u3 Truecrypt Hack(Truecrypt u3 ISO autorun hack and Encrypted Drive)

[XxThornxX]

No need for an expensive ironkey when you can make something like that of your own with less money leaving your pocket.

I had an idea the other day and i just now today September 25, 2009 followed through with my idea. We all know how much Darren loves USB Flash-drives. We all also know how much he loves his new multi-pass. A few Months back Shannon brought to Hak5 and everyone of us TrueCrypt and a way to Encrypt our whole hard-drive (something i have not done). Well i had an idea to try out Encrypting my 4GB Sandisk (u3 capable) flash drive. I did so with success but slight dismay when i realized that every computer i got onto i would have to have truecrypt with me on a disc, another USB drive or on that computer. That is something that i did not want to do or have to go through. So i thought about it.

As some of you know about the USB Hacksaw and Switchblade created using Universal Customizer and U3. and for those of you that dont know a guy was able to make a way to exploit U3 to where you can do the same thing that they do which is have a Emulated disc on a flash drive that autoruns a program. Thus a loophole in Window's attempt to secure computers by disallowing autorun from USB drives.

I think many of you know where i am going with this. So here are the things you will need.

1. A U3 Capable flash drive.

2. Universal Customizer (you will have to google it because at this moment i dont have the URL)

3. Truecrypt (see Hak5's episode on Truecrypt for the Download link int he show notes or again Google it)

4. Windows XP (Because i found that Universal Customizer doesnt work on my vista box. It just hangs)

Ok, Lets start.

First, We will start on the truecrypt side of things. Go to your Desktop and create a folder name it anything you desire. (this is to hold the output of the following) We are then going to go into the truecrypt volume Mount GUI. (truecrypt.exe) Click Tools >> Traveler Disk Setup >> Browse (then go to the folder you just created). Now click the Start Truecrypt radio button (this will set up the Autorun.inf to open Truecrypt on insertion). Click Create when it is finished you can minimize truecrypt.

Next, Go to the folder you just put the traveler disk into. (Should be on your desktop where you were directed to put it) Now open autorun.inf and edit the line that starts with open= . Add onto the end of the line /a devices this is a command line that tells Truecrypt.exe to Auto-mount devices. Now I edited the line that started with action= and changed it to Auto-mount Devices Just so i know what it will do with i insert it into the computer. NOTE: you may add any extra command-line functions you desire just make sure you have /a devices

Now, We extract Universal Customizer to a folder on our desktop. Now open the folder and browse through it a little bit. You will notice U3CUSTOM Cick on that folder and delete everything out of it. You do not need any of these files if any are there. After you Deleted all the files Move the Traveler Disk Files over to U3CUSTOM. You only need the Truecrypt folder and the autorun.inf that was generated by the setup. you do NOT need the outer folder. (If you include the whole outer folder that lays on your desktop you will end up needing to redo this whole process.) Return back to the main folder of the Customizer. You will now see a file named ISOCreate.cmd Clicking this will make the contents of U3CUSTOM into an ISO folder, So click this file now.

OK! Now you have your ISO for the Customizer. Insert your U3 Capable Flashdrive. (i used a 4gb Sandisk Cruzer) once inserted open the Universal_customizer.exe (Note that you do not need to have U3 enabled on your drive). Follow the steps in the customizer. (ATTENTION: By following this set you WILL REMOVE ALL your U3 settings and everything on your U3 launchpad) Ok if all when well you can proceed to the next step. If not..... well... Try again.

ALRIGHT! You are on to the next step. Testing to see if the Autorun works. This is a fairly short step and very straight forward. Just pull your successful usb drive out then plug it back into your computer. If Truecrypt opens automatically it was successful and you are ready to move on. If nothing happens then try again and check your directory.

OK truecrypting time.

Open Restore your truecrypt window. Create a new volume (you may lose me here but i am going to glide through this step). in the first step of the volume creation click "Encrypt a NON-SYSTEM partition/drive". Next leave Standard selected. Next Select your flash drive. (MAKE SURE YOU TRIPLE CHECK YOUR SELECTION! DO NOT PICK THE WRONG DEVICE BECAUSE YOU MAY SERIOUSLY INJURE YOUR SYSTEM.) Next Step. Encrypt the Volume and Format it.AES is fine and RIPEMD-160 is also fine. Next step is varify the size. Then continue you. Create your password, You may use Keyfiles. But remember if you use a key file it would have to be in the computer you plug the device into. I just used a password. This is where i stop. because i have already finished this step. Continue you to the end and do the steps provided in Truecrypt.

Encrypt!

After you finish encrypting Remove your drive and plug it back in. Truecrypt should pop up right away and just enter your password. And there you have it! An Encrypted USB drive with Truecrypt Autorun on any computer without the need for having to have truecrypt on the computer, Disk or another flashdrive.

I dont know if this has been done before but this is how i did it. Sorry for the choppiness it is my first Tutorial. Maybe Darren could explain it better from my steps on Hak5.

Have Fun Guys and Girls.

How is this for a first time Tutorial?(i would like to know)

[IOSys]

Nice tutorial ..

It has been done before, but it's the first tutorial I've seen ..

It was the first thing I did when I found out how to load

my own images to the CD-ROM LUN, RAW device-encryption is the only way to go with flash-ram ..

It will also give you a noticeable performance-boost because the TC-driver turns all random writes into sequential.

Many drives other than sandisk/U3 can do the CD-trick btw,

some are even a better choice because the Mass Production Tool is available,

giving you full control over the controller-chip .

A few controllers can manage 3 active LUN's simultaneously

and you can choose to set one as CD-ROM and the rest as "FIXED" (ie "real" HDD) or removable .

If set as "FIXED" you can create (and USE) multiple partitions from within windows, unlike "removable" that only allows one partition .. So, you could have 8 primary partitions and a CD-ROM in your pocket, not bad :)

Even better is that some BIOS can boot from the CD-ROM ..

Have a look here if you have a flash-drive you want to experiment with,

some of them can do some pretty neat stuff, maybe the right tool is there :

http://translate.google.com/translate?hl=e...3Fname%3Diflash

[XxThornxX]

Thanks for the info. Very intersting i'll have to research that further.

I had a feeling that it had been done before, and even though its been done, you say that it is the first tutorial that you have seen. Which is good for the hak5 community and for the people that want to do something like this. I found that the most fulfilling thing behind all this is the fact that i, even though it has been done, thought of it myself without reinforcement from other websites proposing that it can be done. So just seeing someone reply to this Tutorial is a plus and the info you posted is also another plus.

So now there is a Tutorial out there for this :). I hope others will look at this and show me other ways to do this in another way.

[IOSys]

I found that the most fulfilling thing behind all this is the fact that i, even though it has been done, thought of it myself without reinforcement from other websites proposing that it can be done.

Hacker... ;)

The TrueCrypt forum has lots of post from people wanting auto-mount on insertion of a flash-drive .

Of course, we all know here that the problem with this is that it requires auto-infect to be enabled in the first place .

Securing you data with encryption and then mounting it on a m$ auto-infect capable host is pretty daft ..

On your own computer, use Uwe Siebers USBDLM http://www.uwe-sieber.de/usbdlm_e.html instead, a windows-service that lets you pre-approve the drives that may perform auto-run, based on USB SR#, volume-label or a bunch of other criteria .

It also allows you to have the drive(s)/partition(s) mounted to the same letter(s) each time, great tool for those of us who want safe autorun on our home system .

USBDLM can even read and execute a "autorun.inf" inside the mounted TC-volume !

[XxThornxX]

Hacker... ;)

AM NOOOOOT! Lol! Yep that's Me. I have been taking stuff together since i could hold a screw driver... but back then never go to putting them back together because i didnt think of remembering how i took it apart or remembering to put the screws in a safe place.