130 - 'True Hide' partitions using grub4dos

Add a Comment about this article

Introduction

The grub4dos code shown below allows you to make partitions invisible to Windows (and linux probably too?).

The normal built-in grub4dos command 'hide' will set bit 4 of the partition type in the partition table of the Master Boot Record (MBR) or the Extended MBRs used for logical partition table entries - e.g.
for a FAT32 Type 0C hex partition:
hide (hd0,1)
Partition type is now 1C hex (hidden FAT32)

However, in many cases the partition and the files inside it will still be accessible to Windows (for instance, if the volume was previously assigned a drive letter by Windows). This is because the partition is still present and still valid. Linux may also be able to access the partition and the files within it, if hidden in this way.

We can however hide the files in the partition from any operating system, by also making the PBR invalid (it would appear to the OS to be unformatted). In this way the file contents cannot be seen by any OS but still works fine with grub4dos which can access all files as normal.

The following grub4dos batch file is for a True Hide, it changes the PBR data to make the format 'semi-invalid' and thus invisible to Windows.

Note: this is the new revised version which hides FAT16/FAT32 and NTFS/exFAT partitions from Windows but leaves them still accessible to grub4dos. The lines in green can be omitted if you don't want the information displayed.

TRUE_HIDE.g4b

!BAT
set PTN=%1
if not "%PTN:~0,1%"=="(" echo -e \n %0 %1 - BAD ARGUMENT! && pause --wait=3 && goto :eof
# get partition type
set PT=
set PTYPE=
set P1=
parttype %PTN%
set /A [email protected]%
set /A PT=%P1%&0xef
if "%PT%"=="0xF" pause --wait=3 Extended partition entry! && exit
if "%PT%"=="" pause BAD Partition Type! && exit
if /i %PT%==0x0b set PTYPE=FAT32
if /i %PT%==0x0c set PTYPE=FAT32
if /i %PT%<=0x06 && if /i %PT%>=4 set PTYPE=FAT16
if /i %PT%==0x0e set PTYPE=FAT16
if /i %PT%==0x01 set PTYPE=FAT12
if /i %PT%==0x07 set PTYPE=NTFS_EXFAT_HFS

cat --hex --length=0x40 %PTN%+1
echo %PTYPE% %P1%

#if fat16 then make FS invalid - 11&12hex are number of root entries which should always be 512 (0200 hex) for FAT16
#if FAT32 then make FS version invalid - 2a&2bhex are vesion bytes (type 0.0) - change to aaaahex so Windows won't recognise it
#if NTFS or exFAT then just changing the ID name will suffice

if "%PTYPE%"=="FAT16" cat --locate=\x00\x02 --skip=0x11 --length=2 --replace=\xaa\xaa %PTN%+1 && echo patched bytes 0x11 and 0x12. && goto :h1
if "%PTYPE%"=="FAT32" cat --locate=\x00\x00 --skip=0x2a --length=2 --replace=\xaa\xaa %PTN%+1 && echo patched bytes 0x2a and 0x2b so not recognised by Windows. && goto :h1
if "%PTYPE%"=="" pause Partition type %P1% not recognised! && goto :h1

#hide NTFS and exFAT + others
cat --locate=S --replace=s --skip=3 --length=8 %PTN%+1 > nul
cat --locate=IBM --replace=ibm --skip=3 --length=8 %PTN%+1 > nul
cat --locate=FAT --replace=fat --skip=3 --length=8 %PTN%+1 > nul

:h1
# set partition type in MBR to hidden
debug 1
hide %PTN%

set PT=
set PTYPE=
set P1=
cat --hex --length=0x40 %PTN%+1
set PTN=

We can use a similar batch file to 'true unhide' the partition too...

TRUE_UNHIDE.g4b

!BAT
set PTN=%1
if not "%PTN:~0,1%"=="(" echo -e \n %0 %1 - BAD ARGUMENT! && pause --wait=3 && goto :eof
set PT=
set PTYPE=
set P1=
# get partition type
parttype %PTN%
set /A [email protected]%
set /A PT=%P1%&0xef
if "%PT%"=="0xF" pause --wait=3 Extended partition entry! && exit
if "%PT%"=="" pause BAD Partition Type! && exit
if /i %PT%==0x0b set PTYPE=FAT32
if /i %PT%==0x0c set PTYPE=FAT32
if /i %PT%<=0x06 && if /i %PT%>=4 set PTYPE=FAT16
if /i %PT%==0x0e set PTYPE=FAT16
if /i %PT%==0x01 set PTYPE=FAT12
if /i %PT%==0x07 set PTYPE=NTFS_EXFAT_HFS

cat --hex --length=0x40 %PTN%+1
echo %PTYPE% %P1%

#if fat16 then make FS invalid - 11&12hex are number of root entries which should always be 512 (0200 hex) for FAT16
#if FAT32 then make FS version invalid - 2a&2bhex are version bytes (type 0.0) - change so Windows recognises it
#if NTFS of exFAT then just changing the ID name will suffice

if "%PTYPE%"=="FAT16" cat --locate=\xaa\xaa --skip=0x11 --length=2 --replace=\x00\x02 %PTN%+1 && echo restored bytes 0x11 and 0x12 && goto :h1
if "%PTYPE%"=="FAT32" cat --locate=\xaa\xaa --skip=0x2a --length=2 --replace=\x00\x00 %PTN%+1 && echo restores bytes 0x2a and 0x2b && goto :h1
if "%PTYPE%"=="" pause Partition type %P1% not recognised! && goto :h1

#unhide NTFS and exFAT + others
cat --locate=s --replace=S --skip=3 --length=8 %PTN%+1 > nul
cat --locate=ibm --replace=IBM --skip=3 --length=8 %PTN%+1 > nul
cat --locate=fat --replace=FAT --skip=3 --length=8 %PTN%+1 > nul

:h1
# show status after unhide command
debug 1
unhide %PTN%
set PT=
set PTYPE=
set P1=
cat --hex --length=0x40 %PTN%+1
set PTN=

We can use these batch files in a grub4dos menu:

True_Hide_Unhide.mnu

These menus assume you have set the grub variable to your path where the .g4b files are located - e.g. set grub=grub/utils

iftitle [parttype (hd0,1) &; set /A [email protected]% &; if not %p%==0x0F && calc %p%&0x10^0x10] TRUE HIDE HD0,1\n Hide 2nd partition on first hard disk
call /%grub%/true_hide.g4b (hd0,1)
pause
# Reload main menu
configfile /menu.lst

iftitle [parttype (hd0,1) &; set /A [email protected]% &; if not %p%==0x0F && calc %p%&0x10] TRUE UNHIDE HD0,1\n Unhide 2nd partition on first hard disk
call /%grub%/true_unhide.g4b (hd0,1)
pause
# Reload main menu
configfile /menu.lst


Note that the menu entry will only be listed if the partition exists and is in the correct hidden/unhidden state, so only one of the above menu items will be displayed at any one time (or neither of them, if there is no partition present or it is the Extended Partition 0F entry).

Note: A modernish (2014+) version of grub4dos is required for this menu as it uses the newish &; operator, calc and iftitle!

For this menu which uses 'iftitle', It is necessary to reload the menu after the partition has been altered so that the 'wrong' menu entry will no longer be listed in the menu. e.g. if you actually run the 'True Hide' menu entry, when the menu is reloaded the 'True Unhide' menu entry will be present, instead of the 'True Hide' menu entry.

To suppress the display text that is output by the call, redirect the call to nul like this:
call /%grub%/true_hide.g4b (hd0,1) > nul

I have added a True_Hide_Unhide.mnu sample menu file to Easy2Boot and the two grub4dos batch files true_hide.g4b and true_unhide.g4b are now included in E2B too.

Add a Password

You could add a password prompt too so that the partition can only be unhidden if you know the correct password is fred, e.g.

iftitle [parttype (hd0,1) &; set /A [email protected]% &; if not %p%==0x0F && calc %p%&0x10] TRUE UNHIDE HD0,1\n Unhide 2nd partition on first hard disk
password fred || configfile /menu.lst
echo
call /%grub%/true_unhide.g4b (hd0,1)
pause
# Reload main menu
configfile /menu.lst




More Info