Disk Cryptography Services / Discussion / General Discussion: DcsFV can't find the header

just lower - 2023-11-28

How do i use the authorize function in DcsFV 3 ?.

Last edit: just lower 2023-11-30

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- Alex - 2023-12-03
  
  src attached. as is. to build vs2015
  
  If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

just lower - 2023-11-29

,

Last edit: just lower 2023-11-30

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Thanks for replying Alex. Can you please give me an cfg example ? I tried everything. I can't figure out how to scan an drive for the header. :( thanks.

dcsfv tool scans entire disk or image. I'd recommend to backup disk to new image via "dd" tool. Then scan the image file. Scan, there are two modes - "slow" try to authorize. "fast" - check entropy of a sector. To rebuild unpack newer version of VC and dcsfv then build.

<DcsFV>
 <!-- Modes of search: Authorize, Regions -->
  <SearchType>ops</SearchType>

  <!-- List of media and sector ranges to scan 
  Scenario in the example:
  Disk was double decrypted with wrong header
  => The following actions specified
  1. encrypt the disk twice with "wrong" header to restore data
  2. save data to new file
  3. check statistics lavel for saved data 
  4. try real header decrypt
  -->

 <Medias>
  <Media>
   <Path>\\.\PhysicalDrive1</Path>
   <BlockSize>512</BlockSize>
   <!-- begin block (0 - by default) -->
   <Begin>0</Begin>
   <!-- end block (last block of path - by default) -->
   <End></End>
   <Operations>
     <Operation>
       <Action>Ranges</Action>
       <!-- Statistics configuration -->
       <RegionMinSize>256</RegionMinSize>
       <StatLevels>
         <!-- minimum of "1" bits in block -->
         <Bits1>0</Bits1>
         <!-- minimum of "0" bits in block -->
         <Bits0>0</Bits0>
         <!-- minimum of transitions "0<->1" bits in block -->
         <BitsT>0</BitsT>
         <!-- minimum entropy of block 0-100% (block encrypted=> entropy ~94) -->
         <Entropy>94</Entropy>
         <!-- PI calculation by MonteCarlo menthod quality 0-100% (block encrypted => ~90) -->
         <MonteCarloPI>85</MonteCarloPI>
         <!-- average distance of the same byte value in block -->
         <MarkovChainLength>0</MarkovChainLength>
         <!-- deviation of the average distance -->
         <MarkovChainDeviation>0</MarkovChainDeviation>
       </StatLevels>
     </Operation>


       <!-- Statistics configuration to skip sector not encrypted -->
       <StatLevels>
         <!-- minimum of "1" bits in block -->
         <Bits1>0</Bits1>
         <!-- minimum of "0" bits in block -->
         <Bits0>0</Bits0>
         <!-- minimum of transitions "0<->1" bits in block -->
         <BitsT>0</BitsT>
         <!-- minimum entropy of block 0-100% (block encrypted=> entropy ~94) -->
         <Entropy>94</Entropy>
         <!-- PI calculation by MonteCarlo menthod quality 0-100% (block encrypted => ~90) -->
         <MonteCarloPI>85</MonteCarloPI>
         <!-- average distance of the same byte value in block -->
         <MarkovChainLength>0</MarkovChainLength>
         <!-- deviation of the average distance -->
         <MarkovChainDeviation>0</MarkovChainDeviation>
       </StatLevels>


     <Operation>
       <Action>Authorize</Action>
        <!-- Skip authorize if statistics do not detect encryption -->
       <SkipByStatLevel>1</SkipByStatLevel>
       <!-- List of logins to try on each sector of medias -->
       <Logins>
         <Login>
           <Password>pass1</Password>
           <Pim>0</Pim>
           <!-- Hash name or ID. case sensitive. 0 - try all -->
           <Hash>0</Hash>
           <!-- 1 - means boot header try -->
           <Boot>1</Boot>
           <!-- 1 - means trucrypt header try -->
           <TcMode>0</TcMode>
         </Login>
       </Logins>
     </Operation>

   </Operations>
  </Media> 
 </Medias>

</DcsFV>

or do i change the Authorize to TryLogins? <Operation> <Action>Authorize</Action>, with trylogins nothing happends, i also tried with a new VC to compile but the code needs to be modified and i'm pretty bad at c++ .
Thanks. I'm refreshing the page every 30 minutes waiting for a miracle .:)

Last edit: just lower 2023-12-05

Alex - 2023-12-05

end of the week will try to update to the latest VC. note: dcsfv main goal to find volumes. files as VC container it might be not useful.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- just lower - 2023-12-05
  
  I hope it will, thanks for everything. waiting for the update.
  
  If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
  - Alex - 2023-12-10
    
    rebuild. Main idea: image contains sectors, encrypted sectors high entropy, possible ops: login, decrypt, save.
    
    If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
    - just lower - 2023-12-10
      
      awesome Alex, i tried it on a newly created volume and it works, hope i find my original volume, scanning it now.`<dcsfv>
      </dcsfv>
      
      <searchtype>ops</searchtype>
      
      <medias>
      <media>
      <path>\.\PhysicalDrive1</path>
      <blocksize>512</blocksize>
      </media></medias>
      
      <begin>0</begin>
      
      <end></end>
      <operations>
      <operation>
      <action>Ranges</action>
      
      <regionminsize>256</regionminsize>
      <statlevels>
      
      <bits1>0</bits1>
      
      <bits0>0</bits0>
      
      <bitst>0</bitst>
      
      <entropy>91</entropy>
      
      <montecarlopi>85</montecarlopi>
      
      <markovchainlength>0</markovchainlength>
      
      <markovchaindeviation>0</markovchaindeviation>
      </statlevels>
      </operation>
      <operation>
      <action>Save</action>
      <path>decrypted</path>
      </operation></operations>
      
      <Operation> <Action>TryLogins</Action>  <SkipByStatLevel>1</SkipByStatLevel>  <Logins> <Login> <Password>**********</Password> <Pim>0</Pim>  <Hash>0</Hash>  <Boot>1</Boot>  <TcMode>0</TcMode> </Login> </Logins>  <StatLevels>  <Bits1>0</Bits1>  <Bits0>0</Bits0>  <BitsT>0</BitsT>  <Entropy>91</Entropy>  <MonteCarloPI>85</MonteCarloPI>  <MarkovChainLength>0</MarkovChainLength>  <MarkovChainDeviation>0</MarkovChainDeviation> </StatLevels> </Operation>
      
      `
      do u still have access to that btc address ?
      
      If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
      - Alex - 2023-12-10
        
        ok. good result. I'd recommend to backup original volume via "dd".
        
        https://sourceforge.net/p/dc5/tickets/5/
        
        Last edit: Alex 2023-12-10
        
        If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

just lower - 2023-12-04

Also , do you think it will work with the new versions ? I tried DCS-2017_03_28 on a new container but it didnt find the header.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

DcsFV can't find the header

Enhancements for disk encryption based on VeraCrypt(EFI loader etc)

Forums

Help

DcsFV can't find the header

DcsFV can't find the header

Enhancements for disk encryption based on VeraCrypt(EFI loader etc)

Forums

Help

DcsFV can't find the header document.SUBSCRIPTION_OPTIONS = { "thing": "topic", "subscribed": false, "url": "subscribe", "icon": { "css": "fa fa-envelope-o" } };

DcsFV can't find the header