Windows: Fix vulnerability inherited from TrueCrypt that allows an attacker to detect with high probability if a hidden volume is present. Vulnerability reported by Ivanov Alexey Mikhailovich.

2025-11-11 11:08:02 -06:00 · 2016-08-08 00:49:00 +02:00
parent 3fb2eedab8
commit 5b381ce7d7
5 changed files with 286 additions and 30 deletions
--- a/src/Common/Format.c
+++ b/src/Common/Format.c
@@ -566,10 +566,63 @@ begin_format:
 	// Fill reserved header sectors (including the backup header area) with random data
 	if (!volParams->hiddenVol)
 	{
+		BOOL bUpdateBackup = FALSE;
+
 		nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, cryptoInfo, dataAreaSize, FALSE, FALSE);

 		if (nStatus != ERR_SUCCESS)
 			goto error;
+
+		// write fake hidden volume header to protect against attacks that use statistical entropy
+		// analysis to detect presence of hidden volumes.
+		
+		while (TRUE)
+		{
+			PCRYPTO_INFO dummyInfo = NULL;
+			LARGE_INTEGER hiddenOffset;
+
+			hiddenOffset.QuadPart = bUpdateBackup ? dataAreaSize + TC_VOLUME_HEADER_GROUP_SIZE + TC_HIDDEN_VOLUME_HEADER_OFFSET: TC_HIDDEN_VOLUME_HEADER_OFFSET;
+
+			nStatus = CreateVolumeHeaderInMemory (hwndDlg, FALSE,
+				header,
+				volParams->ea,
+				FIRST_MODE_OF_OPERATION_ID,
+				NULL,
+				0,
+				0,
+				NULL,
+				&dummyInfo,
+				dataAreaSize,
+				dataAreaSize,
+				dataOffset,
+				dataAreaSize,
+				0,
+				volParams->headerFlags,
+				FormatSectorSize,
+				FALSE);
+
+			if (nStatus != ERR_SUCCESS)
+				goto error;
+
+			crypto_close (dummyInfo);
+
+			if (!SetFilePointerEx ((HANDLE) dev, hiddenOffset, NULL, FILE_BEGIN))
+			{
+				nStatus = ERR_OS_ERROR;
+				goto error;
+			}
+
+			if (!WriteEffectiveVolumeHeader (volParams->bDevice, dev, header))
+			{
+				nStatus = ERR_OS_ERROR;
+				goto error;
+			}
+
+			if (bUpdateBackup)
+				break;
+
+			bUpdateBackup = TRUE;
+		}
 	}

 #ifndef DEBUG