Silk Road forums

Discussion => Security => Topic started by: Limetless on February 19, 2013, 11:11 am

Title: Truecrypt issue
Post by: Limetless on February 19, 2013, 11:11 am
Ok so I have been away for a while because I can't access my files on my Truecrypt container which is on a USB. When I try to mount the device it comes up with the following -

hdiutil: attach failed - no mountable file systems

Now this happened all of a sudden and I haven't done anything out of the ordinary. I looked online and others have had this issue too but the solutions were fairly vague. Can somebody suggest a way to fix this?

Lim
Title: Re: Truecrypt issue
Post by: kmfkewm on February 19, 2013, 11:16 am
Are you trying to mount it with a different operating system than usual?
Title: Re: Truecrypt issue
Post by: Limetless on February 19, 2013, 11:23 am
No not at all, that's the weird thing. I'm doing exactly the same as I always do. I'm using a Mac if that's any help.

Title: Re: Truecrypt issue
Post by: kmfkewm on February 19, 2013, 11:25 am
First thing is to try and mount it read only, it looks like that can work in some cases. Select it in truecrypt as normal, but when you get to the password input section, click on the options button. This expands some additional things, check mount volume as read only. That will possibly let you access the content on the USB. If it does, I suggest storing it to an encrypted file container temporarily, and then formatting the USB device and re-encrypting it with truecrypt, making sure to select some filesystem that is compatible with whatever OS you are using, then you can put your content back on it and wipe the temporary encrypted file container. That is the first thing to try anyway. It looks like it can also be caused by corruption, in which case you may be fucked unfortunately. It also looks like it can be caused by trying to mount a filesystem that is not compatible with your operating system. That is just what I can gather from a quick google search, let me know how that works for you and if it doesn't I will try to find something else for you to try.
Title: Re: Truecrypt issue
Post by: Limetless on February 19, 2013, 11:31 am
This hasn't worked and I tried both as read only and normal. It was actually automatically selected as read only anyway.

Can you think of any other ways to get this.
Title: Re: Truecrypt issue
Post by: kmfkewm on February 19, 2013, 11:32 am
looks like it could also be caused from a corrupt header, in which case you have a chance to restore it from the embedded backup header. If the first solution does not work, attempt the following:

truecrypt --restore-headers /path/to/the/usb/device

you will be prompted and asked if you want to backup from a header backup you saved, or from the embedded header backup Truecrypt automatically added to the volume. Click on embedded and cross your fingers that it works I suppose.

That is the Linux command anyway it might be different on the Mac version, try truecrypt --help if that command fails and see if there is a Mac equivalent.
Title: Re: Truecrypt issue
Post by: Limetless on February 19, 2013, 11:37 am
By this I assume you mean entering it as a command in the terminal - truecrypt --restore-headers /path/to/the/usb/device

I am not really familiar with this, I know which the device is called so that's not the issue but when you say "path/to/the/usb" what exactly would this be?
Title: Re: Truecrypt issue
Post by: kmfkewm on February 19, 2013, 11:40 am
yes enter the command in terminal

truecrypt --restore-headers /path/to/the/usb/device

perhaps you could just put the name of the USB device , on Linux it would be something like

truecrypt --restore-headers /media/device_name

also note that truecrypt has no - in front of it
Title: Re: Truecrypt issue
Post by: SelfSovereignty on February 19, 2013, 11:43 am
After you plug it in, Lim, type "dmesg | tail" and you should see a couple of lines about "detected xxx on sr0" or "sde" or something.  That's what you want to use as the path -- "/dev/sde" if that's what "dmesg" says, for example.  Just stick the "/dev" in front of it.
Title: Re: Truecrypt issue
Post by: Limetless on February 19, 2013, 11:47 am
Ok tried all this and it's just saying "command not found"
Title: Re: Truecrypt issue
Post by: kmfkewm on February 19, 2013, 11:51 am
yeah it would actually be /dev on linux as well I dunno why I put media

limitless okay try truecrypt --help and see if it gives any commands that are similar. On Ubuntu that is it though.
Title: Re: Truecrypt issue
Post by: SelfSovereignty on February 19, 2013, 11:52 am
Fucking macs... they actually take the Linux kernel and modify it -- that's what a Mac is; I thought they'd leave the kernel logging stuff alone, but I guess not.  Just a waste of your time then, sorry.

I'm wondering though kmf... it sounds to me like TrueCrypt isn't a journaled file system and the thing didn't get unmounted properly.  The TrueCrypt site says that you can create a rescue disk to boot up and access a drive that's suffering from a corrupted boot loader.  Why isn't that a good idea?
Title: Re: Truecrypt issue
Post by: kmfkewm on February 19, 2013, 11:54 am
I think mac is actually based on BSD kernel

try this limitless:

truecrypt -m headerbak /dev/usb_device_name
Title: Re: Truecrypt issue
Post by: SelfSovereignty on February 19, 2013, 11:59 am
The problem is that he doesn't know what the chardev of the USB device is, bro... :)  At least I think so, that's why he's having so much trouble.

Does the "lsusb" command work Lim?  If that does, type "lsusb -v" and look for... well, something that sounds like a usb key.  That's gonna suck though, FYI.  You could try looking at the "/var/log/messages" file if it exists too.

Or just load up any GUI program that can autodetect when a device gets plugged in.  When you plug it in, the kernel (BSD, Linux, doesn't matter) creates a file that you can use to access the device.  It's the filename that you need.  So all you have to do is find out what the name of that is.  It's probably the last one named "sXX" in /dev/.  You'll have one per hard drive -- so if it's a laptop, it's going to have "sda" as the internal hard drive, and the usb key would be "sdb."

... this is based on Linux.  I never use macs, so if anybody's got a better idea, by all means -- tell me to shutup.
Title: Re: Truecrypt issue
Post by: Limetless on February 19, 2013, 12:02 pm
I tried the last thing you said kmf and again it says command not found

Same with the lsusb-v thing. Doesn't fly.

Title: Re: Truecrypt issue
Post by: kmfkewm on February 19, 2013, 12:07 pm
when you type truecrypt --help does a list of command options come up? Please paste it here if it does.
Title: Re: Truecrypt issue
Post by: kmfkewm on February 19, 2013, 12:08 pm
also make sure you are not capitalizing truecrypt or anything...
Title: Re: Truecrypt issue
Post by: kmfkewm on February 19, 2013, 12:10 pm
also are you putting spaces between truecrypt and --help ? I see you  did not between lsusb and -v when commenting on it
Title: Re: Truecrypt issue
Post by: SelfSovereignty on February 19, 2013, 12:19 pm
... I'm sorry man, but I think your USB key may have just died.  They do have a pretty limited life span, unfortunately.  How long have you been using it?  You can try opening Disk Utility in Applications, but... that's some guy online saying that, I'm not sure if that's really going to detect a device that has a damaged file system.

If there's nothing there, go to System Profile and wander to wherever the USB devices are.  If it STILL isn't there... it's most likely fried for good.  You can also open the "/dev" directory, and just plug the thing and pull it out (NOT FAST, like every 5 seconds or something pull it out, wait a few, plug it in, etc.).

If plugging it in and unplugging it while you're watching the "/dev" directory doesn't cause any new file to be created and to disappear -- and remember you'll probably have to keep hitting "refresh" in the folder view -- anyway, if nothing happens then... I think it gave up the ghost.
Title: Re: Truecrypt issue
Post by: kmfkewm on February 19, 2013, 12:22 pm
I think he is either typing the commands wrong somehow, or they are in a different format on OSX. I think his USB device is still fine because Truecrypt must have detected it for him to attempt to mount it. If recovering the header from the embedded backup doesn't work, when we find out how to do that on OSX, then you can try to mount it without a filesystem and repair it. If that doesn't work I give up.
Title: Re: Truecrypt issue
Post by: Limetless on February 19, 2013, 12:41 pm
when you type truecrypt --help does a list of command options come up? Please paste it here if it does.

I typed it exactly as you stated and it comes up with this - -bash: truecrypt: command not found
Title: Re: Truecrypt issue
Post by: kmfkewm on February 19, 2013, 12:46 pm
Okay I tried looking up truecrypt commands for OSX and it looks like you need to do something like this first:

cd /Applications/TrueCrypt.app/Contents/MacOS

(assuming that is the path to wherever your Truecrypt.app is)

then when you are there try tc --help and truecrypt --help as two separate commands.
Title: Re: Truecrypt issue
Post by: kmfkewm on February 19, 2013, 12:49 pm
actually scratch that, do this:


cd /Applications/TrueCrypt.app/Contents/MacOS (or whatever the path is for you)
ln -s TrueCrypt /usr/local/bin/truecrypt (optional but lets you call truecrypt from other directories)

now you can use the truecrypt commands from before probably:

truecrypt --restore-headers /path/to/the/usb/device (edit: I think you must type TrueCrypt if you skipped the ln -s step)
Title: Re: Truecrypt issue
Post by: Limetless on February 19, 2013, 01:16 pm
cd /Applications/TrueCrypt.app/Contents/MacOS

This one seemed to be alright. Then I typed this - ln -s TrueCrypt /usr/local/bin/truecrypt and it said permission denied.
Title: Re: Truecrypt issue
Post by: kmfkewm on February 19, 2013, 01:33 pm
you have two options. One is that you could run the command as root, since that will take care of the permissions problem. Since you don't normally care about accessing truecrypt from terminal, let's just skip that step though. Try the following:

cd /Applications/TrueCrypt.app/Contents/MacOS

TrueCrypt --restore-headers /path/to/the/usb/device
Title: Re: Truecrypt issue
Post by: Limetless on February 19, 2013, 01:35 pm
First one worked, second one didn't. I think I may be typing it wrong, this is what I'm putting - TrueCrypt --restore-headers /dev/rdisk1s1
Title: Re: Truecrypt issue
Post by: kmfkewm on February 19, 2013, 01:40 pm
try it without the capitalization. if that still fails, type ls -a and paste the output here
Title: Re: Truecrypt issue
Post by: Limetless on February 19, 2013, 01:43 pm
.      ..      TrueCrypt

That's what I got from the Is -a
Title: Re: Truecrypt issue
Post by: kmfkewm on February 19, 2013, 01:45 pm
what happens if you just type TrueCrypt ??
Title: Re: Truecrypt issue
Post by: Limetless on February 19, 2013, 01:48 pm
-bash: TrueCrypt: command not found
Title: Re: Truecrypt issue
Post by: kmfkewm on February 19, 2013, 01:59 pm
doh I am tired

./TrueCrypt --restore-headers /path/to/the/usb/device
Title: Re: Truecrypt issue
Post by: kmfkewm on February 19, 2013, 02:01 pm
(make sure you cd to the right directory first though)
Title: Re: Truecrypt issue
Post by: flwrchlds9 on February 19, 2013, 10:09 pm
will read when have time later, but ** Before you do anything more IMAGE the entire USB key/drive **

if you damage it or do something bad to it you will be even worse. make a backup now, and did you have backup before?
Title: Re: Truecrypt issue
Post by: kmfkewm on February 20, 2013, 02:17 am
if he tries to mount it with

cd /Applications/TrueCrypt.app/Contents/MacOS
./TrueCrypt -m headerbak /dev/usb_device_name

I don't think he needs to worry about anything. That mounts it with the embedded recovery header, but it doesn't replace the potentially corrupted header. I suppose it cannot hurt to back it up before trying

./TrueCrypt --restore-headers /path/to/the/usb/device

as that replaces the potentially corrupted header with the embedded backup header, however I wouldn't be extremely worried about it simply because it would only cause a problem if the embedded backup header is corrupted but the original header isn't. Still good advice to make a back up though.

Title: Re: Truecrypt issue
Post by: Limetless on February 20, 2013, 08:05 pm
My apologies about not following this thread up till now I've had issues connecting to the site (kept getting the time out screen). I need to catch up with my orders and messages and then I'll continue trying the solutions above. Let me just catch up.

Thank you for your assistance on this Kmf, it's very good of you to try to help.
Title: Re: Truecrypt issue
Post by: Limetless on February 20, 2013, 08:11 pm
Also something else that may be of importance is that whilst I can't access my files like spreadsheets and word documents I can still access my GPG key-chain and encrypt things even though GPG is stored on the USB??? Wouldn't this indicate that the data itself isn't fucked but this is just a glitch that can be fixed? I haven't tried to decrypt anything yet but I'll let you know how that goes when I get round to it.
Title: Re: Truecrypt issue
Post by: SelfSovereignty on February 20, 2013, 08:49 pm
Er, uh... Limetless, good buddy good pal, ol' gangster friend of mine... I think you have a serious issue if you consider yourself secure, because what you just said shouldn't be possible.  If you can access ANYTHING on that USB drive, ANYTHING AT ALL, it is not corrupted.  It is fine.  If you can only access PARTS of it, it's still not corrupted.  The files are all fucked, maybe even sectors (or whatever USB keys have that's the equivalent of a hard drive sector) have died permanently, but that still doesn't mean that the problem is what you think it is.

If you can read anything on that thing at all, the filesystem is intact.  If you can still decrypt stuff without being able to read anything at all on that USB key... you have not been keeping your keychain on your USB key.  Moreover, you don't know where you've been keeping it.  That's... bad, for someone who vends and who would be a prime target for anybody who wants to make a splash over on your side of the pond -- whether you deserve the praise you give yourself or not, you gotta admit... you give it freely, and that could draw attention :)

To be clear, all you need to ENcrypt is the program itself.  To decrypt you need your private key.  So no, it's not weird at all.  Except that you have the program installed somewhere other than the USB key, which means it would be easy to use the wrong one (which would presumably keep the key in the wrong place, and you see where I'm going).
Title: Re: Truecrypt issue
Post by: Limetless on February 20, 2013, 09:08 pm
Duly noted.
Title: Re: Truecrypt issue
Post by: kmfkewm on February 21, 2013, 07:00 am
Also something else that may be of importance is that whilst I can't access my files like spreadsheets and word documents I can still access my GPG key-chain and encrypt things even though GPG is stored on the USB??? Wouldn't this indicate that the data itself isn't fucked but this is just a glitch that can be fixed? I haven't tried to decrypt anything yet but I'll let you know how that goes when I get round to it.

Not sure I understand this. So you can access GPG that is on the USB device? Is it a portable version of GPG or something? So Truecrypt actually does let you mount the device after typing in your password? Is the entire device encrypted or do you have an encrypted file container on it with other things that are not encrypted? If that is the case you need to give the path to the file container instead of the USB device.
Title: Re: Truecrypt issue
Post by: Limetless on February 22, 2013, 04:53 pm
Also something else that may be of importance is that whilst I can't access my files like spreadsheets and word documents I can still access my GPG key-chain and encrypt things even though GPG is stored on the USB??? Wouldn't this indicate that the data itself isn't fucked but this is just a glitch that can be fixed? I haven't tried to decrypt anything yet but I'll let you know how that goes when I get round to it.

Not sure I understand this. So you can access GPG that is on the USB device? Is it a portable version of GPG or something? So Truecrypt actually does let you mount the device after typing in your password? Is the entire device encrypted or do you have an encrypted file container on it with other things that are not encrypted? If that is the case you need to give the path to the file container instead of the USB device.

Sorry I was not clear. The device is not mounted no but the GPG program and everything to do with it is on the USB but it's working and I can encrypt and decrypt things.
Title: Re: Truecrypt issue
Post by: SelfSovereignty on February 23, 2013, 12:54 am
Also something else that may be of importance is that whilst I can't access my files like spreadsheets and word documents I can still access my GPG key-chain and encrypt things even though GPG is stored on the USB??? Wouldn't this indicate that the data itself isn't fucked but this is just a glitch that can be fixed? I haven't tried to decrypt anything yet but I'll let you know how that goes when I get round to it.

Not sure I understand this. So you can access GPG that is on the USB device? Is it a portable version of GPG or something? So Truecrypt actually does let you mount the device after typing in your password? Is the entire device encrypted or do you have an encrypted file container on it with other things that are not encrypted? If that is the case you need to give the path to the file container instead of the USB device.

Sorry I was not clear. The device is not mounted no but the GPG program and everything to do with it is on the USB but it's working and I can encrypt and decrypt things.

That means that despite whatever is making you think that your private key and the GPG program are on that encrypted USB device... they are not.  You're running GPG, which means it's on your main computer drive.  You're encrypting, which means your public keys are also on that drive.  You're decrypting, which means your private keys are also on that drive.

To be clear: running the GPG program requires only the program.  Encrypting requires the program and a public key.  Decrypting requires the program and the private key something was encrypted for.

So what you've said means that with 100% certainty, you have everything you need to handle your PGP encrypted stuff on the same drive as everything else is on.  Public keychain, private keychain, and the program itself.  Presumably unprotected and just sitting there somewhere unknown.  So what have you been using this USB key for?  Wait... scratch that, we don't need to know that obviously... but what I'm wondering is why you need to access it at all?
Title: Re: Truecrypt issue
Post by: Christy Nugs on February 23, 2013, 01:53 am
this is really messed up :(

he is obviously accessing his spread sheets and whatever else.
ur gpg is right on ur comp somewhere and can be had. fix that!

i would backup and start over

stay safe Limmy  <3

EDIT:
next time u make a stick on a mac osx make it portable - that seems to help on my friends
Title: Re: Truecrypt issue
Post by: SelfSovereignty on February 23, 2013, 02:01 am
this is really messed up :(

he is obviously accessing his spread sheets and whatever else.
ur gpg is right on ur comp somewhere and can be had. fix that!

i would backup and start over

stay safe Limmy  <3

EDIT:
next time u make a stick on a mac osx make it portable - that seems to help on my friends

Yeah, now that you really point it out, I'm seeing what could be so important.  I was naively assuming he wanted to calculate expected profits for next month or something based on sales from previous months.

I've never had more contacts than I can hold in my head... what can I say  ::)
Title: Re: Truecrypt issue
Post by: kmfkewm on February 23, 2013, 04:03 am
Also something else that may be of importance is that whilst I can't access my files like spreadsheets and word documents I can still access my GPG key-chain and encrypt things even though GPG is stored on the USB??? Wouldn't this indicate that the data itself isn't fucked but this is just a glitch that can be fixed? I haven't tried to decrypt anything yet but I'll let you know how that goes when I get round to it.

Not sure I understand this. So you can access GPG that is on the USB device? Is it a portable version of GPG or something? So Truecrypt actually does let you mount the device after typing in your password? Is the entire device encrypted or do you have an encrypted file container on it with other things that are not encrypted? If that is the case you need to give the path to the file container instead of the USB device.

Sorry I was not clear. The device is not mounted no but the GPG program and everything to do with it is on the USB but it's working and I can encrypt and decrypt things.

Have you encrypted the entire USB drive or have you got a container file on it?
Title: Re: Truecrypt issue
Post by: Limetless on February 25, 2013, 06:48 am
this is really messed up :(

he is obviously accessing his spread sheets and whatever else.
ur gpg is right on ur comp somewhere and can be had. fix that!

i would backup and start over

stay safe Limmy  <3

EDIT:
next time u make a stick on a mac osx make it portable - that seems to help on my friends

This is the point I cant access any of my sreadsheet files etc. Guess it;s time to get a USB a new Mac and srart over. :(
Title: Re: Truecrypt issue
Post by: Limetless on February 25, 2013, 06:50 am
Also something else that may be of importance is that whilst I can't access my files like spreadsheets and word documents I can still access my GPG key-chain and encrypt things even though GPG is stored on the USB??? Wouldn't this indicate that the data itself isn't fucked but this is just a glitch that can be fixed? I haven't tried to decrypt anything yet but I'll let you know how that goes when I get round to it.

Not sure I understand this. So you can access GPG that is on the USB device? Is it a portable version of GPG or something? So Truecrypt actually does let you mount the device after typing in your password? Is the entire device encrypted or do you have an encrypted file container on it with other things that are not encrypted? If that is the case you need to give the path to the file container instead of the USB device.

Sorry I was not clear. The device is not mounted no but the GPG program and everything to do with it is on the USB but it's working and I can encrypt and decrypt things.

Have you encrypted the entire USB drive or have you got a container file on it?

Its a split partition.