Lost truecrypt disc and the password i remember using doesn't work.

Discussion in 'encryption problems' started by Ashley11, May 26, 2012.

Thread Status:
Not open for further replies.
  1. Ashley11

    Ashley11 Registered Member

    Joined:
    May 26, 2012
    Posts:
    8
    Location:
    england
    First of all I'd like to say I don't come to this forum often, and probably won't come back unless I/a friend need help with an issue, so I am just going to be another new user statistics with 5+/- posts ^^

    But I digress,
    So I was really worried about my hard drive and its contents for a while, so I got Truecrypt and encrypted my hdd, using the password 1234567890-=!"£$%^&*()_+ (really easy to remember, and not a1st guess) and after I stopped worrying, I quit the service, but today there was a powercut and my computer is now locked from booting because the password doesn't work.

    I'm really stressed because I got a feeling I need to format, and there are a lot of projects and things I really _don't_ want to lose.

    The other details I can give are that I encrypted all partitions, using the fastest encryption, then turned on the boot option, I use a laptop hard drive in a USB caddy with my master HDD in the motherboard, there is only one OS on the HDD i need to boot.

    I gave my brother my windows 7 disc months ago so I may take 2-3days to get it back and try anything I can to recover it.

    Is there anything that I might be able to use or any ideas to get past it?

    And I saw somewhere that install disc can get back the old boot files, does this need a format or something?

    Thank you for your time.

    Edit: haha, I wrote I bought truecrypt^^ really tired as I wrote this, my apologies.
     
    Last edited: May 26, 2012
  2. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    991
    Location:
    Hawaii
    Your description was a little hard to follow, so I'm not sure I fully understand your setup, but it sounds like two separate things are encrypted: 1) Your Windows 7 operating system on the HDD that's installed in your computer, and 2) a partition on your external USB drive. And you've set things up to automatically mount the volume on your external drive during bootup. Is the above correct? If not, please describe your setup in more detail.

    If you encrypted your operating system then you should also have created a TrueCrypt Rescue Disk. Do you have that? You might need to use it to restore the bootloader and/or the key data, but for starters you should merely try to boot from it and see if you can get into your system. You can also use the TC Rescue Disk to decrypt your system drive, and after it has finished (which might take a day or two in some cases) you can use your Windows 7 disk to try to repair the damage (if any) to your now unencrypted filesystem.

    Your external drive is encrypted separately from the operating system, and you should be able to mount that volume using any computer that has TrueCrypt installed. You don't need the Rescue Disk to access this drive. Just plug it in to another computer, select the correct partition in TrueCrypt's Select Device screen, choose mount and enter your password.

    If necessary you can also access the data on your system drive using a similar technique, but I won't get into that yet.

    If your password isn't accepted, it might be because you are using a British keyboard layout, which uses different top row symbols than the US-Eng keyboard layout. Many users don't realize that their actual preboot password is based on the US-Eng keyboard layout, even when they aren't using that keyboard. I believe that your equivalent US-Eng Keyboard password would be 1234567890-=!@#$%^&*()_+ and you might need to use that password to mount your external drive, or to mount your system volume using the "mount without preboot authentication" feature.

    Warning: Do NOT try booting to your Windows 7 disk to repair your encrypted system. This action is only appropriate AFTER your system had been fully decrypted. Using a Windows 7 disk to attempt to repair an encrypted system will most likely result in the total destruction of your encryption headers, which will permanently lock you out of your encrypted data. And DON'T try to format your encrypted drive while it is in an unmounted state. Again, you'll most likely just end up destroying the all-important encryption headers.

    Sorry to throw such a wide range of ideas at you. Until I understand your situation better I can't give you step-by-step instructions, so please try to explain your problem in greater detail.

    Incidentally, merely experiencing a power outage would not normally harm a system-encrypted drive. In most cases your password would still work unless the hard drive experienced some sort of physical damage, which is rare. Did you do something else that might have damaged your encryption such as booting to a non-TrueCrypt disk and running some sort of procedure? Or perhaps you didn't have a true power outage, you merely had some sort of hardware failure. Did the lights and power actually go out, or did your computer merely crash all by itself for some unknown reason?
     
  3. Ashley11

    Ashley11 Registered Member

    Joined:
    May 26, 2012
    Posts:
    8
    Location:
    england
    Yes this is correct, and sorry for the lacking description, I was exhausted when I first typed the post.

    No I don't, I did write the disc, but I either misplaced it or threw it away after I felt safer about my files and stopped using the truecrypt service (in hindsight very very stupid to assume quitting the service through the taskbar would remove the boot password.

    I suppose I can't do this since the password I used doesn't work. But it's good to know that I can install a new OS without having to format the external HDD, the external hard drive goes everywhere my computer goes anyway.
    Would you please tell me what you are thinking?

    Okay, thanks for letting me know.

    It's okay, a lot of ideas,in my opinon, is better than no ideas and being in the dark.
    And yes, it was a power outage, my kitchen and living room lights along with the TV and fridge(it beeped to say it restart) flashed on and off.

    Thank you for your response :)

    Edit: I tried using the different keys(as you indicated the difference between the US and UK keyboards pre-boot) and it still didn't work,Though I distinctly remember typing it in to the wizard before making the disc.
    From all the information I've seen online and from what you've told me, I'm kind of losing hope that I will be able to get to the files on my hard drive(and by extension, remove the pre-boot menu)
     
    Last edited: May 27, 2012
  4. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    991
    Location:
    Hawaii
    The encryption header for the operating system is stored in a completely different location than the header for your external drive's encrypted volume. Even if you somehow managed to damage your system header such that your system password is no longer being accepted, the external volume should still work. Plug it into another computer and try it. If that doesn't work then you're probably just using the wrong password. And as I said, your preboot password may not be what you think it is because of the keyboard differences. It's my understanding that TC always uses a US-Eng keyboard layout during preboot.

    You also have the option of removing your system drive, slaving it to another computer and using TC to mount it by specifying "mount without preboot authentication". A variation of this approach is to boot your system from a LiveCD that has TrueCrypt on it and then using the same command. But if you can't get your external drive to work then this approach will also be unlikely to work.

    You shouldn't have misplaced your TC rescue disk. Aside from it's main functions, this disk would also allow you to test your password using a different computer, thus eliminating the possibility that you are having a weird hardware issue or are mistyping your password. It would also allow you to rewrite the system header if it has somehow become damaged. Are you sure you don't have that disk somewhere?
     
  5. Ashley11

    Ashley11 Registered Member

    Joined:
    May 26, 2012
    Posts:
    8
    Location:
    england
    Well I attempted three times to write a rescue disc,it didn't work two times, then on the third try the wizard let me reboot.
    and my memory fails me about what I did with the one that worked, but I "think" I have it, I tried a few times to use the recovery of the data file with each disc using the US keyboard version of my password and the UK version etc,no such luck.

    I think the partition with my windows installation on isn't too important, mostly obsolete projects and cancelled things I worked on, is it possible to format the partition with the OS on and save the rest of the partitions without having to worry about losing access to other partition?
    Or can I access the files on the partition with encryption +pre-boot menu with an OS installed on the external HDD

    edit: Yeah I know about the rescue disc, I spent a long time trying to find a good place to hide it.
    Also, I don't have any way of trying to slave the hard drive to another computer unless doing it to my external hard drive with a new operating system. Will that work as a method you said in the latter part of your post?
    thanks again for your time :)
     
    Last edited: May 27, 2012
  6. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    991
    Location:
    Hawaii
    What's going on? I thought your password didn't work and you couldn't boot your system. How are you able to write a new rescue disk? Did you perhaps create a rescue disk using a different system? If so, that's not what you need. The only disk that can restore your encryption header (if in fact it is damaged, which we don't know yet) is the original rescue disk that you created when you first encrypted your system, or a copy/duplicate of that disk.

    If you are able to access the data on your system drive then it's possible to burn a backup copy of the rescue disk, as TC creates an .iso file of the disk and stores it on the hard drive.

    Incidentally, you don't need to hide the rescue disk. It's useless without knowing the password.

    Rather than removing your hard drive, installing Windows on another drive, etc., just boot to a LiveCD that has TC on it, then mount your volumes and see if you can access your data. I forget the names of the freely available boot disks that can do this, but I'll look it up and post back later.
     
  7. Ashley11

    Ashley11 Registered Member

    Joined:
    May 26, 2012
    Posts:
    8
    Location:
    england
    Sorry for the poor explanation, I used 3 discs (2 failed, 1 worked) when originally making the rescue disc.
    I have those, but none of them seem to work.

    I made a new OS on the external hard drive, and I tried to mount without pre-boot auth and it didn't work with the password.

    I can see the files on my hard drive, but I cannot see the rescue disc iso anywhere, Can you point me to where I need to look/what I need to look for?
    Thanks.
     
  8. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    991
    Location:
    Hawaii
    The file "TrueCrypt Rescue Disk.iso" is stored within the encrypted system volume, usually in the Documents or My Documents folder unless you chose to store it under a different pathname. You have to be able to mount the volume before you can recover it, either by booting the OS or by mounting "without preboot authentication" as though it were an external drive.

    I don't know what files you're looking at, but there's no way you would be able to view any of the files or filenames within your encrypted volume unless you first mounted the volume by supplying the correct password. Otherwise the entire partition or drive consists of a huge block of random-appearing data. Windows will typically see this as an unformatted partition and will suggest formatting it, but if you allow Windows to do this then you will end up partially overwriting/destroying your encrypted volume.

    You just performed an OS install on the external hard drive that contains encrypted data that you're trying to recover? I can't believe this. You may have just destroyed the headers to the partitions that you're trying to recover, or overwritten the data itself. What is it with you? Don't you have any natural caution?

    Anyway, since your passwords aren't working and your rescue disks seem to be unusable, the whole exercise may be moot. Hopefully you have backups.
     
  9. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    991
    Location:
    Hawaii
    PS: What happens when you try to boot from your TC rescue disks? Does they really not boot at all, or is it just that your password isn't being accepted? This whole issue could be that you are entering the wrong password.
     
  10. Ashley11

    Ashley11 Registered Member

    Joined:
    May 26, 2012
    Posts:
    8
    Location:
    england
    It looks like I may have failed to encrypt the files correctly, however I found the backup disc in the location you told me.

    The files I can see through my hard drives are in the green text like in the attachment, I can't open them because of it.(obviously since it is encrypted)

    I actually had encrypted the files using the normal windows encryption (did it across all hard drives, took around 2 days) then I used truecrypt after a friend suggested it to me, so that may actually "save" me in a sense.

    There was nothing on the partition of the external hard drive I installed my new OS to, maybe this changes things?
    I didn't do anything other than install a new OS and use my motherboard + graphics + cpu dvd's for drivers.

    Like I say, the encrypted text colour is on most files (other than program files and appdata because I sometimes run virtual machines on my computer and need access)
    perhaps I did something wrong while using truecrypt, seems I am only locked out of viewing(in the case of pictures) or using files that were encrypted if I am not logged in the user.

    I can imagine in my situation I can use the cmd /takeown -f to get back to my files, is this a possibility?


    sorry if my poor explanations have caused mild frustration for you,
    and the rescue disks don't give me an option to boot, so I assume they just don't work.
    As for incorrect password, I think you may be right. But the only password I tried to use was the one I gave, and I tried the US keyboard version and the UK version.
     

    Attached Files:

    Last edited: May 29, 2012
  11. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    991
    Location:
    Hawaii
    Any filenames that you can view, whether you can open them or not, are not encrypted by TrueCrypt. Files that are stored within a TrueCrypt volume are completely undetectable until the volume is mounted. You can't view the file system or read the filenames at all unless you first supply the password and mount the volume. So for those files, you're dealing with a different issue that I can't help you with.
    If the other partitions on the external drive were fully encrypted with TC then their headers were most likely damaged by the fresh install of Win7. But so far you haven't clearly stated that these partitions were TC-encrypted or that you're having trouble accessing them.
    I have no idea.
    If you're able to read the filenames in the OS partition then that partition is not encrypted with TC and you don't need to boot to the TC rescue disk anyway.
     
  12. Ashley11

    Ashley11 Registered Member

    Joined:
    May 26, 2012
    Posts:
    8
    Location:
    england
    So from the information you gave me, it turns out something went wrong during encryption and the only thing that worked was using pre-boot auth.

    Is there any advice you can give me for getting past the file encryption?(not sure if this violates ToS of the forum or not) I didn't backup the encryption certificates or anything like that I have found are used to decrypt files through searches on the internet.

    Thanks for your help and information so far, and if you are unable to assist me further it's okay :)
     
  13. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    991
    Location:
    Hawaii
    I'm well versed in TrueCrypt, but not the Windows 7 Encrypting File System (EFS), which I assume is what you used on those files. Sorry.
     
Loading...
Thread Status:
Not open for further replies.