Introduction to hackers: Several methods of computer hard disk encryption
Source: Internet
Author: User
Keywordsfunction you can
First, modify the hard disk partition table information hard disk partition table information is critical to the hard drive, if no valid partition table can be found, you will not be able to boot from the hard disk or even boot from the floppy disk can not find the hard drive. Typically, the No. 0 section of the first partitioned table entry is 80H, which means that the C disk is an active DOS partition, and the hard drive can be used on its own. If you change the byte to 00H, you cannot boot from the hard disk, but the hard drive can still be accessed after booting from the floppy disk. The 4th byte of the partition table is the partition type flag, where the first partition is usually 06H, which means that the C disk is an active DOS partition, and if the first partition is modified here, the hard drive can play a certain encryption role. The specific performance in: 1. If the byte is changed to 0, it means that the partition is not used, and of course no longer starts from C disk. Starting from the floppy disk, the original C disk is missing, you see the C disk is the original D disk, D disk is the original e disk, and so on. 2. If you change the byte here to 05H, not only can not boot from the hard disk, even if you boot from a floppy disk, every logical disk is inaccessible, which is equal to the entire hard drive is encrypted. In addition, a valid flag for the hard drive master boot record is the last two bytes of the sector 55AAH. If you change these two bytes to 0, you can also lock the entire hard drive and not be accessed. Hard disk partition table in the physical 0 cylinder 0 Head 1 sector, you can use the Norton for Win95 Diskedit directly up the sector and modify and save. Or in debug, use the 02H sub function of int 13H to read 0 cylinder 0 Head 1 sector to memory, modify it in the corresponding position, then write 0 cylinder 0 Head 1 sector with the 03H function of int 13H. The above encryption processing, for the general user is enough. But for experienced users, even if the hard disk is inaccessible, you can use the 02H sub function of int 13H to read out the 0 cylinder 0 Head 1 sectors, modify the corresponding position data according to experience, and can unlock the hard disk, because the data of these locations are usually fixed or limited in several cases. Another kind of insurance but the awkward way is to back up the hard disk partition table entries, and then all of them into 0, so that other people do not know the partition information, you can not unlock the hard drive and access to the hard disk. Second, the hard drive to start plus password we know that in the CMOS can set the system password, so that illegal users cannot start the computer, of course, can not use the hard disk. This does not actually lock the hard drive, because the data and software on your hard disk can still be used as long as you hang the hard disk on another computer. To start the hard drive with a password, you can first store the hard disk 0 cylinder 0 Head 1 sectors of the master boot record and the partition information are stored in the hard disk does not use the hidden sector, such as 0 cylinder 0 Head 3 sector. Then use debug to rewrite a program that is no more than 512 bytes (actually more than 100 bytes) loaded into the hard disk 0 cylinder 0 Head 1 sector. The function of the program is to execute it first need to enter the password, if the password is wrong to enter the dead loop;The correct password reads the hidden sector (0 cylinder 0 Head 3 sector) that holds the master boot record and the partition information on the hard disk, and goes to perform the master boot record. Since the hard disk starts with the BIOS call bootstrap int 19H, the master boot record of the 0 cylinder 0 Head 1 sector of the primary hard drive is read into the memory 0000:7c00h, and we have bait the 0 cylinder 0 Head 1 sector into our own design program. When you start from the hard drive, the first thing you do is not the main bootstrapper, but the program that we designed. When executing the program we designed, the password cannot be started if it is not correct. Even if you boot from a floppy disk, the hard drive cannot be accessed because 0 cylinder 0 Heads 1 sectors no longer have partition information. Of course, we can design the program like a virus, some of which reside in high-end memory, monitor the use of int 13H, prevent 0 cylinder 0 Head 1 sector is rewritten. Third, the hard disk to achieve user Encryption management Unix operating system can achieve multi-user management, in the DOS system, the hard disk Management system to improve, but also to achieve similar functions of multi-user management. The management system can meet some of the requirements: 1. Divide the hard disk into common partitions C and several private partition D. Where "Super user" to manage Area C, a read-write and update system can be performed on Area C, and "special users" (such as internal personnel in the room) use their own partitions to protect their files and data by password, and "General users" (such as ordinary people on the computer room) use any zoned public partition. The latter two kinds of users can not write to C disk, so if the operating system and a large number of applications installed in the C disk, you can prevent other people in the public computer room intentionally or unintentionally damage to the system and software, to ensure the security and stability of the system. 2. When the system starts, need to use floppy disk key disk to start the system, otherwise the hard drive is locked, cannot be used. The realization of this method can be realized by using the partition list structure of each logical disk in the partition table of hard disk. Write protection for a logical disk we know that there is a write protection gap on the floppy disk, before the floppy disk write operation, the BIOS to check the floppy disk state, if the write protection gap is blocked, you can not write operations. and write protection function for hard disk, the hardware can not be done, but through the software to achieve. Under the DOS system, disk write operations include several cases: ① in the Command.com supported by the write operations, such as MD, RD, copy, etc. ② in DOS function call some of the child functions such as 10H, 13H, 3EH, 5BH can write to the hard disk; ③ through int 26H writes the logical sector to an absolute sector, ④ writes the disk through the Sub function number 03H, 05H, etc. of int 13H. But each kind of write operation finally must call the int 13H the child function to realize. Therefore, if you block int 13H, you can implement a ban on hard diskWrite operations on a specific logical disk. Because the write operation of the file on disk is written through the 03H sub function of int 13H, when this child feature is invoked, the register CL represents the starting Sector area code (which actually uses only a low 6 digits), CH represents the track number, and the hard disk is the cylinder number, which is represented by 10 digits, and the top two bits are placed at the top two digits of CL. When you partition a hard disk, you can split the hard drive into multiple logical drives, and each logical drive starts with a complete cylinder. such as the author's hard disk is 2.5GB, divided into C, D, E, F, G five disk. The starting cylinder number of the C disk is the initial cylinder number of the 00h,d disk and the starting cylinder number of the 66h,e disk is the initial cylinder number of the e5h,f disk, and the initial cylinder number of the 164h,g disk is 26BH. If the int 13H is intercepted, when ah=03h, and the cylinder number represented by CL two bits and CH is greater than e4h and less than 164H, then return without doing anything, so that you can prohibit writing to E disk. Responsible Editor Zhao Zhaoyi#51cto.com TEL: (010) 68476636-8001 to force (0 Votes) Tempted (0 Votes) nonsense (0 Votes) Professional (0 Votes) The title party (0 Votes) passing (0 Votes) The original text: Hacker introduction: Computer hard disk encryption of several methods back to network security home
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.