This project has moved and is read-only. For the latest updates, please go here.
1
Vote

System decryption from rescue disk is terrifyingly unreliable

description

I was forced to decrypt my system drive from my VeraCrypt rescue disk. The decryption froze 3 times and I had to reboot the PC each time. This caused data corruption, because the header was not updated with the decryption status. VeraCrypt simply stopped counting down megabytes and did not react to key presses (Esc). The cursor at the end of the line "Remaining: xxxxxxx MB" was still blinking.

My hardware is solid. The mainboard is from Gigabyte, running the latest Bios and populated with an AMD Phenom X4 and ECC RAM. The harddisk is a Samsung 850 Pro (256 GB) with "good" S.M.A.R.T. and all sectors are readable without any delay.

How can I help finding what made VeraCrypt crash?
Or would it be a good idea to giv users the option to resume decryption from user chosen position? I expect this could lead to some data becoming corrupted. But at least this corruption would be in the megabyte range, not in the gigabyte range.

comments

idrassi wrote Nov 18, 2016 at 11:13 PM

We never encountered such freezes in our tests and I believe it is the first time it has been reported.

The code that handles this part is simple and easy to analyze: https://github.com/veracrypt/VeraCrypt-DCS/blob/master/DcsCfg/DcsCfgCrypt.c#L407
Basically, we read blocks of data, decrypt them, write back decrypted data, update header with new position, display remaining bytes and then do the same again.

Since the counter stopped, it means VeraCrypt is blocked either during reading/writing data or during decryption.

I don't see how decryption of a block could block (what algorithm are you using?). So probably we are blocked during the read/write calls to the disk controller.

I will see if I can provide you with debug version of rescue disk that displays extra information so we can have a better view about the steps where it blocks.

Supporting a custom position to resume decryption can be dangerous because it will overwrite the current value in the header. Technically it is possible... I will look into that.

daniel_mm wrote Nov 19, 2016 at 12:15 AM

If I get a debug version, I would actually plague my PC a little more :-)

Why does one have to defer decryption by pressing Esc, when VeraCrypt updates the header after every sector? After each crash, a new attempt to decrypt the disk started where decryption was deferred the last time, but not at the actual last decrypted sector.

I was thinking of editing the header of my first disk image myself. I have a raw disk image where decryption crashed after 121794 MB remaining, and a second image where I managed to defer decryption again with 121794 MB remaining. This way, I hope to get the first image into a state, where decryption will start from position "121794 remaining", instead of from the very beginning of the disk. But editing disk images without really knowing at which position (sector 62?) and how much to copy (512 bytes?) is ... difficult.

daniel_mm wrote Nov 20, 2016 at 6:18 PM

No debug version yet?

I found out how to resume decryption by copying sector 63 (not 62). But this is a painful thing to do. I have to defer decryption every now and then and make a disk image. This is the only way, since VeraCrypt continues to crash.
Deactivating power saving in the Bios and changing the SATA cable did not help either.

daniel_mm wrote Nov 21, 2016 at 4:00 PM

OK, this is ridiculous. Without having a chance to find out why VC crashes, I will never be able to decrypt my disk. I would have to defer decryption every 2 hours, make a disk image and restore the last disk image when VC crashes again. And it does crash very often.

ElliesDad wrote Jan 10, 2017 at 8:04 PM

Are you sure your controller isn't simply over-heating?

I have had the symptom you describe simply as a result of copying files from one (very large) drive to another (very large) drive, for hours and hours and hours (actually it took me about a week!)

If I was you, I'd try taking the cover off my machine, point a big fan at the mobo, run it for 2 hours, then pause it (which it sounds like you can do) for 20 minutes, then repeat till done. If you can ground yourself adequately, you might just feeling the controller to see how hot it is.

You might find the fan is all you need (eg, no pauses), in which case adding a fan to your case would get you the stability you need.

daniel_mm wrote Jan 10, 2017 at 8:38 PM

I highly doubt that my controller is defective (that's what I would call it, if it needed cooling). My case is open and there is a 12cm fan blowing air over the motherboard. I never had any hardware problems with my rig and I am afraid that pointing at every single component that could be faulty is not leading anywhere.
Well, I could hook the SSD up to another PC ... when I find the time to do so ... with all that has gone wrong with VeraCrypt and Windows Update, I don't really care any more to find out what went wrong :-(