Jump to content











Photo
- - - - -

Chainloading truecrypt mbr from grub4dos on USB

truecrypt mbr grub4dos usb

  • Please log in to reply
9 replies to this topic

#1 RebootTest

RebootTest
  • Members
  • 3 posts
  •  
    Switzerland

Posted 18 January 2015 - 10:07 PM

Hello,

I'm novice to Grub4dos and need some help loading truecrypt mbr from Grub4dos

In short, the goal is to test a setup with Grub4dos installed on USB than chainloads a truecrypt mbr put on the same usb (extracted from encrypted Win7 system hdd)

The test setup:

1. Installed Win7 evaluation on VMware virtual HDD and encrypted it (test both normal truecrypt system encryption and hidden OS truecrypt system encryption)
2. Extracted grub4dos-0.4.6a-2014-01-17 on the encrypted HDD
3. Installed Grub4dos mbr on an USB stick using grubinst-1.1-bin-w32-2008-01-01 (couldn't find newer installer)
4. Copied grldr to USB
5. Created a MENU.LST file
6. Extracted the mbr of the encrypted disk and copied it to USB (let's call the file t.mbr)*.
7. I boot the VMware from plop linux iso where I select to boot from usb (as booting from usb is not supported in the VMware BIOS)

*I have found in this and several other forums various methods for this mbr extraction, e.g.:

1/ sudo dd if=/dev/sda of=/mnt/boot/truecrypt.mbr count=1 bs=512 (e.g. from linux live CD)
2/ Using Grub4DOS Toolbox for Windows-0.23.exe (file saved as .img or as .mbr)
3/ Using HDHACKER (file saved as .dat)
4/ Using Bootice (file saved as .bin)

I'm not an mbr expert, but afaik, I need only 1st 512 bytes, so I have extracted the 1st sector using all of the apps/commands mentioned.

Based on various threads here and on other forums I have tested both booting from iso image and from any of the extracted mbr files, all of them copied in the root folder of the USB.

I've seen several threads about successful setups with the truecrypt mbr extracted, e.g.:

http://reboot.pro/to...ypt +bootloader

or

http://reboot.pro/to...t-record/page-2


Here are my efforts with two MENU.LST files to boot from such mbr file on the USB:

Option 1:

timeout 5

title TESTSYS

chainloader (hd0,0)/t.mbr

Option 2:

timeout 5

title TESTSYS1

find --set-root /t.mbr
chainloader /t.mbr
rootnoverify (hd0,0)


In both cases, the result is:
1/ a message "Loader damaged! Use Rescue disk: Repair Options > Restore TryeCrypt bootloader", when .mbr or .img extension file is used.
2/ a message "GRUB" with blinking cursor, when .bin extension file is used. An no option to boot.
3/ a message "Error 13: Invalid or unsupported executable format", when .dat extension or no extension file is used.

When using some map and hook commands, there is no problem booting from the iso (e.g. any linux live CD) and when it is the truecrypt rescue disk - no

problem to boot into the encrypted system.

Here is the MENU.LST:

timeout 5

title TEST
find --set-root /test.iso
map /test.iso (hd32)
map (hd0) (hd1)
map (hd1) (hd0)
map --hook
root (hd32)
chainloader (hd32)

However, any replace of an test.iso file with truecrypt mbr extract (whatever extract method and extract file extension used), results in a message:

"Error 25: Disk read error"

 

At the same time, the enxrypted VM boots with the truecrypt mbr originally installed on the virtual HDD.

Obviously, I'm doing something wrong - either the mbr extract step or the menu.lst file in all options tested.

Any suggestions how to fix this would be highly appreciated.


 



#2 steve6375

steve6375

    Platinum Member

  • Developer
  • 6541 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films,guitars
  •  
    United Kingdom

Posted 18 January 2015 - 10:21 PM

This may be of interest

https://bugs.launchp...4102/comments/9



#3 steve6375

steve6375

    Platinum Member

  • Developer
  • 6541 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films,guitars
  •  
    United Kingdom

Posted 18 January 2015 - 11:03 PM

So according to the first link, you should be able to boot if you save the first 64 sectors to a bin file then install grub4dos and then chainload to the bin file from grub4dos.

[Edit] Actually I dont think this will work as I think it reads the disk for the sectors 1-64![/Edit]

 

I am not sure if you can copy these sectors from one drive to another and expect it to work though! The partition table will be different, won't it? Also some tc parameters may depend on the drive partition arrangement which may differ between the two drives.

 

But I don't understand what you are doing - OK, so you can boot the truecrypt boot code on the USB drive - but then what? How does it find the encrypted Windows files - are they on the USB drive too???



#4 RebootTest

RebootTest
  • Members
  • 3 posts
  •  
    Switzerland

Posted 19 January 2015 - 04:28 PM

The encrypted OS is on the Virtual HDD of the VMware.

The idea is to test a setup where the encrypted system is on the HDD and the TC bootloader is on a USB.

And booting the encrypted OS possible only when booting from the USB.

Based on the first link I pasted it seems that it is possible but actually it is not clear how many sectors of the HDD should be extracted - most online manuals say only the first sector, but sometimes I have seen 64 sectors - however usually for backup, not to boot from them.

I'll test with 64 sector file and post the results.



#5 Zoso

Zoso

    Silver Member

  • Advanced user
  • 610 posts
  •  
    Isle of Man

Posted 19 January 2015 - 06:02 PM

The idea is to test a setup where the encrypted system is on the HDD and the TC bootloader is on a USB.
And booting the encrypted OS possible only when booting from the USB.


this is possible with diskcryptor.

#6 steve6375

steve6375

    Platinum Member

  • Developer
  • 6541 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films,guitars
  •  
    United Kingdom

Posted 19 January 2015 - 06:15 PM

If you just want to make you whole encrypted disk unbootable - what happens if you make all the partitions non-active - does it still boot?

 

If not then this should work

 

1. Save MBR of HDD and copy to USB drive  tcmbr.bin (ensure HDD is booting OK first)

2. Make partition on HDD inactive

3. Boot from USB drive and use:

title boot to internal hdd
map (hd1) (hd0)
chainloader /tcmbr.bin

?? maybe ??



#7 steve6375

steve6375

    Platinum Member

  • Developer
  • 6541 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films,guitars
  •  
    United Kingdom

Posted 20 January 2015 - 04:39 PM

I have been doing some experimenting and I ended up with this:

 

Win8.1 installed onto single-partition MBR type NTFS, TC single-volume encrypted and multi-boot TC option chosen

1. Attempting to boot directly from the internal HDD results in hang (cursor in top left on black screen or reboot)

2. The partition is encrypted so no data can be seen.

3. USB with grub4dos - can be MBR-booted to TC - enter password -> Windows

 

This is quite easy to set up. Would this fit what you are trying to achieve?



#8 RebootTest

RebootTest
  • Members
  • 3 posts
  •  
    Switzerland

Posted 20 January 2015 - 08:17 PM

If you just want to make you whole encrypted disk unbootable - what happens if you make all the partitions non-active - does it still boot?

 

If not then this should work

 

1. Save MBR of HDD and copy to USB drive  tcmbr.bin (ensure HDD is booting OK first)

2. Make partition on HDD inactive

3. Boot from USB drive and use:

title boot to internal hdd
map (hd1) (hd0)
chainloader /tcmbr.bin

?? maybe ??

This works! No need to mark partitions as non-active. Thanks a lot!

As for Win 8.1 - I have no Win 8.1 to test it and have no idea - but afaik windows 8 and later are not officially supported by TC...



#9 steve6375

steve6375

    Platinum Member

  • Developer
  • 6541 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films,guitars
  •  
    United Kingdom

Posted 20 January 2015 - 08:19 PM

I thought you didn't want it to be able to boot from the internal HDD?

P.S. making the partition non-active doesn't work - TC doesn't like it!



#10 steve6375

steve6375

    Platinum Member

  • Developer
  • 6541 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films,guitars
  •  
    United Kingdom

Posted 20 January 2015 - 11:46 PM

I wrote it up here







Also tagged with one or more of these keywords: truecrypt mbr, grub4dos, usb

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users