This project has moved and is read-only. For the latest updates, please go here.

scrapping headers.

Topics: Users Discussion
Mar 27 at 3:55 AM

Found this in a post.

1 - salt place is start of header (it does not affect restore/backup)
2 - dd is possible.

Main header sector - 0 ordinary, 128 hidden

Backup header - end of volume minus 255 is ordinary, end of volume minus 127 is hidden

So would be possible to over write the first 255 bytes, and last 255 bytes to make the container/partion unreadable??

Then later using a backup'ed header to read it again??
Mar 27 at 1:29 PM

The post about ordinary volume (not system encrypted)

Volume sectors range [0, endOfVolume] (note - endOfVolume is included)

Main header range [0,255]
Backup header range [endOfVolume - 255, endOfVolume]

Outer keys sector main: 0
Outer keys sector backup: endOfVolume - 255
Hidden keys sector main: 128
Hidden keys sector backup: endOfVolume - 127

So to destroy keys clean keys.

I wrote tool with possibility to create multiple hidden volumes DcsWinCfg. It can create "fake" header and overwrite both main and backup headers.

to overwrite outer key
DcsWinCfg --volume <volume_path> --hdr-password=<pwd> --hdr-pim=<pim> --hdr-hash=<hash> --rnd-data <rnd_file> --hdr-pos=0 --hdr-volume-size=<size KB> --hdr-enc-start=<start KB> --hdr-create
--hdr-hash=1 (1 SHA512, 2 Whirpool, 3 SHA256, 4 RIPEMD, 5 STREEBOG)
--hdr_pos=1 creates volume header in sector 1 (ordinary header is 0)
--hdr-volume-size=<size KB> - size of new hidden volume (use data from dump info)
--hdr-enc-start=<start KB> - start of new hidden volume (use data from dump info)