Friday 15 April 2016

Run android x86 with persistence from E2B


android-x86-4.4-r5.iso can be added to your E2B USB drive, but to get it booting with persistence, we need to create a .imgPTN file as follows:

'How to add an animated GIF' YouTube video now available

I have added a 10 minute YouTube video on how to add an animated GIF to the Easy2Boot menu.


See http://www.easy2boot.com/configuring-e2b/animation/ for more info.

Let me know if you like these videos by ticking one of the Reactions boxes.
Feel free to suggest a subject for the next one!

Thursday 14 April 2016

Check the CRC of a payload file before running it in Easy2Boot

Nicolas asked me today about checking an ISO (for corruption?) before running it.

In E2B, you can hit SHIFT+CTRL+ENTER to ask E2B to calculate and display the CRC32 value of a payload file that is listed in the menu, but it is up to you to check that it is correct.

If you want to ensure that an ISO or other payload file is not corrupt (or infected?) before you allow E2B to run it, you can use this .mnu file for each payload file:


\_ISO\MAINMENU\RunMemTestCheck.mnu
==================================

# Check the CRC32 value of a payload file and run it if it is correct

iftitle [if exist /_ISO/UTILITIES_MEMTEST/MEMTEST.IMG.gz] Check and run a payload \n Get CRC32 value and run if correct
set ISO=/_ISO/UTILITIES_MEMTEST/MEMTEST.IMG.gz
# expected CRC32 must start with 0x
set EXP_CRC=0x1340BECC

echo Calculating CRC32 of %ISO% - please wait...
crc32 %ISO% > nul
set /A CRC=%@retval% & 0xFFFFFFFF > nul
pause --wait=3 %ISO% - EXPECTED CRC32=%EXP_CRC%, ACTUAL CRC32=%CRC%
if not %EXP_CRC%==%CRC% pause ERROR: CRC is not correct (%CRC% vs %EXP_CRC%)
if not %EXP_CRC%==%CRC% configfile (md)0x3000+0x50
/%grub%/QRUN.g4b %ISO%
boot

Just change the first few lines as required. If the payload file is large, it may take a while to calculate the CRC value. I will add this to the Sample mnu Files folder of the next E2B version (CheckCRC32_and_Run.mnu).

Wednesday 13 April 2016

Over 1 million blog views!

I just noticed the total views counter for this blog has just passed 1 million!


Thanks for reading all my ramblings over the last few years!
Steve

Tuesday 12 April 2016

Alternate German menu format

The German language files (supplied by Frettt) in E2B have been formatted so that the [hotkey] labels are right-aligned in the menus...

A few people have requested a left-aligned German menu, so Frettt has now provided an alternate STRINGS.txt file which left-aligns the hotkeys.

Petya disk encryption fix

I see on BleepingComputer.com that there is a way to decrypt a hard disk that has been encrypted with the Petya malware (actually, I think only the $MFT is encrypted by this MBR virus). Although Bleeping Computer say to remove the hard disk from the system, I don't see why we cannot just boot the infected system to WinPE from a USB drive (just be careful it does not boot from the internal hard disk!).

I copied the PetyaExtractor.exe program to my E2B USB drive and booted to a Windows 10 32-bit Install ISO. I then ran the PetyaExtractor.exe program which appeared to run OK (but I cannot be sure as I did not have an infected system). It is a 32-bit program, so you need to boot to 32-bit WinPE (or a 64-bit WinPE that has WoW64 support - e.g. ChrisR's WinPESE10).


The idea is that we could then save the sector 55 and 'Nonce' data from sector 54 to the E2B drive using NotePad, and then copy and paste it into the Petya Decrypting site page to get the decryption key.

It also would be trivial to write a grub4dos (E2B) script to save the required data (or even just use dd) and then encode it to base64 by uploading it to a website such as this one. However, it is probably just as easy to just boot to WinPE and use the PetyaExtractor tool.

Why not add the tool and a .txt file with the web links to your 'Swiss-army E2B drive' so that you will have the tool handy if you need to fix someone's system?

Sunday 10 April 2016

30 things I bet you didn't know about Easy2Boot (or were too afraid to ask)!


  1. E2B can directly boot from Vista/7/8/10 WindowsToGo .VHD files - just copy them over (requires a copy of Win8.1 bootmgr to be added to the E2B drive - no BCD file is required!).

Thursday 7 April 2016

FASTLOAD bug in E2B v1.79

If you use Windows Install ISOs with E2B v1.79 and have FASTLOAD enabled, you may find that the Windows Install menu options are not present in the Main menu. This is caused by a missing line in the \_ISO\e2b\grub\menu.lst file (it somehow got accidentally removed!).

Please try E2B v1.80h or later if this problem affects you.

I don't use FASTLOAD much because I prefer to use fast USB 3.0 drives (well, that's my excuse, and I'm sticking to it!).   ;-)

Tuesday 5 April 2016

Find that file!

If you boot to WinPE or WindowsToGo from E2B to try to fix a Windows system, it is really very useful to keep a copy of SwiftSearch.exe on the E2B USB drive.

SwiftSearch.exe is a standalone 32-bit Windows executable which will very quickly find any file (you can use wildcards in any combination) on any NTFS volume in the whole system (including NTFS USB drives). And when I say 'quick', I mean really quick, like a few seconds for a full 2TB drive, because it directly accesses the $MFT of the NTFS drive! It only works on NTFS volumes however and will not search FAT or exFAT volumes.

5 volumes (approx. 2TB) searched in 0.41 seconds (including my NTFS USB drives)!

Using E2B with the Netac U618 Encrypted USB 2.0 Flash drive

The Netac U618 is similar to the iStorage datAshur USB flash drives in that it has a PIN keypad and stores it's data in an encrypted form.

I believe the 16GB version is split as 4GB Public + 10GB Secure, however, I tested the 32GB version. You can obtain them from Amazon or eBay (approx $30 or £23 for the 32GB version).