Different Sizes and Locations for the Truecrypt Hidden Operating System

Discussion in 'encryption problems' started by Secret Squirrel, Apr 28, 2015.

  1. Secret Squirrel

    Secret Squirrel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    3
    Hello everyone,

    I was wondering if you guy could lend me some serious expertise.
    I am running a 1TB HHD with Win 7, using Truecrypt 7.1a.

    Originally, I was running a 200GB partition which held my UNENCRYPTED decoy os, followed by a 500GB encrypted partition that held my outer volume, and hidden OS. And then another 300gb of unallocated space.

    I was booting the hidden OS from my rescue cd.

    I found that I wished my decoy OS was using all of that 400gb of unallocated space, instead of it sitting at the back of the HD unused.
    I also found that having 500gb encrypted partition was overkill. I don't have 100 GB of "sensitive looking" material, nor do I need 200 GB of free space in my Hidden OS.. I really only need the OS and a few gigs of breathing space, not more.

    So THIS IS WHAT I WANT: I want to have my decoy unencrpted win 7 OS partition to be 900GB, and my outer volume\hidden OS to live in a 100gb partition at the end of the drive (50gb for the outer volume, and 50gb for the hidden OS)

    I have tried multiple times, all failures. This is is where I need your help w. suggestions, and tips on what I can do, and what I have done wrong;

    Out of the box this is impossible, as truecrypt requires that the hidden OS and the Decoy OS are the same size.

    So this is the method which I have tried to use to get around this, but have been completely unsuccessful, and I do NOT know why it doesn't work. Hopefully someone can clear it up.

    My first attempt:

    I wiped the entire drive, and left 850 GB of unallocated space at the beginning of the drive, 50 gb partition (for installing the decoy windows that will be imaged into the hidden os), followed by a 100 gb partition at the end of the drive (where the outer volume and hidden os will live).

    I installed windows 7 onto the 50 GB partition.
    I installed truecrypt, started the hidden OS wizard.
    I filled the outer volume.
    I cloned the OS into the hidden volume.
    I reboot, and now I can boot to the hidden OS with the truecrypt bootloader, and the rescue disc I have.

    Everything works here so far. I can boot to both the unencrypted win7, and use the rescue disc to boot the hidden os.

    So now I wanted to LEAVE THE 100 GB HIDDEN OS PARTITION ALONE, and extend the 50gb DECOY partition, to eat up the rest of the 850 GB of unallocated space at the beginning of the HD.

    So now what I did was to use a partition manager (both gparted, and minitool. I tried this method twice) to extend the 50gb to the begining.

    When I do this, the Decoy boots no problem. But when I use the truecrypt bootloader to try to boot to the hidden OS, it says "invalid password". I have done this twice, once with Gparted, once with Minitool, neither work. The Decoy OS boots fine, but the hidden OS doesn't anymore.

    I do not understand why, because I did not touch the hidden OS partition after it's creation. I only altered the decoy partition, and unallocated space.

    Why is the hidden OS not working anymore, using this method?? That is my MAIN question.

    I tried using Clonezilla to image a hidden os that I made the conventional way, and restore it to a partition of the same size, at the END of the HD, which also doesn't boot after restoring the image.

    I am going nuts here, and I would really like to have a hidden OS, but do NOT want or need to limit the size of my decoy, nor have 100GB or more of encrypted data on my HD.

    I pray someone understands what I am trying to accomplish, and has found a way to do it, or knows what I am doing wrong.

    Thank you All,

    Secret Squirrel.
     
  2. Secret Squirrel

    Secret Squirrel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    3
    Just to clarify, right now I have 850 GB of unallocated space at the beginning of my HD, followed by a 50 GB partition holding an unencrypted Win 7 Decoy, followed by a 100GB encrypted partition, which holds my outer volume and hidden os.

    Everything works, as of now.

    How can I made my 50gb decoy eat up all of the 850 at the beginning, WITHOUT screwing up the 100gb encrypted partition/hidden OS?

    I can't find a way. Everything I do to the decoy stops the hidden os from booting....

    What am I doing wrong?
     
  3. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    I warn you in advance I am going to provide a "basic" answer and not any personally modified coding. More of an explanation than an answer. What you are doing and how you are going about it will never work. The TC code requires that the hidden OS and the decoy OS partition 1 are the same size. NOT the second partition because it also contains an outer volume, but the actual hidden OS. e.g. - you could have a 1 TB second partition/outer volume and still only use 50 Gig as the actual hidden OS. The TC creation process forms an exact replica of the decoy OS at the time the hidden OS is written to the volume. The code could care less how much space you elect to fill with outer volume formatting. Because of the way its written (without being modified) the second partition is the ONLY location on the disk that can house a hidden OS. So when you enter your PBA password in to mount the machine, the software will examine the header starting with where the hidden volume data keys would be located. If the machine does not have a hidden OS the header is still full of encrypted #$#$#$ so that no one can be certain if there is a hidden volume/OS. In other words the header appears exactly the same whether or not there is a hidden element to the partition. It has to be that way for plausibility.

    In your case two aspects cause a fail:

    1. The first partition is larger than partition 2 and that won't fly - period!

    2. There is no longer a match for size between the hidden OS (independent of the outer volume) and the first partition.

    Rather than performing some gymnastics, coding, re-mapping pre-boot, etc.... would it be acceptable to create a large partition behind 2? This would mean 3 partitions and then you can point your shell/decoy/#1 windows partition at the third partition. In essence this would be a large data partition but could be more if you know how to point/target that space using windows. One other nice feature of that method is that the system disk would be small and easy to keep clean and redo as needed. If you wanted to you could also encrypt the decoy and partition 3 independently and have them both mount by entering one PBA password. This would be the easiest way for using all the disk space, and yet keeping the hidden OS small.
     
  4. Secret Squirrel

    Secret Squirrel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    3
    Thanks for the reply Palancar :)

    The thing is, I don't want all of that space to be encrypted at all, in the case of a 1tb second partition, with only a 50 gb hidden volume.

    When you say "point" to the third partition, it means have my decoy OS on partition 1, and install all my software on partition 3? or just use it for data storage?

    I don't think I really want to do that either...

    It's a shame that that rule exists. I understand that the decoy and hidden os need to be the same size AT CREATION, but I see no reason they would need to be still the same size, after the hidden OS is already created. The hidden OS still boots, before the 'real' decoy is made, when TC securely erases the OS from which the hidden OS wa cloned from.

    Why wouldn't it continue to boot, as is? It makes no sense that the partition isn't completely standalone and compartmentalized, and is still somewhat 'linked' to the size of the partition before it. That is a flaw in design, IMO.

    I'd be willing to hear 'long' explanations, if anyone is willing to entertain me and has the time to offer their expertise.

    I don't see three partions being practical, with the encrypted partition in between them.


    Does anyone know how to get: a 900 GB decoy os on partition 1, followed by a 100 gb hidden volume/hidden os partition?

    Thank you all again
     
Loading...