Can't log into windows should I decrypt?

Discussion in 'encryption problems' started by wilder7500, May 14, 2014.

Thread Status:
Not open for further replies.
  1. wilder7500

    wilder7500 Registered Member

    Joined:
    Dec 30, 2013
    Posts:
    58
    Location:
    USA
    Running windows 7 64bit with truecrypt installled.

    This problem overlaps a bit it seems to be a windows problem, but I'm also concerned with how I should handle trecrypt in this case. Here's the problem: Truecrypt loads fine and boots into windows, however when I get to the windows login screen my windows password is not working. I'm possitive that it's the right password and that caps lock is not on. I can access all shared folders on the machine over a netowrk. I do have access to a recent AX64 Time Machine image of the windows partition. What in your opinion would be the best thing to do in this situation?
     
  2. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,599
    Quite simple if only your windows password SAM is messed up. Windows locks the password manager in a SAM when the OS is mounted. This means you can't get to it with a mounted Windows system. However its open season on that SAM if you can get to it with windows down, and you can very easily if you know how to do it.

    First you have to get by the TC encryption and for this you have three options:

    1. You can decrypt the whole drive and then use windows tools to repair/zero out the password ----- this would be the last option for me due to time needed.

    2. You can remove the drive and go to another computer and using TC you can access the drive that way. Hopefully you have read the manual and know how to do that, but if not come back and ask. Its easy if you have a sata cable to connect the drive to computer #2. Once past TC then you can zero out the password in the SAM and the OS will mount without a password when you put it back in the original computer. VERY easy stuff.

    3. My choice (but I am prepared with tools) is to use a linux live disk with TC in the build. Just insert the disk and bypass TC completely and then zero out the SAM password. The whole process is well under two minutes and is safe as can be.

    Speaking candidly: if you don't have a good handle on steps 2 & 3 AND you have a good image (you said you do), I would blow away the system disk with your saved copy. This way everything is back to working and you simply re-encrypt the system disk. Its MUCH faster than decryption and the problem will already be repaired by the restore.

    For the future consider creating and understanding linux live if you are going to be using full disk encryption. As mentioned above; simple repairs are just that, and you won't lose the hours you are going to this time. My opinion.
     
  3. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,599
    Covering my bases here. Do NOT blow away the system disk if there are other partitions encrypted with the same headers. i.e. - if you encrypted the system disk and then later encrypted other partitions you are fine. If you encrypted WHOLE DISK at the time you did the system disk you can't do this or you will lose the data in the other partitions.
     
  4. wilder7500

    wilder7500 Registered Member

    Joined:
    Dec 30, 2013
    Posts:
    58
    Location:
    USA
    The drive in question is in a laptop. I do have another computer running windows with TC on it. I belive I encrypted each partition seperately ( I do have backups) using the same password, in other words, I added them to favorites so they mount automatically at boot. I am familiar with Linux on a consumer level and would be willing to burn a live cd with TC on it if you point me in the right direction. Are you saying I should boot this Linux live cd from the laptop and repair from there?
     
  5. wilder7500

    wilder7500 Registered Member

    Joined:
    Dec 30, 2013
    Posts:
    58
    Location:
    USA
  6. BeardyFace

    BeardyFace Registered Member

    Joined:
    May 29, 2014
    Posts:
    80
    My interpretation is you can either burn a linux live cd and repair from there, or move the drive to your other computer with TC and repair from that, either will work
    You don't necessarily *have to* make a custom live cd either, Linux isn't like Windows, you don't have to reboot just because you wiped your nose, so just install TrueCrypt in the live session.
    I *doubt* most Linux distros will have updated their repos to the lobotomized version yet (if they ever do), so it'll likely be readily available through whatever package management is used.
     
  7. wilder7500

    wilder7500 Registered Member

    Joined:
    Dec 30, 2013
    Posts:
    58
    Location:
    USA
    OK I got a linux live cd, can some one tell me how to zero out the password in SAM?
     
  8. BeardyFace

    BeardyFace Registered Member

    Joined:
    May 29, 2014
    Posts:
    80
  9. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,599

    This would work IF you can get past the TC encryption first.

    I use Winpass that you can get from Trinity (free). Its a linux live Cd with TC already in the build. When the live disk is up I also have TC to use. From there I use TC and open the drive in question. Once open I use the windows password reset that is ready to go and in trinity's build already. My build has TC 6.3a already in it, and since my personally compiled version is 6.3a I am good to go. No work and easy.
     
  10. BeardyFace

    BeardyFace Registered Member

    Joined:
    May 29, 2014
    Posts:
    80
    Getting past the truecrypt encryption is as simple as
    Code:
    sudo apt-get install truecrypt
    then mount without preboot authentication with most debian based systems.

    Sounds like the Trinity offering simplifies things for the OP though.
     
Loading...
Thread Status:
Not open for further replies.