BUG: Volume Expansion in 1.24 Update2 corrupts NTFS file containers

Open source disk encryption with strong security for the Paranoid

Brought to you by: idrassi

#305 BUG: Volume Expansion in 1.24 Update2 corrupts NTFS file containers

Milestone: 1.0

Status: open

Owner: nobody

Labels: None

Updated: 2020-01-23

Created: 2019-12-18

Creator: Enigma

Private: No

Attempting to expand any NTFS volume in a file container results in complete corruption of the said container.
The expanded container will mount, but windows sees it as a RAW disk and data seems to be irrecuverable (ie data is gibbirish and data recovery tools can't even find file structures that should be left behind).

I have already lost 900GB to this bug, and have verified it occurs also on a number of test containers I have tried.

Previous versions had no such problem (I dont know about Hotfix 1 as I never expanded a container using that version so dont know if that is affected too).

p.s. I have only tried NTFS containers I can't say if other FS are affected.

Discussion

Enigma - 2019-12-18

Further investigation looks like it only corrupts the container when "Activate encryption of key and passwords stored in RAM"is enabled. Disable this and the container isnt corrupted.

Still a nasty bug that need squashing.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Enigma2Illusion - 2019-12-19

I concur with Enigma.

I created two small file containers with NTFS format of initial size 200 MB and expanded them to 500 MB with and without "Activate encryption of key and passwords stored in RAM" option.

As Enigma reported, when "Activate encryption of key and passwords stored in RAM" option is enabled, the file container no longer has a valid filesystem and Windows asks you to format it when you attempt to access the mounted volume.

I did not test partition nor disk expansion.

My system is running Windows 10 64-bit 1909 version build 18363.535 using VeraCrypt 1.24 Update 2.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Mounir IDRASSI - 2020-01-22

Thank you for reporting this. There was indeed a bug in the handling of volume header when RAM encryption is enabled and I have pushed a fix for it (https://sourceforge.net/p/veracrypt/code/ci/b1183f5a6928138e79b72cad68d23887423dec80/).

I have also uploaded a new installer for the upcoming 1.24-Update4 version that contains this fix to the Nightly Builds folder so if you can confirm in your side that would be great.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- Enigma2Illusion - 2020-01-23
  
  @idrassi, @enigma-72,
  
  I successfully tested using a file container formatted with NTFS expansion from 200MB to 500MB with RAM encryption enabled without any issues.
  
  I did not test partition nor disk expansions.
  
  My system is running Windows 10 64-bit 1909 version build 18363.592 using VeraCrypt 1.24 Update 4.
  
  EDIT: I tested mounting using the primary header and then remount using the embedded backup header successfully.
  
  Last edit: Enigma2Illusion 2020-01-23
  
  If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.