Truecrypt modding ???

@sp1906207
Thanks for your perfect works!
I do not know if you compare "TrueCrypt 6.2a Source" with "ModCrypt6.2_src.rar" which given by DavidXanatos?

 

I'm not sure what the question is here...

I did look at DavidXanatos's mods, and I see that he did a much deeper modification (both in terms of adding more code to read variables from registry, and in terms of behavior changes). His mods are really cool, but it would take me too much time and effort to accurately merge them with new 6.3a source code. So, I just decided to take an easy route (chicken!), and make just enough changes for the single most demanded fix (for me, and probably most other people).

While DavidXanatos's mods easily qualify as a "project" in itself, mine (based on mantakrypt's idea) is just a simple change+recompile.

 

Dear sp1906207,Thanks for replying.I mean if you compare ModCrypt6.2a_src with the original TrueCrypt 6.2a Source, you may find a easy way to modify Truecrypt.
ie,ModCrypt6.2a_src is a good reference.
Sorry I am a layman about C++.
Thanks again!

 

As far as I can see, author commented each piece of code he changed with "David X." comment, so it's quite easy to find all such places (actaully running any text comparison program is easy too), even though there's so many of such changed pieces.

What is not so easy - is analysing each single changed line or block, to understand what effects such change may have on overall system behavior. And also analysing if every single one of those changes would still render the same result if moved as-is to 6.3a, which is not necessarily the case. And also testing properly (the more changes you made - the more testing you must do, before calling it a success).

As I said, instead of doing such time-consuming analysis of more complex and broad changes, I decided to perform much easier analysis and changes aimed at just 1 single element of behavior - read-only-ness.

 

In the TCOpenVolume() function I believe it sends an ioctl with a standard request id straight to the device to check if it's read only, and a user defined one so that TC can impose further restrictions on whether the volume should be read only if the system is hidden. I think this function is fine.

You're right about being able to mount the system volume twice, I actually noticed that before but forgot about it. It's a problem if you use auto-mount and you're mounting something else with the same password as the system. I didn't notice any problems doing that, though. It "shouldn't" be any different than making NTFS symbolic links. Of course the simple fix is "don't do it!"

Being able to write to the boot sector in a hidden system isn't a concern to me since the entire point of the mod was to allow writing to whatever you want, and also only a program with admin rights can do that anyway.

Yeah, I didn't notice the hibernate problem but I do my own partitioning so I don't have this problem.

Also, yeah, you need to install the driver after you've finished wiping the decoy partition.

 

Agree, agree, and agree.

Now the only thing I'd really dream about - is truecrypt being able to mount volumes directly to NTFS mount points (folders), instead of only drive letters (I know I can add mount point and remove the letter later, but that's a hassle).

Now, I'm sure that will not be as easy as the read-only fix.

 

Maybe a bit late reaction, but the modded 6.3a version is working perfectly!!!

Thanks sp1906207!!

 

Is that with all the comments above taken into account?

If so fancy posting it?

 

Sorry, posting what exactly?

Link (sendspace) to the recompiled drivers is in the last message on the previous page (page #2). And those drivers were recompiled with all that's being discussed above taken into account already.

And be sure to read all the comments regarding using x64 version (and recovering from possible associated boot problems). In general, running those x64 modded drivers is not for faint-hearted, it does take some effort, knowledge and persistence to get everything working consistently (due to test-signing limitations, mostly).

 

Also, while I'm at it... Would anybody be interested in couple of additional scripts?

1) get the list of currently available HDD devices, with volume names and serial numbers, which are not yet TC-mounted (e.g. to automate mounting, based on serial numbers; this would be .vbs using WMI); devices would be listed as "\\.\PHYSICALDRIVEx", or as "\Device\HarddiskX\Partition0";

2) get the list of already TC-mounted volumes, with physical volume names and mounted drive letters (to automate dismounting, based on drive letters; this would be binary compiled from C, using IOCTL calls to TC driver); volume names would be listed as "\Device\HarddiskX\PartitionY", and generally this would provide the same info as TC's main GUI (only in a command-line form usable for scripting / automation);

If interested - let me know, with nice-to-have requirements. I'm doing this for myself anyway, so might as well make something a bit universal, for others to enjoy.

 

Here is my patch to TrueCrypt 6.3a:
TrueCrypt_6.3a_patched.zip(source code and installer)
It adds:
- mounting non-encrypted volumes in R/W mode within Hidden OS
- ability to create standard encrypted volumes under Hidden OS(default - only hidden are permitted)
- ability to skip Rescue Disk check while encrypting system partition
- ability to skip wiping of initial OS after installation of Hidden OS

 

i am get interested in it
please upload the script
thanks for sharing!

 

After they take your hard drive they will make a copy of all partitions encrypted or not. Depending on the investigation they are very likely to use a hardware keylogger for any passwords. They most likely will ask you for the password, and if compliance is not gained they will obtain the password from the keylogger log. They will look at the keylogger log regardless for possible hidden partitions if they know what they are doing.

 

i've got hidden os with TC 7.
I want to use "Read_ONly Removing Patch" can somebody upload it for this version?

It is safe to downgrade TC version if im using hidden os?

 

Going back to 6.3a if it was made with 6.3a should be safe. If the install was made using 7, I'd suggest its only safe if the headers are unchanged between the two versions. It's possible it won't work at all though as the header does have the version number in it.

 

The link http://www.filehosting.org/file/details/124180/TrueCrypt_6.3a_patched.zip does not work amymore.

please provide a copy of TrueCrypt_6.3a_patched.zip if you possess it.

 

I'm going to create a new modified TC version, but this time I would like to add a different feature.

I want to make the Bootloader be oparable with only Arow keys + enter/esc cause my viliv s5 UMPC only has this keys, and the soft keyboard is not available at boot time as its a windows app

I would be happy about some assistance as coding bootlaoders is new to me as well as I don't have any real experience with assembler.

EDIT: ok that was easy....

here the code:

Code:

static byte AskPassword (Password &password)
{
	size_t pos = 0;
	byte scanCode;
	byte asciiCode;

#define TC_BIOS_KEY_RIGHT	77
#define TC_BIOS_KEY_LEFT	75
#define TC_BIOS_KEY_UP		72
#define TC_BIOS_KEY_DOWN	80
	byte asciiCodeEnum = 0; // c >= ' ' && c <= '~';

	Print ("Enter password");
	Print (PreventNormalSystemBoot ? " for hidden system:\r\n" : ": ");

	while (true)
	{
		asciiCode = GetKeyboardChar (&scanCode);

		switch (scanCode)
		{
		case TC_BIOS_KEY_ENTER:
			ClearBiosKeystrokeBuffer();
			PrintEndl();

			password.Length = pos;
			return scanCode;

		case TC_BIOS_KEY_LEFT:
		case TC_BIOS_KEY_BACKSPACE:
			if (pos > 0)
			{
				if (pos < MAX_PASSWORD)
					PrintBackspace();
				else
					PrintCharAtCursor (' ');

				--pos;
			}
			continue;

		case TC_BIOS_KEY_RIGHT:
			if(asciiCodeEnum == 0)
				continue;
			asciiCode = asciiCodeEnum;
			break;

		case TC_BIOS_KEY_UP:
		case TC_BIOS_KEY_DOWN:
			if(asciiCodeEnum == 0)
			{
				asciiCodeEnum = 'a';
			}
			else
			{
				byte asciiCodeNew = (scanCode == TC_BIOS_KEY_UP) ? asciiCodeEnum-1 : asciiCodeEnum+1;
				if(!IsPrintable (asciiCodeNew))
					continue;
				asciiCodeEnum = asciiCodeNew;
			}
			PrintCharAtCursor (asciiCodeEnum);
			continue;


		default:
			if (scanCode == TC_BIOS_KEY_ESC || IsMenuKey (scanCode))
			{
				burn (password.Text, sizeof (password.Text));
				ClearBiosKeystrokeBuffer();

				PrintEndl();
				return scanCode;
			}
		}

		if (!IsPrintable (asciiCode) || pos == MAX_PASSWORD)
		{
			Beep();
			continue;
		}

		password.Text[pos++] = asciiCode;
		if (pos < MAX_PASSWORD)
			PrintChar ('*');
		else
			PrintCharAtCursor ('*');
	}
}

 

It is good news !

 

Here is the complete "TrueCrypt Format.exe" that will install abootloader with the modification when used to setup the encryption: http://rapidshare.com/files/421375408/TrueCrypt_Format.exe

 

That would really suck if the owner accidentally entered the wrong password lol

 

I understand why people frequently request a self destruct function but what I don't understand is why drivecrypt or anyone else would actually implement it. This is fake security!
You can't stop someone from making a copy of the hard disk before the self destruct executes. At least not with software.

 

thanks very much!!!
It is great!
if you update the new version truecrypt 7.0a with the feature:"Option to dissable Write protection in a hiddenOS"?

 

Hi guys,

anyone still alive? I was wondering, is anyone looking at modding the new truecrypt 7 with the option to read/write to usb (and network) from a hidden system disk? Would be great, I love the new features of Truecrypt!

Hopefully some of you guys still live

Regards,

Themuzz

 

Hi DavidXanatos,

What's your latest stable modded release?

 

Would be great if someone could mod the new 7 version, I don't have the knowledge for it