Jump to content

Verifying whole disk encryption boot img files


fugu
 Share

Recommended Posts

With whole disk encryption there is a small part of the drive thats unencrypted, that's needed to boot the computer, I wrote this script to keep tabs on those important files, and look for changes. It hashes new boot files and stores a copy of them within the script itself in an sqlite database, and also looks for changes in those files over time. The file can get to be 100M+ if you have a lot of boot files, so forewarned.

#!/bin/bash
EOS=2
while [ 1 ]; do
	if [ -n "$(cat $0 | head -n $EOS | tail -n 1 | grep '^###########################################################$')" ]; then
		break;
	fi
	EOS=$(($EOS+1))
done
SQLITEDB=$(tempfile)
SCRIPTFILE=$(tempfile)
trap 'rm -f '$SQLITEDB' '$SCRIPTFILE EXIT

tail -n +$(($EOS+1)) $0 | base64 -d > $SQLITEDB
head -n $EOS $0 > $SCRIPTFILE

if [ -z "$1" ]; then
	echo $EOS
	sqlite3 $SQLITEDB "CREATE TABLE IF NOT EXISTS hashes(id INTEGER PRIMARY KEY, filename TEXT UNIQUE NOT NULL, md5 TEXT, sha1 TEXT, sha256 TEXT);"
	sqlite3 $SQLITEDB "CREATE TABLE IF NOT EXISTS contents(id INTEGER, subindex INTEGER, data TEXT);"
	for i in /boot/initrd.img-*-generic; do
		if [ -n "$(echo "$i" | grep '/boot/initrd\.img-[0-9]\+\.[0-9]\+\.[0-9]\+-[0-9]\+-generic')" ]; then
			filename_already_exists="$(sqlite3 $SQLITEDB "SELECT count(filename) FROM hashes WHERE filename = '$i';")"
			if [ "$filename_already_exists" = "0" ]; then
				#NEW
				echo -e "\e[34;1mNEW FILE $i\e[0m"
				MD5=$(md5sum "$i" | cut -d\  -f1)
				SHA1=$(sha1sum "$i" | cut -d\  -f1)
				SHA256=$(sha256sum "$i" | cut -d\  -f1)
				sqlite3 $SQLITEDB 'INSERT INTO hashes (filename, md5, sha1, sha256) VALUES ("'"$i"'", "'"$MD5"'", "'"$SHA1"'", "'"$SHA256"'");'
				echo -e "\e[34;1madded hashes...\e[0m"
				id=$(sqlite3 $SQLITEDB 'SELECT id FROM hashes WHERE filename="'$i'";')
				echo "id=$id"
				DATA="$(cat "$i" | gzip -9 | base64 | tr -d '\n' | sed 's/\(.\{16384\}.\{16384\}\)/\1\n/g')"
				echo -e "\e[34;1mbinary data formated, adding to sqlite db...\e[0m"
				count=0
				for singlerow in $DATA; do
					sqlite3 $SQLITEDB 'insert into contents (id, subindex, data) VALUES ("'$id'", "'$count'", "'$singlerow'");'
					count=$(($count+1))
				done
				echo -e "\e[34;1m[+] $i HAS BEEN ADDED TO THE DATABASE\e[0m"
			elif [ "$filename_already_exists" = "1" ]; then
				#EXISTS
				MD5=$(md5sum "$i" | cut -d\  -f1)
				SHA1=$(sha1sum "$i" | cut -d\  -f1)
				SHA256=$(sha256sum "$i" | cut -d\  -f1)
				verify="$(sqlite3 $SQLITEDB "SELECT count(filename) FROM hashes WHERE filename = '$i' AND md5 = '$MD5' AND sha1 = '$SHA1' AND sha256 = '$SHA256';")"
				if [ "$verify" = "1" ]; then
					echo -e "\e[32;1m$i HAS NOT CHANGED\e[0m"
				elif [ "$verify" = "0" ]; then
					echo -e "\e[31;1m$i HAS CHANGED\e[0m"
				else
					echo "ERROR PROCESSING $i" 1>&2
					exit 1
				fi
			else
				echo "Error: database did not query correctly" 1>&2
				exit 1
			fi
		fi
	done
else
	sqlite3 $SQLITEDB "$1"
fi

cat $SCRIPTFILE > $0
cat $SQLITEDB | base64 >> $0

exit 0;
###########################################################
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...