From 5b381ce7d7ec45e02765b4a180f9aa1ee8aeee40 Mon Sep 17 00:00:00 2001
From: Mounir IDRASSI <mounir.idrassi@idrix.fr>
Date: Mon, 8 Aug 2016 00:49:00 +0200
Subject: Windows: Fix vulnerability inherited from TrueCrypt that allows an
 attacker to detect with high probability if a hidden volume is present.
 Vulnerability reported by Ivanov Alexey Mikhailovich.

---
 src/Common/Format.c | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 53 insertions(+)

(limited to 'src/Common/Format.c')

diff --git a/src/Common/Format.c b/src/Common/Format.c
index f3114e5e..7d6f3edb 100644
--- a/src/Common/Format.c
+++ b/src/Common/Format.c
@@ -566,10 +566,63 @@ begin_format:
 	// Fill reserved header sectors (including the backup header area) with random data
 	if (!volParams->hiddenVol)
 	{
+		BOOL bUpdateBackup = FALSE;
+
 		nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, cryptoInfo, dataAreaSize, FALSE, FALSE);
 
 		if (nStatus != ERR_SUCCESS)
 			goto error;
+
+		// write fake hidden volume header to protect against attacks that use statistical entropy
+		// analysis to detect presence of hidden volumes.
+		
+		while (TRUE)
+		{
+			PCRYPTO_INFO dummyInfo = NULL;
+			LARGE_INTEGER hiddenOffset;
+
+			hiddenOffset.QuadPart = bUpdateBackup ? dataAreaSize + TC_VOLUME_HEADER_GROUP_SIZE + TC_HIDDEN_VOLUME_HEADER_OFFSET: TC_HIDDEN_VOLUME_HEADER_OFFSET;
+
+			nStatus = CreateVolumeHeaderInMemory (hwndDlg, FALSE,
+				header,
+				volParams->ea,
+				FIRST_MODE_OF_OPERATION_ID,
+				NULL,
+				0,
+				0,
+				NULL,
+				&dummyInfo,
+				dataAreaSize,
+				dataAreaSize,
+				dataOffset,
+				dataAreaSize,
+				0,
+				volParams->headerFlags,
+				FormatSectorSize,
+				FALSE);
+
+			if (nStatus != ERR_SUCCESS)
+				goto error;
+
+			crypto_close (dummyInfo);
+
+			if (!SetFilePointerEx ((HANDLE) dev, hiddenOffset, NULL, FILE_BEGIN))
+			{
+				nStatus = ERR_OS_ERROR;
+				goto error;
+			}
+
+			if (!WriteEffectiveVolumeHeader (volParams->bDevice, dev, header))
+			{
+				nStatus = ERR_OS_ERROR;
+				goto error;
+			}
+
+			if (bUpdateBackup)
+				break;
+
+			bUpdateBackup = TRUE;
+		}
 	}
 
 #ifndef DEBUG
-- 
cgit v1.2.3