Jump to content


Photo
- - - - -

TrueCrypt Hacked


  • Please log in to reply
14 replies to this topic

#1 Tahnka

Tahnka

    Newbie

  • Members
  • 3 posts

Posted 30 July 2009 - 05:48 PM

http://stoned-bootki...ck-working.html
"From the technical point I am not hooking, patching or modifying TrueCrypt. But I am using double-forwards to intercept the encrypted and decrypted interrupt 13h disk I/O commands. It is like:
Windows request -> modified by Stoned Bootkit -> TrueCrypt Encryption -> (double forward here) -> Interrupt 13h"

http://peterkleissner.com/?p=11
"I suggested them solutions, offered them my help, however they are ignoring the security issue, so I will make my TrueCrypt attack open source. The software I have developed is able to bypass the full volume encryption of TrueCrypt when booting the computer. And they could easily prevent the attack from a running Windows but they do not."

http://www.h-online....n--/news/113884
"At the Black Hat security conference, Austrian IT security specialist Peter Kleissner presented a bootkit called Stoned which is capable of bypassing the TrueCrypt partition and system encryption."

#2 lopez1364

lopez1364

    Hak5 Pirate

  • Active Members
  • PipPipPipPipPipPip
  • 258 posts
  • Gender:Male
  • Location:Katy, TX

Posted 30 July 2009 - 06:48 PM

It was only a matter of time before it got out to the public but truecrypt has been hacked.
"Everybody can make something complicated,
what's hard is to make something simple."








Visit My BLOG

#3 puzOpia

puzOpia

    Hak5 Fan +

  • Active Members
  • PipPipPip
  • 33 posts
  • Gender:Male

Posted 30 July 2009 - 06:51 PM

Everything can be hacked. Most of the security/encryption stuff out there is designed to keep out the nosy ones. If someone wants something bad enough, the will break the lock.

#4 SomethingToChatWith

SomethingToChatWith

    Hak5 Pirate

  • Active Members
  • PipPipPipPipPipPip
  • 448 posts
  • Gender:Not Telling

Posted 30 July 2009 - 06:52 PM

This is why you're best just keeping an encrypted file container of your important stuff.

#5 FireTime

FireTime

    Hak5 Zombie

  • Members
  • PipPipPipPipPip
  • 132 posts
  • Gender:Male
  • Location:da UP

Posted 30 July 2009 - 11:17 PM

I don't care how good the hackers become. The floppy drive in my attic will never be hacked into.

#6 h3%5kr3w

h3%5kr3w

    Hak5 1337 Fan

  • Active Members
  • PipPipPipPipPipPipPipPipPipPip
  • 1,472 posts
  • Gender:Male
  • Location:your mom's bedroom
  • Interests:stuff

Posted 30 July 2009 - 11:27 PM

YEAH!!! they wont get into my commodore 64 tape drive collection either!
QUOTE
Humans are at our best when we use our hate and discontent to good effect. - VaKo

#7 Mike Chelen

Mike Chelen

    Hak5 Fan +

  • Active Members
  • PipPipPip
  • 42 posts

Posted 30 July 2009 - 11:31 PM

this is a rootkit for the MBR (bootkit) that intercepts the key when entered by the user. the truecrypt encryption has not been broken. it seems they could take more measures against this type of software keylogger though

#8 Myk3

Myk3

    Hak5 Fan

  • Members
  • PipPip
  • 20 posts

Posted 31 July 2009 - 03:21 PM

Where is the source code to this hack?? I would like to test this..

#9 Brian Sierakowski

Brian Sierakowski

    Hak5 Zombie

  • Members
  • PipPipPipPipPip
  • 221 posts
  • Gender:Male
  • Location:Maryland

Posted 01 August 2009 - 12:02 AM

I would read the comments here: http://peterkleissner.com/?p=11 before getting too excited smile.gif.
http://twitter.com/BSierakowski - for further research into the inanity of my day to day life.

Also useful for forming counter-arguments.

#10 IOSys

IOSys

    Hak5 Zombie

  • Active Members
  • PipPipPipPipPip
  • 169 posts

Posted 01 August 2009 - 07:32 AM

He's just a loudmouth trying to get attention and he's getting it .
He needs the attention because he is starting his own start-up or whatever crap it was he wrote somewhere .

TrueCrypt is NOT cracked, all he does is intercept the password via a root-kit that
may or may not be able to "install itself" (if the user is stupid enough to let it) .
This is not very different from someone building a keylogger into your system .
Nothing new here really, if your system is compromised it's game over.
Fake flashdrive (and instructions how to fix it) ? http://sosfakeflash.wordpress.com/
Tools to fix flash-drives and create/remove CD-ROM : flashboot.ru (via Google-translate)
http://translate.goo.....3Fname=iflash

#11 Myk3

Myk3

    Hak5 Fan

  • Members
  • PipPip
  • 20 posts

Posted 03 August 2009 - 10:30 AM

I am not adding to his ego.. I have been in contact with Peter about his "hack" i am about to test this..

here is what he emailed me.. you dont even need someone to install something.. again just need physical access..

"Yes. The easiest way would be to use a Windows PE 2.0 and boot from CD (e.g.
BartPE) and execute the infector file from an usb stick.
I can provide you also instructions how you can manually install the Master
Boot Record with Linux, however that would require some more steps to do
manually."

I am testing this right now (full disk encryption takes awhile. at 77% right now)

#12 Myk3

Myk3

    Hak5 Fan

  • Members
  • PipPip
  • 20 posts

Posted 03 August 2009 - 11:47 AM

well that failed horribly..

ok i got it done and tried to use PE2.0 and it states "unable to build stoned directories on drive C:\"

i then booted into the system and loaded then it ran the infecter and it said "can't write backup MBR to on unpartitioned space"

i then deleted my D:\ and reran the infecter. it then stated same error. "unable to build stoned directories on drive C:\"

i then browsed to the "c:\stoned" which did exist I deleted these files and reran the infector. Said everything went well.. I rebooted and it did not load anything.. says i need to use my recovery disk to rebuild the MBR

#13 Myk3

Myk3

    Hak5 Fan

  • Members
  • PipPip
  • 20 posts

Posted 06 August 2009 - 01:36 PM

Well I just tried it again this time encrypting system drive and "hidden sectors". this is the message I got.. This is from an Admin account in Vista Enterprise.

#14 wh1t3 and n3rdy

wh1t3 and n3rdy

    Hak5 Pirate

  • Active Members
  • PipPipPipPipPipPip
  • 446 posts
  • Location:Australia

Posted 06 August 2009 - 05:01 PM

Fuck I love Linux.
Posted Image

#15 Burncycle

Burncycle

    Hak5 Fan +

  • Members
  • PipPipPip
  • 41 posts
  • Gender:Male
  • Location:Brooklyn, NY

Posted 07 August 2009 - 08:45 AM

This is the way of security people. If something is too cost-prohibitive or functionally impossible to break into, the "bad guys" won't just give up. They'll come at it from a different angle and find a different way in. In this case, TrueCrypt is too good to just break into, and no one has legitimately broken it yet. So someone comes along and finds an easier way in. This doesn't necessarily mean that TrueCrypt is vulnerable, it just means that the end user needs to be aware that this might happen. My suggestion is to use a key file as well as a passphrase to protect your porn... I mean "important documents"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users