Posts Tagged ‘TrueCrypt’

Windows 7 on my PC

September 7th, 2009 6 comments

Ok, my PC now runs on Windows 7 x64 on my new 1TB HDD.

It’s incredible fast. Bootingtimes from around 30 seconds. XP took longer. Also the new HDD (1000GB Seagate ST31000528AS 7200rpm 32MB 7200 U/min SATA) is really fast too. 120 MB/s in average, 150 MB/s for peak. All in writing data on an unencrypted NTFS partition.

After encryption (TrueCrypt), I have rates of around 105 MB/s and 120-130MB/s in peak, so I loose around 15 MB/s. But I have to say CPU now rises to around 30-50% instead of <10% because of the encryption process. But I never mind. I have a dual-core (and soon a quad-core) so I don’t notice this “loss” at all. Safety by encryption is more worth. In my opinion, everyone should encrypt their drives.

Anyway, the rate-drop is still nothing compared to my old HDD (also a Seagate) with another encryption programm (Safeguard Easy). I had a loss of around 40 MB/s and rates later of 50 MB/s. So I’m lucky and I hope, finally GMod starts faster Razz

Windows 7, TrueCrypt and TrueImage – Take two

August 29th, 2009 No comments

It seems like I have a method now for imaging my encrypted hard-disk without the need of doing a sector-by-sector image of the encrypted partition (which would be as big as my partition – 25 GB – and uncompressable).

I now do it that way: I have Windows 7 installed on my primary partition, 25 GB huge. Then I encrypt only this partition with TrueCrypt using Pre-Boot Authentication (PBA). For PBA, I enabled in the options to cache the password in the driver memory. This allows me to use the password I entered upon boot to mount any other truecrypt device with the same password in windows later.

So do I. After Windows 7’s bootpartition was encrypted I created new encrypted partitions with TrueCrypt. These will be mounted when I login into Windows with the password previously stored in the driver-memory.

To the backup part: I create a hot-image from within Windows using TrueCrypt 2009. Since TrueImage now sees the partition unencrypted, I can create a compressable image (filesize is around a DVD’s size). To restore it, I boot up a BartPE bootable CD and restore the image to the system partition. BUT here, the data is written unencrypted! After image restore, I simply bypass the TrueCrypt bootloader pressing Esc, boot into the now unencrypted Windows and start encrypting the partition again (takes 20 minutes).

This method is not really elegant but it works. I just wish, the TrueCrypt developers finally add a “boot from CD” function into the PBA so I can use dos-backup-tools like NortonGhost 2003 which are able to read and write data then unencrypted. With SafeGuard Easy this works, but SGE only supports Windows 2000/XP.

Windows 7

August 23rd, 2009 3 comments

My University recently released Windows 7 on the MSDN-AA Page and I got excited so I installed it on one of my old harddisks. It is really fast. Compared to Vista, it seems to boot twice as fast and nearly as fast as XP.

One thing I didn’t got used to yet is the new taskbar. I instantly switched it back to the “classic” way and with small icons. Sure, stacking icons saves space but you will need one more click or wait about 300 ms until the preview pops up so you can finally select the wished task.

Then to the hard part: I’m now trying to decrypt the harddisk with TrueCrypt while still being able to make a backup in “unencrypted” mode. I need the encryption for my laptop because I don’t want that anyone is able to see my files if I lose it or someone steals it.

Back to the “make a backup in unencrypted mode”: This means that the harddisk is encrypted but right after the password is entered in the bootmenu, my plan was to start a backup-tool from CD or Floppy which now can read the unencrypted data. This was possible with commercial software such as SafeGuard Easy from Utimaco (It only supports Windows 2000 and XP). But it isn’t for the Open Source software TrueCrypt. I made some good attempts but all failed yet.

Attempt 1:

The encryption works like this: First the TrueCrypt bootloader is ran. After you successfully have entered the password it loads the bootloader of Windows. There is no way around this sadly. So my Idea was to add an entry to Window’s bootloader. Since you can’t boot from CD or Floppy using the Windows bootloader I have chosen to load another bootloader: Grub. Grub is still not capable booting a CD but a Floppy. For CD-Booting I installed one more bootloader loaded by Grub which is called Smart Boot Manager. Now I have been able to boot from CD after TrueCrypt. So I have a real big chain of bootloaders before I achieved my aim: TrueCrypt Bootloader -> Windows Bootloader -> Grub Bootloader -> Smart Boot Manager Bootloader -> CD Boot.

The first tests worked so far. I installed TrueCrypt and selected “encrypt the system partition”. I then cancelled encryption (I only needed the TrueCrypt bootloader for now) and installed all the upper bootloaders. This took me around one whole weekend. Then I tested it and bingo: Booting from CD works! I’ve been so damn happy so I started the final encryption process of TrueCrypt. But now after the system was encrypted my system refused to boot from CD or Floppy. Booting from CD threw an error “Read error:1 Drive:0 Sector:0”. Booting from floppy just made the system hang with no errors. It took me 3 more days to figure out it is an error-message of the TrueCrypt bootloader’s “encryption driver”.

So this method nearly worked but failed on the last steps.

Attempt 2:

This method envolves a BartPE bootcd with TrueCrypt and TrueImage installed on it. This CD is booted BEFORE the TrueCrypt bootloader so this CD just sees the encrypted partitions. This generally is bad but I installed TrueCrypt on this bootcd so I were able to mount the partitions. Then I wanted to make a file-based backup (not partition-based since True Image directly reads from the disk in this mode so it sees the encrypted data only). I started it but hey: Now it fucking hangs on reading the files from the system partition. There are (hidden) Systemfolders on your Windows partition which work like “links”, called junctions. They are installed for backwards compatibility to programs written for older systems such as XP. One folder for example is “Application Data”.

These nasty folders link to other folders on the drive. Sadly, there is an issue with the linking: Some folders link to another folder which contain a folder in it which then once more link to the folder before. Example: A links to B, B has a folder in it which links to A. Now TrueImage tries to read the files. First it finds A, sees it links to B, indexes all files in B and sees it has a folder linking to A. Now it does the same again and again: An infinite loop. In TrueImage you see the currently indexed file: It was something like C:\Application Data\Application Data\Application Data\Application Data\Application Data\…..\Application Data\ and so on. Ughh.

So this method also failed.

Attempt 3:

Now I try another method: I will create a Hot-Image directly under Windows using TrueImage in partition-backup-mode (Here, TrueImage sees the data unencrypted because I already booted with TrueCrypt). Then I boot from a BartPE bootable CD where I will restore the image. This will write the data unencrypted to the partition so I need to reencrypt it later after image-restore. I hope this works. I’ve read about this method on several forums but I did not like it at first since encrypting the disk takes time (25 GB in around 22 min on my current, old and slow, harddisk).

Attempt 3.1 (Plan B – Not started yet):

If even Attempt 3 fails, I will boot from a BartPE CD and create and restore the image using a sector-by-sector image of the encrypted data. This has the big disadvantage that the image file will be as big as the partition: 25 GB. And it can’t be compressed. So instead of having only saved the 8 GB Windows System, compressed down to around 4 GB (fits on a DVD) I would have a huge backupfile, 25 GB big fitting on 4-5 DVDs. SHIT.

Categories: Computer Tags: ,