TrueCrypt strangeness! Evil Maid, Late Failure

Discussion in 'encryption problems' started by Mastuprili, Nov 19, 2015.

  1. Mastuprili

    Mastuprili Registered Member

    Joined:
    Nov 19, 2015
    Posts:
    3
    Hello. I've got a laptop here, which I have successfully used in the past with TrueCrypt 7.1a to create a Decoy OS and an Outer Volume containing a Hidden OS (Vista). It worked just fine.

    I didn't use it much, and had to re-purpose the laptop for another use. Now I've simply been trying to set it up how I had it before. I thought it would be easy, but I'm struggling.

    I tried with TrueCrypt 7.1a first, and had no success. I switched to VeraCrypt and am having exactly the same issue. I can get to the point where the Outer Volume is created, and the original OS is copied to the Hidden area successfully to form the Hidden OS. I can boot in to the Hidden OS with the hidden password just fine, however I get an "Evil Maid" warning saying the bootloader may have been modified. At this point I can still reboot and log back in to the Hidden OS on the second partition as many times as I like, and I can still access the original OS on the first partition too. So things are working fine at this point (except for this Evil Maid warning) - I only need to delete the original OS, re-install a fresh copy, and encrypt it, then I'm done. But there is a bigger problem to come, maybe related to this Evil Maid warning...

    When I let VeraCrypt wipe the original OS, and I reinstall the OS on the first partition, and then encrypt it to form the proper Decoy OS, as soon as that is done, I am no longer able to log in to the Hidden OS. My password to the hidden OS does pass verification, but it either gets stuck on "Booting...", or I get a huge error message, which ends by suggesting I should make a 100mb partition and put the bootloader files there, and a grub: prompt. I can still log in to the Decoy OS, only the Hidden OS becomes inaccessible.

    I have tried installing Windows 7 and Vista so many times, and it does the same for both OS's. I've tried with VeraCrypt and TrueCrypt, and made VeraCrypt and TrueCrypt Rescue CD's and used them to restore the bootloader, but it doesn't change anything. I just don't know where to go from here. I swear I'm following the instructions correctly.

    I don't know why I'm getting this Evil Maid warning. As far as I know there's nothing that should be modifying the bootloader, I am using clean OS install iso's with no added software. I haven't added any hardware to the laptop since it was last used successfully.

    If anyone has any ideas I'd be very grateful.
     
  2. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    Lets start super basic. Just checking here - you are not trying to "mix" 7 and Vista are you? Meaning the decoy and hidden are the same - either 7 or Vista. Correct?

    Have you tried mounting the hidden OS using the rescue disk? NOT restoring the bootloader to the hard drive using the rescue disk, but actually mounting the hidden OS from the removable disk/flash? Very easy to do. I am trying to help you determine if you are "hosing" your MBR when you write back the decoy. I just helped another member through this a month or two ago. There is a thread not too far down in this forum where his symptoms sound exactly like yours. On his end it ended up being he didn't know how to restore a decoy OS using encryption. He made the mistake of using a Windows Install disk, which almost always breaks the hidden OS header.

    How are you restoring the decoy OS? If you are using a windows Installer you likely found your cause. Please, consult that other thread and look for my steering within it.

    https://www.wilderssecurity.com/thr...cant-boot-after-decoy-os-installation.380394/

    Let us know.
     
  3. Mastuprili

    Mastuprili Registered Member

    Joined:
    Nov 19, 2015
    Posts:
    3
    Thank you for your reply. I saw it almost straight away but had to spend some time experimenting and understanding what was being said in that other thread as well as this one.

    I confirm I'm not trying to mix OS's. I'm trying to use either Vista for both the decoy and hidden OS, or 7 for decoy and hidden.

    When you ask if I have mounted the hidden OS from the rescue disk, does this mean simply trying to log in by entering the correct password after booting from the rescue disk? If so, then yes, and it's the same error all the time.

    I am indeed using a Windows CD to re-install the decoy. It's the only way I knew. I've spent several hours working out how to do a sector-by-sector clone. I cloned the second partition (hidden OS), and after I re-installed the decoy, I restored the second partition thinking that would undo the damage caused to it. This made no difference and the same error remained however I now realise I didn't do what you said. I should have cloned the first partition and restored that. I have done the wrong thing but I think I know what to do now, I will give it a go soon and let you know.

    Thanks for your help - I would never have even thought to do all these things without the info found on here.
     
  4. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    Thank you for reading through that other thread. It holds the answer for you. I have assisted with this "issue" well over a hundred times around the internet over the years.

    In reality learning to create great backups is a skill everyone should master. Encryption simply points out how important that skill is.
     
  5. Mastuprili

    Mastuprili Registered Member

    Joined:
    Nov 19, 2015
    Posts:
    3
    Resolved! Thank you very much. It was as you said. :)

    The false "Evil Maid" warning seems to have been unrelated to everything. A red herring. I've had it all working properly several times now, but during each installation, it always shows an Evil Maid warning at least once. I guess it's just a quirk in the software.
     
  6. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    Enjoy!
     
Loading...