Lost truecrypt rescue disk - is there a way to recover by mounting on a LiveCD?

Discussion in 'encryption problems' started by non_serviam23, Jan 17, 2013.

Thread Status:
Not open for further replies.
  1. non_serviam23

    non_serviam23 Registered Member

    Joined:
    Jan 17, 2013
    Posts:
    3
    Location:
    US
    I have an Acer Aspire 5742 with Windows 7 64, with full-disk encryption.

    I no longer have access to the truecrypt rescue disk.

    When I boot, the truecrypt screen comes up, and I can correctly enter the password.

    But it can't boot Windows, and so it takes me to the System restore utilities. It finds no OS, and no backups, and I can't check the disk.


    I downloaded SystemRescueCD and I am running Testdisk. My concern is that Testdisk will not be able to really work unless I can decrypt the drive. Is that right?

    So, my question: I have heard here and there that, using a LiveCD that has truecrypt, I could mount the encrypted drive, supply the password, and then maybe decrypt it. Is this right?

    Also, where might I find such a LiveCD? I've been using my USB stick to boot SystemRescueCD, so I was hoping I could similarly boot the relevant LiveCD from by 8gb usb stick.


    Any help here would be much appreciated. Essentially, at this point, I'm trying to decide if anything is salvageable, or if I just need to reformat.
     
  2. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    993
    Location:
    Hawaii
    Don't use any utilities such as TestDisk on your encrypted system drive! They can't help and they might cause irreparable harm.

    When you encrypt your system, TrueCrypt stores an .iso copy of the rescue disk on the system drive. You can mount your volume by either booting off a rescue CD with TC on it, or slaving your drive to another PC with TC on it, and then using the "mount without preboot authentication" feature in order to access your data and retrieve the file, then you can burn a new rescue disk and use it to decrypt your drive if you want to repair it. Alternatively, at that point you can merely copy off your data and then reinstall Windows if that's your preference.

    Sorry, I have to go now. I'll add more details later, but that's the barebones description.
     
  3. non_serviam23

    non_serviam23 Registered Member

    Joined:
    Jan 17, 2013
    Posts:
    3
    Location:
    US
    That is helpful, thank you.


    So, essentially, what I'm going to try and do now is: download Parted Magic, and boot it from my USB. From what I gather, Truecrypt is included in PM. Then, I'll try to mount the disk without pre-boot authentatication, decrypt, and be done.
     
  4. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    993
    Location:
    Hawaii
    Before decrypting the drive I suggest first copying your data to a backup as soon as you can access it. Decryption from the rescue disk will be exceedingly slow, and under certain circumstances the process of decryption can fail without warning while you're partway through, resulting in a screwed-up partially-decrypted drive and no way to access your data.
     
  5. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    993
    Location:
    Hawaii
    Also, keep in mind that you can't permanently decrypt the system unless you either boot to the encrypted drive (which in your case is apparently broken) or boot to the TC rescue disk. After you boot to a LiveCD you will need to find the "TrueCrypt Rescue Disk.iso" file (or whatever it's called) and use it to burn a new bootable rescue disk. It's usually saved to the user's default documents folder, although of course you might have moved it or renamed it.

    If you can't find the correct file to burn the rescue disk, it's often possible to boot to a rescue disk that was created on a different system, and then use that disk to decrypt your drive. If you go that route, be absolutely sure that you DO NOT use that rescue disk to "Restore the Key Data", as doing so will overwrite the encryption header on your hard disk with a different one that won't work and can't be reversed unless the correct rescue disk turns up.

    In any event, if you care about your data then I strongly recommend backing it before you start to decrypt. That's why it's preferable to boot to a LiveCD that has TrueCrypt on it, as that gives you the option of copying off your data first.

    Thanks for the info about the Parted Magic disk, as I was not aware that it had TC on it. Good to know.
     
  6. wilson_franklin

    wilson_franklin Registered Member

    Joined:
    Jan 17, 2013
    Posts:
    6
    Don't panic or do anything stupid, you aren't in bad shape.

    SystemRescueCD has truecrypt on it but not the GUI so you didn't find it.

    I am assuming that the TC encryption is good but there is a problem with windows. This procedure will let you access your data using SystemRescueCD:

    ###
    # unplug all drives but the system drive.

    # boot into SystemRescueCD, at the prompt enter wizard other wise accept the defaults.

    # you should end up in a terminal window with a yellow backgroud.

    # type these commands:

    mkdir /tmp/systmp

    truecrypt -t -m ro,system --mount /dev/sda1

    # when TC asks for the mount volume enter:

    /tmp/systmp

    # accept the defaults for everything else

    ###

    If that works you will now have the window's partition mounted as a readonly file system at /tmp/systmp.

    You can now plug in a 2nd backup drive and copy data to it using Linux file commands.

    If you are logged into system rescue & have problems, type these commands and post the output here:

    mount
    lsblk
    df -hT


    If you don't understand this then don't attempt it, leave the drive alone and ask questions, don't blindly start hacking.

    I hope this helps,

    Wilson
     
  7. non_serviam23

    non_serviam23 Registered Member

    Joined:
    Jan 17, 2013
    Posts:
    3
    Location:
    US
    Thanks a lot to both of you.

    I was able to get the relevant data off, and find a copy of the rescue disk.
     
  8. wilson_franklin

    wilson_franklin Registered Member

    Joined:
    Jan 17, 2013
    Posts:
    6
    I'm glad to hear you got your data back, lots of people don't.
     
Loading...
Thread Status:
Not open for further replies.