How does VeraCrypt creates Volume.dmg disk image and Control file based on created container?

Topics: Technical Issues, Users Discussion
Mar 6, 2015 at 11:11 AM
I am just curious to know, how does VeraCrypt creates Volume.dmg disk image and Control file based on created container? Quickly I did browse into the source code, looks like this creation happened after invoking with osxfuse fs. But not exactly ? Hope some expert can give some light.

Why do we need this volume image and control file?

Mar 6, 2015 at 1:04 PM

VeraCrypt never creates a MacOSX dmg file nor any Control file, so I have no idea what are you referring to.

VeraCrypt only create a file container that the user can format either using FAT or MacOS Extended (on Windows, he can choose FAT, NTFS and on Linux he can choose FAT, Ext3, Ext4 and NTFS).

Can you please explain how do you come up with a dmg file? Certainly it is not through VeraCrypt...

Mar 6, 2015 at 2:03 PM
Edited Mar 6, 2015 at 2:05 PM
I could observe the below information, when trying to mount a container formatted with FAT

VeraCrypt@osxfuse1 on /private/var/folders/yb/fhfggk0s5234dt00w1d88nyc0000gn/T/.veracrypt_aux_mnt1 (osxfusefs, nodev, nosuid, synchronous, nobrowse, mounted by abhrajyoti)

/dev/disk3 on /Volumes/NO NAME (msdos, local, nodev, nosuid, noowners, mounted by abhrajyoti)

Seems like below "volume.dmg" file gets attached by hdiutil to "/Volumes/NO NAME 1" mount point where we should be able to keep DATA which would be encrypted by veraCrypt with the help of fuse service. I am wondering how the below two file volume.dmg and control file getting generated ?

abhrajyoti$ ls -lart /private/var/folders/yb/fhfggk0s5234dt00w1d88nyc0000gn/T/.veracrypt_aux_mnt1
total 19976
drwx------ 27 abhrajyoti staff 918 Mar 6 20:21 ..
-rw------- 1 abhrajyoti staff 10223616 Mar 6 20:21 volume.dmg
-rw------- 1 abhrajyoti staff 1647 Mar 6 20:21 control
dr-x------ 2 abhrajyoti staff 0 Mar 6 20:21 .
abhrajyoti$ ls /Volumes/NO\ NAME

Thanks for your reply.
Mar 6, 2015 at 6:42 PM
This files are created and managed by OSXFUSE and VeraCrypt has nothing to do with them.
You have to contact OSXFuse author or read its source code to understand their use but most certainly they are used as a backend for exposing storage space to OSX kernel.
Mar 9, 2015 at 4:25 PM
Thanks for your reply.

From the VeraCrypt source code, i could see osxfuse is getting invoked (for Mac OSX) with following arguments:
    list <string> args;
    args.push_back (FuseService::GetDeviceType());
    args.push_back (fuseMountPoint);
    args.push_back ("-o");
    args.push_back ("noping_diskarb");
    args.push_back ("-o");
    args.push_back ("nobrowse");

    if (getuid() == 0 || geteuid() == 0)
        args.push_back ("-o");
        args.push_back ("allow_other");

        // Convert args into argv
       // Invoke osxfus as below
        fuse_main (argc, argv, &fuse_service_oper));
But i am not sure how VeraCrypt is getting the USE of the encrypted file container w.r.t. osxfuse to get a mount point? What is the exact use of loop device and virtual device ?I will be really thankful for the inside details please?