Disclaimer: This article has been written at a time when TrueCrypt was still a viable encryption software. This is no longer the case. TrueCrypt has been discontinued and everybody who has been using it should use one of the maintained forks like VeraCrypt instead.
That being said, this article mostly deals with TrueCrypt as a file format, not the application itself. However, the newer forks (and VeraCrypt in particular) use the same file format, so everything in this article is applicable to VeraCrypt as well. So, when this article talks about TrueCrypt and .tc files, you can just mentally replace this with VeraCrypt and .vc files.

You probably know TrueCrypt, the perhaps most popular tool for encrypting filesystems. As an alternative to full filesystem or even full disk encryption, TrueCrypt can also work with filesystems inside encrypted container files. These are files that look like they’re full of purely random data, but when provided the correct decryption key, they reveal their true contents: A FAT or NTFS filesystem full of your secret data.

In addition to this basic functionality, TrueCrypt also offers a simple form of steganography. For the uninformed, steganography is the term for techniques that conceal the existence of secret data. This means that the secret information is hidden inside another unsuspicious piece of data. TrueCrypt does support this with its »hidden volume« feature. If this is used, a container can be opened with two different keys: The first not-so-secret key opens the »outer volume« with not-so-secret data and a second really secret key opens the hidden volume with the real secrets. There are two problems with this approach, though: First, it’s very simple to destroy the hidden volume since it’s embedded in the outer volume’s data area without proper marking in the outer volume filesystem’s meta-data (otherwise they would give away the presence of the hidden volume). This means that you can overwrite the hidden volume just by putting enough files inside the outer volume. TrueCrypt can protect the hidden volume when mounting the outer volume, but for this to work, you need to provide the hidden volume’s key.

The second issue with TrueCrypt’s approach to steganography is that TrueCrypt container files are just large files with random data and as such, they’re easily detectable. You can disguise them by giving them unsuspicious filenames – pagefile.sys or hiberfil.sys in a drive’s root directory are good candidates on Windows systems, for example. But then again, even these filenames are highly suspicious when found on removable media. So let’s use the next best thing: video files. These also tend to be very large and offer a good disguise for hidden data, but unfortunately, they are very easy to detect: Just try to play such a pseudo-video file and whatever player you use, it will tell you that something’s wrong.

So what we really want to call it proper steganography is a usable file that can be opened with standard software so it doesn’t raise any suspicion, but when opened in TrueCrypt with the right key, it should reveal the real payload – a filesystem full of secrets. Video files are the natural choice as for this kind of hack: Multi-gigabyte videos are completely common nowadays and encoders are so good that even large differences in bitrate don’t necessarily mean large differences in quality. In other words: A well-encoded fifteen-minute HD video clip of 1 gigabyte can look just as good as a not-quite-as-well encoded 4 gigabyte version. So let’s put the 3 gigs we can save to good use and store secret data there.

Unfortunately, this can’t be done using TrueCrypt directly. However, with a little bit of file format tweaking, it turns out to be possible anyway. In this blog post, I will describe a method of hiding TrueCrypt containers inside QuickTime / MP4 video files.
Read more …

Converting images of scanned documents into proper PDF files is quite a hard task. What I usually want is

• put the images on a page of a well-defined size (e.g. A4 or Letter)
• don’t resample the image data
• have precise control over compression – in particular, I want to use JPEG images as-is, without any recompression

This sounds simple and reasonable, but I’ve yet to find a tool that does exactly that. Adobe Acrobat handles the latter two constraints well, but I don’t know how to set the paper size when importing an image. This is no problem when using a normal vector graphics or page layout tool, but then you usually don’t have much influence on what nasty things the PDF output code does to your images. Furthermore, you mostly end up with useless cruft in the PDF files, like XML metadata or even fonts (even though there’s not a single letter of text anywhere in the document). So I decided to end this mess once and for all and write my own image-to-PDF converter. Here it is: pdfgen.
Read more …

CDs or DVDs containing a full Linux system for installation, testing, repair or other special purposes are quite common these days. Chances are high that people make their first steps with the Linux, BSD or Solaris operating system using these so-called Live CDs: They are convenient (no need to install the OS), they are safe (doesn’t write anything to disk unless you really want it to) … but they are slow. Booting from a Live CD like Knoppix or the Ubuntu Desktop CD takes ages and makes you wonder if your CD/DVD drive will actually survive that whole operation, considering that it is permanently seeking. And even if you made it to the desktop, you’ll still have to be patient if you intend to open any application, because the drive has to spin up again and load libraries and data for whatever program you start. Or even worse: In the modern GUI-based environments you have to wait for icons to load even if you just click on a launcher menu. As useful as those Live CDs might be, this a major source of annoyance.

In this post, I will present a method to solve this problem. I do not claim to be the first one to invent it – in fact, I refuse to believe that no one had this idea before me.
Read more …