Truecrypt modding ???

Discussion in 'privacy technology' started by DavidXanatos, Mar 27, 2009.

Thread Status:
Not open for further replies.
  1. DavidXanatos

    DavidXanatos Registered Member

    Joined:
    Sep 6, 2006
    Posts:
    112
    Location:
    Viena
    Hi,
    Is there some project that would resemble a truecrypt mod?

    Or are there some people here wanting to start such project?

    There are quite some things that are missing and it seams the official devs wont implement it, stuff like listed here: https://www.wilderssecurity.com/showthread.php?t=224241

    I'm an experienced c++ hobby programmer, but not very familiar with drivers and such, I managed to mod the TC driver to remove the write protection for normal drives when using the hidden OS, as well as get the persistent/system volumes back for TCtemp/TCGina, http://www.eselfarm.info/ModCrypt/
    but for example with this: http://forums.truecrypt.org/viewtopic.php?t=15399 I stuck and no luck in any direction :/

    Things I think are needed are:
    1. Smaller decoy larger hidden OS
    2. implace HDD encryption for XP
    3. inplace reencryption with an other headre key
    4. VSS support for nonsystem drives
    5. native support for rescue USB stick instead of a CD/DVD
    6. if feasable keyfiles form USB/floppy
    7. soft reboot capability without entering the PW (storred in ram or HDD or usb/floppy and after use erased)
    8. option to dissable the write protection in the hidden OS for unhidden/unencrypted drives
    9. mounting TC volumes as into empty NTFS folders without the need to 1st mount them with a drive letter

    As of now I only got 8 to run...

    I believe it could be a very usefully project and make many people happy.
    Is there some one willing to help me with this?

    David X.
     
  2. DavidXanatos

    DavidXanatos Registered Member

    Joined:
    Sep 6, 2006
    Posts:
    112
    Location:
    Viena
    No one interested?
     
  3. mjau

    mjau Registered Member

    Joined:
    Jan 11, 2009
    Posts:
    30
    I would like to see a mod that does what drivecrypt does, if a wrong password is enterd at the bootloader it will destroy the drive so no one can read anything of it.

    This is good because, if your computer get seized for some reason and if the investigator enter the wrong password without asking you it will destroy the evidence and it will not be your fault, but if you give the wrong password then you will be charge for destroying evidence.

    All you really have to do is, put papper on or near the computer where it says password and just make up something, then the investigator will enter this password and you cannot be charge of anything.
     
  4. DavidXanatos

    DavidXanatos Registered Member

    Joined:
    Sep 6, 2006
    Posts:
    112
    Location:
    Viena
    Well unless he is borderline incompetent he will do a offline backup sector by sector of you encrypted HDD and this feature will have exactly none effect.
     
  5. Themuzz

    Themuzz Registered Member

    Joined:
    May 29, 2009
    Posts:
    23
    A truecrypt mode, one of the better ideas!

    At the moment i'm looking for something like modcrypt, but only for the newest version, 6.2.

    Perhaps you can build the truecrypt source, I'm not in a position to that at the moment.

    The only thing that need to be removed is inside Driver/VolumeFilter.c on line 146 and 147.

    I'm very thankfull if you could upload the build program.

    Greeting Themuzz
     
  6. box750

    box750 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    260
    Yes but it will take the investigator extra time, and time is money, the more costly you make an investigation the more likely you are that they may give up on you and move onto something else, depending on priorities.

    Regarding the modded TC version, I would love to see a version that when prompted to burn a recovery CD has a checkbox with the word NO.
     
  7. DavidXanatos

    DavidXanatos Registered Member

    Joined:
    Sep 6, 2006
    Posts:
    112
    Location:
    Viena
    http://rapidshare.com/files/241111209/ModCrypt6.2_src.rar
    Obtion to dissable Write protection in a hiddenOS
    batchfile to start tc format without recoveryiso check
    TCtemp & TCgina adapted to the new TC version

    PS: I'd be really happy if there would be someone out there to help me with the remaining points :)
     
    Last edited: Jun 5, 2009
  8. Themuzz

    Themuzz Registered Member

    Joined:
    May 29, 2009
    Posts:
    23
    Your my hero!

    I would love to help but I'm only good at programming php, mysql and javascript...

    Let me know if you need any help for stuff not about c.

    About the mode: Could you help me how to use it? I have truecrypt (original version) installed and am inside the hidden os. How can i enable the external writing option?? (If I need to build the code, could you to that? I can't...)

    Thanx!!!

    Kind regards,

    Themuzz

    Edit:
    I found the files Release\Setup Files
    But TrueCrypt Setup.exe does not work..
    I thought I had to use the new sys file, but how??
     
    Last edited: Jun 8, 2009
  9. DavidXanatos

    DavidXanatos Registered Member

    Joined:
    Sep 6, 2006
    Posts:
    112
    Location:
    Viena
    Just put the new sys file in your C:\windows\system32\drivers directory overwriting the old one.
    And apply the EnableWriting.reg and reboot.
    WARNING: if oyu are using windows XP 64 or vista 64 I dont know if this wil success cause my driver is unsigned and windows may reject it and not boot!
    i havn't tested it since i'm still using win xp/server 32bit with PAE on my machines.
     
  10. Themuzz

    Themuzz Registered Member

    Joined:
    May 29, 2009
    Posts:
    23
    Thanx! I also don't have 64, so I can't test it.

    About the registry settings, the dword value is 00000015, but it says that one should apply 1,2,4 or 8. How about that? What si the default value 00000015?
     
  11. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Except it's not "extra time." There's not a single forensics analyst that does not first image the drive. It's all about the evidence chain. They then have an image they can use to enter a password as many times as they want defeating any such "destruction" process. The only way this doesn't work is when you're using hardware encryption where the encrypting/decrypting takes place on the chip on the drive and not with software. In those cases, a self-destruct feature can be very effective and that's why most hardware encryption products have that very feature. But that would be a no-go and a waste of time for TrueCrypt to include such a feature.
     
  12. DavidXanatos

    DavidXanatos Registered Member

    Joined:
    Sep 6, 2006
    Posts:
    112
    Location:
    Viena
    you can enter 1,2,4,8 or any combination of this 4
    1= 0001
    2= 0010
    4= 0100
    8= 1000
    15= 1111
     
  13. Themuzz

    Themuzz Registered Member

    Joined:
    May 29, 2009
    Posts:
    23
    Hmm, Actually, the write protection is still on

    I've renamed the olde truecrypt.sys to truecrypt.sys.bak and put the new one in place.

    After that I've added the registry and then I rebooted. Still write protection on.
    And also the auto-mount feuture does not work.

    Please help :)
     
  14. DavidXanatos

    DavidXanatos Registered Member

    Joined:
    Sep 6, 2006
    Posts:
    112
    Location:
    Viena
    you have to replace the truecrypt.sys inside c:/windows/system32/drivers/...
    replacing it in the TC APP directory wont do the trick.
     
  15. Themuzz

    Themuzz Registered Member

    Joined:
    May 29, 2009
    Posts:
    23
    Yep I did, but still not working after a reboot with the registry settings added. And I'm just using the 6.2 version (and not the new 6.2a).

    Is it fully function with you?
     
  16. DavidXanatos

    DavidXanatos Registered Member

    Joined:
    Sep 6, 2006
    Posts:
    112
    Location:
    Viena
    yes it works fine on my test system
     
  17. Themuzz

    Themuzz Registered Member

    Joined:
    May 29, 2009
    Posts:
    23
    I don't get it, it's still not working with me. Tried today allday.

    Did you also make it work with 6.2a?

    Perhaps it does not read the registry settings?? I just don't get it... Please help :)

    And of course thanks for all the hard work. It's weird not more people use this...
     
  18. Themuzz

    Themuzz Registered Member

    Joined:
    May 29, 2009
    Posts:
    23
    If I search all the source for the name of the registry key PseudoHiddenOS if only found this line:

    #define TC_ALLOW_WRITE_REG_VALUE_NAME DRIVER_STR("PseudoHiddenOS")

    It's commented out? So does it even read the registry? Or maybe I'm just on the wrong pad :)
     
  19. estra

    estra Registered Member

    Joined:
    Nov 19, 2008
    Posts:
    53
    Found this TrueCrpyt mod - HaDES HardDisk Encryption System.

    According to description, this is essentially the same thing as TrueCrypt but with multi-user functionality.
     
  20. Themuzz

    Themuzz Registered Member

    Joined:
    May 29, 2009
    Posts:
    23
    Does HaDES disable the read-only mode??

    It just sucks, cause I want to install truecrypt on two systems but I can't use the hidden OS if I can't write to usb without an truecrypt container. And yes, I am aware of the possible leakage but I can handle that.

    DavidXanatos, if it's not that much work, could you upload a modded version of 6.2a with the read-only mode removed? You would really save my day :)
    But if it's to much work then don't do it because I have the feeling not much other people are using it.
     
  21. DavidXanatos

    DavidXanatos Registered Member

    Joined:
    Sep 6, 2006
    Posts:
    112
    Location:
    Viena
    #define is a preprozesor definition not a comment a comment would start with //
    or be inside of /**/
    I'll try ti find some time and make a 6.2a based ans tested version in a week or so
     
  22. Themuzz

    Themuzz Registered Member

    Joined:
    May 29, 2009
    Posts:
    23
    Dude, your my hero! (again :) )

    But to make sure I got the same install of everything, would you then als upload the setup of the truecrypt version you used to try it on?

    And about the read-only mode, I don't really care about the possibility to use the registry settings, I'm just very happy if the read-only mode is removed so I can write to usb inside the hidden os.
    But I don't know what other people think about this.

    Thanks again man! I'm going to look at this page three times everyday from now :D
     
  23. DavidXanatos

    DavidXanatos Registered Member

    Joined:
    Sep 6, 2006
    Posts:
    112
    Location:
    Viena
    Here is a new version : http://rapidshare.com/files/262104996/ModCrypt6.2a_src.zip
    its tested on a 32 bit system and it works, when the EnableWriting.reg is applyed the read only protection is successfuly removed and the TC gui should think that its a normaly encrypted OS not a hidden one.

    btw: when you install the decoy OS i think its recomended to install the normal TC release there so the no one will ask you why doy ou have a feature for hidden OS while you clame you don't have a hidden one ;)
     
  24. Themuzz

    Themuzz Registered Member

    Joined:
    May 29, 2009
    Posts:
    23
    Going to test it right now :) Thanx man!

    I'll post back within an hour:D
     
  25. Themuzz

    Themuzz Registered Member

    Joined:
    May 29, 2009
    Posts:
    23
    You saved my day, it's working perfectly!

    I hope others can enjoy this modded release as much as I did :D

    Thanx again!
     
Loading...
Thread Status:
Not open for further replies.