing options...
Doctor Posted February 20, 2012 Author Share Posted February 20, 2012 Okay thanks for clarifying that int0x80, I apparently missunderstood your video, derp. Would their be any way combine the two methods and simply encrypt the linux partition and than load to it using the grub? Quote Link to comment Share on other sites More sharing options...
int0x80 Posted February 21, 2012 Share Posted February 21, 2012 Okay thanks for clarifying that int0x80, I apparently missunderstood your video, derp. Would their be any way combine the two methods and simply encrypt the linux partition and than load to it using the grub? Perhaps I am misunderstanding this last question. When you boot your Windows install, you are booting from the MBR on the hdd/ssd, which was installed by Windows. When you boot the encrypted Linux install, you are booting to GRUB from the MBR on the USB drive, which was installed by Linux. So yes, you are decrypting the Linux install and loading it starting from GRUB. Quote Link to comment Share on other sites More sharing options...
Doctor Posted February 21, 2012 Author Share Posted February 21, 2012 Ah, well again thank you for clarifying, seeing as this tells me I neeed to read more before I post next time. So I don't look like an idiot. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.