Questions

Shrink pointsec drive without company support

+
0 Votes

Shrink pointsec drive without company support

brxy
I have a laptop from work, which has a 500G drive with a single Pointsec partition with the company's install of Windows. I would like to shrink that drive and install an Ubuntu OS alongside it for personal use so I keep both separate.
I will have no company support for this, even though it is in their best interest that I do not use the Windows OS outside work, but explaining that is futile.

What I have:

* Legitimate access to the drive (my own user/pass that eventually boots the OS so it must get the decryption key).
* Legitimate regular windows id on the PC.
* A ".rec" recovery file made by the IT department when they installed the PC.
* Physical access to the laptop: boot something else, take the disk out etc
* Read access to the Pointsec program files on the installed drive

What I don't have and probably never will:

* Admin pointsec account.
* Admin windows account.
* Original Pointsec installation media.

Any thoughts?

Member Answers

    • +
      0 Votes
      robo_dev

      Or buy a USB jump drive, boot from that, and run Linux that way.

      Pointsec can be tricky even when you have the credentials, when it gets corrupted, the recovery process can take many hours.

      Attempting to modify the partition table will absolutely make the hard drive a smoking wreck, guaranteed.

      If my life depended on trying this, I would make a forensic (bit-by-bit) copy of the hard drive to an identical hard drive, try to hack the copied drive...that way you can prove me wrong without getting busted by your IT folks....

      +
      0 Votes
      brxy

      Ok, this is what I got, it's tricky to say the least, but well...

      I used a tool called "contig" to create a very large contiguous file in Windows. This tool does not need admin rights as long as it can allocate the file in one chunk at once. So, I started increasing the size until I got a fragmented file and then I backed up a bit.
      Finding the actual location of the file in the disk was not easy, any tool I found that would report this (ex: diskview) would not work without admin rights. So, what I did was calculate and store md5 hashes of consecutive chunks of the disk and then make small changes at the beginning of the file. Say, with 100Mb chunks, I would store the initial hashes, and then modify the file in the first 100Mb part, not the second, yes on the fifth, and so a few more. After recalculating the hashes that specific pattern of changes could be seen in the changed hashes.
      So, now I had an unfragmented huge file and I knew where it was on the disk regardless of the filesystem. Next I created a partition comfortably inside that space (I left ample safety margins). I backup and delete the original partition, create the one that lies inside the huge file's space, and then I had to "inject" the backed up first partition with "dd" since any partitioning program would not allow such a creation. I ended up with a nice and grossly unconventional partition table where part 2 was complete inside part 1. I installed my alternate OS into that partition and that's was it.

      I will deliberately not give more details than this since the risk of messing things up is high. If you cannot figure it out from the explanation above then you probably shouldn't be trying it at all.

      I am unsure if I can install a bootloader that could live alongside Pointsec, for now I have none so once I set Windows to boot I cannot easily go back, I use a flash drive to boot part 2, but none of the OS is in that drive, I can remove it immediately and not use it while rebooting with part 2 as the active one. I haven't given much thought to the booting issue for now, any ideas are welcome.

    • +
      0 Votes
      robo_dev

      Or buy a USB jump drive, boot from that, and run Linux that way.

      Pointsec can be tricky even when you have the credentials, when it gets corrupted, the recovery process can take many hours.

      Attempting to modify the partition table will absolutely make the hard drive a smoking wreck, guaranteed.

      If my life depended on trying this, I would make a forensic (bit-by-bit) copy of the hard drive to an identical hard drive, try to hack the copied drive...that way you can prove me wrong without getting busted by your IT folks....

      +
      0 Votes
      brxy

      Ok, this is what I got, it's tricky to say the least, but well...

      I used a tool called "contig" to create a very large contiguous file in Windows. This tool does not need admin rights as long as it can allocate the file in one chunk at once. So, I started increasing the size until I got a fragmented file and then I backed up a bit.
      Finding the actual location of the file in the disk was not easy, any tool I found that would report this (ex: diskview) would not work without admin rights. So, what I did was calculate and store md5 hashes of consecutive chunks of the disk and then make small changes at the beginning of the file. Say, with 100Mb chunks, I would store the initial hashes, and then modify the file in the first 100Mb part, not the second, yes on the fifth, and so a few more. After recalculating the hashes that specific pattern of changes could be seen in the changed hashes.
      So, now I had an unfragmented huge file and I knew where it was on the disk regardless of the filesystem. Next I created a partition comfortably inside that space (I left ample safety margins). I backup and delete the original partition, create the one that lies inside the huge file's space, and then I had to "inject" the backed up first partition with "dd" since any partitioning program would not allow such a creation. I ended up with a nice and grossly unconventional partition table where part 2 was complete inside part 1. I installed my alternate OS into that partition and that's was it.

      I will deliberately not give more details than this since the risk of messing things up is high. If you cannot figure it out from the explanation above then you probably shouldn't be trying it at all.

      I am unsure if I can install a bootloader that could live alongside Pointsec, for now I have none so once I set Windows to boot I cannot easily go back, I use a flash drive to boot part 2, but none of the OS is in that drive, I can remove it immediately and not use it while rebooting with part 2 as the active one. I haven't given much thought to the booting issue for now, any ideas are welcome.