130 – ‘TRUE HIDE’ PARTITIONS USING GRUB4DOS

INTRODUCTION

The grub4dos code shown below allows you to make partitions invisible to Windows (and linux probably too?).

The normal built-in grub4dos command ‘hide’ will set bit 4 of the partition type in the partition table of the Master Boot Record (MBR) or the Extended MBRs used for logical partition table entries – e.g.

for a FAT32 Type 0C hex partition:

hide (hd0,1)

Partition type is now 1C hex (hidden FAT32)

However, in many cases the partition and the files inside it will still be accessible to Windows (for instance, if the volume was previously assigned a drive letter by Windows). This is because the partition is still present and still valid. Linux may also be able to access the partition and the files within it, if hidden in this way.

We can however hide the files in the partition from any operating system, by also making the PBR invalid (it would appear to the OS to be unformatted). In this way the file contents cannot be seen by any OS but still works fine with grub4dos which can access all files as normal.

The following grub4dos batch file is for a True Hide, it changes the PBR data to make the format ‘semi-invalid’ and thus invisible to Windows.

Note: this is the new revised version which hides FAT16/FAT32 and NTFS/exFAT partitions from Windows but leaves them still accessible to grub4dos. The lines in green can be omitted if you don’t want the information displayed.

TRUE_HIDE.g4b

  • !BAT
  • set PTN=%1
  • if not “%PTN:~0,1%”==”(” echo -e \n %0 %1 – BAD ARGUMENT! && pause –wait=3 && goto :eof
  • # get partition type
  • set PT=
  • set PTYPE=
  • set P1=
  • parttype %PTN%
  • set /A P1=%@retval%
  • set /A PT=%P1%&0xef
  • if “%PT%”==”0xF” pause –wait=3 Extended partition entry! && exit
  • if “%PT%”==”” pause BAD Partition Type! && exit
  • if /i %PT%==0x0b set PTYPE=FAT32
  • if /i %PT%==0x0c set PTYPE=FAT32
  • if /i %PT%<=0x06 && if /i %PT%>=4 set PTYPE=FAT16
  • if /i %PT%==0x0e set PTYPE=FAT16
  • if /i %PT%==0x01 set PTYPE=FAT12
  • if /i %PT%==0x07 set PTYPE=NTFS_EXFAT_HFS
  • cat –hex –length=0x40 %PTN%+1
  • echo %PTYPE% %P1%
  • #if fat16 then make FS invalid – 11&12hex are number of root entries which should always be 512 (0200 hex) for FAT16
  • #if FAT32 then make FS version invalid – 2a&2bhex are vesion bytes (type 0.0) – change to aaaahex so Windows won’t recognise it
  • #if NTFS or exFAT then just changing the ID name will suffice
  • if “%PTYPE%”==”FAT16” cat –locate=\x00\x02 –skip=0x11 –length=2 –replace=\xaa\xaa %PTN%+1 && echo patched bytes 0x11 and 0x12. && goto :h1
  • if “%PTYPE%”==”FAT32” cat –locate=\x00\x00 –skip=0x2a –length=2 –replace=\xaa\xaa %PTN%+1 && echo patched bytes 0x2a and 0x2b so not recognised by Windows. && goto :h1
  • if “%PTYPE%”==”” pause Partition type %P1% not recognised! && goto :h1
  • #hide NTFS and exFAT + others
  • cat –locate=S –replace=s –skip=3 –length=8 %PTN%+1 > nul
  • cat –locate=IBM –replace=ibm –skip=3 –length=8 %PTN%+1 > nul
  • cat –locate=FAT –replace=fat –skip=3 –length=8 %PTN%+1 > nul
  • :h1
  • # set partition type in MBR to hidden
  • debug 1
  • hide %PTN%
  • set PT=
  • set PTYPE=
  • set P1=
  • cat –hex –length=0x40 %PTN%+1
  • set PTN=

We can use a similar batch file to ‘true unhide’ the partition too…

TRUE_UNHIDE.g4b

  • !BAT
  • set PTN=%1
  • if not “%PTN:~0,1%”==”(” echo -e \n %0 %1 – BAD ARGUMENT! && pause –wait=3 && goto :eof
  • set PT=
  • set PTYPE=
  • set P1=
  • # get partition type
  • parttype %PTN%
  • set /A P1=%@retval%
  • set /A PT=%P1%&0xef
  • if “%PT%”==”0xF” pause –wait=3 Extended partition entry! && exit
  • if “%PT%”==”” pause BAD Partition Type! && exit
  • if /i %PT%==0x0b set PTYPE=FAT32
  • if /i %PT%==0x0c set PTYPE=FAT32
  • if /i %PT%<=0x06 && if /i %PT%>=4 set PTYPE=FAT16
  • if /i %PT%==0x0e set PTYPE=FAT16
  • if /i %PT%==0x01 set PTYPE=FAT12
  • if /i %PT%==0x07 set PTYPE=NTFS_EXFAT_HFS
  • cat –hex –length=0x40 %PTN%+1
  • echo %PTYPE% %P1%
  • #if fat16 then make FS invalid – 11&12hex are number of root entries which should always be 512 (0200 hex) for FAT16
  • #if FAT32 then make FS version invalid – 2a&2bhex are version bytes (type 0.0) – change so Windows recognises it
  • #if NTFS of exFAT then just changing the ID name will suffice
  • if “%PTYPE%”==”FAT16” cat –locate=\xaa\xaa –skip=0x11 –length=2 –replace=\x00\x02 %PTN%+1 && echo restored bytes 0x11 and 0x12 && goto :h1
  • if “%PTYPE%”==”FAT32” cat –locate=\xaa\xaa –skip=0x2a –length=2 –replace=\x00\x00 %PTN%+1 && echo restores bytes 0x2a and 0x2b && goto :h1
  • if “%PTYPE%”==”” pause Partition type %P1% not recognised! && goto :h1
  • #unhide NTFS and exFAT + others
  • cat –locate=s –replace=S –skip=3 –length=8 %PTN%+1 > nul
  • cat –locate=ibm –replace=IBM –skip=3 –length=8 %PTN%+1 > nul
  • cat –locate=fat –replace=FAT –skip=3 –length=8 %PTN%+1 > nul
  • :h1
  • # show status after unhide command
  • debug 1
  • unhide %PTN%
  • set PT=
  • set PTYPE=
  • set P1=
  • cat –hex –length=0x40 %PTN%+1
  • set PTN=

We can use these batch files in a grub4dos menu:

True_Hide_Unhide.mnu

These menus assume you have set the grub variable to your path where the .g4b files are located – e.g. set grub=grub/utils

  • iftitle [parttype (hd0,1) &; set /A p=%@retval% &; if not %p%==0x0F && calc %p%&0x10^0x10] TRUE HIDE HD0,1\n Hide 2nd partition on first hard disk
  • call /%grub%/true_hide.g4b (hd0,1)
  • pause
  • # Reload main menu
  • configfile /menu.lst
  • iftitle [parttype (hd0,1) &; set /A p=%@retval% &; if not %p%==0x0F && calc %p%&0x10] TRUE UNHIDE HD0,1\n Unhide 2nd partition on first hard disk
  • call /%grub%/true_unhide.g4b (hd0,1)
  • pause
  • # Reload main menu
  • configfile /menu.lst

Note that the menu entry will only be listed if the partition exists and is in the correct hidden/unhidden state, so only one of the above menu items will be displayed at any one time (or neither of them, if there is no partition present or it is the Extended Partition 0F entry).

Note: A modernish (2014+) version of grub4dos is required for this menu as it uses the newish &; operator, calc and iftitle!

For this menu which uses ‘iftitle’, It is necessary to reload the menu after the partition has been altered so that the ‘wrong’ menu entry will no longer be listed in the menu. e.g. if you actually run the ‘True Hide’ menu entry, when the menu is reloaded the ‘True Unhide’ menu entry will be present, instead of the ‘True Hide’ menu entry.

To suppress the display text that is output by the call, redirect the call to nul like this:

call /%grub%/true_hide.g4b (hd0,1) > nul

I have added a True_Hide_Unhide.mnu sample menu file to Easy2Boot and the two grub4dos batch files true_hide.g4b and true_unhide.g4b are now included in E2B too.

ADD A PASSWORD

You could add a password prompt too so that the partition can only be unhidden if you know the correct password is fred, e.g.

  • iftitle [parttype (hd0,1) &; set /A p=%@retval% &; if not %p%==0x0F && calc %p%&0x10] TRUE UNHIDE HD0,1\n Unhide 2nd partition on first hard disk
  • password fred || configfile /menu.lst
  • echo
  • call /%grub%/true_unhide.g4b (hd0,1)
  • pause
  • # Reload main menu
  • configfile /menu.lst

Easy2Boot (E2B) is popular multiboot USB solution that also contains agFM and Ventoy. It supports both Legacy and UEFI.
Simply copy on your bootable ISO files to the E2B USB drive and boot! Boot to DOS, Linux, Windows Install ISOs (XP>Win11),
automate Windows installs, WIM files, VHD files, images of flash drives, Linux ISO+persistence, etc.
E2B is unique in that it uses partition images which allows you to directly boot from Secure Boot images (no need to disable Secure Boot or run MOK manager or modify your UEFI BIOS).

eBooks

The following eBooks (in PDF format) are available from the developer (rated 4.5/5 stars).

Also visit Easy2Boot.xyz and the my blog – please subscribe for the latest news, tips, USB boot articles and news of free eBook updates.