Comments on: Modify TrueCrypt Encryption Boot Loader Strings

By: Dual-boot with pre-boot authentication Drija

Dual-boot with pre-boot authentication Drija — Wed, 27 Jul 2011 13:12:18 +0000

[...] TrueCrypt leaves behind a string in its boot loader that identifies it as a TrueCrypt boot loader. You can change this with some fiddling: Modify Truecrypt encryption boot loader strings. [...]

By: felixk

felixk — Mon, 27 Jun 2011 15:40:12 +0000

Hiding the fact that you are using Truecrypt is not the answer. If you want to hide your ‘real’ true crypt volume then use a hidden volume, which uses stenography. The real problem with the Truecrypt bootloader being unencrypted is that it can be completely an utterly replaced(cracked) with ones own code that does something like copy the user/s keys as they type them in. This was first presented by Joanna Rutkowska founder and CEO of Invisible Things Lab, at a White hat conference. The only way to allow the use of an encrypted bootloader to my knowledge is with the use of a hardware component that decrypts and has checks etc… the bootloader everytime. The hardware component sets up a secure way of entering the users key and using the truecrypt bootloader. This is sort of what a TPM chip does. Of course TPM is not secure enough if you have the resources of an organisation like the NSA who can literally crack your CPU with an electron microscope and lithography machine. It is safe to say that there is no real total security yet. If your anything but a so called terrorist that the NSA( i.e. the US governemnt i.e. a mega corp) absoutely wants to ‘get’ then there are plenty of secure solutions. But then if you are wanted that badly then normal option is to send in the CIA or something equivalent and use what is called the rubber mallet decryption method or the bullet-in-the head method. For all those want a superb source of information on computer security, cryptography and the like then look no further than Bruce Schneier’s resources like one of his many books or his Cryptograms.

By: Joaquin

Joaquin — Mon, 27 Dec 2010 17:12:53 +0000

Sorry…
I forgot to say that I tried to recover the embedded header file “Use backup header embedded in volume if avariable” but I keep seeing the same error message

By: Joaquin

Joaquin — Mon, 27 Dec 2010 17:08:53 +0000

Hello

I created a File container with a keyfile in an external HD partition. (78 GB of data encrypted)

Everything was fine until I changed the name of my file container. Since then I can not mount. It shows an error message “Incorrect password or not a TrueCrypt volume.. ” I put back the original name and get the same error message

I did not create any backup head, I do not think there was any problem, simply renaming the file and now I’m going crazy because of the importance of the documents

I exposed this case in forum of Truecrypt, one member of this forum says “you can always look at the file using a hex editor such as WinHex, with special emphasis on the locations of the headers, to see if anything looks amiss” but I have no information or help, I tried to open the container file with this program but do not understand nothing.

Can you help, please?

I use Truecrypt 7 and Windows XP

By: emily

emily — Sat, 30 Oct 2010 14:10:10 +0000

LAR i agree for what you’d said. Especially the last four line.

Other things is even the source code is 100% provided and reviewed/analyzed by the best coder and most notorious hacker in the world, maybe they already seen the hole and patched it themselves and they don’t inform anyone.

By: Scizor

Scizor — Fri, 29 Oct 2010 17:16:01 +0000

Tried more than once, the strings change on the HEX code but on the boot they keep the same… Any help here?

By: sub

sub — Wed, 01 Sep 2010 22:00:29 +0000

If an expert hacker access my drive whether in person or over the net, could he modify the boot loader (or extend the size if need be) to insert a keylogger (still keeping the TC boot screen intact) that would load a NIC driver then transmit the password over the net, therefore, compromising the use of TC encryption? or would the checksum defeat the extension and modification of the boot loader?

By: LAR

LAR — Sat, 12 Jun 2010 02:53:09 +0000

Truecrypt is great and stable.

Truecrypt drived by the features and marketing strategies.
Then People and IT Pros like it.
They just don’t care if it is 100% safe.

But any security product which is not 100% open sourced is very dangerous for keeping very sensitive data on your expensive laptop or your super tiny usb flash disk.

We can’t prove that it is really safe if we do not have the complete source code and a certification.

Imagine have sex with someone you don’t really know.
Then 1 week later you are positive.

Forum is not also open to anyone.

I believe any security free/open source products should be certified (not recognized) as 100% safe (certified (not by anyone but by a legit institution like NIST)

If i am working on the goverment.
Should I tell anyone that the conspired product gave us backdoor on it.
If i am one of the developer.
Should i tell anyone that i created a personal backdoor on it.

LAR

By: Ammie

Ammie — Mon, 24 May 2010 01:18:53 +0000

Hi!

1. Create Truecrypt rescue disc.
2. Use Winhex application to erase sector 1 to 63.
3. Then, you are required to use Truecrypt Rescue Disc each PC start.

Question:
1. Erasing sector 1 to 63 once is enough?
2. Anything to erase/remove/modify aside from Truecrypt boot loader, disregarding network/server tracks?
3. Is there anyone can verified that this is 100% false-positive, even from new/updated forensic application?
4. How about Truecrypt volume tracks?

Thanks for reply.
-am

By: myforwik

myforwik — Sat, 13 Mar 2010 00:07:00 +0000

Its not exactally to 0×3700,

If you go to address 0x1B0 there is a two byte integer that is the size of the file.
So if you read those two bytes (in version 6.3a it is usually 0×97 0x2D = 0x2D97 = 11671 bytes. And the bytes start at 0xA00.

The file format is actually gzip, which is openable by most zip programs including windows zip folders etc.

Unfortuently if you edit the strings and re-zip, and save it back to 0xA00 it won’t work, because there is a checksum at 434d. Thats why I wrote a program.