Security The registry editor integration in Kaspersky Rescue Disk
This story begins with the fact that I accidentally found Kaspersky Rescue Disk update. More precisely, it begins with the thought that Registry Editor is needed for KRD. I downloaded Rescue Disk without thinking twice using built-in tools...
This is the usual disk, version 8.8.1.37:
Then I added the registry editor chntpw in it. After that I make sure that it works and begin to carry out an experiment: what if the disc will be downloaded not by using KIS (it is supposed that the system is infected by malware, and antivirus is not installed), but simply from the site using Live CD of Ubuntu or another distributions (at that moment it was PuppyLinux, because the system is packed by the old version of SquashFS in the eighth version of the KRD, which is not understand by the new versions that are available in Ubuntu). And then I went to http://devbuilds.kaspersky-labs.com/devbuilds/ and saw there kav_rescue_10.iso. This is nothing else than the 10th version of KRD.
Of course, I downloaded it. Many things have been updated. In the first place, the new versions of the distributions, anti-virus, used tools and the system. In addition, finally Live CD has a built-in browser and now you can not only perform a scan of drive, but read about malware if they will be detected.
But the Registry Editor is still not included...
Probably, it is logically, because at the moment there is only a console editor and an inexperienced user may not understand the program. But we are advanced users!
And now I am narrating the story.
We will start with the Linux boot. In any case I will integrate the Registry Editor in Linux, because I could not find the tools for the version of squashfs that is used in the KRD 10.
Then we will download ISO image of KRD . Do not place it on a virtual disk Live CD, because it has not enough space. Save it better onto the mounted drive of the real system.
Now we need an editor. You can download it from the various resources, but I chose the Uduntu repository.
You should pay attention to the version, we need 0.99.3. This is explained by the fact that this version has no dependencies:
The Library libc6 is in any version of Linux OS. The package from release “hardy” meets these requirements. At the same time there is newer version in the next release “intrepid”, but it has dependence that, in turn, also has dependence:
So the package is downloaded and now we need to extract the executable file and help file from it. To do this we click the right button on the package and open with Archive Manager:
And now we see the internal structure of the package:
We will manually "install" the program, so the install script is not interested for us. Therefore we are going into the archive "data.tar.gz". There is only one folder "usr" in it:
Extract it somewhere:
You can do it near to the image of KRD.
Now we are installing a few tools that are needed to work with the iso and squashfs image.
We will find squashfs-tools using Synaptic Package Manager and install them:
Then we will add the community repository:
The other sources can be disabled, in order to not waste the time on all the package lists update. Now we will be able to find a program isomaster and install it:
Once it is installed isomaster will be available in the “Applications - Sound and Video”:
We are opening the image of KRD using it and extracting a file image.squashfs:
Basically, you can extract the file image.squashfs simply mounting the image as a standard section, but we will use installed graphical tool. I would remind you that large files should be extracted not to the virtual disk Live CD, but to the drive of the real system in order to have enough space.
Once a file is extracted you will spend a time in the console, because the unsquashfs and mksquashfs tools have not a graphical interface.
Thus, we unpack a compressed file system. To do this, run the terminal; go to the folder with the file image.squashfs and type in the terminal:
The process of unpacking has been starting:
By default, the tool unpacks the contents of compressed file system in the directory squashfs-root. Once it is extracted we are simply moving the extracted folder usr from the package chntpw_0.99.3-1_i386.deb to the newly created folder squashfs-root:
In this case we got a warning that such a folder already exists. Select a "Merge":
Now you need to pack everything back. To do this, again run the terminal and write:
If you delete the file image.squashfs after unpacking, you can specify this name as the name of the archive. I missed this point, that is why the archive is named simply as "12":
And then I already deleted the original file image.squashfs and renamed just created.
Now we need to put our new file in the KRD.
We are opening it in isomaster and delete the original file image.squashfs from it:
Then we are adding to the ISO just created file:
Now we are saving the image (you can just get out isomaster and when you leave the program will ask you whether you want to save changes) and it is ready to work. And I again remind you that the image should be saved to disk of a real system, otherwise it will just disappear, because the changes that made to the virtual file system Live CD are not saved.
After that you will be able to edit the registry Windows in the terminal Kapersky Rescue Disk:
I have to write to KRD support in order that they will add this tool in the image by regular means.
The registry editor integration in Kaspersky Rescue Disk
