UBCD4Win Forums: bdmeyer - Viewing Profile

Jump to content

bdmeyer's Profile User Rating: -----

Reputation: 0 Neutral
Active Posts:
53 (0.15 per day)
Most Active In:
General Questions (28 posts)
25-February 09
Profile Views:
Last Active:
User is offlineJan 19 2010 10:46 AM

Latest Visitors

Icon   bdmeyer has not set their status

Topics I've Started

  1. The 'windows Side' Of Helix

    Posted 11 Oct 2009

    While working on the multiboot side of UBCD4WIN and Helix, I got to thinking baout how I actually use Helix.

    Helix has two ways of being used. One is, booting the machine into helix and using the tools available from the Helix CD. But just as UBCD4WIN has some tools only available when loading nu2menu.exe from a running host OS, so Does helix have many tools that are only available and useful when loaded from the Host OS being investigated such as the contents of the index.dat file, cookies, firefox or IE browsing history, chat logs, and capturing memory using something like Nigilant.

    Since this isn't part of the Multiboot, I figured I would put this post here.

    I think that it would be of great use to have access to many of the tools from Helix in the I guess what you would call the 'application' side of UBCD4WIN.

    Just my two cents worth.

    --Bruce D. Meyer
  2. Nirlauncher Beta

    Posted 11 Oct 2009

    If you familiar with any of Nir Sofer's tools (NirSoft) he has created a gui launcher for all of his utils. You can also add other tools to the launcher such as Syninternal.
    http://blog.nirsoft.... le-to-download/
    Does anyone know of a way to integrate something like this into a build of UBCD4WIN ?

    I have sysinternals added to the launcher, and would like to place a shortcut to the launcher on the desktop.

    http://blog.nirsoft.... r_launcher1.png

    Also, another item I have added is the link to:

    live.sysinternals.com to the list of defaults url's in the favorites so when that link is already there.

    --Bruce D. Meyer
  3. Addition For Multi-Boot

    Posted 1 Oct 2009

    I'd love to get those on my UBCD4WIN. If I can figure it out myself, I'll post results.
    I pretty much use TRK, UBCD4WIN, Helix and Clonezilla. Love to have it all on one DVD.

  4. Adding Pgp To Ubcd4Win

    Posted 26 Aug 2009

    UBCD4WIN is the best end user tool I have found yet, for scanning infected machines from a LiveCD environment.
    Previously we had used the Trinity Rescue Kit, (TRK) but found that giving it out to end users, more often than not resulted in them giving up, as Linux, was too alien to them. Since I started giving our customized version of UBCD4WIN out to infected folks, it has met a warm response by the end users. I provide a three page document explaining how to use it in the LiveCD mode, and subsequently from the mode where the host OS is booted first.

    The only problem I ran into to with UBCD4WIN was how to virus scan a computer encrypted with PGP. I took Yeik's fine work, and rewrote it for the person who is an utter newb to UBCD4WIN, that needs to get UBCD4WIN up and running asap with PGP. Hopefully, I have achieved this goal. I ran this by Yeik first, who gave me permission to post this rewrite. Any errors in these docs, are my own. Please contact me directly, and I will update any errors that you report to me.

    Without further pre-amble, here is the document.

    --Bruce D. Meyer

    How to scan for malware on an encrypted hard drive with UBCD4WIN

    I have rewritten this fine work by Yeik, so that the struggling n00b to UBCD4WIN who is trying to just get this working, doesn’t have to spend a week on it learning the subtleties of UBCD4WIN, just to viruscan a PGP Encrypted drive without decryopting it first.
    Please contact me for any mistakes that you uncover.

    You will need the PGPPE tools from PGP’s website.
    This URL contains links for downloading the correct version of the PGPpe tools for your version of PGP.
    https://pgp.custhelp... /c/%20/r_id/166

    The PGPpe Tools include PGPPE and PGPstart.
    Next you will have to have a computer that has PGP Whole Disk Encryption (WDE) already installed on it.
    This WDE machine is where you will go to pull the remainder of the PGP drivers and files you will need.

    Create a temporary ‘holding’ directory and place the following files in that directory as you gather them together:

    C:\Program Files\PGP Corporation\PGP Desktop\pgpbootb.bin
    C:\Program Files\PGP Corporation\PGP Desktop\pgpbootg.bin
    C:\Program Files\PGP Corporation\PGP Desktop\PGPwde.exe
    C:\Program Files\PGP Corporation\PGP Desktop\Stage1
    %SYSTEMROOT%\system32\ PGPsdk.dll
    %SYSTEMROOT%\system32\ pgpsdknl.dll
    %SYSTEMROOT%\system32\ PGPwd.dll
    %SYSTEMROOT%\system32\ drivers\PGPwded.sys

    Once you have all 8 files listed above copy them out of the temporary holding directory into:
    F:\UBCD4Win\plugin\ AutoBuild\Files\
    (Your drive letter may not be ‘F’, just substitute with your own drive letter in these docs)

    Here are the plugin files:

    PGP plugin to create a menu item for easy access to pgp, it isn't needed but is better than trying to remember the commands to authenticate to the hard drive.

    Create a file in the following location named pgp.inf
    F:\UBCD4WIN\plugin\ Add-Ons\PGP
    Paste this code into it:

    ; PGP.inf
    ; PE Builder v3 plug-in INF file for PGP
    ; Created by Jeff Ketchum

    Signature= "$Windows NT$"

    Name="Commercial Software (requires license): PGP"

    a="Programs\pgp" ,2

    files\pgpauth.cmd=a,, 3

    nu2menu.xml, pgp_nu2menu.xml

    Now create a file named ‘pgp_nu2menu.xml’ in the same directory:
    ( F:\UBCD4Win\plugin\ Add-Ons\PGP\ )

    Then drop the code below into that file.

    <!-- Nu2Menu entry for PGP auth util -->
    <MENU ID="Programs">
    <MITEM TYPE="POPUP" MENUID="Disk Tools">Disk Tools</MITEM>
    <MENU ID="Disk Tools">

    <MENU ID="PGP">
    <MITEM TYPE="ITEM" DISABLED="@Not(@FileExists(@GetProgramDrive()\ Programs\pgp\pgpauth. cmd))" CMD="RUN" FUNC="@GetProgramDrive()\ Programs\pgp\pgpauth. cmd">PGP Auth</MITEM>

    Now create a file named pgpauth.cmd in this directory:
    F:\UBCD4win\plugin\ Add-Ons\PGP\files\

    and drop the following code into it:
    Pgpwde --enum
    @echo off
    echo "Enter PGP encrypted number from above (ex 0):"
    set /p PGPHD=
    PGPwde --disk %PGPHD% --status
    @echo off
    echo "Continue if status shows encrypted"
    echo "Enter PGPPassphrase:"
    set /p PGPpass=
    @echo on
    PGPwde --disk %PGPHD% --auth -p %PGPpass%
    @echo off

    Next, create a file named pgpwdrtauth.cmd in the same directory
    and place this code in the file:
    Pgpwde --enum
    @echo off
    echo "Enter PGP encrypted number from above (ex 0):"
    set /p PGPHD=
    PGPwde --disk %PGPHD% --status
    @echo off
    echo "Continue if status shows encrypted"
    echo "Enter Whole Disk Recovery Token:"
    set /p PGPpass=
    @echo on
    pgpwde --disk %PGPHD% --auth --passphrase %PGPpass%
    @echo off

    Now create a third file in the same directory named pgpdecrypt.cmd
    and place this code in it:

    Pgpwde --enum
    @echo off
    echo "Enter PGP encrypted number from above (ex 0):"
    set /p PGPHD=
    PGPwde --disk %PGPHD% --status
    @echo off
    echo "Continue if 'status' shows encrypted"
    echo "Enter PGPPassphrase:"
    set /p PGPpass=
    @echo on
    PGPwde --disk %PGPHD% --decrypt -p %PGPpass%
    @echo off

    Next, create a file named autobuild_89_PGPE.inf in your autobuild directory:
    F:\UBCD4win\plugin\ AutoBuild\

    ; PGPPE plug-in INF file
    ; created by Jeff Ketchum

    Signature= "$Windows NT$"

    Name="[Autobuild]89: Install PGP to UBCD4WIN"



    files\auto89_pgppe.cmd=a, ,1

    Now create a filenamed auto89_pgppe.cmd in your autobuild\files directory:
    F:\UBCD4win\plugin\ AutoBuild\files

    :: ===============================================================
    :: ===============================================================
    :: STEP 89 : PGPPE
    :: ===============================================================
    :: ===============================================================
    if not %ERROR_LEVEL%==0 goto EXIT

    echo Running PGPPE

    %peutilspath%\PGPPE /winpe %outdir% %peutilspath%
    ren %outdir%\i386\system32\ drivers\pgpwded.sys PGPWDED.SYS

    echo NOTE: %PEUtilsPath%\PGPPE.exe was not found. 2>&1 | mtee /+ %PEBuilderDir%\autobuild. log
    echo You need to download and add these files to the PGP Plugin. 2>&1 | mtee /+ %PEBuilderDir%\autobuild. log



    Bring up UBCD4WIN and click on Plugins.
    Scroll a little less than halfway down, and you should see a YES in the ‘Enabled’ column to the left of ‘Commercial Software (requires license): PGP and under the ‘File’ column it should say Add-Ons\PGP\pgp. inf’
    If that all looks correct, click close, and then build.
    If it isn’t enabled, just highlight the PGP line, and click on ‘the Enabled bhutton.
    Now do a Build for UBCD4WIN.

    That should be it. to use it you run the PGP auth utility, it asks you which drive (generally drive 0, but in case of multiple drives it is a prompt)
    after that it checks the status, then it goes on to get your PGP password and authenticates.
    Let me know if anybody has any updates, better way to do things, or problems (successes are always nice to hear as well)

    Make sure you enable the autobuild plugin and the PGP plugin.

    I am posting a second, unrelated bit, which brings together many changes I made to get UBCD4WIN a bit more ‘user friendly’ for the support staff who may have to use your work. Since it doesn’t actually apply to PGP, I am not including it here.
  5. Is their a way to 'just test menu's' ?

    Posted 2 Jun 2009

    I would like to test my nu2menu xml files to see if my syntax etc is correct. Is their a way I can compile or 'run' them without building the iso?


My Information

Member Title:
50 years old
July 15, 1959
Columbia, SC, USA
Malware Forensics.

Contact Information



bdmeyer hasn't added any friends yet.


bdmeyer has no profile comments yet. Why not say hello?