Author Topic: How can I protect my TrueCrypt partition from being compomised by PassWare Kit  (Read 4244 times)

0 Members and 1 Guest are viewing this topic.

Offline Architect

  • Sir
  • ***
  • Posts: 428
  • Cookies: 56
  • STFU
    • View Profile
    • Rootd IRC
Except for the fact that with a compromised host, the virtual OS is still completely separated from the host and thus, it is independent of any malware installed in the host. The only things that could possibly affect the installed virtual OS would be a bruteforce of the keys, a very thorough but impractical analysis of the keys in SDRAM, both of which are totally useless if there's a strong key involved, i.e., a live key with a GPG-generated 512bit key.

You can never underestimate the power of:
Code: (bash) [Select]
dd if=/dev/urandom bs=512 count=4 | gpg -symmetric -a ./key.gpg
This can of course be extended and used as a failsafe; setting your [hopefully LUKS] partition to read the key from the USB, in addition to a [hopefully strong] password phrase could be considered effective.

Offline InfosecFurry

  • /dev/null
  • *
  • Posts: 8
  • Cookies: 0
  • fuzzer.c
    • View Profile
Err, no, if your VM is running and my malware is on your system, the host can go "lol, what do we have here?"
There are no pentesters in fox-holes

Offline Architect

  • Sir
  • ***
  • Posts: 428
  • Cookies: 56
  • STFU
    • View Profile
    • Rootd IRC
The only way malware can get from the host to the VM or vice versa is by traversing shared directories. More advanced attacks are required for network exploitation from VM to host and host to VM. Simply because the host and VM are completely isolated and the VM is acting as a totally different OS. There is [hopefully] no way to tell the difference.

Offline InfosecFurry

  • /dev/null
  • *
  • Posts: 8
  • Cookies: 0
  • fuzzer.c
    • View Profile
Consider, for a moment, the case of Virtualbox. When a keystroke is made on the keyboard, how does it get into the virtual machine? It travels through the host's kernel, gets passed to Java, which in turn passes it to the virtual machine to be processed.

There is plenty of opportunity for interception here.

Premise of my statements:
Most malware is written for Windows platforms.
Most people who use Windows + VMs will wind up using Virtualbox or VMWare.
If you kill the correct java.exe process, your VM shuts down immediately.

You don't need to actually fuck with the VM's memory space, you own the whole galaxy.
« Last Edit: June 19, 2014, 01:40:23 am by InfosecFurry »
There are no pentesters in fox-holes

Offline Architect

  • Sir
  • ***
  • Posts: 428
  • Cookies: 56
  • STFU
    • View Profile
    • Rootd IRC
You just gave me a plethora of reasons why not to use Windows. And if you kill the right java process on Windows you can kill your whole install. Fuck Windows.

Offline ThePH30N1X

  • Peasant
  • *
  • Posts: 50
  • Cookies: 18
  • Java Programmer
    • View Profile
You just gave me a plethora of reasons why not to use Windows. And if you kill the right java process on Windows you can kill your whole install. Fuck Windows.
Java controls the techno world.
« Last Edit: June 19, 2014, 02:33:05 am by ThePH30N1X »

Offline Architect

  • Sir
  • ***
  • Posts: 428
  • Cookies: 56
  • STFU
    • View Profile
    • Rootd IRC
What do music and Java have to do with each other? Lol. Seriously though, not my world.