dd command

ZeeshanMalik · 05-17-2018, 08:35 PM

I would like to hide a 5 byte password for TrueCrypt in the final 5 bytes of MFT record of the MFTMirror record.
And what is the dd command to read the first 30 MFT entries?

Please help and I have installed the kali Linux on Virtual Box.

pan64 · 05-18-2018, 02:33 AM

I'm sorry, but do not really understand what do you mean by "hide a 5 byte password for TrueCrypt in the final 5 bytes of MFT record of the MFTMirror record".
here: https://linoxide.com/linux-command/l...eate-1gb-file/ you may find dd related help or here: https://www.linuxquestions.org/quest...ommand-362506/
Why do you use kali? https://www.linuxquestions.org/quest...ad-4175614092/

michaelk · 05-18-2018, 07:38 AM

I assume MFT is the NTFS Master File Table. A virtualbox guest would only have access to NTFS metadata on a USB drive. If you know ntfs internals then the dd link provided should help you dump the table.

rtmistler · 05-18-2018, 07:59 AM

Quote:

Originally Posted by ZeeshanMalik

I would like to hide a 5 byte password for TrueCrypt in the final 5 bytes of MFT record of the MFTMirror record.
And what is the dd command to read the first 30 MFT entries?

Please help and I have installed the kali Linux on Virtual Box.

Far more information is needed such as what you have tried to resolve this. Why you are using Kali and also do not understand the dd command, and a better explanation of what you are trying to accomplish. If you cannot explain better, than LQ members cannot even begin to try to help you.

qrange · 05-19-2018, 01:25 AM

to use dd in such way, you need to know the sector numbers, 'physical' location of that mftmirror.
with that, use 'bs=1' and 'count=5'

AwesomeMachine · 05-19-2018, 02:29 PM

You would first need to know the offsets of the MFT. It isn't in any standard place. But I would hide the password in the surplus sectors at the end of the drive. There's always a few thousand sectors at the end of the drive, which didn't quite fit within partition geometry. The system never writes there, because it isn't part of a file system.

Most utilities can't even access surplus sectors, so it's a pretty safe place. But don't use the last sector, because MS uses that as it's disk pi**ing post.

qrange · 05-20-2018, 02:01 AM

yeah, but somebody looking for the password would probably try to find it at the end of drive.
I'd just hide it in some config file.

AwesomeMachine · 05-20-2018, 07:41 PM

You actually write it directly to the drive platters, not as part of any file or file system. I don't think anyone is going to look there. But, do it how you want.

qrange · 05-21-2018, 01:15 AM

a bit offtopic..
I don't see a point in using such short password (even if its binary) other than, perhaps, lack of space at that end of disk.
iirc, there was some research and conclusion was that its better to use long passwords with dictionary words than short random ones, or something like that.

edit:
pity hdd manufacturers don't offer rnd filled (instead of zero filled) brand new drives.
yes, they would be harder to make (writing test?), and one would need to trust them, but hey, you gotta trust someone.

hydrurga · 05-21-2018, 03:47 AM

Quote:

Originally Posted by qrange

a bit offtopic..
I don't see a point in using such short password (even if its binary) other than, perhaps, lack of space at that end of disk.
iirc, there was some research and conclusion was that its better to use long passwords with dictionary words than short random ones, or something like that.

Agreed. I suspect that, in effect, the opening post was a homework question and the "5 bytes" was just a way of the teacher delimiting the question.