Hi,
Is there some project that would resemble a truecrypt mod?

Or are there some people here wanting to start such project?

There are quite some things that are missing and it seams the official devs wont implement it, stuff like listed here: http://www.wilderssecurity.com/showthread.php?t=224241

I'm an experienced c++ hobby programmer, but not very familiar with drivers and such, I managed to mod the TC driver to remove the write protection for normal drives when using the hidden OS, as well as get the persistent/system volumes back for TCtemp/TCGina, http://www.eselfarm.info/ModCrypt/
but for example with this: http://forums.truecrypt.org/viewtopic.php?t=15399 I stuck and no luck in any direction :/

Things I think are needed are:
1. Smaller decoy larger hidden OS
2. implace HDD encryption for XP
3. inplace reencryption with an other headre key
4. VSS support for nonsystem drives
5. native support for rescue USB stick instead of a CD/DVD
6. if feasable keyfiles form USB/floppy
7. soft reboot capability without entering the PW (storred in ram or HDD or usb/floppy and after use erased)
8. option to dissable the write protection in the hidden OS for unhidden/unencrypted drives
9. mounting TC volumes as into empty NTFS folders without the need to 1st mount them with a drive letter

As of now I only got 8 to run...

I believe it could be a very usefully project and make many people happy.
Is there some one willing to help me with this?

David X.

No one interested?

I would like to see a mod that does what drivecrypt does, if a wrong password is enterd at the bootloader it will destroy the drive so no one can read anything of it.

This is good because, if your computer get seized for some reason and if the investigator enter the wrong password without asking you it will destroy the evidence and it will not be your fault, but if you give the wrong password then you will be charge for destroying evidence.

All you really have to do is, put papper on or near the computer where it says password and just make up something, then the investigator will enter this password and you cannot be charge of anything.

Well unless he is borderline incompetent he will do a offline backup sector by sector of you encrypted HDD and this feature will have exactly none effect.

A truecrypt mode, one of the better ideas!

At the moment i'm looking for something like modcrypt, but only for the newest version, 6.2.

Perhaps you can build the truecrypt source, I'm not in a position to that at the moment.

The only thing that need to be removed is inside Driver/VolumeFilter.c on line 146 and 147.

I'm very thankfull if you could upload the build program.

Greeting Themuzz

{QUOTE-> Well unless he is borderline incompetent he will do a offline backup sector by sector of you encrypted HDD and this feature will have exactly none effect. <-QUOTE}

Yes but it will take the investigator extra time, and time is money, the more costly you make an investigation the more likely you are that they may give up on you and move onto something else, depending on priorities.

Regarding the modded TC version, I would love to see a version that when prompted to burn a recovery CD has a checkbox with the word NO.

http://rapidshare.com/files/241111209/ModCrypt6.2_src.rar
Obtion to dissable Write protection in a hiddenOS
batchfile to start tc format without recoveryiso check
TCtemp & TCgina adapted to the new TC version

PS: I'd be really happy if there would be someone out there to help me with the remaining points :)

Your my hero!

I would love to help but I'm only good at programming php, mysql and javascript...

Let me know if you need any help for stuff not about c.

About the mode: Could you help me how to use it? I have truecrypt (original version) installed and am inside the hidden os. How can i enable the external writing option?? (If I need to build the code, could you to that? I can't...)

Thanx!!!

Kind regards,

Themuzz

Edit:
I found the files Release\Setup Files
But TrueCrypt Setup.exe does not work..
I thought I had to use the new sys file, but how??

Just put the new sys file in your C:\windows\system32\drivers directory overwriting the old one.
And apply the EnableWriting.reg and reboot.
WARNING: if oyu are using windows XP 64 or vista 64 I dont know if this wil success cause my driver is unsigned and windows may reject it and not boot!
i havn't tested it since i'm still using win xp/server 32bit with PAE on my machines.

Thanx! I also don't have 64, so I can't test it.

About the registry settings, the dword value is 00000015, but it says that one should apply 1,2,4 or 8. How about that? What si the default value 00000015?

{QUOTE-> Yes but it will take the investigator extra time, and time is money, the more costly you make an investigation the more likely you are that they may give up on you and move onto something else, depending on priorities.

Regarding the modded TC version, I would love to see a version that when prompted to burn a recovery CD has a checkbox with the word NO. <-QUOTE}

Except it's not "extra time." There's not a single forensics analyst that does not first image the drive. It's all about the evidence chain. They then have an image they can use to enter a password as many times as they want defeating any such "destruction" process. The only way this doesn't work is when you're using hardware encryption where the encrypting/decrypting takes place on the chip on the drive and not with software. In those cases, a self-destruct feature can be very effective and that's why most hardware encryption products have that very feature. But that would be a no-go and a waste of time for TrueCrypt to include such a feature.

{QUOTE-> About the registry settings, the dword value is 00000015, but it says that one should apply 1,2,4 or 8. How about that? What si the default value 00000015? <-QUOTE}
you can enter 1,2,4,8 or any combination of this 4
1= 0001
2= 0010
4= 0100
8= 1000
15= 1111

Hmm, Actually, the write protection is still on

I've renamed the olde truecrypt.sys to truecrypt.sys.bak and put the new one in place.

After that I've added the registry and then I rebooted. Still write protection on.
And also the auto-mount feuture does not work.

Please help :)

you have to replace the truecrypt.sys inside c:/windows/system32/drivers/...
replacing it in the TC APP directory wont do the trick.

{QUOTE-> you have to replace the truecrypt.sys inside c:/windows/system32/drivers/...
replacing it in the TC APP directory wont do the trick. <-QUOTE}

Yep I did, but still not working after a reboot with the registry settings added. And I'm just using the 6.2 version (and not the new 6.2a).

Is it fully function with you?

yes it works fine on my test system

I don't get it, it's still not working with me. Tried today allday.

Did you also make it work with 6.2a?

Perhaps it does not read the registry settings?? I just don't get it... Please help :)

And of course thanks for all the hard work. It's weird not more people use this...

If I search all the source for the name of the registry key PseudoHiddenOS if only found this line:

#define TC_ALLOW_WRITE_REG_VALUE_NAME DRIVER_STR("PseudoHiddenOS")

It's commented out? So does it even read the registry? Or maybe I'm just on the wrong pad :)

Found this TrueCrpyt mod - HaDES HardDisk Encryption System (http://hadeshdencrypt.sourceforge.net/EN/).

According to description, this is essentially the same thing as TrueCrypt but with multi-user functionality.

Does HaDES disable the read-only mode??

It just sucks, cause I want to install truecrypt on two systems but I can't use the hidden OS if I can't write to usb without an truecrypt container. And yes, I am aware of the possible leakage but I can handle that.

DavidXanatos, if it's not that much work, could you upload a modded version of 6.2a with the read-only mode removed? You would really save my day :)
But if it's to much work then don't do it because I have the feeling not much other people are using it.

#define is a preprozesor definition not a comment a comment would start with //
or be inside of /**/
I'll try ti find some time and make a 6.2a based ans tested version in a week or so

Dude, your my hero! (again :) )

But to make sure I got the same install of everything, would you then als upload the setup of the truecrypt version you used to try it on?

And about the read-only mode, I don't really care about the possibility to use the registry settings, I'm just very happy if the read-only mode is removed so I can write to usb inside the hidden os.
But I don't know what other people think about this.

Thanks again man! I'm going to look at this page three times everyday from now :D

Here is a new version : http://rapidshare.com/files/262104996/ModCrypt6.2a_src.zip
its tested on a 32 bit system and it works, when the EnableWriting.reg is applyed the read only protection is successfuly removed and the TC gui should think that its a normaly encrypted OS not a hidden one.

btw: when you install the decoy OS i think its recomended to install the normal TC release there so the no one will ask you why doy ou have a feature for hidden OS while you clame you don't have a hidden one ;)

Going to test it right now :) Thanx man!

I'll post back within an hour;D

You saved my day, it's working perfectly!

I hope others can enjoy this modded release as much as I did ;D

Thanx again!

Just looking at the mods for this...

// David X. Begin
enum
{
TC_WRITE_LOCK_DRIVE = 1, // bypass write lock on Drives (HDD, Flash, etc...)
TC_WRITE_LOCK_VOLUME = 2, // bypass write lock on normal unhidden TC Volumes
TC_WRITE_LOCK_SYS_VOLUME = 4 & 2, // bypass write lock on unhidden TC Volumes mounted as System Volumes
TC_WRITE_LOCK_HIDE = 8 // report that the OS running is not Hidden (usefully only when also 1 is set).
};
BOOL AllowWriteAccessForHiddenOS (int WriteAttempt);
// David X. END

4 & 2 = 0 ???

I would have thought you meant 4 | 2? Meaning the TC_WRITE_LOCK_SYS_VOLUME requires TC_WRITE_LOCK_VOLUME also set?

Yo are right!

{QUOTE-> Yo are right! <-QUOTE}

Any chance of a quick recompile as I aint got the stuff installed to produce it yet. :)

Any change the 6.3 version will be modded to allow writing to external drives? :D

Let me know if I can help :)

Kind regards,

Themuzz

Alright I figured I'd register just to help you guys out.

To enable writing to non-hidden drives in a hidden OS, grab the TrueCrypt source, open up DriveFilter.c, and find the function:


BOOL IsHiddenSystemRunning ()
{
....
}


Replace the code between the braces with "return FALSE;" and compile the driver.


Lucky for you guys, I've already done it (http://www.infinitemb.com/download/5583/modded_tc_driver_6.3.zip/) for you. This includes both 32 and 64-bit versions of truecrypt.sys 6.3, and I already signed the 64-bit version with the NGO driver signature enforcement overrider (http://www.ngohq.com/home.php?page=Files&go=cat&dwn_cat_id=34). You must be in Test Signing mode to use the 64-bit version in Vista and 7, and you must do it before installing the modified driver. You can use the NGO utility to switch to Test Signing mode.

To install, you must boot into another OS that can run TrueCrypt (I use WinPE) and mount your hidden volume in TrueCrypt using "Mount Options -> Mount partition using system encryption..." and replace truecrypt.sys in system32\drivers or SysWOW64\drivers.

I tried to download the file, today and yesterday, but something is wrong with the website since if I wait and click the link I'll get an server offline message.

Perhaps you could upload it somewhere else??

Thanks for the work you have put in it!

Sure here you go http://www.filedropper.com/moddedtcdriver63

Maybe it's me, but your last download link also doesn't work :) I get redirected to the main page of that website.

Perhaps you wnat to upload it to rapidshare or something like that?

Thanks!

http://rapidshare.com/files/298165295/modded_tc_driver_6.3.zip

{QUOTE-> Alright I figured I'd register just to help you guys out.

To enable writing to non-hidden drives in a hidden OS, grab the TrueCrypt source, open up DriveFilter.c, and find the function:


BOOL IsHiddenSystemRunning ()
{
....
}


Replace the code between the braces with "return FALSE;" and compile the driver.


Lucky for you guys, I've already done it (http://www.infinitemb.com/download/5583/modded_tc_driver_6.3.zip/) for you. This includes both 32 and 64-bit versions of truecrypt.sys 6.3, and I already signed the 64-bit version with the NGO driver signature enforcement overrider (http://www.ngohq.com/home.php?page=Files&go=cat&dwn_cat_id=34). You must be in Test Signing mode to use the 64-bit version in Vista and 7, and you must do it before installing the modified driver. You can use the NGO utility to switch to Test Signing mode.

To install, you must boot into another OS that can run TrueCrypt (I use WinPE) and mount your hidden volume in TrueCrypt using "Mount Options -> Mount partition using system encryption..." and replace truecrypt.sys in system32\drivers or SysWOW64\drivers. <-QUOTE}


Strange.:wacko:
After file replacement trueCrypt.sys in windos xp after loading shows BSOD stop 0x0000007B.
In what a problem????

I have the same problem - after creating hidden system, I copied the truecrypt.sys file to windows32/drivers on i386 and my windows shows quick BSOD and reboots on startup. Version I use is 6.3. Any chance to see what's going on and perhaps help us out with this? Being more of J2EE developer than C programmer building this stuff on win32 makes me feel very worried ;) Thanks!

Ian.

It seems works! It is necessary reinstall new sata ide drivers and reinstall original OS! thnak you gays

Can you describe what did you to to make this .sys file work? I have went through full system installation, then created hidden os and everything seemed to work.

After that I have copied truecrypt.sys file to my decoy os, and it stopped booting? What should I do?