Got success with kernel based encryption filter!

First of all we would like to announce that, during the development, we realized that this project will not be a simple port of truecrypt to Mac OS X, but this will provide a multiple enciphered disks support encryption platform for the Apple operating system.

Why?

Because OSXCRYPT will be an open platform, open to all the developer of encryption systems such as LUKS, LOOP-AES, PGPDISK, TRUECRYPT, etc, etc .
The platform will provide a dynamic kernel extension along with an installer and a easy to use cocoa interface.
The OSXCRYPT platform will support as a first encrypted volume technology the truecrypt file based images but the end goal is to provide to Mac OS X users full access to most of the file based volume encryption system around the net.

Today we successfully tested the encryption filter (with a simple XOR, but it’s enough for testing!) and the communication between user space and kernel space. Below more details to test it.

The next goals to be reached are:

We invite everyone to test the basic kernel module encrypting (with a simple and unsecure XOR) the volumes with “ANTANI” (Please consider that this module work at “Partition level” but that we will implement the “Disk level” enciphering later):

Download the Kernel module for Mac OS X 10.4

Download the Kernel module for Mac OS X 10.5

For using the demo please follow these simple instructions:

  1. Unzip the Kernel Extension
    unzip XorMediaFilterScheme.10.4.kext.zip
    or for Leopard
    unzip XorMediaFilterScheme.10.5.kext.zip
  2. Open a terminal and change the ownership of the extension
    sudo chown -R root:wheel XorMediaFilterScheme.kext
  3. Create a DMG image (It can be Apple-Partition based or EFI-GPT Based)
    Apple-Parition Based:
    hdiutil create -megabytes 15 -partitionType N3XorFiltered test.dmg
    EFI-GPT Based:
    hdiutil create -layout GPTSPUD -megabytes 15 -partitionType 392CD6BE-F7EF-4F1C-A6FD-D360DA33A466 test.dmg
  4. Load the kernel module:
    sudo kextload -t XorMediaFilterScheme.kext

  5. Attach the DMG
    hdiutil attach -nomount test.dmg
    You should get something like:
    (Apple-Partition)
    /dev/diskX Applepartitiontable
    /dev/diskXs1 Applepartitionmap
    /dev/diskXs2 N3XorFiltered
    /dev/diskXs2s1 Apple_HFS

    (GPT-Partition)
    /dev/diskX GUIDpartitionscheme
    /dev/diskXs1 392CD6BE-F7EF-4F1C-A6FD-D360DA33A466
    /dev/diskXs1s1 AppleHFS

    We are interested in the latest entry, the “Apple    HFS” one.

  6. Format in HFS+ the partition:
    newfshfs -v “Volume Antani” /dev/rdiskXs?s1 (note the ‘r’ (bsdism), where “?” it’s the partition N3Xor_Filter or 392…)
  7. Unmount the previously created DMG:
    hdiutil detach /dev/diskX
  8. OK, now you can mount the newly XOR’ed “Antani” image Double click on the “test.dmg”, copy a lot of data on it (so you can test for memory leaks, but we copied inside and played several DIVX), unmount and remount it as you like.

WARNING

This is an alpha release component and, even if it seems very stable, doesn’t use it for privacy protection and does not put on it important data.

December 16, 2007 | Filed Under administration, release 

Comments

15 Responses to “Got success with kernel based encryption filter!”

  1. Philip Zimmerman on December 16th, 2007 3:29 pm

    I really appreciate your effort to provide an open encrypted platform for Mac OS X.

    A base for the implementation of already available encrypted volume systems it’s important for Mac users.

    Great idea!

    -prz

  2. A Concerned Truecrypt User on December 16th, 2007 3:45 pm

    Hi,

    Seems like instead of “to port the entire application [Truecrypt] in native MacOs X”, you/your developer is now making a “a multiple enciphered disks support encryption platform for the Apple operating system”. This does not sound like what was discussed on fundable.com. IMHO, it sounds like you are just now (Dec. 16) changing your direction of your project (I suspect) to separate & distance yourselves from the Truecrypt developers (who have announced their own version of TC for OS X). I’m not writing this out of malice, but out of concern; I was very close to donating myself, but refrained due to concerns of just such an issue arising. My opinion (and suggestion)? Give what money that is left BACK to the donators. Instead of making a OS x Version of Truecrypt yourselves, you have instead succeeded (IHMO) in cajoling/embarassing the original TC devs into releasing one of their own (which, no offense, is what everyone wanted to begin with). OSXCRYPT is NOT TRUECRYPT. The donors gave their money for the latter, NOT the former. Please be respectful of your benefactor’s wishes. TIA, I look forward to your reply.

  3. Chico on December 16th, 2007 3:46 pm

    I was enthusiastic about the idea of someone developing a Truecrypt porting, but you guys rocks!

    Instead of simply delivering a TrueCrypt lil’ prog you developed a full featured kernel based encryption filter!
    I know some of you will not understand it, but with this little code ANYONE will be able to crate encryption engines which can PLUG IN INTO the prog!

    I REALLY think this thing alone is FAR MORE IMPORTANT that the Truecrypt stuff!

    And again, I saw that Truecrypt will release in January 2008 with a MAC version, but honestly “WTF?!?!? WHO CARES?!?!?”. Now we can have ANY encryption on mac with a minimum effort!

    Thanks, lastknight and all! You brightened my day!

  4. A Concerned Truecrypt User on December 16th, 2007 3:47 pm

    Oh, a final word: I suggest you give the unused monies back, or donate them to truecrypt.org (at the donor’s discretion, of course ;-)

  5. CoreTeam on December 16th, 2007 3:54 pm

    @A Concerned Truecrypt User

    Dear user,
    porting Truecrypt is our main concern and chances are good that we’ll deliver BEFORE the Truecrypt guys. I smell something in being silent for three years and magically coming out just today.

    Porting Truecrypt must be done in the correct way, a way that will consent in the future (btw) to develope a drop-in truecrypt replacement of FileVault, for example.

    Right now I’ve been contacting the contributors at every step, and no one told me they wanted their money back. If someone feels betrayed, please be free to tell us and we’ll proceed accordingly.

    We think that creating an OPEN framework is far more intelligent that inventing the wheel at every step.
    We WILL deliver the truecrypt version BEFORE others, but we’ll code it WELL and SOUNDLY the first time.

    And please, we’ll take orders about money and the direction of the project from the founers only.

  6. A Concerned Truecrypt User on December 16th, 2007 4:02 pm

    @Core Team:

    Thanks for a quick reply.
    I understand and respect that you will only take input about the direction of this project from the founders, that’s fine. I’ve simply utilized the ‘Leave a Comment’ link, and done just that… my comments are, of course, just my opinion, and I don’t post here expecting you to change anything just because of one unnamed guy’s post on your project’s blog ;-) If the funders (ie. donors) are really as supportive of your choice as you say, then I’m content let this thread rest. Good luck and best wishes on your endeavor!

  7. lionstarr on December 18th, 2007 11:19 am

    Great! The only thing missing on OS X til now was: TrueCrypt. Really, keep this up!

  8. Rob on January 8th, 2008 1:53 pm

    About 3 weeks since this post… any progress?

  9. C.N. on January 15th, 2008 6:28 am

    One Month… yet nothing? Any news?
    I appreciate any progress, and will candidate for any beta testing.
    Bye
    C.

  10. Full Disk Encryption on January 16th, 2008 8:10 pm

    Hello,

    I am willing to donate handsomely, if I am convinced that a full-disk-encryption for Mac OS X Leopard will be achieved (hopefully inside Q1-2008)

    Other than being a privacy-minded individual, I am also ashamed in being an Apple fan, when today, January-2008 - every commercial operating-system has software-package that offers full-disk-encryption (including boot-partition).

    That includes many UNIX Distros (with GELI or GBDE),all Linux dist (with Pointsec/Checkpoint), and of course, any Windows Platform (with PointSec/BitLocker/GuardianEdge and others). Hell, even Symbian and PocketPC/WindowsMobile are fully supported with PointSec and few of other startups.

    It almost looks like Apple has some secret alliance with “uncle Sam”…. Seriously!

    On another note - it is possible to get a MacBook that supports 2.5″ drives (unlike MacBook Air) and get a Seagate or Hitachi Full-Disk-Encryption (FDE) drive, and setup OS X on that drive. BUT the non-Air MacBook weighs a ton….. and their proprietary FDE technology is not open source :-(

    P.S. if the original TrueCrypt developers are closer to accomplishing the task, I think its wiser donating to them directly, helping them out. I really don’t know how to get involved, if someone has a clue - please let me know.

  11. Garrett on January 20th, 2008 6:48 pm

    I too would like to hear of any progress. Also, there is mention made to a mailing list. Where does one sign up?

  12. Long on January 23rd, 2008 2:23 am

    1 week left in Jan 08 and no news of Truecrypt 5.0 yet and also no further news on OSXcrypt… guess there are going to be some delay?

  13. Ralf-Philipp Weinmann on January 27th, 2008 3:21 am

    Great work that you have done! I really appreciate someone coming up with a viable alternative to FileVault on OS X. And a WDE capable software at that! What joy!

    Cheers,
    .:ralf:.

  14. Doodee on January 31st, 2008 6:03 pm

    Thanks for sharing

  15. Daniel Craig on June 21st, 2008 9:03 am

    Hello, I was looking around for a while searching for what is data encryption and I happened upon this site and your post regarding uccess with kernel based encryption filter! : OSXCrypt.org - Truecrypt for MAC, I will definitely this to my what is data encryption bookmarks!

OSXCrypt.org is Digg proof thanks to caching by WP Super Cache!