need a how to / tutorial to remove the bootloader

Discussion in 'encryption problems' started by Timok, Sep 11, 2015.

  1. Timok

    Timok Registered Member

    Joined:
    Jul 3, 2010
    Posts:
    51
    Location:
    Germany
    Palancer has been writing here

    I wrote him a message and ask him for a how to / tutorial for people without coding background and he answers me I should ask here

    so any help ?

    thx

    Timok
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    In Linux, you just use dd. First to make copies. And then to overwrite it with random data.

    I presume that it's similar in Windows.
     
  3. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,591
    Life has been really busy for me. Can you confirm what OS you are using? Frankly, since the question involves security of the MBR and TrueCrypt usage I am assuming its a Windows system. If you will come back and confirm that I'll throw something up. Its a very simple and yet bulletproof way to be certain nobody is messing with the startup of your machine. [This excludes very high tech firmware/bios attacks, which require other countermeasures]
     
  4. Timok

    Timok Registered Member

    Joined:
    Jul 3, 2010
    Posts:
    51
    Location:
    Germany
    The system is a win 7 x64 (and @the moment without encryption - i pan to change from truecrypt (just removed) to veracrypt). I think your method is interesting if the authorities want to control the notebook at the airport etc.
     
  5. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,591
    TrueCrypt and VeraCrypt are virtually sisters so either is fine for basic encryption against a thief!

    Regarding your Airport "crossings" that is another story. In many countries, including where I live, they can demand that you fire up the operating system/computer to prove its not a bomb. Failure as a minimum would be loss of the laptop, and more likely you are going to be taken out of line and it'll be VERY harsh. If you are going to be passing through security at airports then your best play would be a hidden OS for your private stuff and have a generic OS you can fire up for any airport official. Both TrueCrypt and VeraCrypt offer a hidden OS feature. Read and learn about them because its your only safe play due to these Airport encounters.

    This Airport scenario changes the config I had planned for you.

    You can still easily remove the bootloader and place it on a flash drive, but that too must be presented to fire up the computer for the Airport agents. Originally I thought you were planning against an adversary that might gain access to your machine when you were absent. Protecting the MBR/bootfiles from being changed is a huge security improvement, but that flash you would be using will be in the hands of the airport folks to start the computer. Understand?

    From your description of use its imperative that you NOT need to reveal anything sensitive to the airport folks if pulled out of line for further examination.

    Do you have a working knowledge of the hidden OS and do you need any help in that area?
     
  6. Timok

    Timok Registered Member

    Joined:
    Jul 3, 2010
    Posts:
    51
    Location:
    Germany
    @Palancar

    No problem to fire up the computer for the Airport agents, I use Tails on a Stick = the computer boots normally from USB and no one is wondering that the computer don't starts without the stick. The Airport scenario was just one of a handful of reasons. In Germany the GOV agents like BND, BKA, LKA, BfV etc. are the real problem. I've had problems with such services = my paranoia so has its causes, and no one is surprised that such a computer

    IMG_20150919_064254.jpg

    in a strange way has to be started