Wednesday 14 January 2015

'True partition' hiding/unhiding in grub4dos

The built-in grub4dos command 'hide' will set bit 4 of the partition type in the partition table of the Master Boot Record (MBR) or the Extended MBRs used for logical partition table entries - e.g.

FAT32 Type 0C hex - now run grub4dos hide command:
hide (hd0,1) 
Partition type is now 1C hex  (hidden FAT32)

However, in some cases the partition and the files inside it will still be accessible to Windows (for instance, if the volume was previously assigned a drive letter by Windows). This is because the partition is still present and still valid. Windows will still mount and display FAT16 and FAT32 partitions even if the Partition type number is of the Hidden type (e.g. 16, 1B or 1C).
Linux may also be able to access the partition and the files within it, if hidden in this way.

We can however hide the files and the partition from any operating system, by also making the PBR invalid (it will appear to the OS to be unformatted or of a 'foreign' format). In this way the file contents cannot be seen by any OS and the volume will not be mounted by Windows or given a drive letter. Grub4dos however, can still access the files within all the hidden partitions.



Note: The older version did not hide a FAT32 or FAT16 partition from Windows.

See here for the new Mk2 version!

For NTFS and exFAT partitions, we just need to change the ID bytes at offset 3 in the BPB and convert to lowercase one or more letters - e.g. NTFS+>NTFs or EXFAT=> EXfat.
For FAT32 partitions, we can change the version bytes from 0.0 (two bytes at 2ah and 2bh) to AAh AAh.
For FAT16 partitions, we can change the number of root entries (two bytes at 11 and 12) to AAh AAh - Windows will not recognise it if these bytes are not 00h 02h (200h=512 bytes), but grub4dos will.

A modernish (2014+) version of grub4dos is required for the menu entries, as it uses the newish &; ;; operators, calc and iftitle!

Due to the use of iftitle, it is necessary to reload the menu after the partition has been altered so that the other menu entry will no longer be listed in the menu. e.g. if you actually run a 'True Hide' menu entry, when the menu is reloaded the 'True Unhide' menu entry will be present, instead of the 'True Hide' menu entry.

I have added a True_Hide_Unhide.mnu sample menu file to E2B and also the two grub4dos batch files true_hide.g4b and true_unhide.g4b to the E2B v1.61BetaA which will be available in a day or two.

2 comments:

  1. But efi boot is failed by this process.

    how to access it with efi booting?

    ReplyDelete