Tahnka Posted July 30, 2009 Share Posted July 30, 2009 http://stoned-bootkit.blogspot.com/2009/07...ck-working.html "From the technical point I am not hooking, patching or modifying TrueCrypt. But I am using double-forwards to intercept the encrypted and decrypted interrupt 13h disk I/O commands. It is like: Windows request -> modified by Stoned Bootkit -> TrueCrypt Encryption -> (double forward here) -> Interrupt 13h" http://peterkleissner.com/?p=11 "I suggested them solutions, offered them my help, however they are ignoring the security issue, so I will make my TrueCrypt attack open source. The software I have developed is able to bypass the full volume encryption of TrueCrypt when booting the computer. And they could easily prevent the attack from a running Windows – but they do not." http://www.h-online.com/security/Bootkit-b...n--/news/113884 "At the Black Hat security conference, Austrian IT security specialist Peter Kleissner presented a bootkit called Stoned which is capable of bypassing the TrueCrypt partition and system encryption." Quote Link to comment Share on other sites More sharing options...
lopez1364 Posted July 30, 2009 Share Posted July 30, 2009 It was only a matter of time before it got out to the public but truecrypt has been hacked. Quote Link to comment Share on other sites More sharing options...
puzOpia Posted July 30, 2009 Share Posted July 30, 2009 Everything can be hacked. Most of the security/encryption stuff out there is designed to keep out the nosy ones. If someone wants something bad enough, the will break the lock. Quote Link to comment Share on other sites More sharing options...
SomethingToChatWith Posted July 30, 2009 Share Posted July 30, 2009 This is why you're best just keeping an encrypted file container of your important stuff. Quote Link to comment Share on other sites More sharing options...
FireTime Posted July 31, 2009 Share Posted July 31, 2009 I don't care how good the hackers become. The floppy drive in my attic will never be hacked into. Quote Link to comment Share on other sites More sharing options...
h3%5kr3w Posted July 31, 2009 Share Posted July 31, 2009 YEAH!!! they wont get into my commodore 64 tape drive collection either! Quote Link to comment Share on other sites More sharing options...
Mike Chelen Posted July 31, 2009 Share Posted July 31, 2009 this is a rootkit for the MBR (bootkit) that intercepts the key when entered by the user. the truecrypt encryption has not been broken. it seems they could take more measures against this type of software keylogger though Quote Link to comment Share on other sites More sharing options...
Myk3 Posted July 31, 2009 Share Posted July 31, 2009 Where is the source code to this hack?? I would like to test this.. Quote Link to comment Share on other sites More sharing options...
Brian Sierakowski Posted August 1, 2009 Share Posted August 1, 2009 I would read the comments here: http://peterkleissner.com/?p=11 before getting too excited :). Quote Link to comment Share on other sites More sharing options...
IOSys Posted August 1, 2009 Share Posted August 1, 2009 He's just a loudmouth trying to get attention and he's getting it . He needs the attention because he is starting his own start-up or whatever crap it was he wrote somewhere . TrueCrypt is NOT cracked, all he does is intercept the password via a root-kit that may or may not be able to "install itself" (if the user is stupid enough to let it) . This is not very different from someone building a keylogger into your system . Nothing new here really, if your system is compromised it's game over. Quote Link to comment Share on other sites More sharing options...
Myk3 Posted August 3, 2009 Share Posted August 3, 2009 I am not adding to his ego.. I have been in contact with Peter about his "hack" i am about to test this.. here is what he emailed me.. you dont even need someone to install something.. again just need physical access.. "Yes. The easiest way would be to use a Windows PE 2.0 and boot from CD (e.g. BartPE) and execute the infector file from an usb stick. I can provide you also instructions how you can manually install the Master Boot Record with Linux, however that would require some more steps to do manually." I am testing this right now (full disk encryption takes awhile. at 77% right now) Quote Link to comment Share on other sites More sharing options...
Myk3 Posted August 3, 2009 Share Posted August 3, 2009 well that failed horribly.. ok i got it done and tried to use PE2.0 and it states "unable to build stoned directories on drive C:\" i then booted into the system and loaded then it ran the infecter and it said "can't write backup MBR to on unpartitioned space" i then deleted my D:\ and reran the infecter. it then stated same error. "unable to build stoned directories on drive C:\" i then browsed to the "c:\stoned" which did exist I deleted these files and reran the infector. Said everything went well.. I rebooted and it did not load anything.. says i need to use my recovery disk to rebuild the MBR Quote Link to comment Share on other sites More sharing options...
Myk3 Posted August 6, 2009 Share Posted August 6, 2009 Well I just tried it again this time encrypting system drive and "hidden sectors". this is the message I got.. This is from an Admin account in Vista Enterprise. Quote Link to comment Share on other sites More sharing options...
wh1t3 and n3rdy Posted August 6, 2009 Share Posted August 6, 2009 Fuck I love Linux. Quote Link to comment Share on other sites More sharing options...
Burncycle Posted August 7, 2009 Share Posted August 7, 2009 This is the way of security people. If something is too cost-prohibitive or functionally impossible to break into, the "bad guys" won't just give up. They'll come at it from a different angle and find a different way in. In this case, TrueCrypt is too good to just break into, and no one has legitimately broken it yet. So someone comes along and finds an easier way in. This doesn't necessarily mean that TrueCrypt is vulnerable, it just means that the end user needs to be aware that this might happen. My suggestion is to use a key file as well as a passphrase to protect your porn... I mean "important documents" Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.