[Q] Truecrypt port to Android

[Blu3Fr0g]

It requires rooting the device and I am just not interested in doing that at the moment.

Sent from my PG41200 using xda premium

 

[pdwOnline]

Of course truecrypt could run on a Android device. i had something similar years ago in my Windows mobile phone. Since android runs om a Linux later later that must be possible..

 

[Veight]

If it were to allow hidden full disk encryption then you would want it to ask you the password before loading the rom so you could have a backup rom in anycase. Or when it boots just have it ask for a pass with no hidden partition. *shrug*

 

[bisq]

If sdcard emulation is not mandatory you can try Eds (it is available on android market).

 

[clesenne]

TrueCrypt ported to Android

I've started porting TrueCrypt to Android. It's part of Cryptonite's latest alpha (0.4.0, see https://code.google.com/p/cryptonite/). The following restrictions apply at this time:

• No GUI - command-line access only.
• Requires FUSE. Most CyanogenMod ROMs except of Motorola builds support FUSE.
• Requires root.
• Only works with local volumes. No cloud storage support.

To get started, select the "expert" tab, click "Start root terminal", then use truecrypt from the command line.

Thanks for testing.

 

[dqb]

Thank you clesenne.
I just started to cross compile, and before to port Truecrypt to Android I searched if this has been done.
A quick little test :

modprobe fuse
mkdir /sdcard/test
cd /sdcard/test/
truecrypt -c ( I created normal volume : size 4M; Encryption algo : AES; Hash algo: RIPEMD-160; FS: FAT; && hidden volume with same configuration )
truecrypt /sdcard/test/test ( mount normal volume, put a file in it )
truecrypt -d ( dismount all volumes )
truecrypt /sdcard/test/test ( mount hidden volume, put another file in it )

Result : Normal volume and Hidden volume works perfectly !

 

[SprigganMaster]

I've started porting TrueCrypt to Android. It's part of Cryptonite's latest alpha (0.4.0, see https://code.google.com/p/cryptonite/). The following restrictions apply at this time:

• No GUI - command-line access only.
• Requires FUSE. Most CyanogenMod ROMs except of Motorola builds support FUSE.
• Requires root.
• Only works with local volumes. No cloud storage support.

To get started, select the "expert" tab, click "Start root terminal", then use truecrypt from the command line.

Thanks for testing.

Wow!
Thanks so much!

I will test it tonight and report any issue.

 

[bravomail]

How is this different from built-in Android encryption?

 

[clesenne]

How is this different from built-in Android encryption?

The short answer:
Built-in Android encryption encrypts your whole phone. TrueCrypt lets you create virtual encrypted disks that you can use across all supported devices, such as your PC and your mobile phone.

The long answer:
The purpose of the built-in encryption is to protect your /data partition in case an attacker gains access to your phone while it's not booted up. Android encrypts your whole /data partition at the kernel level [1].

The purpose of TrueCrypt is to create virtual encrypted disks that are contained within a single file [2]. You can store these at arbitrary locations, such as on your sd card or on USB drives, and access them from any device that supports TrueCrypt. Besides, it features some advanced encryption methods so that your data might even withstand key disclosure legislation [3].

Sorry - I'm not allowed to post links as a forum rookie.
[1] source.android.com/tech/encryption/android_crypto_implementation.html
[2] truecrypt.org
[3] truecrypt.org/docs/?s=plausible-deniability

 

[naklinaam]

Error Message - file name too long while trying to mount truecrypt file

Hi,
I tried mounting a truecrypt file but was unable to do it.
Kept getting a message about the file name being too long.

Here is the detailed scenario:
What I am trying to mount:
1. Using a rooted Nexus One with CM 7.
2. Created a truecrypt file on ubuntu and transferred to the phone using dropbox
3. Using just a password and no file to encrypt/decrypt the file

I initially tried to mount it to a non existent destination (/media/truecrypt1) when even the /media folder does not exist on my phone
Got the filename too long error.

Renamed the file from data_transfer to data (there is no extension)
Tried again, same error.

Created a folder on my sd card called /mnt/sdcard/truecrypt
tried mounting 'data' to this folder, still the same error.

Am I missing something? is it a generic message for all errors?

I finally created a new empty truecrpty container of only 5 MB and added a simple tect file in it.

Even this did not mount.

Does anyone have any suggestions on how I might debug/resolve this?
Is there any more information I should have shared in order to help the gurus figure out whats going on?

I have tried to look through this thread and did not seem to find anyone reporting this issue, so please pardon me if you think I am being a lazy noob. I am definitely not trying to.

 

[clesenne]

I initially tried to mount it to a non existent destination (/media/truecrypt1) when even the /media folder does not exist on my phone
Got the filename too long error.

Renamed the file from data_transfer to data (there is no extension)
Tried again, same error.

Created a folder on my sd card called /mnt/sdcard/truecrypt
tried mounting 'data' to this folder, still the same error.

Am I missing something? is it a generic message for all errors?

Thanks for your bug report. I've started a new issue on the project site:

https://code.google.com/p/cryptonite/issues/detail?id=16

Could you please post the commands that you used on that page so that I can reproduce the bug?

 

[naklinaam]

Thanks for your bug report. I've started a new issue on the project site:
<since I am a noob, i cant even have the url in the quote replace the url in the original post with this message>

Could you please post the commands that you used on that page so that I can reproduce the bug?

1. Downloaded cryptonite from market.

2. Linked to my dropbox account (for now I have unlinked it and am using just the local file on my sd card)

3. navigate to the expert tab

4. start root terminal (I got a message about the outdated terminal emulator and downloaded the latest version from market)

5. got a message about superuser request, which i allowed

6. the terminal has the following

$export PATH=/data/local/bin:$PATH
$ export PATH=/data/data/csh.cryptonite:${PATH}; su;
#

7. I typed

# truecrypt /sdcard/MyData/testcrypt.tc /mnt/sdcard/Folder

I get a different error message now while trying to replicate it:
Failed to set up loop device:
/sdcard/Android/data/csh.cryptonite/.truecrypt_aux_mnt1/volume.

Not sure what I did differently this time.


I need to head out for some time, but will come back and try with the original file (data) and update with the results.

Thanks for promptly responding to my issue

 

[dqb]

Hi,

I get a different error message now while trying to replicate it:
Failed to set up loop device:
/sdcard/Android/data/csh.cryptonite/.truecrypt_aux_mnt1/volume.

You need FUSE !
If you have FUSE as module, load it by typing in a root terminal :

modprobe fuse

And retry to mount.

 

[clesenne]

Hi,

You need FUSE !
If you have FUSE as module, load it by typing in a root terminal :

modprobe fuse

And retry to mount.

Did you actually try that? I.e.

modprobe fuse

in a root terminal before you try to mount a truecrypt volume?

If that doesn't work, what's the output of

ls /dev/fuse

 

[naklinaam]

Did you actually try that? I.e.

modprobe fuse

in a root terminal before you try to mount a truecrypt volume?

If that doesn't work, what's the output of

ls /dev/fuse

That does seem to be the issue.
I dont have fuse.

#modprobe fuse
modprobe: module fuse not found

#ls /dev/fuse
/dev/fuse

Will now try to figure out how to get fuse and update once i am able to try it with the module installed.

I had read about fuse being required, but the same post also seemed to suggest that CM already has fuse, and since I am using CM7, I assumed I had it.

UPDATE: further search seems to indicate I fuse needs to be compiled into the kernel to start with. Limited google search did not turn up any precompiled version with fuse for good ole Nexus one, so I guess I am stuck with what I have for now.
Thanks to everyone for helping me understand what the issue is.
I am still hopeful I will be able to find the answer, but might take some more hunting till i find a precompiled fuse module. Dont feel confident enough to try and compile it myself.

 

[clesenne]

That does seem to be the issue.
I dont have fuse.

#modprobe fuse
modprobe: module fuse not found

#ls /dev/fuse
/dev/fuse

Given that /dev/fuse exists on your system, chances are that your kernel supports fuse and you don't have to load a kernel module.

What's the output of the following commands:

gunzip -c /proc/config.gz | grep CONFIG_FUSE_FS
losetup -f
cat /proc/mounts # only the last 2 or 3 lines of output
ls -l -a /sdcard/Android/data/csh.cryptonite/

Thanks for your patience. This information is really useful to make TrueCrypt work on more devices.

 

[naklinaam]

Given that /dev/fuse exists on your system, chances are that your kernel supports fuse and you don't have to load a kernel module.

What's the output of the following commands:

gunzip -c /proc/config.gz | grep CONFIG_FUSE_FS
losetup -f
cat /proc/mounts # only the last 2 or 3 lines of output
ls -l -a /sdcard/Android/data/csh.cryptonite/

Thanks for your patience. This information is really useful to make TrueCrypt work on more devices.

Good mornign, I am back from slumberland
Firstly, thanks for sticking with me through this. Also, I am really happy to help debug this. My first chance to give back (in a real small way) to this community that gives so much.

here is the results you asked for

# gunzip -c /proc/config.gz | grep CONFIG_FUSE_FS
CONFIG_FUSE_FS=y
# losetup -f
# cat /proc/mounts

/dev/block/dm-45 /mnt/asec/com.xinlu.gvdial-1 vfat ro,dirsync,nosuid,nodev,relatime,uid=1000,fmask=0222,dmask=0222,codepage=cp437,iocharset=iso8859-1,shortname=mixed,utf8,errors=remount-ro 0 0
/dev/block/dm-46 /mnt/asec/com.snrblabs.grooveip-1 vfat ro,dirsync,nosuid,nodev,relatime,uid=1000,fmask=0222,dmask=0222,codepage=cp437,iocharset=iso8859-1,shortname=mixed,utf8,errors=remount-ro 0 0
/dev/block/dm-29 /mnt/asec/csh.cryptonite-1 vfat ro,dirsync,nosuid,nodev,relatime,uid=1000,fmask=0222,dmask=0222,codepage=cp437,iocharset=iso8859-1,shortname=mixed,utf8,errors=remount-ro 0 0
# ls -l -a /sdcard/Android/data/csh.Cryptonite
d--xrwxr-x    3 system   sdcard_r     32768 Apr  7 21:06 .
d--xrwxr-x   14 system   sdcard_r     32768 Apr  7 22:15 ..
d--xrwxr-x    2 system   sdcard_r     32768 Apr  5 16:03 cache
#

PS: the cryptonite entry in /proc/mounts was somewhere in the middle, hunted for it and added to the bottom of this list so you can see it.

 

[clesenne]

# gunzip -c /proc/config.gz | grep CONFIG_FUSE_FS
CONFIG_FUSE_FS=y

Good. That means your kernel has been compiled with FUSE support and you don't need to load an external module.

# losetup -f

That's probably causing the problem: You don't have any spare loop device files. What's the output of

# losetup
# ls -la /dev/block/loop*

If you don't have any loop device files under /dev/block, try

# find /dev -name "*loop*"

 

[naklinaam]

Good. That means your kernel has been compiled with FUSE support and you don't need to load an external module.
That's probably causing the problem: You don't have any spare loop device files. What's the output of

# losetup
# ls -la /dev/block/loop*

If you don't have any loop device files under /dev/block, try

# find /dev -name "*loop*"

# losetup -f
# ls -la /dev/block/loop*
brw-------    1 root     root        7,   0 Apr  7 20:47 /dev/block/loop0
brw-------    1 root     root        7,   1 Apr  7 20:47 /dev/block/loop1
brw-rw----    1 root     root        7,  10 Apr  7 20:48 /dev/block/loop10
brw-rw----    1 root     root        7,  11 Apr  7 20:48 /dev/block/loop11
brw-rw----    1 root     root        7,  12 Apr  7 20:48 /dev/block/loop12
brw-rw----    1 root     root        7,  13 Apr  7 20:48 /dev/block/loop13
brw-rw----    1 root     root        7,  14 Apr  7 20:48 /dev/block/loop14
brw-rw----    1 root     root        7,  15 Apr  7 20:48 /dev/block/loop15
brw-rw----    1 root     root        7,  16 Apr  7 20:48 /dev/block/loop16
brw-rw----    1 root     root        7,  17 Apr  7 20:48 /dev/block/loop17
brw-rw----    1 root     root        7,  18 Apr  7 20:48 /dev/block/loop18
brw-rw----    1 root     root        7,  19 Apr  7 20:48 /dev/block/loop19
brw-------    1 root     root        7,   2 Apr  7 20:47 /dev/block/loop2
brw-rw----    1 root     root        7,  20 Apr  7 20:48 /dev/block/loop20
brw-rw----    1 root     root        7,  21 Apr  7 20:48 /dev/block/loop21
brw-rw----    1 root     root        7,  22 Apr  7 20:48 /dev/block/loop22
brw-rw----    1 root     root        7,  23 Apr  7 20:48 /dev/block/loop23
brw-rw----    1 root     root        7,  24 Apr  7 20:48 /dev/block/loop24
brw-rw----    1 root     root        7,  25 Apr  7 20:48 /dev/block/loop25
brw-rw----    1 root     root        7,  26 Apr  7 20:48 /dev/block/loop26
brw-rw----    1 root     root        7,  27 Apr  7 20:48 /dev/block/loop27
brw-rw----    1 root     root        7,  28 Apr  7 20:48 /dev/block/loop28
brw-rw----    1 root     root        7,  29 Apr  7 22:14 /dev/block/loop29
brw-------    1 root     root        7,   3 Apr  7 20:47 /dev/block/loop3
brw-rw----    1 root     root        7,  30 Apr  7 22:14 /dev/block/loop30
brw-rw----    1 root     root        7,  31 Apr  7 22:14 /dev/block/loop31
brw-rw----    1 root     root        7,  32 Apr  7 22:15 /dev/block/loop32
brw-rw----    1 root     root        7,  33 Apr  7 22:16 /dev/block/loop33
brw-rw----    1 root     root        7,  34 Apr  7 22:16 /dev/block/loop34
brw-rw----    1 root     root        7,  35 Apr  7 22:16 /dev/block/loop35
brw-rw----    1 root     root        7,  36 Apr  7 22:16 /dev/block/loop36
brw-rw----    1 root     root        7,  37 Apr  7 22:17 /dev/block/loop37
brw-rw----    1 root     root        7,  38 Apr  7 22:17 /dev/block/loop38
brw-rw----    1 root     root        7,  39 Apr  7 22:18 /dev/block/loop39
brw-------    1 root     root        7,   4 Apr  7 20:47 /dev/block/loop4
brw-rw----    1 root     root        7,  40 Apr  7 22:18 /dev/block/loop40
brw-rw----    1 root     root        7,  41 Apr  7 22:18 /dev/block/loop41
brw-rw----    1 root     root        7,  42 Apr  7 22:18 /dev/block/loop42
brw-rw----    1 root     root        7,  43 Apr  7 22:19 /dev/block/loop43
brw-rw----    1 root     root        7,  44 Apr  7 22:19 /dev/block/loop44
brw-rw----    1 root     root        7,  45 Apr  7 22:20 /dev/block/loop45
brw-rw----    1 root     root        7,  46 Apr  7 22:49 /dev/block/loop46
brw-------    1 root     root        7,   5 Apr  7 20:47 /dev/block/loop5
brw-------    1 root     root        7,   6 Apr  7 20:47 /dev/block/loop6
brw-------    1 root     root        7,   7 Apr  7 20:47 /dev/block/loop7
brw-rw----    1 root     root        7,   8 Apr  7 20:48 /dev/block/loop8
brw-rw----    1 root     root        7,   9 Apr  7 20:48 /dev/block/loop9
#

 

[clesenne]

# losetup -f

Try:

# losetup

without the "-f" option so that we know what's eating up all your loop device files.