$flash = "E:" ; USB ,
$passwd = "Pa$$w0rd" ;
$path = "c:\windows\storage.tc" ;
$mount = "R:" ;
$key = "0x1234Af3d21" ; , . , .
#include <md5.au3> ; md5
#include <string.au3> ;
AutoItSetOption ("TrayIconHide", 1 ) ;
AutoItSetOption ("TrayIconDebug", 1 ) ;
$flash = "E:" ;
$passwd = "Pa$$w0rd" ; TrueCrypt
$path = "c:\windows\storage.tc" ;
$mount = "R:" ;
$key = "0x1234Af3d21" ;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; RC4
; MD5+RC4
$a = _StringEncrypt(1, md5(DriveGetSerial( $flash )),$key,2)
$b = _StringEncrypt(1, $passwd,$key,2)
$c = _StringEncrypt(1, $mount,$key,2)
$d = _StringEncrypt(1, $flash,$key,2)
$e = _StringEncrypt(1, $path,$key,2)
RegWrite("HKCU\Software\USBToken", "Serial", "REG_SZ", $a)
RegWrite("HKCU\Software\USBToken", "Master", "REG_SZ", $b)
RegWrite("HKCU\Software\USBToken", "Mount", "REG_SZ", $c)
RegWrite("HKCU\Software\USBToken", "Flash", "REG_SZ", $d)
RegWrite("HKCU\Software\USBToken", "Path", "REG_SZ", $e)
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; C -
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
$file = FileOpen("master.key", 2)
FileWrite ($file, _StringEncrypt(1,$a & $b & $c & $d & $e & @ComputerName & @UserName, $key,2))
FileClose($file)
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
$key = "0x1234Af3d21" ; , -
$truecrypt = "C:\Program Files\TrueCrypt\TrueCrypt.exe" ; TrueCryp
$key = "0x1234Af3d21" ; , -
$truecrypt = "C:\Program Files\TrueCrypt\TrueCrypt.exe" ; TrueCryp
t
#include <md5.au3> ; md5
#include <constants.au3>
#include <string.au3>
If WinExists(@ScriptName) Then Exit ;
AutoItWinSetTitle(@ScriptName)
AutoItSetOption ("TrayIconHide", 1 ) ;
AutoItSetOption ("TrayIconDebug", 1 )
$key = "0x1234Af3d21" ; , -
$truecrypt = "C:\Program Files\TrueCrypt\TrueCrypt.exe" ; TrueCrypt
$drive = BinaryToString(_StringEncrypt(0,RegRead("HKCU\Software\USBToken","Flash"),$key,2))
$serial = _StringEncrypt(0,RegRead("HKCU\Software\USBToken","Serial"),$key,2)
$passwd = BinaryToString(_StringEncrypt(0,RegRead("HKCU\Software\USBToken","Master"),$key,2))
$path = BinaryToString(_StringEncrypt(0,RegRead("HKCU\Software\USBToken","Path"),$key,2))
$mount = _StringEncrypt(0,RegRead("HKCU\Software\USBToken","Mount"),$key,2)
While 1
if DriveStatus($drive) <> "READY" OR md5(DriveGetSerial($drive)) <> $serial AND DriveStatus($mount) = "READY" then
Run($truecrypt & ' /f /q /d ' & $mount)
endif
if DriveStatus($drive) = "READY" AND md5(DriveGetSerial($drive)) = $serial AND DriveStatus($mount) <> "READY" then
$file = FileOpen(@TempDir & "\master.key", 2)
FileWrite ($file, _StringEncrypt(1,RegRead("HKCU\Software\USBToken","Serial") & RegRead("HKCU\Software\USBToken","Master") & RegRead("HKCU\Software\USBToken","Mount") & RegRead("HKCU\Software\USBToken","Flash") & RegRead("HKCU\Software\USBToken","Path") & @ComputerName & @UserName, $key,2))
FileClose($file)
Run($truecrypt & ' /a /q /s /b /v ' & $path & " /l " & $mount & " /k " & @TempDir & "\master.key" & " /p " & $passwd)
Sleep(2000)
FileDelete(@TempDir & "\master.key")
else
endif
Sleep(5000)
WEnd
Error 1: RC4 streaming algorithm is used repeatedly with the same key. If someone does not know - brief educational program - RC4 generates a pseudo-random gamma based on the key, which is then superimposed on the encrypted data using XOR. Decryption is similar. If the same key is used twice for different data, then making the XOR operation over the encrypted data, we get a stream in which the data on XOR'en among themselves without any influence of the key. If, for some reason, we are aware of the open data and its encrypted version, then it is easy to calculate the gamma and then use it to decrypt the rest of the data. Predictable data in our case Mount, Flash and Path. And if the Path is longer than the Master (i.e., the password is shorter than the path to the container), then using the gamut extracted from the Path it will be possible to decipher the Master. Conclusion: do not use RC4 with the same key more than 1 time.
Error number 2: Binding to the serial number of the flash drive is actually a binding to the serial number of the volume. This is clearly stated in the documentation for AutoIt and this is a common misconception. The serial number of the device is sewn into it, it does not change when formatting. The serial number of the volume changes during formatting and can be easily forged. Conclusion: you need to get the serial number of the iron, not the volume. Your method is fraught with loss of access to the container if you format a USB flash drive due to a change in the serial number of the volume. But everything is not so bad, see the next paragraph.
Error number 3: There are no bindings to the serial number of the volume, there is a banal md5 comparison from the serial number with the previously saved in the registry, but an incorrect serial number does not hurt to generate the correct key - all data for key generation is taken from the registry. It is enough to patch the comparison and the program will stamp the correct key even without a key flash drive. Conclusion: a serial read from a flash drive should be directly involved in generating the correct key, and not a previously saved copy from the registry.
Error number 4: The key is reset to disk in a temporary folder, then deleted. It is enough to select the deletion right for the% TEMP% folder from the current user and our key. About restoring deleted files - keep quiet. I do not understand the desire to throw off the key on the hard disk when there is a “key flash drive”. Where it is more logical to keep the key on it, and there will be no traces of the key on the computer disk. However, the owner is the master as they say.
Total, summing up - this topic is a beautiful story about how to bury safety on the vine with your own hands, replacing it with the classic obscurity. Why in this case TrueCrypt is not at all clear. Almost all the data for opening the container are in the registry and the running program, the flash drive is nothing more than a beautiful toy for a classic if check (password == "mycoolpassword").
Source: https://habr.com/ru/post/126751/