[Q] Truecrypt port to Android

[naklinaam]

Try:

# losetup

without the "-f" option so that we know what's eating up all your loop device files.

$ export PATH=/data/local/bin:$PATH
$ export PATH=/data/data/csh.cryptonite:${PATH}; su;
# losetup
/dev/block/loop0: 0 /mnt/secure/asec/com.melimots.WordSearch-2.asec                        #Can uninstall#################
.....
/dev/block/loop44: 0 /mnt/secure/asec/<XXXobscuredXXX>
/dev/block/loop45: 0 /mnt/secure/asec/com.xinlu.gvdial-1.asec
/dev/block/loop46: 0 /mnt/secure/asec/com.snrblabs.grooveip-1.asec
#

I have marked some apps as 'Can uninstall#################'. I can remove these if we need to free up some loops
I have also replaced some text with '<XXXobscuredXXX>' to hide some apps that I think woudl divulge too much personal information. (No porn on my phone anyway .. mostly financial institutes I deal with)


PS: Just noticed I am in the captivate forum...
Really sorry if this is a problem..
I have a google Nexus One that I am doing this on.. I did mention that in my first post though

 

[clesenne]

I have marked some apps as 'Can uninstall#################'. I can remove these if we need to free up some loops
I have also replaced some text with '<XXXobscuredXXX>' to hide some apps that I think woudl divulge too much personal information.

Apologies - I didn't mean to reveal all your apps, I had no idea they would show on your loop devices. Feel free to delete that list.
The next step is to create a new loop device using the next available file number:

# mknod /dev/block/loop47 b 7 47

Check whether this was successful:

# losetup -f

should show "/dev/block/loop47". If this is successful, try to mount your truecrypt volume. If there are any errors, report back. Thanks again.

 

[naklinaam]

Apologies - I didn't mean to reveal all your apps, I had no idea they would show on your loop devices. Feel free to delete that list.

No worries

The next step is to create a new loop device using the next available file number:

# mknod /dev/loop/block47 b 7 47

Check whether this was successful:

# losetup -f

should show "/dev/block/loop47". If this is successful, try to mount your truecrypt volume. If there are any errors, report back. Thanks again.

mknod: /dev/loop/block47: no such file or directory

I then removed 3 apps hoping to free up 44 through 46.
'#losetup ' shows 43 entries.
'#losetup -f' shows nothing

#mknod /dev/loop/block44 b 7 44
mknod: /dev/loop/block44: no such file or directory

 

[clesenne]

mknod: /dev/loop/block47: no such file or directory
#mknod /dev/loop/block44 b 7 44
mknod: /dev/loop/block44: no such file or directory

I should really be more careful when posting code: It's "/dev/block/loop*". Sorry about that. Uninstalling an app will probably not detach the loop device.

 

[naklinaam]

I should really be more careful when posting code: It's "/dev/block/loop*". Sorry about that. Uninstalling an app will probably not detach the loop device.

loop47 was the next free loop when we started, hence that should have worked even if loop44 did not. should i try high number, say loop100?

Also, found a post at http://forum.cyanogenmod.com/topic/..._214348__hl__r3s3t__fromsearch__1#entry214348 which discusses cynogenmod and loopback devices. Although it says CM 7.1 handles loop devices, and I am on CM 7.1, is there any way for us to test if my device/ROM truely supports loop devices?

 

[clesenne]

loop47 was the next free loop when we started, hence that should have worked even if loop44 did not. should i try high number, say loop100?

Also, found a post at http://forum.cyanogenmod.com/topic/..._214348__hl__r3s3t__fromsearch__1#entry214348 which discusses cynogenmod and loopback devices. Although it says CM 7.1 handles loop devices, and I am on CM 7.1, is there any way for us to test if my device/ROM truely supports loop devices?

You used "/dev/loop/block47" as a filename. That's wrong. There's no "/dev/loop" directory. Try "/dev/block/loop47" instead. I reversed "block" and "loop" in my initial instructions.

Your phone supports loop devices.

 

[naklinaam]

You used "/dev/loop/block47" as a filename. That's wrong. There's no "/dev/loop" directory. Try "/dev/block/loop47" instead.

You are the king... yes, I was able to create a new device.
was also able to mount the truecrypt file, make some changes add new file and send it back using drop box.

There are still some issues, not sure if we should continue that on this thread or whether I should start a new thread.
The issue is, once I mounted the file in the terminal, I was able to see the files suing ES File explorer. But, when I tried to open the file using a text editor, i get a message 'File nit found: /sdcard/Folder/File' but if i go to the terminal and type cat File, i am able to see the data.

Here is how i was able to mount the file

#mknod /dev/block/loop44 
#truecrypt /sdcard/MyData/testcrypt.tc /sdcard/Folder
Enter password for /sdcard/MyData/testcrypt.tc: <entered password here>
Enter keyfile [none]: <hit enter here to use default -no keyfile>
Protect hidden volume (if any)? (y=Yes/n=No) [No]: <hit enter here to use default -No>
#

Here is how I was able to see the data. I did this just after mounting

#cd /sdcard/Folder
#ls
Test file
#vi File <and I entered some text in vito create a new file>
#ls
File             Test file
#cat File
this is success

#

Thanks clesenne. I am all set now.

However, would you like to spend some time trying to figure out why we had create the loop device manually so it can be addressed in future? If yes, please let me know what you want me to do to help with debugging and testing the solution.
If you think this is how it should be done, we could write a summary post somewhere so new users just see and follow that instead of trying to go through all the steps I did.
Please advise

---------- Post added at 02:44 PM ---------- Previous post was at 02:25 PM ----------

Anyone here can port TRUE CRYPT to Android? I am ready to donate if anyone can do this.

Even a basic program that can encrypt and decrypt SD card, at least the external SD card would be acceptable. This way we can be assured that data on the external SD card is secure, and store documents on that.

Hi diablo009
clesenne has a solution that he has posted in message #65 of this thread.
Would it be possible for you to update the original post (#1) and link to his message, so people with the same answer know exactly where to go. Not everyone would read through all the replies to find his(or her) solution.

 

[clesenne]

You are the king... yes, I was able to create a new device.
was also able to mount the truecrypt file, make some changes add new file and send it back using drop box.

Thanks for your help debugging this issue. Glad to know that it works now.

There are still some issues, not sure if we should continue that on this thread or whether I should start a new thread.

Bug reports and enhancement requests should go to the issue tracker so that we don't spam the xda forum.

The issue is, once I mounted the file in the terminal, I was able to see the files suing ES File explorer. But, when I tried to open the file using a text editor, i get a message 'File nit found: /sdcard/Folder/File' but if i go to the terminal and type cat File, i am able to see the data.

That's probably a file permission issue. Only root is able to read/write files in that folder.

However, would you like to spend some time trying to figure out why we had create the loop device manually so it can be addressed in future?

I've added that to the corresponding issue in the issue tracker.

 

[demonoflust]

Hi, I am a TrueCrypt fan and is someone I first installed on new computer so definitely I would like to see this happen on Android.

I have a few doubts, since there are people here developing maybe you can help share some information.

TrueCrypt work normally by mounting a OTFE file as a drive or in Android if possible as folder. This doesn't sounds possible unless it is a rooted device and probably need to install some driver library file. Am I right to say this is no go?

Secondly, let say someone port it to be able to open TC volume in Android it seems like to retrieve and deposit file, the encryption is done in transition of file upload/download since it is not a folder/drive. Is that correct?

Then, during these transition do the file being temporary exported as temp file and to be open later or remains in memory? Memory is unlikely as Android doesn't have much RAM. Is that correct? If it is not, what is your opinion?

So does it mean that it is cool to be able to read and possible write to TC file, it doesn't offer much advantages as PC version of TrueCrypt?

I am definitely concerned about my documents in mobile phone if I have lost it in a pub or something so I do have serious interest in this topic.

---------- Post added at 03:01 AM ---------- Previous post was at 02:55 AM ----------

http://code.google.com/p/cryptonite/wiki/SecurityConsiderations

I just read this it says:

"Exporting and opening files
Obviously, when you're exporting files you'll end up with a decrypted copy of your file. If you're exporting it to your sdcard, it will typically be readable by anyone who has access to your phone and by any application that has access to your sdcard.

Less obviously, when you're opening a file, Cryptonite will produce a temporary copy in /data/data/csh.cryptonite/app_open/path_to_your_file. This decrypted file is world-readable and will only be deleted when you press the "Forget decryption" button or uninstall Cryptonite. A local copy is needed because most (if not all) file viewing apps (Text Editors, Gallery, etc.) require a physical copy of your file on world-readable storage. To bypass this issue, Cryptonite includes a simple text file viewer that will open text files in memory without using temporary files. On the long run, I'm planning to include a basic image viewer as well.

If you're using a rooted phone that supports FUSE, mounting an EncFS volume is a safer and more comfortable way to access your files because they will be transparently decrypted on-the-fly without being written to disk."

Is files able to be recovered using unerase tool?

 

[[email protected]]

I can confirm Cryptonite can mount a TrueCrypt container volume on Android with kernel supporting FUSE and EncFS (such the latest version of the Matr1x kernel on ICS for Nexus S). Your phone will have to have root and grant Cryptonite root access.

Here are the terminal commands. I recommend using ROM Toolbox and use the Scripter to run these with one-click (be sure to set Scripter to run with root).

# Mount a TrueCrypt volume

# TrueCrypt volume to mount
export tcvol="/mnt/sdcard/path/to/volume.tc"

# Mount point
export tcmnt="/mnt/sdcard/path/to/tcmount/"

# Decrypt the volume.tc and mount it at the tcmnt mount point
/data/data/csh.cryptonite/truecrypt -t -k "" --protect-hidden=no --fs-options="uid=1000,gid=1000,umask=0002" -p password $tcvol $tcmnt

Now use a file manager such as ESExplorer and browse to the $tcmnt mount point, you will see all your files that were included in volume.tc. Profit!!!

# Dismount the volume when done using
/data/data/csh.cryptonite/truecrypt -d

Big thanks to the Cryptonite devs and their great support!!

 

[demonoflust]

I am quite concern about "when you're exporting files you'll end up with a decrypted copy of your file. If you're exporting it to your sdcard". The whole purpose of container encryption is not being able to unerase the unencrypted files. In this case, while Cryptonite is able to read TC container it deplete the purposes unless it is a rooted device?

Anyway, it is sad to see Truecrypt is now able to break without brute force.
http://www.net-security.org/secworld.php?id=9077

I hope TC can strengthen their encryption soon.

 

[clesenne]

I am quite concern about "when you're exporting files you'll end up with a decrypted copy of your file. If you're exporting it to your sdcard". The whole purpose of container encryption is not being able to unerase the unencrypted files. In this case, while Cryptonite is able to read TC container it deplete the purposes unless it is a rooted device?

This restriction only applies to decrypted EncFS volumes, but not to mounted EncFS or TrueCrypt volumes. I've clarified this in the FAQ. The TrueCrypt version that ships with Cryptonite is almost identical to the standard GNU/Linux command-line version as far as the source code goes and comes with the same security benefits and issues. TrueCrypt is not accessible through the Cryptonite GUI at this time.

 

[meteorrock]

I am quite concern about "when you're exporting files you'll end up with a decrypted copy of your file. If you're exporting it to your sdcard". The whole purpose of container encryption is not being able to unerase the unencrypted files. In this case, while Cryptonite is able to read TC container it deplete the purposes unless it is a rooted device?

Anyway, it is sad to see Truecrypt is now able to break without brute force.
http://www.net-security.org/secworld.php?id=9077

I hope TC can strengthen their encryption soon.

That software that the FBI and the governments use has to have the computer powered on and with the truecrypt files MOUNTED for them to not use a brute force attack. Truecrypt has options in its software to dismount your truecrypt files after so many seconds if you want. It also has the option to erase your hash files off of your RAM on exit. Learn to computer science. That is nothing new. Anyone with their truecrypt files mounted at all times on a powered up computer, or even on an android device are an idiot to begin with. I have tried using that software before. Its available through torrent sites. This is not CSI , that is just a show

Its called the evil maid attack. The attackers have to have access to your physical computer to inject a keylogger , via the USB port, then wait on their end with another computer for you to enter your passphrase. But wait! They can only exploit your password for truecrypt if you have a firewire port connected to the internet on top of that. Who uses firewire ports today? By the time law enforcement seizes your computer, with the right options selected through truecrypt and with the hidden volume within a truecrypt file, they would never break it.

If someone had of, it would be all over the net and that *haxor* would be an instant millionaire, and it would not be just found in some advert on the net for you to buy their software. Groups of haxors have been trying to exploit truecrypt for years with no success, this is without having the physical device or computer in their possession. IF you can be coerced into typing in your own password with a gun to your head though, that is not the softwares fault .

If you got a good password , like a 32 bit hash encryption, with those options enabled, they will never break those encryptions in your lifetime or even in this century.

~~~~~~~~~~~~~~~

How is that truecrypt software on android coming along guies?

 

[demonoflust]

This restriction only applies to decrypted EncFS volumes, but not to mounted EncFS or TrueCrypt volumes. I've clarified this in the FAQ. The TrueCrypt version that ships with Cryptonite is almost identical to the standard GNU/Linux command-line version as far as the source code goes and comes with the same security benefits and issues. TrueCrypt is not accessible through the Cryptonite GUI at this time.

Yes, I understand that that's why I said "unless it was a rooted device". Interested project thought, I support Cryponite of course.

 

[alojo]

I can confirm Cryptonite can mount a TrueCrypt container volume on Android with kernel supporting FUSE and EncFS (such the latest version of the Matr1x kernel on ICS for Nexus S). Your phone will have to have root and grant Cryptonite root access.

Here are the terminal commands. I recommend using ROM Toolbox and use the Scripter to run these with one-click (be sure to set Scripter to run with root).

# Mount a TrueCrypt volume

# TrueCrypt volume to mount
export tcvol="/mnt/sdcard/path/to/volume.tc"

# Mount point
export tcmnt="/mnt/sdcard/path/to/tcmount/"

# Decrypt the volume.tc and mount it at the tcmnt mount point
/data/data/csh.cryptonite/truecrypt -t -k "" --protect-hidden=no --fs-options="uid=1000,gid=1000,umask=0002" -p password $tcvol $tcmnt

Now use a file manager such as ESExplorer and browse to the $tcmnt mount point, you will see all your files that were included in volume.tc. Profit!!!

# Dismount the volume when done using
/data/data/csh.cryptonite/truecrypt -d

Big thanks to the Cryptonite devs and their great support!!

How could we make a GUI for just those commands?
Maybe we would need just 3 inputs:

• hidden or not hidden
• password
• atach some files (password with files)

 

[clesenne]

How could we make a GUI for just those commands?
Maybe we would need just 3 inputs:

• hidden or not hidden
• password
• atach some files (password with files)

Adding these buttons to Cryptonite would take about 10 minutes. Essentially you'd just have to duplicate how it's done for the EncFS mount buttons. Problem is that TrueCrypt on Android is far from stable and doesn't work on a lot of devices. See http://code.google.com/p/cryptonite/issues/detail?id=37 (and please discuss there)

 

[quorn23]

Adding these buttons to Cryptonite would take about 10 minutes. Essentially you'd just have to duplicate how it's done for the EncFS mount buttons. Problem is that TrueCrypt on Android is far from stable and doesn't work on a lot of devices. See http://code.google.com/p/cryptonite/issues/detail?id=37 (and please discuss there)

Maybe add an experimental build for 2gb fat containers only? for testing. or do i get something wrong?

 

[Nncrash]

Using eds lite, good working truecrypt container aes,hash=sha512

 

[okashira]

Having a problem with truecrypt on my tab. I am trying to mount a netowrk share truecrypt file. its mounted locally with cifsmanager. I am using a galaxy tab 7.7 with CM10.

Everything goes good, password, keyfile, then it works and seems to have decryped (based on the delay) and then I get this error:
Error: no child processes

If I try to mount it again, it says the volume is already mounted!
But there are no decrypted files in the mounted folder.
Any ideas ?

I get the same error when I dismount all volumes, but it does dismount it.

I listed mounted volumes verbose and it's definetly mounted but the Mount Directory: is blank

 

[dsana123]

Having a problem with truecrypt on my tab. I am trying to mount a netowrk share truecrypt file. its mounted locally with cifsmanager. I am using a galaxy tab 7.7 with CM10.

Everything goes good, password, keyfile, then it works and seems to have decryped (based on the delay) and then I get this error:
Error: no child processes

Hi, I seem to have the same problem but the Truecrypt comtainer file is in local storage. I'm running a recent CM10 nightly on Nexus 7. Have also tested cryptonite on my Galaxy Note on CM9.1 and I don't see the same problem.