Possible alternative Hidden OS method?

I find Truecrypt's Hidden OS method rather complicated and restrictive, possibly necessarily, but I wondered if this alternative method would be feasible.

It's quite common to have dual-boot systems, so could the first partition contain the decoy/everyday OS, and the second partition hold another decoy OS that isn't used, with the remaining space on the second partition holding the Hidden OS in an encrypted form.

This way, one could explain why the decoy OS on the second partition hadn't been used recently by saying that it was a backup OS to be used if the main one got corrupted or infected or that it was just used occasionally to test software in a clean environment.

With the current Truecrypt method, one has to have the second partition setup as a data partition, which would be unusual in itself as normally one would use the first partitions for OSes and make an Extended partition for data after that. For this decoy partition to be convincing, one also has to regularly write files to it and also the Hidden OS would need to only occupy a small section of it for it not to be suspicious.

It seems that it might also negate the need for the Hidden OS to spoof that it's running from partition1, as Truecrypt currently does, as there would be an OS on partition2 which would explain why files indicate that they were written by an OS on that partition.

I have to admit, I don't quite understand the need to spoof in this way, as the Hidden OS is unable to write to anything other than itself or Hidden volumes anyway. This restriction also seems unnecessarily restrictive, as writing to a normal encrypted container, rather than a hidden volume contained in one and itself stored on an encrypted filesystem, as Truecrypt requires, would seem to be quite safe.

I may well be overlooking something though and I'd be interested to hear people's thoughts on these ideas.

 

Hi doveman,

I don't buy the whole encryption/hidden OS idea - nor the standard installed OS idea. After working for years in the Unix/Linux job space, when my home WinXP Pro SP2 bogarted on me in June 2006, I bought a Linux magazine (UK) with Ubuntu 6.06? and have never looked back. I currently run the latest Ubuntu Live CD.

I have crafted a custom Live CD environment for myself with 4GB RAM - no hard drives are mounted (exposed) when I connect to my router for Internet access. If any malware is smart enough to tell the difference between my file system (in RAM) vs hard drive - they only have a small window of opportunity when I save something I have downloaded to disk before I unmount access. When I power down - that malware, if it ever got through, is toast. The idea is to not present your computer as a primary target of opportunity for the malware.

-- Tom

 

Hi Tom

That's a fine idea and perhaps by saving to a USB stick you could avoid ever mounting your drives in that environment (although obviously some files are just too big for that).

However, I'm particularly after thoughts on my suggestion and whether it's workable and better than the current way Truecrypt does things.

PS. I've never had much luck with Ubuntu and when I tried 10.4 recently, it just turned my monitor off whilst installing and after booting. I believe I can use a boot switch to fix this, but it doesn't really encourage me that it does this on pretty common hardware (780G integrated graphics). I had similar problems with an earlier revision on different (again common) hardware.

The thing is, I know my way around Windows XP and have learnt a lot of tricks to tweak it, whereas I'm lost when it comes to Linux and it's directory structure and command line, so until I have the time and inclination to learn a whole new way of working and throw away all my experience of XP, not to mention finding Linux software to replace all my XP applications, I doubt I'll be switching any time soon.

 

Hi,

you need to use DriveCrypt Plus Pack(DCPP)
From official site :
"Hidden Operating System:
DCPP is the only disk encryption software on the market able to hide an entire operating system inside the free disk space of another operating system. You can practically define two passwords for your DCPP encrypted disk: One password is for the visible operating system, the other for the invisible one. The first "fake" password gives you access to a pre-configured operating system (outer OS), while the other gives you access to your real working operating system. This functionality is extremely useful if you fear that someone may force you to provide the DCPP password; in this case, you simply give away the first (fake) password so that your attacker will be able to boot your system, but only see the prepared information that you want him to find. The attacker will not be able to see any confidential and personal data and he will also not be able to understand that the machine is storing one more hidden operating system. On the other hand, if you enter your private password (for the invisible disk), your system will boot a different operating system (your working system) giving you the access to all your confidential data. The creation of a hidden operating system is not obligatory and as such, it is not possible for anyone who does not have the hidden OS password to know or find out if a hidden operating system exists or not."

there is some topic on wilderssecurity about dcpp

but for run hidden os ... if someone can make a nice tutorial video for hidden os with dcpp, it seem pretty hard to install it
on youtube there is one older but bad quality


Regards, zozot

p.s: sorry for my bad english

 

Thanks zozot,

That certainly sound much better than Truecrypt's approach and seems to be what I want. It's rather expensive unfortunately.

Ideally I'd like to be able to have 2 or 3 OSes in separate partitions (XP1, XP2, Win7) and have the hidden OS in one of the XP partitions. I wonder if DCPP will allow me to boot into each of the partitions (whether encrypted or not), plus the Hidden OS.

There is some concern that DCPP is closed-source, but I can understand the company's reasons for this (to stop competitors stealing their code). They say the release the source to "selected customers after they placed a substantial order and signed a non-disclosure agreement", so perhaps they could provide it to selected security experts, who could then give it the seal of approval and provide a MD5 hash, which customers could then compare to the version they download. This would obviously have to be repeated each time the software was updated.

 

i don't think you ll be able to add 2-3 os in separate partitions because of bootauth

 

I don't see why bootauth couldn't handle booting from different partitions. Surely all it needs to do is ask the user which partition they want to boot from and if the partition isn't encrypted, it wouldn't need to ask for a password.