Jump to content











Photo
- - - - -

VeraCrypt patch for arbitrary container offsets


  • Please log in to reply
4 replies to this topic

#1 joakim

joakim

    Silver Member

  • Team Reboot
  • 912 posts
  • Location:Bergen
  •  
    Norway

Posted 08 July 2017 - 11:04 PM

It is based on the original TrueCrypt patch from 3 years ago; http://reboot.pro/to...itrary-offsets/

 

Patch is based on VeraCrypt sources from commit 0be1ce8c3fe4, on 5th of July 2017. VeraCrypt is the continuation of TrueCrypt, with active development (by IDRIX); https://veracrypt.codeplex.com/

 

The new thing that is introduced here is an /i argument where you can specify an offset to the container. Must use decimal notation. Offset must be sector size aligned.

 

Only mount operations are supported with offset. You can't create a container in some file at offset X. For this I previously made a collection of tools to facilitate creation of such special containers. Now hosted at github;
 
The binaries in this package are incompatible with the original public VeraCrypt version. So, do not mix files from this package.
 
Where are the source files?
  • As this is mostly about having fun, why not make it a little excercise. After all, people having interest in the source code would anyway be technical enough.
  • Attached you find the rebuilt binaries with the patch.
  • In the container folder, you find the original veracrypt-x64.sys. It has a container injected using this tool; https://github.com/j...er-Authenticode
  • Btw, did you know the digital signature is still all good (check it yourself)? And that the driver still works all fine on v1.21!
  • To open the volume, run this command using the rebuilt binaries;
  • VeraCrypt.exe /v "%CD%\container\veracrypt-x64.sys" /l x /a /p joakim /i 634880
  • Then next step..
 
Tested OS:
  • Tested on fully updated Windows 7 and 10 as of 8 July 2017.
  • On 32-bit it just works as is.
  • On 64-bit you need to configure TESTSIGNING ON in the boot configuration with bcdedit.exe. That is because 64-bit Windows since Vista require a driver to be properly signed in order to load it. And my files are only signed with a test certificate.
Warning:
Even though it seems working fine, consider it experimental. Don't come crying to me if you ran into some corrupt data.
 
The steps for creating a proper container;
 
  1. Run the VeraCrypt wizard and create a container. Don't put anything inside it yet.
  2. Run any the tools in this collection to hide the container in some other file. A bat file will be generated with an example command line for loading it later on.
  3. Run the patched VeraCrypt with a command like the one specified in the example bat file that was generated in step 2. Now you will have to format the the volume once more after it is decrypted. This is because the physical offset changed. When the volume is formatted the second time, it is ready for use. This is the same for both standard and hidden volumes.
  4. Make sure the host file that contains the hidden container does not get modified at the offsets where the container bytes are stored. Static files are of cource safest to use, but is for instance possible to store the container inside a text based logfile as long as all new log entries are written to EOF and the logfile is not recycled.
Download package;
password:test123


#2 joakim

joakim

    Silver Member

  • Team Reboot
  • 912 posts
  • Location:Bergen
  •  
    Norway

Posted 22 July 2017 - 11:31 PM

Applied the patch to release version 1.21, and uploaded the complete project to GitHub; https://github.com/jschicht/VeraCrypt



#3 joakim

joakim

    Silver Member

  • Team Reboot
  • 912 posts
  • Location:Bergen
  •  
    Norway

Posted 30 July 2017 - 09:04 AM

Started a new blog and thought this particular topic could be a nice start. See some interesting examples at; https://plainbinary....-veracrypt.html



#4 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 31 July 2017 - 09:52 AM

Started a new blog and thought this particular topic could be a nice start. See some interesting examples at; https://plainbinary....-veracrypt.html

Nice.  :thumbup: 

 

:duff:

Wonko



#5 joakim

joakim

    Silver Member

  • Team Reboot
  • 912 posts
  • Location:Bergen
  •  
    Norway

Posted 19 August 2017 - 09:45 AM

The blog is updated with even more VeraCrypt crazyness; http://plainbinary.blogspot.com

In particular the filesystem pattern detection can be interesting I believe.






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users