Posted 30 July 2009 - 05:48 PM
"From the technical point I am not hooking, patching or modifying TrueCrypt. But I am using double-forwards to intercept the encrypted and decrypted interrupt 13h disk I/O commands. It is like:
Windows request -> modified by Stoned Bootkit -> TrueCrypt Encryption -> (double forward here) -> Interrupt 13h"
"I suggested them solutions, offered them my help, however they are ignoring the security issue, so I will make my TrueCrypt attack open source. The software I have developed is able to bypass the full volume encryption of TrueCrypt when booting the computer. And they could easily prevent the attack from a running Windows – but they do not."
"At the Black Hat security conference, Austrian IT security specialist Peter Kleissner presented a bootkit called Stoned which is capable of bypassing the TrueCrypt partition and system encryption."
Posted 30 July 2009 - 06:52 PM
Posted 30 July 2009 - 11:17 PM
Posted 30 July 2009 - 11:27 PM
Posted 30 July 2009 - 11:31 PM
Posted 31 July 2009 - 03:21 PM
Posted 01 August 2009 - 07:32 AM
He needs the attention because he is starting his own start-up or whatever crap it was he wrote somewhere .
TrueCrypt is NOT cracked, all he does is intercept the password via a root-kit that
may or may not be able to "install itself" (if the user is stupid enough to let it) .
This is not very different from someone building a keylogger into your system .
Nothing new here really, if your system is compromised it's game over.
Tools to fix flash-drives and create/remove CD-ROM : flashboot.ru (via Google-translate)
Posted 03 August 2009 - 10:30 AM
here is what he emailed me.. you dont even need someone to install something.. again just need physical access..
"Yes. The easiest way would be to use a Windows PE 2.0 and boot from CD (e.g.
BartPE) and execute the infector file from an usb stick.
I can provide you also instructions how you can manually install the Master
Boot Record with Linux, however that would require some more steps to do
I am testing this right now (full disk encryption takes awhile. at 77% right now)
Posted 03 August 2009 - 11:47 AM
ok i got it done and tried to use PE2.0 and it states "unable to build stoned directories on drive C:\"
i then booted into the system and loaded then it ran the infecter and it said "can't write backup MBR to on unpartitioned space"
i then deleted my D:\ and reran the infecter. it then stated same error. "unable to build stoned directories on drive C:\"
i then browsed to the "c:\stoned" which did exist I deleted these files and reran the infector. Said everything went well.. I rebooted and it did not load anything.. says i need to use my recovery disk to rebuild the MBR
Posted 06 August 2009 - 01:36 PM
Posted 07 August 2009 - 08:45 AM