Links to each section:
Part 1 - (Un)boring intro with all the snazzy info
Part 2 - Setup your second partition -- you are here
Part 3 - Setup your first partition (sounds backwards, I know)
Part 4 - Other cool stuff -- COMING SOON
Part 2 - Setup your second partition
This section guides you through setting up the outer and inner volumes on Partition 2. Some of the images are a little too small to read but all you have to do is click on them to enlarge. One other note: It can sometimes get confusing on blog posts whether the paragraph of text applies to the image above it, or the image below it. Well, in this case the paragraphs of text always apply to the image below, if there is one.
Throughout this processs you may want to refer back to this quick rundown of the passwords you will need to assign and their roles:
-Password A: This is the password that you will use for the decoy operating system on Partition 1.
-Password B: This is the password that you will use for the hidden operating system on the inner volume of Partition 2
-Password C: This is the password that you will use for the outer volume on Partition 2 which will contain decoy files (not the decoy operating system)
Okay, let's get started.
~~ First download and install TrueCrypt for Windows here. Note: TrueCrypt can only create an encrypted operating system boot setup for Windows. Mac and Linux are supported for encrypted volumes, but not an encrypted operating system. However, there are other options available for other operating systems, so hit up Google.
~~ Next, you need to setup your partitioning to prepare for the encryption like this:
First partition = Your current Windows installation which will later be moved to the second partition and hidden (The way TrueCrypt does things here is that as part of the wizard the current installation of Windows will be moved to the inner volume of the second partition and hidden. It may be a good idea to start with a fresh install of Windows.)
Second partition = At least 2.1 times larger than the first partition
Here's how I set mine up (click the image to enlarge):
 |
| (click to enlarge) |
NOTE: You may do better finding a partitioning scheme that doesn't potentially give away that you are using a hidden partition. If someone coerces you into giving them access to the decoy operating system and they see that the second partition is 2.1 times larger that the first partition, this could be a give away -- though it's still technically plausibly deniable. Try using a partitioning scheme that makes the second partition more like 2.5 or 3 times larger. As long as it is at least 2.1 times larger, you are okay.
While we're on the topic of partitioning, if at some point near the beginning of the encryption wizard you get the dialog shown below then click yes, reboot and start over. Paging files on a non-system partitions is a no-go in an encrypted setup.
Also, in order to get your partitioning the way you want it, you may need to shrink your system partition. If you have Windows 7, this is actually pretty easy to do through Disk Management. Check Google. Can't remember if you can shrink Vista, but who really cares, right? ;) If you get errors when shrinking your system partition, their are some tricks you can do to correct that including running a defrag, etc. That's outside the scope of this article, so please check Google. Oh, and shrinking XP without system damage is next to impossible, though not completely.
~~ Okay, so once you've got your partitioning in order, go ahead and open TrueCrypt and choose System>Create Hidden Operating System
~~ Read the happy little dialog about someone holding a gun to your head and then click OK:
 |
| (click to enlarge) |
~~
The next dialog is mainly telling you that whenever you are booted into
your hidden operating system, you will not be able to write to any
unencrypted filesystems that you may happen to have. This is a good
thing because if you did mount an unencrypted file system, later
forensics may be performed on the unencrypted file system to determine
if it was mounted from a different operating system other than the decoy
operating system. This could give away your hidden operating system.
~~
Here you need to choose Single-boot even though we are going to setup 2
separate operating systems. Setting up Multi-boot is actually a whole
different thing and is outside the scope of this article:
~~
Make sure Windows is activated before you proceed. You don't want to be
activating a hidden operating system with Microsoft's servers when it
is supposed to be invisible. Don't blow your cover!:
~~
This dialog may seem a little confusing but take a look at the chart
shown in Part 1 and it should make a lot more sense. On most systems, the wording "first
partition behind the system partition" will simply translate to mean your second partition.
~~ Going with the defaults should be fine here. But if you want to geek out on different algorithms, go for it!
~~ Double check that the partitioning looks right:
~~ Here you will create Password C. If you can't remember which is Password C, check the big diagram in Part 1.
~~
Do you intend to store files larger than 4 GB on the outer volume of
the second partition? (Probably not. Remember, this is the volume
containing decoy flat files.)
~~ I would go with the defaults here:
~~ Just double checking! Are you sure you don't have anything stored on the second partition that you don't want deleted?!
~~ This may take a while...
~~
So if you are coerced into giving up Password A for the decoy operating
system installed on Partition 1, an adversary may notice Partition 2
and plausibly deduct that it contains encrypted data. Then they may
force you to give them Password C. Not to fear, however. Password C only
gives them access to the outer volume of Partition 2 which will contain
fake data in the form of flat files which are only a decoy. It's now time for you to go ahead and create some fake files and copy them over to the outer volume on Partition 2.
This is kind of funny. Um. Okay. How about a file that has a fake plan
of attack? Or maybe a list of bogus secret contacts? Of
course, keep in mind that your adversaries have Google, too, and if they
read this blog post then they may be looking for these, lol. So be
creative. Go on...Create some fake files already!
Oh,
you may wondering, "If they see a second partition and coerce me into
revealing the password to the outer volume, can't they accuse me of
having an inner volume, too? Won't they know I have a hidden operating
system?" Good thinking. They can certainly try to guess that this is the
case but you will be able to plausibly deny it. The decoy OS
can't be plausibly denied because of the password prompt at boot (unless
you removed it) and because most people have an operating system on
their computer, of course. The outer volume on the second partition
can't quite be plausibly denied because the it doesn't make a lot of
sense to have a second partition just sitting there with random ones and
zeros. The inner volume on the second partition can be plausibly
denied because the outer volume on the second partition is a plausible
explanation for the random ones and zeros on the second partition.
Getting confused? Read this paragraph 3 times slowly. ;)
The
way this all works is that the inner volume on Partition 2 uses the
free space of the outer volume on Partition 2. Genius, huh? However,
this means that if you write too many files onto the outer file you
could corrupt the inner volume. Once you get everything setup, TrueCrypt
has a handy checkbox for protecting the inner volume when mounting. For
now though, you need to read the dialog carefully and take note of the
space limits. (This will be covered more in Part 4.) Then
click Open Outer Volume and create/copy your decoy flat files. Leave the
TrueCrypt wizard open while you do this. Return to the wizard when you
are done and click next.
NOTE:
What about a data forensics expert noticing that the free space on the
outer volume of the second partition contains random ones and zeros
instead of say, being zeroed out? The hidden operating system is still plausibly deniable because the
claim could be made by the victim that at one point they shredded data
in that location with a software tool that overwrites with random bits,
per common practice. Thus, random bits were left on that volume.
~~ We've completed the outer volume on the second partition and placed
decoy files in it. Now it's time to create the inner volume on the
second partition and copy the operating system from Partition 1 to the
inner volume of Partition 2. Click Next here:
~Make
sure you write down what algorithm you use in the next steps! (Wasn't
important for previous steps.) The decoy operating system on Partition 1
must use
the same encryption algorithm as the hidden operating system on the
inner volume of Partition 2. This is because there is a different
TrueCrypt bootloader for each encryption algorithm.
~Going with the default encryption algorithms should be fine, just remember which one you used!!:
~Remember,
this whole setup is pointless if you don't use a Fort Knox kinda
password. For all three passwords, consider using a passphrase that is
at least 20 characters long and contains uppercase, lowercase, numerals
and symbols. Don't take hours and hours setting up a hidden operating
system and then use the name of your dog in h4x0R. Please. Also, don't
use similar passwords for Password A, Password B and Password C.
Otherwise, if an adversary suspects a hidden operating system and you
have already given them Password A and Password C, they may be able to
derive Password B.
~Time
for some mouse fun! TrueCrypt uses your mouse movements within this
dialog to increase the strength of the encryption. Draw some stick
figures. Pretend you are a post modern painter gone wild with their
brush. How long? Oh, maybe 2 minutes? Up to you...
~Okay, the encrypted inner volume on Partition 2 has been created:
~Now
you need to copy the operating system from Partition 1 to the inner
volume of Partition 2. This is going to take place after a reboot from a
TrueCrypt live environment (not Windows). I don't recommend
interrupting it. Click Start.
~Click Yes.
~Enter Password B:
~Go do a little yard work or something:
~Cool! It's done...Enter Password B:
~So once you've booted into your hidden operating system, pull up Disk Management and be freaked out. It looks like you are booted to Partition 1! You're not, don't worry. This is just the behavior of a TrueCrypt hidden operating system. This next dialogue explains further:
~This
next huge dialog is basically reminding you that you can only write to
encrypted filesystems when booted to the hidden operating system.
Writing to unencrypted filesystems could give away the presence of the
hidden operating system by leaving traces in those filesystems. Down
at the bottom, it tells you how to securely transfer files from the
decoy operating system to the hidden operating system.
After
you click OK on the window above, the next dialog guides you through
tasks for Partition 1. Hang tight and continue onto Part 3 for that by clicking here.
Part 1 - (Un)boring intro with all the snazzy info
Part 2 - Setup your second partition -- you are here
Part 3 - Setup your first partition (sounds backwards, I know)
Part 4 - Other cool stuff -- COMING SOON
No comments:
Post a Comment
Spammy/foul language comments or those with an explicit avatar will be tossed in a 55 gallon drum and a match thrown in after them. (Oooo, now I can warm my hands!!)