12+ hours in on a non-system TrueCrypt puzzle... Please help!

Discussion in 'encryption problems' started by developerchef, Aug 18, 2015.

  1. developerchef

    developerchef Registered Member

    Joined:
    Aug 18, 2015
    Posts:
    1
    Tried several things after reading a lot of the suggestions here. Not sure how to continue, here's the story:

    I have a 6TB Drive (RAID 10, thus 4 x 3TB) with at least 2 partitions, if not 3 (more on that later). Non-system. Data integrity with the RAID setup isn't a concern here, partly because the first partition works fine.

    6TB Drive (effective 5.5TB)
    • Partition A:
      • Before Issues: 1 TB RAW, is a TrueCrypt Partition
      • After Issues: 1 TB RAW, is a TrueCrypt Partition (basically the same, I can mount this no problem)
    • Partition B (not too relevant)
      • Before Issues: Don't remember, I thought it was an NTFS partition
      • After Issues: 1 TB RAW
    • Partition C
      • Before Issues: Large RAW, is a TrueCrypt Partition
      • After Issues: 3.5 TB RAW, can't mount as TrueCrypt Partition

    What are "Issues"? Recently, I tried to get rid of a failing drive (not the RAID one above), and it caused a bunch of issues (basically contained my boot data for Windows). When I fixed the Windows issues, Partition C initially wasn't showing up at all: it was suddenly unallocated space after Partition B, and I couldn't just assign it as a RAW partition. I might've made things worse, but I set the disk as GPT (which I must've done so before already) so that I could make that allocated space a select-able partition.

    I can't mount Partition C, which is the problem.

    Here's what I've tried:
    1. Tried TestCrypt (which, by the way, is a nightmare to get working on x64 Windows - disabling driver reqs didn't work, eventually ended up setting up a USB-to-go x86 Windows 8.1 to run it).

      • On the Volume Analyzer, setting Begin of Volume and End of Volume as Automatic, it found 0 volumes in the RAID disk... Which makes no sense! I know I have a fully working TrueCrypt partition on the RAID disk that I can access and use. :(

      • Could it be because TestCrypt is using an old TrueCrypt DLL? I looked briefly at the source for TrueCrypt in TestCrypt's sourceforge code pages, and I think the TrueCrypt version was 7.0... Which isn't far from 7.1a, what I use for these partitions.

      • Maybe I'm doing it wrong? I think TestCrypt is exactly what I need, but that it can't detect the known, working Partition A's volume means something is wrong.
    2. WinHex
      • Loaded Disk 0, defined a block for exactly Partition A's offsets and copied it into a file to prove that WinHex works and that I could copy volume contents into a file and TrueCrypt could still mount it. This worked!!!

      • Looked at the offsets for Partition B and Partition C. Unlike Partition A, whose start and end offsets are perfectly filled with random data, Partition B and Partition C has a full section of 00s right at their starting offsets followed by sections of data:

        http://i.imgur.com/XZxL8AA.png
      • Partition C's data also doesn't cut off cleanly at one of the lines:

        http://i.imgur.com/POJrGzc.png

      • You might notice that the screenshot above has "Microsoft Time-Stamp" in the data... Which makes me think this might've been a file for NTFS. Maybe Partition B & C are swapped and I just don't remember? I do know that there definitely is another TrueCrypt partition on this disk though.
    Thoughts or suggestions? I'm quite stuck now since I'm not sure what constitutes viable offsets from the drive, and the 1 TB Partition A file took 3+ hrs to build. It'll basically take ~12 hours to test Partition C once, and if I'm off only by a bit I'll have to restart the process. Given that Partition B and C might be swapped, I'm truly and thoroughly confused as to how to approach this. I think this is what TestCrypt is written for, but given that I can't even detect my working Partition A, I'm not sure if it's outdated or I'm using it wrong.

    Thoroughly appreciate any help here.
     
Loading...