Truecrypt drived by the features and marketing strategies.
Then People and IT Pros like it.
They just don’t care if it is 100% safe.

But any security product which is not 100% open sourced is very dangerous for keeping very sensitive data on your expensive laptop or your super tiny usb flash disk.

We can’t prove that it is really safe if we do not have the complete source code and a certification.

Imagine have sex with someone you don’t really know.
Then 1 week later you are positive.

Forum is not also open to anyone.

I believe any security free/open source products should be certified (not recognized) as 100% safe (certified (not by anyone but by a legit institution like NIST)

If i am working on the goverment.
Should I tell anyone that the conspired product gave us backdoor on it.
If i am one of the developer.
Should i tell anyone that i created a personal backdoor on it.

LAR

1. Create Truecrypt rescue disc.
2. Use Winhex application to erase sector 1 to 63.
3. Then, you are required to use Truecrypt Rescue Disc each PC start.

Question:
1. Erasing sector 1 to 63 once is enough?
2. Anything to erase/remove/modify aside from Truecrypt boot loader, disregarding network/server tracks?
3. Is there anyone can verified that this is 100% false-positive, even from new/updated forensic application?
4. How about Truecrypt volume tracks?

Thanks for reply.
-am

If you go to address 0x1B0 there is a two byte integer that is the size of the file.
So if you read those two bytes (in version 6.3a it is usually 0×97 0x2D = 0x2D97 = 11671 bytes. And the bytes start at 0xA00.

The file format is actually gzip, which is openable by most zip programs including windows zip folders etc.

Unfortuently if you edit the strings and re-zip, and save it back to 0xA00 it won’t work, because there is a checksum at 434d. Thats why I wrote a program.

I’m currently in the process of “modernizing” the site with a new theme and I’ve a ton of other projects ongoing so I’ve no time to come up with a way to get rid of these strings.

I mean the simple option would probably be to modify the source and rebuild (truecrypt binary) but it would be cool to have some process of editing this data, compressing it all again and then adding it back to the boot loader.

Also, Lars, here is the process I went through. There are probably better methods but this is what worked for me:

• 1. Using HXD hex editor copy out the data between the offsets myforwik mentions and save to a file.
• 2. Extract the data using 7-zip, you’ll have to force it
• 3. Open the extracted data and the last 460 bytes should be these extra strings

Error: .Write.Read.. error:. Drive:. Sector:.. CHS:. MB ..Drive .. not found: ….No bootable partition found. TrueCrypt Boot Loader 6.3a… Keyboard Controls:…. [Esc] .Boot Non-Hidden System (Boot Manager).Skip Authentication (Boot Manager)..? (y/n): .y…n…[.] .[Esc] Cancel…..Enter password.. for hidden system:…: ..Booting…….BIOS reserved too much memory: .- Upgrade BIOS..- Use a different motherboard model/brand…Warning: Caps Lock is on….Incorrect password……If you are sure the password is correct, the key data may be damaged. Boot your..TrueCrypt Rescue Disk and select ‘Repair Options’ > ‘Restore key data’…….Bootable Partitions:….Drive: ., Partition: ., Size: ..Press 1-9 to select partition: .Your BIOS does not support large drives. due to a bug…- Enable LBA in BIOS….Copying system to hidden volume. To abort, press Esc…….If aborted, copying will have to start from the beginning (if attempted again)…..Abort.To fix bad sectors: 1) Terminate 2) Encrypt and decrypt sys partition 3) Retry…..Remaining: …Copying completed..MMAP: ..Memory corrupted.. è..PAMS

C’mon TrueCrypt, this isn’t cool

I currently cannot confirm or deny your claims but if you could point the readers to some documentation on that it would be great.

It would make a great addition to the article or a secondary article, with props to you of course.

From your screenshot of the HEXs editor I can tell that you were running truecrypt 6.1a. Changing that 1 line of text fools no one.

You have to realise that the truecrypt boot loader takes up sectors 1 to 63 of the harddisk – and it is not encrypted.

The only way you can really hide truecrypt is to delete your first 63 sectors and use the rescue disk to boot your PC every time you boot up.

The strings for the main loggin screen aren’t encrypted. They are simple compressed. If you copy from 0xA00 to about 0×3700 into a file, you can open it, as its a zip file, then all the truecrypt strings that you see on the login screen are available for everyone to see.