Jump to content

Quick braindump: locking HFS filesystems


Recommended Posts

  • 68kMLA Supporter

Scenario: you have an HFS filesystem.  You would like it to be read-only, like a CD-ROM is, even though the medium might be (or look like it is) read-write.

 

You will need:

 

  • your disc image;
  • a hex editor (I use Hex Fiend.  Others are available.);
  • something to do binary (this might be your brain, if you're more awake than I am; if you're on OS X, the built-in calculator application will do this fine).

 

Summary:

 

At the start of every HFS volume, there is a chunk of metadata called, varyingly, the 'Master Directory Block' or the 'Volume Information Block'.  In this block, there's a field that contains a number of on-off settings.  Two of these settings are 'locked by hardware' and 'locked by software'.  We are going to turn both of these settings on for the volume.  This will not work for HFS+ volumes, though there is an analogous procedure (the settings are still there but are in a slightly different place).

 

ObWarning:  This involves editing a filesystem with a hex editor.  Make sure you have a copy of your disc image before you start.

 

Method:

 

  1. Open the image in your hex editor.

    517832463_ScreenShot2021-04-07at20_15_32.png.56b3277fd5923c67dbb092619686854b.png
     
  2. First, we need to find the boot block for the HFS volume.  You will recognise this because it begins with the letters 'LK' and has a lot of names you will recognise in it: 'System', 'Finder', 'Macsbug', etc.  A good way to do this is to use your hex editor's "find" facility.  It will look like this:

    567415008_ScreenShot2021-04-07at20_19_03.png.4a6aaafe64e82d942fe7d424512ee8c9.png
     
  3. Now, scroll down a little bit further and you'll find the Master Directory Block directly after the boot block.  You'll recognise it because it begins with the letters 'BD'.  It will look a bit like this (although everything after the BD will probably be different).

    561007783_ScreenShot2021-04-07at20_23_20.png.8a7f25488f4ac11a0f8f30f54ea6006c.png
     
  4. We ignore the first 8 bytes after the 'BD'; these encode the creation date/time and last modification date/time of the volume.  We look at the two bytes after those, highlighted here:

    2098260811_ScreenShot2021-04-07at20_28_33.png.162321ab6fb6e486086d576cd0b5d01c.png
     
  5. We need to set bits 7 and 15.  If you can do that in your head reliably, well done, you can jump ahead a bit; for those of us whose mental arithmetic is questionable, you can use the OS X built-in calculator.  Bring it up and put it into "Programmer" mode (in the view menu), and click on the 16 in the top-right hand corner of the keypad to put it into hex mode.

    25995105_ScreenShot2021-04-07at20_33_52.png.f09e48730f4d2378ef17cc40cb7f3536.png
     
  6. Copy in the two bytes we found earlier into the calculator; in this case, 01 00.  In Hex Fiend you can actually copy and paste here.  You'll see the binary representation of the number below it, with the bits conveniently numbered from 0 on the right to 31 on the left.

    126324343_ScreenShot2021-04-07at20_38_55.png.5de6c31c5d06691e0f11d2c372417c41.png
     
  7. Click on the zeroes in positions 15 and 7 to turn them to ones, and note the resulting number.

    1797263524_ScreenShot2021-04-07at20_42_16.png.e2b8b74f1f741ab22296ffd6cd2a0f9b.png
     
  8. Replace the two bytes we highlighted earlier with the new value.  Make sure you replace them, not insert new ones.

    Before:
    2098260811_ScreenShot2021-04-07at20_28_33.png.162321ab6fb6e486086d576cd0b5d01c.png

    After:
    1262159227_ScreenShot2021-04-07at20_48_02.png.42fd1280559619fbae7c313b9ea3510b.png
     
  9. Save the file.  When you mount this filesystem, it should show up as locked, and Get Info should not allow it to be unlocked.

    593992387_ScreenShot2021-04-07at20_50_16.png.a8aa5e76237b0b5c53ad5ee40f5f81f3.png

    1007821612_ScreenShot2021-04-07at20_50_39.png.c83e8e16ca643c7d84e96b0575498113.png
     

Ta-daa!

Link to post
Share on other sites
  • 68kMLA Supporter

Nice. Thanks for this. In doing some further reading, I came across the following additional Apple developer resources, which delves further in to the subject of on-disk HFS structures:

 

Inside Macintosh: Files / Chapter 2 - File Manager / Data Organization on Volumes

 

Some of the same text is available in PDF form at Pages 55-~70 of this Apple PDF (which is also attached to this post)

InsideMac-ChapterTwo_File_Manager.pdf

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...