Safe to repair windows MBR on truecrypt system volume?

Discussion in 'privacy technology' started by wilder7500, Jan 28, 2014.

Thread Status:
Not open for further replies.
  1. wilder7500

    wilder7500 Registered Member

    Joined:
    Dec 30, 2013
    Posts:
    58
    Location:
    USA
    Thought I'd ask here before I start messing with it.

    My system won't boot. For some reason I'm getting MBR error 1 2 and 3 when I try to boot into windows 7. I can boot into windows fine if I do it from my truecrypt rescue disk.

    Unfotunately I can't find my windows cd. Any ideas how I can repair the MBR?
     
  2. woodsy7909

    woodsy7909 Registered Member

    Joined:
    Jan 28, 2014
    Posts:
    4
    Location:
    United States
    I am no TrueCrypt guru, but I would read the steps here and follow it closely

    http://www.truecrypt.org/docs/rescue-disk

    It explains how to fix your MBR problems properly. This should work. As with everything else, YMMV.
     
  3. wilder7500

    wilder7500 Registered Member

    Joined:
    Dec 30, 2013
    Posts:
    58
    Location:
    USA
    Does truecrypt replace the MBR with the TrueCrypt Boot Loader when creating an encrypted system volume or do they live side by side?


    From the page:
    Your TrueCrypt Rescue Disk contains a backup of the original content of the first drive track (made before the TrueCrypt Boot Loader was written to it) and allows you to restore it if necessary. The first track of a boot drive typically contains a system loader or boot manager. In the Rescue Disk screen, select Repair Options > Restore original system loader.

    Sounds like this is the thing to try, but I'm not sure. I have gotten a bit paranoid around trucrypt data. Anyone know for sure if it's safe to do this?
     
  4. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Is all your data unencrypted? The only problem is that Windows won't boot off it's own boot loader?

    If so, hitting F8 and choosing to restore the original boot loader shouldn't be a problem. TC will ask if you decrypted your system drive, before allowing it. I guess to be extra safe, you can pop that system drive into a USB dock and make sure you can get at everything on another computer. If so, it is definitely decrypted and all you have is a wonky bootloader problem.

    In addition to the rescue disk (and since you say you don't have any windows media) I think you can find Windows Recovery tools online. You can boot that and try to do an auto recovery, or boot to the DOS prompt and type bootrec.exe /fixmbr ...and maybe bootrec.exe /fixboot.

    YMMV, backup, backup, backup
     
  5. wilder7500

    wilder7500 Registered Member

    Joined:
    Dec 30, 2013
    Posts:
    58
    Location:
    USA
    The whole drive including windows is encrypted with truetrypt. I can startup windows fine with the truecrypt rescue disk. Are you saying I should run bootrec.exe /fixmbr and bootrec.exe /fixboot from inside windows? Should I use the repair option on the truecrypt rescue disk?
     
  6. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    NO, NO, NO!

    If you are encrypted still, do not mess with anything "Windows" and "bootloader" related.

    I thought you decrypted or wiped and re-installed without first removing the TC bootloader, and were just having problems booting a "clear" system.

    I have no idea why you can boot off the rescue disc but not the hard drive - sounds like the TC bootloader on the disc got buggered somehow.

    Personally, I would decrypt and start over. Or I'd wait for (and my this guy must be over-worked :D ) dantz to chime in. Or head to the TC forums.

    On a perfectly working system (yours isn't it appears) I have swapped in/out Windows and TC bootloaders and TC headers, just to see what it will do. Nothing bad happened, but I'm not going to tell you to do anything, as I wouldn't want to be the cause of you losing data.

    If you have a spare drive of equal or greater size, you can do a sector by sector image to it, and play around with *that* if you want...I guess.
     
  7. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    If you can easily mount your system disk using the rescue CD then your hard disk TC bootloader got damaged. The damage is likely something as simple as a windows update got it. Happens all the time, and especially on 7 systems where the boot files are outside of the system disk in a "hidden partition".

    You would be safe to restore the TC bootloader from the rescue disk to the hard drive. Even if you restored the MBR from the rescue disk, which would be a mistake, you can reverse the process by simply writing the bootloader back from the rescue disk. Couldn't be easier.

    The MBR and the TC bootloader take up the same space. When and if you decrypt your system disk you would then write the original MBR back to the drive and use 7 "normally". My perpetual "preach" is for 7 users to move the boot files inside the system disk and avoid all these issues.
     
  8. wilder7500

    wilder7500 Registered Member

    Joined:
    Dec 30, 2013
    Posts:
    58
    Location:
    USA
    Thanks Palancar, that answers a lot of questions. Here is what I'm planning to do step by step. Let me know if it's ok.

    1. Using Acronis True Image 2013 I'll create an image of the windows partition and the System (I think that's what it's called in Acronis) partition. Will I be able to restore this, now that it's encrypted with Truecrypt, in case something goes wrong?

    2. Start the computer using the Truecrypt rescue disk. Choose F8 "Repair Options". Choose second menu entry "Restore Truecrypt Boot Loader"

    3. I want to follow your advise and move the boot files inside the system disk. Could you explain how to do that with Truecrypt installed on the sysytem?
     
  9. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    You can try this:

    -http://www.terabyteunlimited.com/kb/article.php?id=409-

    But unless you absolutely can't start "fresh", I'd just...start over, partition the drive with bootable Mini-Tool Partition Wizard CD, align them (if SSD) and re-install Windows.

    Palancar is right, that 100MB "System Partition" causes more problems than it is worth.
     
  10. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    I used Acronis for years. I like your approach. By making an Acronis backup image of the system disk you will easily be able to write the image back to the system disk partition. If you go that route and restore the Acronis image you will have a perfectly functioning but UNENCRYPTED OS. That only means that you'll need to launch TC and encrypt the system disk again. A few hours and its done. The big plus for this is you only backup the used space and not every sector of the partition. This is fine while running a normal TC OS. For a Hidden OS I would recommend using sector by sector since you cannot restore a "live" backup directly inside an outer volume. Macrium Pro performs flawlessly with TC and sector by sector to the second/third/etc... partitions. By cloning every sector (exactly) you image the outer volume and the hidden OS at the same time. Slick. I have done it both ways without any hitches. Restores take maybe a half hour.

    Regarding moving the boot files I would read the link provided in the post(s) above. I have done it many different ways. I know it looks scary but its easy to do really. As long as you make Acronis backups the worst that can happen is a few lost hours, but even then the stuff you learn is rewarding.


    If you decide to move the boot files you will need to remove the TC encryption. It would be faster to restore the system disk using Acronis, which would make it unencrypted, than it would be to decrypt using the rescue disk. NOTE: If you encrypted OTHER partitions outside of the system disk at the same time (full disk not system disk encryption) than you MUST decrypt first or you will lose the data in those other places. As a rule, I strongly suggest that you never encrypt beyond the system disk in one step. Its much better to encrypt those places later. Another thread's thoughts......
     
    Last edited: Jan 31, 2014
  11. wilder7500

    wilder7500 Registered Member

    Joined:
    Dec 30, 2013
    Posts:
    58
    Location:
    USA
    Palancar and PaulyDefran thanks for your answers. I will probably buy a new HD, image everthing over, and then experiment on that drive first.

    Palancar, I've been a bit frustrated with Acronis, do you feel Macrium Pro works better? What do you think about Paragon?

    On my laptop I have one HD with three partitions. I encrypted the whole disk in one go. You are saying it's better to encrypt one partition at a time, and then add the two non system partitions to favorites so they mount automatically at startup?
     
Loading...
Thread Status:
Not open for further replies.