Whether you’re at the hobbyist level or a professional, if you’re working on code for operating systems or file systems, tools can make or break the job. [Ben Lunt] is an enthusiast hacker himself, and found that over time, a series of useful utilities had proliferated beyond reasonable management. It was time to solve the problem – enter ULTIMATE.
ULTIMATE is a combination of a wide swathe of file system hacking tools that [Ben] had developed over the preceding years. Capable of dealing with most FAT variants, Ext4, ISO, [Ben]’s own FYS FS as well as other Linux ephemera, it enables a wide variety of common tasks to be executed from within a single program.
Capabilities of the tool are wide ranging. Files can be inserted into and removed from image files, boot records can be altered, and there’s even the ability to tinker with GPTs for UEFI-based systems. [Ben] has also experimented with the concept of the eMBR – an extended Master Boot Record with greater functionality for larger, modern hard drives.
ULTIMATE is a testament to [Ben]’s broad file system knowledge, and could likely serve useful to many hackers in the file system and OS community. Just be cautious, though – the software is still in an early stage of development. If you’re just getting started in this particular realm of tinkering, take our primer on file system forensics.
23 thoughts on “ULTIMATE – A Useful Tool For File System Hacking”
“With great power comes great responsibility”.
Power corrupts. Absolute power corrupts absolutely.
So, with great power comes great corruptibility.
I think I’ve seen that in NAND flash…
“With great power comes a great energy bill”.
You mean energy, not power. A 10W LED powered 24/7 will consume more energy than a water kettle with 1000W heating up a cup of water.
Most efficient way to heat up water is microwave.
A 750W oven takes 2 mins to heat up a cup of water.
So, a 1000W would take roughly 1min 30s (Hey, you neither specify the temperature of the water, the efficiency of the heating method, and the target temperature. So I do what I can here).
So, 1000W during 90s is roughly the same as 100W during 900s or 10W during 9000s (2h 30mins) (not for heating, but for energy).
To sum up, “With great Power comes great energy bill, if you are great an powerful less than 2h and a half.”.
What? My comment is not useful?
I totally agree, but, hey, here it is.
Looks great! But, key points: “Did I mention it is pre-release ready? Use at your own risk.”
Also, some important stuff is not done yet:
“The following items are not (yet) supported:
FAT (a few things here and there need to be completed)
FYSFS (a few things here and there need to be completed)
LEANFS (Indirect Extents are not yet supported)
exFAT (write/insert/along with a few other things)
UDF (partially complete)
The way it is written, physical devices, such as real hard drives, etc. can be added. i.e.: Read from a host drive instead of a image file. However, this is not yet added. I need to test a lot more before this part gets added/used.
Many other items”
Not sure it counts as an “ultimate” tool when it only runs on Windows and works primarily on a handful of Microsoft filesystems, but OK.
It covers nearly 90% of the x86 market. That’s nothing to complain about.
Feels like I’m reading a comment from 1998…
I don’t know how to tell you this, but both Windows and x86 aren’t exactly where the action is in the hacker/maker scene anymore.
I guess it’s the ambassador of the hacker/maker scene reminding up 2018 is all about hooking your Raspberry Pi to a weather sensor and joining the IoT scene.
Some hard gatekeeping here, not uncommon in in discussions of sports teams, game consoles or operating systems. “mine’s better than yours.”. I don’t get snobby. I think as far as OSes go, one should use the right tool for the job, sometimes it’s windows. sometimes it’s linux, sometimes it’s whatever is to hand. and sometimes it doesn’t matter and is just personal perference. Besides C64 basic plus Datel Action Replay VI Fastload Mode (that’s been sideloaded on a 1541 Ultimate II+) is obviously the superior OS :P
@Spacedog – The only thing I have found in a very long time where Windows is the “right” tool for the job is building software that can be marketed to the much larger windows desktop/workstation market than the linux desktop/workstation one.
If people really did choose the best tool for the job Windows would quickly cease to be it.
So you believe 90% of servers are running Windows? Funny…
Well… the Internet was originally meant to serve as a network that can survive nuclear war right? I suppose if 90% of the servers on it did run Windows then every Microsoft Update and/or other poorly written malware release would be a great simulation of a nuclear war for testing the network’s resiliency!
Seams a little premature to post isnt it? yes cool, but these items need to be completed, and they are the reason I like this tool:
* exFAT (write/insert)
* FAT (a few things here and there need to be completed)
* NTFS (write/insert)
* Ext2/3/4 (write/insert)
* exFAT (write/insert/along with a few other things)
Thanks for your comments.
However, [Lewin] stated “Just be cautious, though – the software is still in an early stage of development” as well as myself stating “Is very pre-beta. It still needs a good bit of work and testing”.
This is a hobby, not a career. As soon as I find the time and (more importantly) interest to finish those functions, I will get to it.
I visit Hackaday at least once a day to see a lot of fine projects, some quite a bit more advanced than others, but still very interesting. I appreciate Hackaday for their interest in my little project and for [Lewin] for posting it.
If you guys will share a link to your project(s), I would love to visit them.
Do you plan on releasing the source code for it? Trying to recover some files out of a badly backed up xp ntfs img but because of the 1024 entries limit I can only see part of the Windows directory which I don’t even need lol
Eventually I do. For the moment, I need to do some more work on it, especially clean it up. The limit should be 10240 (~10k), not 1024 (1k). The NTFS code is quite experimental. There is not a whole lot of documentation about it and I have some more research to do on that file system. Please email me at the address specified on the ULTIMATE webpage and maybe I can help you out with it.
Nice work Ben, thanks for blowing the lid off of MBR partitioning tools. nice to see what’s actually going on under the hood of rufus and similar USB stick makers.
I recall a time I had to hide a partition from an installing os, maybe I wanted 98 and XP to both be “C:”, I can’t remember. But I do remember using a command line editor to change the byte code to ‘other’ FS from a Microsoft one before the install :)
The OS didn’t mess with my stuff, and I changed it back later.
Also remember installing win 2k twice in my grandpas PC, so I wouldn’t have to reinstall and wipe it when it filled with malware. I could boot the other install and nuke the virus :)
Also recovering a FS that had the partition type corrupted
“It is for Windows only. I use WinXP but have tested with later versions of Windows as well as 64-bit machines.”
Seriously??? At least use something that receives security patches.
But nice tool, I’ll check it out!
Sorry for the snarky comment but here at work we’re especially careful with development machines for fear of leaking malware into finished products.
Please be kind and respectful to help make the comments section excellent. (Comment Policy)