Tiny Core Linux

General TC => General TC Talk => Topic started by: PDP-8 on August 16, 2019, 04:06:09 AM

Title: Tinycore protect bootcode
Post by: PDP-8 on August 16, 2019, 04:06:09 AM
I understand that "protect" uses the blowfish algo from 1993.  That's fine, but ...

I'm just wondering if there is a way to make protect use the upgraded twofish algorithm?

Or maybe create something like "protect2" as a bootcode which does?
Title: Re: Tinycore protect bootcode
Post by: Rich on August 16, 2019, 06:46:31 AM
Hi PDP-8
I think you would need to modify  /etc/init.d/tc-restore.sh  for that which means making the change in  initrd.
Title: Re: Tinycore protect bootcode
Post by: Rich on August 16, 2019, 07:00:31 AM
Hi PDP-8
The restore happens near the end of  /etc/init.d/tc-config:
Code: [Select]
tc@E310:~/rotdash$ tail -n 30 /etc/init.d/tc-config
        echo "mydata" > /etc/sysconfig/mydata
fi   
if [ -n "$NORESTORE" ]; then
        echo "${GREEN}Skipping restore as requested from the command line.${NORMAL}"
else
        TCEDIR=`readlink /etc/sysconfig/tcedir`
        /etc/init.d/tc-restore.sh "$TCEDIR"
fi

# After restore items
if [ -n "$NODHCP" ]; then
        echo "${GREEN}Skipping DHCP broadcast/network detection as requested on boot commandline.${NORMAL}"
else
        [ -z "$DHCP_RAN" ] && /etc/init.d/dhcp.sh &
        [ -z "$NORTC" ] || /etc/init.d/settime.sh &
fi

[ -n "$CRON" ] && /etc/init.d/services/crond start

/sbin/loadcpufreq 2>/dev/null &

/opt/bootsync.sh

[ -n "$NOAUTOLOGIN" ] && echo "booting" > /etc/sysconfig/noautologin

if [ -n "$PAUSE" ]; then
        echo -n "${BLUE}Boot time configuration completed. Press <Enter> to continue.${NORMAL}"
        read junk
fi

tc@E310:~/rotdash$
So if none of those items interfere with your restore and you have a persistent  /opt  directory you could probably do it
in  /opt/bootsync.sh.  You can see in the beginning of  /etc/init.d/tc-config  how boot codes are decoded. Now you just need to
figure out where the backup gets encrypted.
Title: Re: Tinycore protect bootcode
Post by: mocore on August 16, 2019, 09:33:46 AM
Hi PDP-8
I think you would need to modify  /etc/init.d/tc-restore.sh  for that which means making the change in  initrd.


indeed ...
looking at the Core-scripts.git  with grep ect

Code: [Select]
git clone https://github.com/tinycorelinux/Core-scripts.git && cd Core-scripts/ && grep -nie "protect" -r ./*
#OR
wget -OCore-scripts-master.zip https://github.com/tinycorelinux/Core-scripts/archive/master.zip && zipgrep -nie "protect" ./Core-scripts-master.zip

it appears the "PROTECT" code is handled at tc-restore.sh line 32 .

Quote
./etc/init.d/tc-restore.sh:26:            protect) PROTECT=1 ;;
./etc/init.d/tc-restore.sh:32:if [ -n "$PROTECT" ]; then
./etc/init.d/tc-config:80:            protect) PROTECT=1 ;;
./etc/init.d/tc-config:588:if [ -n "$PROTECT" ]; then
./usr/bin/filetool.sh:237:        echo "Warning PROTECT boot code used and encrypted backup file not found!"

# ||

Core-scripts-master/etc/init.d/tc-config:80:            protect) PROTECT=1 ;;
Core-scripts-master/etc/init.d/tc-config:588:if [ -n "$PROTECT" ]; then
Core-scripts-master/etc/init.d/tc-restore.sh:26:            protect) PROTECT=1 ;;
Core-scripts-master/etc/init.d/tc-restore.sh:32:if [ -n "$PROTECT" ]; then
Core-scripts-master/usr/bin/filetool.sh:237:        echo "Warning PROTECT boot code used and encrypted backup file not found!"


Title: Re: Tinycore protect bootcode
Post by: PDP-8 on August 16, 2019, 01:21:25 PM
Ah, very interesting.

I'll have to keep my eye open to practicality - like in say 10 years time having the instructions on how to create the custom TC inside the twofish protected backup and forgetting how to do it. :)