Truecrypt modding ???

[DavidXanatos]

Hi,
Is there some project that would resemble a truecrypt mod?

Or are there some people here wanting to start such project?

There are quite some things that are missing and it seams the official devs wont implement it, stuff like listed here: http://www.wilderssecurity.com/showthread.php?t=224241

I'm an experienced c++ hobby programmer, but not very familiar with drivers and such, I managed to mod the TC driver to remove the write protection for normal drives when using the hidden OS, as well as get the persistent/system volumes back for TCtemp/TCGina, http://www.eselfarm.info/ModCrypt/
but for example with this: http://forums.truecrypt.org/viewtopic.php?t=15399 I stuck and no luck in any direction :/

Things I think are needed are:
1. Smaller decoy larger hidden OS
2. implace HDD encryption for XP
3. inplace reencryption with an other headre key
4. VSS support for nonsystem drives
5. native support for rescue USB stick instead of a CD/DVD
6. if feasable keyfiles form USB/floppy
7. soft reboot capability without entering the PW (storred in ram or HDD or usb/floppy and after use erased)
8. option to dissable the write protection in the hidden OS for unhidden/unencrypted drives
9. mounting TC volumes as into empty NTFS folders without the need to 1st mount them with a drive letter

As of now I only got 8 to run...

I believe it could be a very usefully project and make many people happy.
Is there some one willing to help me with this?

David X.

[DavidXanatos]

No one interested?

[mjau]

I would like to see a mod that does what drivecrypt does, if a wrong password is enterd at the bootloader it will destroy the drive so no one can read anything of it.

This is good because, if your computer get seized for some reason and if the investigator enter the wrong password without asking you it will destroy the evidence and it will not be your fault, but if you give the wrong password then you will be charge for destroying evidence.

All you really have to do is, put papper on or near the computer where it says password and just make up something, then the investigator will enter this password and you cannot be charge of anything.

[DavidXanatos]

Well unless he is borderline incompetent he will do a offline backup sector by sector of you encrypted HDD and this feature will have exactly none effect.

[Themuzz]

A truecrypt mode, one of the better ideas!

At the moment i'm looking for something like modcrypt, but only for the newest version, 6.2.

Perhaps you can build the truecrypt source, I'm not in a position to that at the moment.

The only thing that need to be removed is inside Driver/VolumeFilter.c on line 146 and 147.

I'm very thankfull if you could upload the build program.

Greeting Themuzz

[box750]

Quote:

Originally Posted by DavidXanatos

Well unless he is borderline incompetent he will do a offline backup sector by sector of you encrypted HDD and this feature will have exactly none effect.

Yes but it will take the investigator extra time, and time is money, the more costly you make an investigation the more likely you are that they may give up on you and move onto something else, depending on priorities.

Regarding the modded TC version, I would love to see a version that when prompted to burn a recovery CD has a checkbox with the word NO.

[DavidXanatos]

http://rapidshare.com/files/24111120...ypt6.2_src.rar
Obtion to dissable Write protection in a hiddenOS
batchfile to start tc format without recoveryiso check
TCtemp & TCgina adapted to the new TC version

PS: I'd be really happy if there would be someone out there to help me with the remaining points

[Themuzz]

Your my hero!

I would love to help but I'm only good at programming php, mysql and javascript...

Let me know if you need any help for stuff not about c.

About the mode: Could you help me how to use it? I have truecrypt (original version) installed and am inside the hidden os. How can i enable the external writing option?? (If I need to build the code, could you to that? I can't...)

Thanx!!!

Kind regards,

Themuzz

Edit:
I found the files Release\Setup Files
But TrueCrypt Setup.exe does not work..
I thought I had to use the new sys file, but how??

[DavidXanatos]

Just put the new sys file in your C:\windows\system32\drivers directory overwriting the old one.
And apply the EnableWriting.reg and reboot.
WARNING: if oyu are using windows XP 64 or vista 64 I dont know if this wil success cause my driver is unsigned and windows may reject it and not boot!
i havn't tested it since i'm still using win xp/server 32bit with PAE on my machines.

[Themuzz]

Thanx! I also don't have 64, so I can't test it.

About the registry settings, the dword value is 00000015, but it says that one should apply 1,2,4 or 8. How about that? What si the default value 00000015?

[LockBox]

Quote:

Originally Posted by box750

Yes but it will take the investigator extra time, and time is money, the more costly you make an investigation the more likely you are that they may give up on you and move onto something else, depending on priorities.

Regarding the modded TC version, I would love to see a version that when prompted to burn a recovery CD has a checkbox with the word NO.

Except it's not "extra time." There's not a single forensics analyst that does not first image the drive. It's all about the evidence chain. They then have an image they can use to enter a password as many times as they want defeating any such "destruction" process. The only way this doesn't work is when you're using hardware encryption where the encrypting/decrypting takes place on the chip on the drive and not with software. In those cases, a self-destruct feature can be very effective and that's why most hardware encryption products have that very feature. But that would be a no-go and a waste of time for TrueCrypt to include such a feature.

[DavidXanatos]

Quote:

Originally Posted by Themuzz

About the registry settings, the dword value is 00000015, but it says that one should apply 1,2,4 or 8. How about that? What si the default value 00000015?

you can enter 1,2,4,8 or any combination of this 4
1= 0001
2= 0010
4= 0100
8= 1000
15= 1111

[Themuzz]

Hmm, Actually, the write protection is still on

I've renamed the olde truecrypt.sys to truecrypt.sys.bak and put the new one in place.

After that I've added the registry and then I rebooted. Still write protection on.
And also the auto-mount feuture does not work.

Please help

[DavidXanatos]

you have to replace the truecrypt.sys inside c:/windows/system32/drivers/...
replacing it in the TC APP directory wont do the trick.

[Themuzz]

Quote:

Originally Posted by DavidXanatos

you have to replace the truecrypt.sys inside c:/windows/system32/drivers/...
replacing it in the TC APP directory wont do the trick.

Yep I did, but still not working after a reboot with the registry settings added. And I'm just using the 6.2 version (and not the new 6.2a).

Is it fully function with you?

[DavidXanatos]

yes it works fine on my test system

[Themuzz]

I don't get it, it's still not working with me. Tried today allday.

Did you also make it work with 6.2a?

Perhaps it does not read the registry settings?? I just don't get it... Please help

And of course thanks for all the hard work. It's weird not more people use this...

[Themuzz]

If I search all the source for the name of the registry key PseudoHiddenOS if only found this line:

#define TC_ALLOW_WRITE_REG_VALUE_NAME DRIVER_STR("PseudoHiddenOS")

It's commented out? So does it even read the registry? Or maybe I'm just on the wrong pad

[estra]

Found this TrueCrpyt mod - HaDES HardDisk Encryption System.

According to description, this is essentially the same thing as TrueCrypt but with multi-user functionality.

[Themuzz]

Does HaDES disable the read-only mode??

It just sucks, cause I want to install truecrypt on two systems but I can't use the hidden OS if I can't write to usb without an truecrypt container. And yes, I am aware of the possible leakage but I can handle that.

DavidXanatos, if it's not that much work, could you upload a modded version of 6.2a with the read-only mode removed? You would really save my day
But if it's to much work then don't do it because I have the feeling not much other people are using it.

[DavidXanatos]

#define is a preprozesor definition not a comment a comment would start with //
or be inside of /**/
I'll try ti find some time and make a 6.2a based ans tested version in a week or so

[Themuzz]

Dude, your my hero! (again )

But to make sure I got the same install of everything, would you then als upload the setup of the truecrypt version you used to try it on?

And about the read-only mode, I don't really care about the possibility to use the registry settings, I'm just very happy if the read-only mode is removed so I can write to usb inside the hidden os.
But I don't know what other people think about this.

Thanks again man! I'm going to look at this page three times everyday from now

[DavidXanatos]

Here is a new version : http://rapidshare.com/files/26210499...pt6.2a_src.zip
its tested on a 32 bit system and it works, when the EnableWriting.reg is applyed the read only protection is successfuly removed and the TC gui should think that its a normaly encrypted OS not a hidden one.

btw: when you install the decoy OS i think its recomended to install the normal TC release there so the no one will ask you why doy ou have a feature for hidden OS while you clame you don't have a hidden one

[Themuzz]

Going to test it right now Thanx man!

I'll post back within an hour

[Themuzz]

You saved my day, it's working perfectly!

I hope others can enjoy this modded release as much as I did

Thanx again!