Hidden TrueCrypt Volume

Discussion in 'encryption problems' started by moons, Jan 8, 2016.

  1. moons

    moons Registered Member

    Joined:
    Jan 8, 2016
    Posts:
    3
    Good Day,
    I Made a volume using TrueCrypt with both outer and hidden partition and been using that for a while .(outer is 50GB and the hidden is 10GB)
    Then i thought i can add another hidden partition to same volume so i
    Create an encrypted volume / Hidden TrueCrypt Volume / Dirct Mode / same volume above / size 10GB then creat
    i did choose different password than i used for old hidden one .

    i thought that will create 2 hidden partition in same Volume , but i found that i can see only the most recent one and the old one no longer exist neither the old password is valid,
    even the total size of the volume is increased by the 10GB i added with the new hidden partition(Total is 60GB)

    is there any chance to access the old hidden partition or its formatted and gone.
    Any help is appreciated , Thanks in advance.
     
  2. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,599
    As you have learned there is only one hidden volume configured by TC. When you created the recent hidden volume the "original" hidden volume header was overwritten by the newer one. The old header is gone for good unless you have a saved copy of a volume header backup. Do you? If you do have a backup header to restore you will have an uphill battle BUT might recover some stuff. Without a valid header the old volume is hopelessly gone. Let us know.
     
  3. moons

    moons Registered Member

    Joined:
    Jan 8, 2016
    Posts:
    3
    Thank you Palancar for taking time to reply my question ,
    unfortunately i didnt save backup for the volume header , is TestDisk can help recovering the volume header? , the recent volume is still empty and i didn't write anything on the volume since then .
    appreciate your help
    cheers!
     
  4. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,599
    Maybe it will help to see a "cut and paste" from the VeraCrypt/TrueCrypt manual (you can interchange VC and TC they are same for the purposes of this post):

    Encryption Scheme

    When mounting a VeraCrypt volume (assume there are no cached passwords/keyfiles) or when
    performing pre-boot authentication, the following steps are performed:

    1. The first 512 bytes of the volume (i.e., the standard volume header) are read into RAM, out
    of which the first 64 bytes are the salt (see VeraCrypt Volume Format Specification). For
    system encryption (see the chapter System Encryption), the last 512 bytes of the first logical
    drive track are read into RAM (the VeraCrypt Boot Loader is stored in the first track of the
    system drive and/or on the VeraCrypt Rescue Disk).

    2. Bytes 65536–66047 of the volume are read into RAM (see the section VeraCrypt Volume
    Format Specification). For system encryption, bytes 65536–66047 of the first partition
    located behind the active partition * are read (see the section Hidden Operating System). If
    there is a hidden volume within this volume (or within the partition behind the boot
    partition), we have read its header at this point; otherwise, we have just read random data
    (whether or not there is a hidden volume within it has to be determined by attempting to
    decrypt this data; for more information see the section Hidden Volume).

    end paste.

    When you created the new hidden volume Bytes 65536–66047 on the original header were changed/overwritten. The software always "tests" your entered password against the position of the decoy/shell volume first. If that fails (comes back false) it then tests the position 65536-66047 and if it comes back TRUE the hidden volume is opened.

    I am sorry to report but if the header at 65536-66047 is changed there is absolutely no way to recover the old hidden volume contents. The header contains all the stuff you need to test TRUE to the password. Its a very complicated and precise software engineering. Works great but its intolerant of such mistakes. Sorry, its gone!
     
  5. moons

    moons Registered Member

    Joined:
    Jan 8, 2016
    Posts:
    3
    Thank you so much Palancar , your time and effort is very appreciated.
    God bless ya
     
Loading...