Home » Questions » Computers [ Ask a new question ]

Mounting truecrypt system partition copied to USB drive

Mounting truecrypt system partition copied to USB drive

I'm rather baffled by this one.

Asked by: Guest | Views: 396
Total answers/comments: 2
Guest [Entry]

"This is very important! TrueCrypt system encryption partition DOESN'T CONTAIN TRUECRYPT HEADER. Non-system Truecrypt encrypted partition or file container contain header at first 128 blocks and backup copy at last 128 blocks of file/partition. So it's to impossible to decrypt systen encryption partition without backup header. Header of system partition is at the last block of hdd's first track. You can backup header:

dd if=/dev/sdx of=header.img bs=512 count=1 skip=62

If you want to access partition backup you have to clone partition to same size primary partition to different hdd and mark it as bootable. Then you have to restore header. First check if the first track is empty:

sfdisk -l /dev/sdy

If first partition strats at block 63 or more it's ok but if it's lower block number you can't continue.
Restore your header

dd if=header.img of=/dev/sdy bs=512 count=1 seek=62

The you can access your backed up system partition using ""Mount partition using system encryption without pre-boot authentication"".

Theoretically you can convert Truecrypt system partition to standard Truecrypt parition or file container but you would have to chage some bytes in encrypted header. (decrypt header, change and encrypt again) http://www.truecryptdotorg/docs/?s=volume-format-specification byte 124 and 252"
Guest [Entry]

"I don't encrypt my C: (system) partition, however, I believe you can copy an encrypted partition into a file in an ext2/ext3 filesystem on your USB drive.

As a first test, you should verify that you can mount the encrypted partition from Linux (mount it read-only for ntfs). If that works, you should be able to mount an image of that partition in a file.

For exmaple, if your usb partition is mounted at /mnt/large and your encrypted C: partition is the second partition on drive /dev/sda, you could do something like:

(unmount sda2 first)

dd if=/dev/sda2 of=/mnt/large/sda2_image

Note that this would require the partition mounted at /mnt/large to be a bit bigger than the size of sda2. Also, the filesystem at /mnt/large would probably have to be a linux ext2 or ext3 filesystem because your C: (system partition) may be larger than 4GB.

After the image file is created, direct truecrypt to mount the image file (/mnt/large/sda2_image). Unfortunately, this image-file will not be directly accessible once you boot back to windows."