Ready for some Security Through Obscurity fun?
I’ve been playing with TrueCrypt‘s Boot Loader Screen Options to display a custom message when I boot my laptop with full disk encryption.
It’s probably enough to be misleading during a casual inspection of your laptop:
The screen doesn’t even display asterisks when you type your TrueCrypt password.
It’s just as unresponsive as the original “NTLDR is missing” screen.
The only difference with the Windows XP NT Loader missing message, is that the original is just a bit longer:
Or you can just let it display gibberish, like this:
And if challenged, say your laptop was infected with a virus from that damned hotel’s WiFi network.
Quickpost info
[...] juli 2009 door admin De Belgische beveiligingsonderzoeker Didier Stevens gebruikt het opstartscherm van encryptiesoftware TrueCrypt om personen die zijn laptop willen inspecteren te [...]
Pingback by TrueCrypt boodschap moet laptop inspectie misleiden - BLOG PC Web plus - — Monday 13 July 2009 @ 8:17
This works, until someone presses escape. I am using Truecrypt for my windows partition but I also have a Linux distro installed on a other partion. Pressing escape will lead me to the GRUB bootloader installed in the linux partition.
I guess the same thing applies to this trick when you do not have a dualboot system, pressing escape will bypass the bootloader and I guess leaves you with some TrueCrypt error message or NTDLR error.
So I’d rather use the first obscurity method because it would be strange to see gibberish and after pressing escape seeing the windows or Truecrypt bootloader (fail)
It is a interesting concept though.
Comment by Tim — Monday 13 July 2009 @ 8:35
Simple but elegant. You rock as usual. Some organizations are lucky to have you as a volunteer.
Comment by Security4all — Monday 13 July 2009 @ 9:24
@Tim There’s an option to disable the boot manager (i.e. ESC key).
But the most important aspect to get this trick to work are your social engineering skills, not your technical skills
Comment by Didier Stevens — Monday 13 July 2009 @ 10:01
Kan je, indien je tijd & zin hebt, #Becrypt ook is op de rooster leggen ?
Comment by Bram — Monday 13 July 2009 @ 14:17
[...] gives us a nifty little tip on hiding the fact that our laptop is encrypted. Quickpost: TrueCrypt’s Boot Loader Screen Options << Didier Stevens Tags: ( encryption truecrypt [...]
Pingback by Interesting Information Security Bits for 07/13/2009 | Infosec Ramblings — Monday 13 July 2009 @ 21:03
[...] http://blog.didierstevens.com/2009/07/13/quickpost-truecrypts-boot-loader-screen-options/ [...]
Pingback by James Morris (jamesm) 's status on Monday, 13-Jul-09 23:44:53 UTC - Identi.ca — Monday 13 July 2009 @ 23:45
I’d like for the next version of TrueCrypt have the option of automatically loading the decoy system if the hidden system password is not entered within 5 seconds.
In my case, I can actually get a hidden operating system working and have the decoy system unencrypted (no need to type a password) which is what I want to happen. Unfortunately, the boot loader of TrueCrypt still waits for a password, and I just put the text “Press ESC to continue.”
I want it so that I don’t need to press ESC, just let it wait for a few seconds.
Comment by David — Thursday 12 August 2010 @ 6:55