TrueCrypt Tutorial
Authored By: Hannibal
Introduction
Why are you writing this tutorial?
I have decided to put together a tutorial on this topic simply because I feel TrueCrypt is not being utilized by many, when it is really a no-brainer that almost everyone on this forum should be using it.
I can't tell you how many times I've team-viewed with someone only to see a folder on their desktop titled "Hacking Sh!t", or "RAT"/"Cybergate".
Look at your desktop and file folders right now.
If you are one of these people that have any hack tools, other people's documents/passwords/logs/virtual machines on your computer which could get you in deep legal trouble, this tutorial is for you.
Furthermore, the Cryptography, Encryption, and Decryption section is a fucking mess right now with everybody asking for and offering Crypt's. This is an attempt to clean it up.
I have also seen some people asking questions about how to use TrueCrypt, yet haven't seen a proper and complete tutorial put together on the topic.
What is TrueCrypt?
TrueCrypt, for those who don't already know, is an encryption software for Windows 7/Vista/XP, Mac OS X, and Linux.
It is basically a way of creating areas of your hard drive that are encrypted so that you can hide sensitive data and information there.
Furthermore, you are able to encrypt your entire hard drive so that at boot, your computer will not be able to start without entering the correct password.
This excerpt from TrueCrypt's website offers a more detailed explanation than I can provide:
Files can be copied to and from a mounted TrueCrypt volume just like they are copied to/from any normal disk (for example, by simple drag-and-drop operations). Files are automatically being decrypted on the fly (in memory/RAM) while they are being read or copied from an encrypted TrueCrypt volume. Similarly, files that are being written or copied to the TrueCrypt volume are automatically being encrypted on the fly (right before they are written to the disk) in RAM. Note that this does not mean that the whole file that is to be encrypted/decrypted must be stored in RAM before it can be encrypted/decrypted. There are no extra memory (RAM) requirements for TrueCrypt. For an illustration of how this is accomplished, see the following paragraph.
Let's suppose that there is an .avi video file stored on a TrueCrypt volume (therefore, the video file is entirely encrypted). The user provides the correct password (and/or keyfile) and mounts (opens) the TrueCrypt volume. When the user double clicks the icon of the video file, the operating system launches the application associated with the file type – typically a media player. The media player then begins loading a small initial portion of the video file from the TrueCrypt-encrypted volume to RAM (memory) in order to play it. While the portion is being loaded, TrueCrypt is automatically decrypting it (in RAM). The decrypted portion of the video (stored in RAM) is then played by the media player. While this portion is being played, the media player begins loading next small portion of the video file from the TrueCrypt-encrypted volume to RAM (memory) and the process repeats. This process is called on-the-fly encryption/decryption and it works for all file types, not only for video files.
Note that TrueCrypt never saves any decrypted data to a disk – it only stores them temporarily in RAM (memory). Even when the volume is mounted, data stored in the volume is still encrypted. When you restart Windows or turn off your computer, the volume will be dismounted and files stored in it will be inaccessible (and encrypted). Even when power supply is suddenly interrupted (without proper system shut down), files stored in the volume are inaccessible (and encrypted). To make them accessible again, you have to mount the volume (and provide the correct password and/or keyfile).
Source: http://www.truecrypt.org/docs/
Why should I use TrueCrypt?
TrueCrypt is a must for anyone doing anything illegal or blackhat through the use of a computer.
Even if you are not participating in blackhat activities, there are still a plethora of reasons, limited only by your own creativity, as to why you would want to use TrueCrypt.
There is an interesting story going around about one individual that used TrueCrypt and avoided certain jail time because of it.
For those that don't feel like reading it, basically the story is that this individual downloaded "maybe 30" CP images to see what it was like and ended up getting raided because of it. All of his computers were seized, and he was taken into custody.
Upon analyzing his computer, they agents hit a dead end once they found that he had used whole drive encryption on all of his hardware.
I'm sure there's more to the story that he has you believe about him not being involved in CP, but nevertheless, the story goes as follows:
This isn't meant to be advertising for or against computer encryptions. Facts are, I encrypted my computer and it saved my life, my reputation and everything I have.
In February 2004 my house was raided by the FBI. They came with the full van and armed agents. They rushed in, presented a warrant and mentioned they had proofs somebody here had downloaded child pornography. Now understand this: this isn't a whole child pornography is good / child pornography is bad story. I don't know if people who watch child pornography turn into pedophiles or not (I don't think they do). I am not saying what I did was good, or even legal.
I had downloaded some child pornography. Not a lot of it, maybe 30 pictures. I am NOT sexually attracted to children and promptly deleted most of them. Since I had a large pornographic collection, there might have been a few I wasn't able to find, and delete. I never watched these pictures or masturbated to them. That being said, I accept my responsability of downloading them. One thing I should say: I downloaded them all in one day, without knowing it was actual pornography (i.e. downloaded a file that wouldn't indicate it contains child pornography).
They promptly took my computer, my external external hard drive and my laptop. They took my parents' computer as well. I was detained for interrogation.
And I was smart.
The very first thing I said, even before the interviewer dropped his pen, is "I want my attorney." Note: I had no attorney. I was bluffing. The officer said "Sure," took a few notes, and asked me for a few details "to file the case." Yes, he tried to trick me into talking, or at least starting to talk. I immediately repeated: "I want my attorney." That is the ONLY thing I said. I wanted to yell at him "I DON'T GIVE A SHIT ABOUT YOUR FILE" but I did not.
He eventually complied, asked for his details, at which point I said I did not have an attorney but was in the process of finding one. However, I wanted a public defender. They charged me with possession of child pornography, mentioning my computer as proof. Inside, I laughed a bit, knowing what was waiting.
I was formally charged, set bail, paid it, and let out. And then began a quite dramatic - but funny - turn of events. When you file charges in my state, the defendant has the right to a speedy hearing AND, of course, a preliminary hearing. I expressed my rights fully (eventually hired an attorney, my public defender didn't do much).
The police - and FBI - had one problem.
My hard drives were all encrypted.
Even my laptop was encrypted. Back home, I took care to properly destroy anything that could ever get me in trouble - even letters I wrote as a child. The police had rapidly checked for more evidence, but as they wouldn't find anything, they did not take the time to look for drugs, drugs equipment and other evidences for other crimes.
Two weeks later I got a call from someone claiming to work for the FBI. Apparently they were unable to decrypt my hard drives and required my help. I told them to talk to my attorney. I was summoned in and the only thing I told them was "I want my attorney".
They wanted the password
-We know you encrypted your data. We even know which program you used. By law, you are required to decrypt the data.
-I want my attorney.
They complied, my attorney came (at high cost) and the situation was re-explained to him (I, of course, already told him the situation, and he recommended not helping them a damn). He told them they had no legal stand.
They formely ordered me to decrypt my data, threatening to charge me with terrorism, and I refused one last time. I was jailed again for a night and new charges were pressed for obstruction (i.e. refusing to help on an investigation).
Fast-forward a week, I get a formal plea bargain. Ten years as a sex offender, six years probation, if I recognized guilt for possession of child pornography. The other charge would be drop. Quite a good deal, huh? My public defender STRONGLY told me to accept as the conviction rate was "nearly 99%". My attorney told me to invoke my 5th amendment and refuse any cooperation.
Fast-forward to the preliminary hearing. The judge has to decide whether or not there is enough evidence to prosecute me. He asks for the investigator, who explains the situation, and for the forensic expert. To make a short story, they mention my IP clearly downloaded child pornography. Looks like I'm finished.
Except for one thing. It has been so long between the download and the raid it was hard to prosecute me on the IP address alone. The record were old, incomplete, poorly filed. My attorney did a good job making the forensic expert admit "mistakes were possible."
Then came my turn. The expert told the judge they could not find any trace of child pornography because my hard drives were encrypted. He said it was a clear proof I "was hiding something probably worse" at which point he was promptly stopped by my attorney (speculation is not accepted in court). The judge agreed. The expert closed his statement by saying that I had not only encrypted my hard drives, but external drive and laptop.
Then came my turn. The judge summoned me, asked me a few questions, and finally asked: "Why did you encrypt your hard drive?" Think fast. What could I reply!!!
"For safety and privacy, your honor. In case of theft."
"Why do you refuse to decrypt your data?"
The $1,000 question (note: this is not exactly what was said, just how I recall it). What can I say? Quick, a word with a lawyer. Then, the genius answer:
"Your honor I would like to invoke my 5th amendment" "Alright".
Oh, the irony of 5th amendment. If you don't invoke it, you have to incriminate yourself. If you do invoke it, you indirectly admit guilt. Of course that can't be used against you, but whatever.
There were a few more statements, and eventually the prosecution had nothing. The judge took a moment to think, then said two words that would change my life. "Case dismissed" due to "lack of evidence". I was ecstasic.
The prosecution party was furious. They closed the file. The judge was about to end the audience when I said:
"Your honor, they still have my computer. I want it back!"
"You just had a criminal case dimissed."
"It's my stuff. I want it back"
"Very well. Your town's police department has 30 days to give you your material back. Audience finished".
I was very happy. I felt I added to the insult with that last request. The prosecution party couldn't believe it, after all that work.
I got my stuff back and it took me a full month before I dated to open my computer again. I was afraid they put a bug or would still try to harass me or incriminate me. I feared they were waiting for me to decrypt me to charge me again. I waited one whole month, then decrypted the file - saved the files I wanted to keep then formatted it all, writing random 0's and 1's.
So this is it. TrueCrypt certainly saved my life, reputation and money. Without it, there is no doubt the police would have found the pictures, and convicted me. I would be on the same registery as rapists and pedophiles - all this for a mistake of mine. But encryption - and refusing to give up despite the threats of being charged with a much more serious crime - kept me free.
Is using TrueCrypt illegal?
In some countries, the use of encryption of any kind is illegal. This includes TrueCrypt.
If you happen to live in one of these countries, are being charged with a cyber crime, and they find any encrypted contents on your hard drive, you can bet you're in for a rough time.
They will physically beat the shit out of you and torture you into providing them with the password or key-files to the volume.
Furthermore, it can even be illegal for you to transmit encrypted files from one country to another.
I urge you to check up on the laws in your country and ensure that the methods outlined below are actually legal in your country and you're not just digging yourself a bigger hole.
If you live in the United States, TrueCrypt is legal, and the passwords for your archives are protected under the 5th Amendment.
If you live in a country where it is illegal, there are things you can do to use TrueCrypt a bit more safely.
One example is to use a Hidden Archive. This is basically like a suitcase with a false bottom.
One password - the one you would give to authority's if interrogated and tortured - will open the archive and display certain contents, while the second password will open the same archive but display different contents.
However, this doesn't change the fact that using encryption is illegal.
Disclaimer
I take no liability for consequences of using this tutorial - including hard drive failure, loss of data, and legal action of any kind.
Do not post or repost this tutorial in part, or in it's entirety on Hack Forums, or any other forum!
Although I have striven to provide complete accuracy, this information is provided "as is" with no warranty.
Click To View :
Labels: Tips Pc
