It is based on the original TrueCrypt patch from 3 years ago; http://reboot.pro/to...itrary-offsets/
Patch is based on VeraCrypt sources from commit 0be1ce8c3fe4, on 5th of July 2017. VeraCrypt is the continuation of TrueCrypt, with active development (by IDRIX); https://veracrypt.codeplex.com/
The new thing that is introduced here is an /i argument where you can specify an offset to the container. Must use decimal notation. Offset must be sector size aligned.
- As this is mostly about having fun, why not make it a little excercise. After all, people having interest in the source code would anyway be technical enough.
- Attached you find the rebuilt binaries with the patch.
- In the container folder, you find the original veracrypt-x64.sys. It has a container injected using this tool; https://github.com/j...er-Authenticode
- Btw, did you know the digital signature is still all good (check it yourself)? And that the driver still works all fine on v1.21!
- To open the volume, run this command using the rebuilt binaries;
- VeraCrypt.exe /v "%CD%\container\veracrypt-x64.sys" /l x /a /p joakim /i 634880
- Then next step..
- Tested on fully updated Windows 7 and 10 as of 8 July 2017.
- On 32-bit it just works as is.
- On 64-bit you need to configure TESTSIGNING ON in the boot configuration with bcdedit.exe. That is because 64-bit Windows since Vista require a driver to be properly signed in order to load it. And my files are only signed with a test certificate.
- Run the VeraCrypt wizard and create a container. Don't put anything inside it yet.
- Run any the tools in this collection to hide the container in some other file. A bat file will be generated with an example command line for loading it later on.
- Run the patched VeraCrypt with a command like the one specified in the example bat file that was generated in step 2. Now you will have to format the the volume once more after it is decrypted. This is because the physical offset changed. When the volume is formatted the second time, it is ready for use. This is the same for both standard and hidden volumes.
- Make sure the host file that contains the hidden container does not get modified at the offsets where the container bytes are stored. Static files are of cource safest to use, but is for instance possible to store the container inside a text based logfile as long as all new log entries are written to EOF and the logfile is not recycled.