Truecrypt, volume headers....help!

Ok firstly i apologise as i realise this might not be the best place to ask this kind of question, i have asked on the official truecrypt forums and not had a reply for a week, ok now to my problem.

I have a USB 8g corsair stick and rather than use a container i chose the option "create a volume within a non-sys partition" so the entire USB stick was a volume rather than the container in Truecrypt Version 5.1. I also chose the option for a hidden volume in this.

Now everything was fine for a few month until about a week ago when i tried to access the stick and it gave the error "Incorrect password or not a TrueCrypt volume" i have tried different PC's to access the drive on to make sure my keyboard language wasnt accidently changed, i checked my password and i am 100% sure its right. So this led me to another question, could it be the volume header. What is strange is that my Non-Hidden password works but not my Hidden password does not. So I started to read into this a lot and discovered quite a few people with the same problem as me but they had knowledgeable people to look at the volume header and spot any errors/chance of recovery, this is where i fall down. I dont really know what i am looking for.

Next what i did was make a backup of the "corrupted" header to open it up in a hex editor, this is what i got:

Code:

Offset      0  1  2  3  4  5  6  7   8  9  A  B  C  D  E  F

00000000   51 33 EC 93 FB 62 16 AC  6E 10 C0 FA A4 FD 78 40   Q3ì“ûb.¬n.Àú¤ýx@
00000010   4C B1 44 31 35 4B D1 D1  71 F9 9A DE D8 95 8F 31   L±D15KÑÑqùšÞØ•1
00000020   20 F9 83 1B 76 3F EA 63  A8 B4 05 77 F2 F1 D8 3E    ùƒ.v?êc¨´.wòñØ>
00000030   67 CB 50 63 ED D5 A2 F9  4F 27 03 97 A5 93 C7 69   gËPcíÕ¢ùO'.—¥“Çi
00000040   39 E7 78 27 F9 C0 AC 21  5F AB 1C 4D 46 55 BE 41   9çx'ùÀ¬!_«.MFU¾A
00000050   CD 2A CE 8A 98 EE 13 EE  D9 0B 41 99 5E A5 11 7F   Í*Ί˜î.îÙ.A™^¥.
00000060   05 11 2D 11 8E 3B ED 51  65 9A AD 06 BD 5C FE 53   ..-.Ž;íQeš*.½\þS
00000070   22 87 D2 C1 BD 21 AA 1E  FD FB BB 0B 72 CC 27 26   "‡ÒÁ½!ª.ýû».rÌ'&
00000080   9D 88 C3 37 1E 05 A6 24  46 B7 69 CE 1A B1 5B 4A   ˆÃ7..¦$F·iÎ.±[J
00000090   85 85 31 F6 E0 E1 86 15  54 06 07 64 B4 07 85 C2   ……1öàá†.T..d´.…Â
000000A0   C7 CE 75 9D 66 80 2B D8  72 CD 93 ED 61 67 8C EF   ÇÎuf€+ØrÍ“íagŒï
000000B0   97 D0 A3 82 D8 70 F7 5C  72 26 40 73 44 7B 01 30   —У‚Øp÷\r&@sD{.0
000000C0   DE DD 6E FB 2D 5E 2C 9C  D2 66 73 5D A1 9E A2 98   ÞÝnû-^,œÒfs]¡ž¢˜
000000D0   1E 8E FC 7D AA CC F3 D0  B7 ED E3 4E 95 1D 05 12   .Žü}ªÌóзíãN•...
000000E0   AE 50 82 AA E1 CE 32 A3  E1 98 CD 44 A1 42 D2 36   ®P‚ªáÎ2£á˜ÍD¡BÒ6
000000F0   6E D7 67 A0 31 F1 27 4A  1A B4 43 D2 2E 59 7D 0D   n×g 1ñ'J.´CÒ.Y}.
00000100   7E 09 2D 9E 01 8F 2D F9  BF 18 50 79 AD D9 FE 62   ~.-ž.-ù¿.Py*Ùþb
00000110   EC 97 17 D6 A2 0F F8 47  CF 4E CC 72 5F 98 BD 2C   ì—.Ö¢.øGÏNÌr_˜½,
00000120   23 10 D0 E6 4A 35 D7 2A  5F 91 01 82 20 94 77 29   #.ÐæJ5×*_‘.‚ ”w)
00000130   DD 20 85 5C B0 9C CA 4B  2E 95 FB 98 A4 AC 64 22   Ý …\°œÊK.•û˜¤¬d"
00000140   97 49 07 5C 6F 45 A6 2A  E9 F9 C8 99 53 23 3D B3   —I.\oE¦*éùÈ™S#=³
00000150   55 44 8D 01 21 8C 9D A6  76 2A 35 47 A8 35 54 99   UD.!Œ¦v*5G¨5T™
00000160   8D BB 29 52 A3 53 25 36  69 0B D8 A1 BB BE A2 ED   »)R£S%6i.Ø¡»¾¢í
00000170   EF FF D0 3D 74 D8 26 11  F3 9D ED D0 9B 9F C0 F5   ïÿÐ=tØ&.óíЛŸÀõ
00000180   2F 59 8D 5C B4 17 9C 73  21 18 F3 3C 52 AE A1 D7   /Y\´.œs!.ó<R®¡×
00000190   89 C2 50 A9 33 19 AC EE  41 31 58 36 05 D5 3B 3D   ‰ÂP©3.¬îA1X6.Õ;=
000001A0   CD CA FF 28 EF BB 2D C9  F0 ED E9 84 31 37 87 06   ÍÊÿ(ï»-Éðíé„17‡.
000001B0   D3 AA A3 8D 89 EE AA 21  47 20 97 CA 39 67 B3 06   Óª£‰îª!G —Ê9g³.
000001C0   E9 F2 88 02 C2 03 07 C6  36 B9 61 F6 EE EF 51 D7   éòˆ.Â..Æ6¹aöîïQ×
000001D0   89 97 64 10 5C 04 E7 C7  BB 06 14 CC 6E 79 8C DE   ‰—d.\.çÇ»..ÌnyŒÞ
000001E0   AF 87 01 C6 28 E3 1D 04  EB E9 17 CB 04 D8 EC 18   ¯‡.Æ(ã..ëé.Ë.Øì.
000001F0   68 A4 A0 7A 4A 52 0B 6E  29 DA FC C2 61 82 28 6C   h¤ zJR.n)ÚüÂa‚(l
00000200   80 00 80 00 80 00 80 00  80 00 80 00 80 00 80 00   €.€.€.€.€.€.€.€.
00000210   80 00 80 00 80 00 80 00  80 00 80 00 80 00 80 00   €.€.€.€.€.€.€.€.
00000220   80 00 80 00 80 00 80 00  80 00 80 00 80 00 80 00   €.€.€.€.€.€.€.€.
00000230   80 00 80 00 80 00 80 00  80 00 80 00 80 00 80 00   €.€.€.€.€.€.€.€.
00000240   80 00 80 00 80 00 80 00  80 00 80 00 80 00 80 00   €.€.€.€.€.€.€.€.
00000250   80 00 80 00 80 00 80 00  80 00 80 00 80 00 80 00   €.€.€.€.€.€.€.€.
00000260   80 00 80 00 80 00 80 00  80 00 80 00 80 00 80 00   €.€.€.€.€.€.€.€.
00000270   80 00 80 00 80 00 80 00  80 00 80 00 80 00 80 00   €.€.€.€.€.€.€.€.
00000280   80 00 80 00 80 00 80 00  80 00 80 00 80 00 80 00   €.€.€.€.€.€.€.€.
00000290   80 00 80 00 80 00 80 00  80 00 80 00 80 00 80 00   €.€.€.€.€.€.€.€.
000002A0   80 00 80 00 80 00 80 00  80 00 80 00 80 00 80 00   €.€.€.€.€.€.€.€.
000002B0   80 00 80 00 80 00 80 00  80 00 80 00 80 00 80 00   €.€.€.€.€.€.€.€.
000002C0   80 00 80 00 80 00 80 00  80 00 80 00 80 00 80 00   €.€.€.€.€.€.€.€.
000002D0   80 00 80 00 80 00 80 00  80 00 80 00 80 00 80 00   €.€.€.€.€.€.€.€.
000002E0   80 00 80 00 80 00 80 00  80 00 80 00 80 00 80 00   €.€.€.€.€.€.€.€.
000002F0   80 00 80 00 80 00 80 00  80 00 80 00 80 00 80 00   €.€.€.€.€.€.€.€.
00000300   80 00 80 00 80 00 80 00  80 00 80 00 80 00 80 00   €.€.€.€.€.€.€.€.
00000310   80 00 80 00 80 00 80 00  80 00 80 00 80 00 80 00   €.€.€.€.€.€.€.€.
00000320   80 00 80 00 80 00 80 00  80 00 80 00 80 00 80 00   €.€.€.€.€.€.€.€.
00000330   80 00 80 00 80 00 80 00  80 00 80 00 80 00 80 00   €.€.€.€.€.€.€.€.
00000340   80 00 80 00 80 00 80 00  80 00 80 00 80 00 80 00   €.€.€.€.€.€.€.€.
00000350   80 00 80 00 80 00 80 00  80 00 80 00 80 00 80 00   €.€.€.€.€.€.€.€.
00000360   80 00 80 00 80 00 80 00  80 00 80 00 80 00 80 00   €.€.€.€.€.€.€.€.
00000370   80 00 80 00 80 00 80 00  80 00 80 00 80 00 80 00   €.€.€.€.€.€.€.€.
00000380   80 00 80 00 80 00 80 00  80 00 80 00 80 00 80 00   €.€.€.€.€.€.€.€.
00000390   80 00 80 00 80 00 80 00  80 00 80 00 80 00 80 00   €.€.€.€.€.€.€.€.
000003A0   80 00 80 00 80 00 80 00  80 00 80 00 80 00 80 00   €.€.€.€.€.€.€.€.
000003B0   80 00 80 00 80 00 80 00  80 00 80 00 80 00 80 00   €.€.€.€.€.€.€.€.
000003C0   80 00 80 00 80 00 80 00  80 00 80 00 80 00 80 00   €.€.€.€.€.€.€.€.
000003D0   80 00 80 00 80 00 80 00  80 00 80 00 80 00 80 00   €.€.€.€.€.€.€.€.
000003E0   80 00 80 00 80 00 80 00  80 00 80 00 80 00 80 00   €.€.€.€.€.€.€.€.
000003F0   80 00 80 00 80 00 80 00  80 00 80 00 80 00 80 00   €.€.€.€.€.€.€.€.

Can someone take a look at that and give their opinion? I also made a image of the whole USB stick and when i opened that in a hex editor it gave a different MBR so to speak. Im not sure which i am supposed to be looking at?

Code:

Offset      0  1  2  3  4  5  6  7   8  9  A  B  C  D  E  F

00000000   33 C0 8E D0 BC 00 7C FB  50 07 50 1F FC BE 1B 7C   3ÀŽÐ¼.|ûP.P.ü¾.|
00000010   BF 1B 06 50 57 B9 E5 01  F3 A4 CB BD BE 07 B1 04   ¿..PW¹å.ó¤Ë½¾.±.
00000020   38 6E 00 7C 09 75 13 83  C5 10 E2 F4 CD 18 8B F5   8n.|.u.ƒÅ.âôÍ.‹õ
00000030   83 C6 10 49 74 19 38 2C  74 F6 A0 B5 07 B4 07 8B   ƒÆ.It.8,tö*µ.´.‹
00000040   F0 AC 3C 00 74 FC BB 07  00 B4 0E CD 10 EB F2 88   ð¬<.tü»..´.Í.ëòˆ
00000050   4E 10 E8 46 00 73 2A FE  46 10 80 7E 04 0B 74 0B   N.èF.s*þF.€~..t.
00000060   80 7E 04 0C 74 05 A0 B6  07 75 D2 80 46 02 06 83   €~..t.*¶.uÒ€F..ƒ
00000070   46 08 06 83 56 0A 00 E8  21 00 73 05 A0 B6 07 EB   F..ƒV..è!.s.*¶.ë
00000080   BC 81 3E FE 7D 55 AA 74  0B 80 7E 10 00 74 C8 A0   ¼>þ}Uªt.€~..tÈ*
00000090   B7 07 EB A9 8B FC 1E 57  8B F5 CB BF 05 00 8A 56   ·.ë©‹ü.W‹õË¿..ŠV
000000A0   00 B4 08 CD 13 72 23 8A  C1 24 3F 98 8A DE 8A FC   .´.Í.r#ŠÁ$?˜ŠÞŠü
000000B0   43 F7 E3 8B D1 86 D6 B1  06 D2 EE 42 F7 E2 39 56   C÷ã‹Ñ†Ö±.ÒîB÷â9V
000000C0   0A 77 23 72 05 39 46 08  73 1C EB 1A 90 BB 00 7C   .w#r.9F.s.ë.».|
000000D0   8B 4E 02 8B 56 00 CD 13  73 51 4F 74 4E 32 E4 8A   ‹N.‹V.Í.sQOtN2äŠ
000000E0   56 00 CD 13 EB E4 8A 56  00 60 BB AA 55 B4 41 CD   V.Í.ëäŠV.`»ªU´AÍ
000000F0   13 72 36 81 FB 55 AA 75  30 F6 C1 01 74 2B 61 60   .r6ûUªu0öÁ.t+a`
00000100   6A 00 6A 00 FF 76 0A FF  76 08 6A 00 68 00 7C 6A   j.j.ÿv.ÿv.j.h.|j
00000110   01 6A 10 B4 42 8B F4 CD  13 61 61 73 0E 4F 74 0B   .j.´B‹ôÍ.aas.Ot.
00000120   32 E4 8A 56 00 CD 13 EB  D6 61 F9 C3 49 6E 76 61   2äŠV.Í.ëÖaùÃInva
00000130   6C 69 64 20 70 61 72 74  69 74 69 6F 6E 20 74 61   lid partition ta
00000140   62 6C 65 00 45 72 72 6F  72 20 6C 6F 61 64 69 6E   ble.Error loadin
00000150   67 20 6F 70 65 72 61 74  69 6E 67 20 73 79 73 74   g operating syst
00000160   65 6D 00 4D 69 73 73 69  6E 67 20 6F 70 65 72 61   em.Missing opera
00000170   74 69 6E 67 20 73 79 73  74 65 6D 00 00 00 00 00   ting system.....
00000180   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
00000190   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
000001A0   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
000001B0   00 00 00 00 00 00 00 00  21 57 DD 04 00 00 80 01   ........!WÝ...€.
000001C0   01 00 0B FE FF D6 3F 00  00 00 C1 FF F0 00 00 00   ...þÿÖ?...Áÿð...
000001D0   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
000001E0   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
000001F0   00 00 00 00 00 00 00 00  00 00 00 00 00 00 55 AA   ..............Uª
00000200   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
00000210   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
00000220   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
00000230   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
00000240   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
00000250   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
00000260   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
00000270   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
00000280   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
00000290   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
000002A0   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
000002B0   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
000002C0   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
000002D0   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
000002E0   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
000002F0   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
00000300   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
00000310   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
00000320   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
00000330   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
00000340   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
00000350   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
00000360   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
00000370   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
00000380   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
00000390   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
000003A0   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
000003B0   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
000003C0   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
000003D0   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
000003E0   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
000003F0   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................

Deepest thanks to anyone who may be able to help in this.

Regards

 

I have had media stuff damaged on a USB stick, more than once. I now back up everything on an external drive. But you can also split a large file with Winrar and upload it to an email account. I tried that once and it works.

I am sorry that I cannot help you with your current problem. Maybe someone at the truecrypt forum can.

 

For your version of TrueCrypt each header is 512 bytes long. When you create a header backup TrueCrypt saves both headers sequentially into a single file. Headers will normally (with rare exception) appear to be completely random, with an absence of plain text, strings of zeros, grossly repetitive characters, etc. The first half of your 1024-byte backup shows your normal header, and at first glance it does not appear to contain any non-random text. The fact that it still works is proof that it is undamaged. However, the second half of your backup file, which represents your hidden header, has been completely overwritten with repetitive values (80 00 80 00 80 00 80 00 etc.) I don't know what happened, but it's a complete goner. One possibility is that you overwrote a portion of your hidden volume by entering data into the main volume without activating the hidden volume protection.

Your only hope of accessing your hidden volume is to use a backup header that was made before the accident occurred. If you don't have one then it's bye-bye data. Sorry.

edit: I should add that even if you had a valid backup header, your hidden data itself may well have been overwritten, as the hidden header is located very close to the end of the volume.

 

damn well thankyou for the replies, i cant imagine whats happened, i never write to the outer volume, only ever the hidden volume.