Archive for the ‘Technology’ Category

Automount TrueCrypt encrypted partitions on Microsoft Windows 7 startup

Friday, February 25th, 2011

Posted in Technology | 2 Comments

Recently I decided to encrypt all my harddisks (well most of them) using the great open source encryption software TrueCrypt. One of the main requirements was to have automatically mounted the partitions prior to execution of specific programs on Windows startup. Obviously a batch script would have done the trick. Naive as I seem to be I googled around a little bit in order to find a suitable and easy solution for my usecase. But the usecase was special enough to prevent me from finding a solution straight away. If you are reading this lines perhaps you are happy now as you can stop to search the worldwideweb ;)

So what is so special in my usecase?

The main problem is that some programs require a specific folder to be present when they are executed. That’s no problem when the program is started manually after Windows has booted. But I want to also automatically run them. So the tricky part is to mount the encrypted partitions in advance. So far so good.

The difficulty comes from a strange behaviour of my Windows 7 installation (I don’t know if this is a common problem or a special problem of my system). Somehow the harddisk numbers change from startup to startup (wtf?!). So mounting a partition using the string \Device\Harddisk1\Partition1 is not a good idea as I would never know which partition is mounted by which drive letter.

The solution

Finally I was smart enough to write a batch file. Using Linux I would have written a shell script in a few minutes to find out the correct drive number and mount it (not to mention that Linux would never magically change a drive number). But we are talking about Microsoft Windows here and that system sometimes is like Voodoo ;) Further more I don’t speak winbatch fluently. So the following solution kept me busy for some time.

The main idea of the script is to find out the harddisk number using the serial number of the harddisk. In Linux there is an UUID which is much easier to find out as the serial number in Windows.

But enough Windows bashing… here is my solution.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
@echo off

:ENTER_PASSWORD
FOR /F "tokens=1" %%p IN ('java -jar jDialog.jar') DO SET password=%%p
IF "%password%" == "" (
    GOTO ENTER_PASSWORD
)

FOR /F "tokens=2 delims==" %%a in ('wmic diskdrive where "SerialNumber='2020202057242d444d5756415155324232323038'" get Index /format:value') DO (
    set volumeg=\Device\Harddisk%%a\Partition1
)

FOR /F "tokens=2 delims==" %%b in ('wmic diskdrive where "SerialNumber='2020202257202d444d5756413251363938313439'" get Index /format:value') DO (
    set volumeh=\Device\Harddisk%%b\Partition1
)

FOR /F "tokens=2 delims==" %%c in ('wmic diskdrive where "SerialNumber='2020202057402d4443575a413241463933393934'" get Index /format:value') DO (
    set volumei=\Device\Harddisk%%c\Partition1
)

"C:\Program Files\TrueCrypt\TrueCrypt.exe" /v %volumeg% /a /q /lg /p %password%
"C:\Program Files\TrueCrypt\TrueCrypt.exe" /v %volumeh% /a /q /lh /p %password%
"C:\Program Files\TrueCrypt\TrueCrypt.exe" /v %volumei% /a /q /li /p %password%

:: Check if drives have been mounted successfully
IF NOT EXIST G:\drive1.txt GOTO ERROR
IF NOT EXIST H:\drive2.txt GOTO ERROR
IF NOT EXIST I:\drive3.txt GOTO ERROR

:: Add your programs to be started afterwards
START "" "C:\Program Files (x86)\Netzwerk\uTorrent\uTorrent.exe"

exit /B 0

:ERROR
exit /B 1

 

Explanation of the script

  • Lines 3-7: Three encrypted partitions should be mounted on startup. Because I don’t want to enter the password three times I wrote a little Java program asking me for a password and returning it to the script. It’s not obligatory to use it but I think it’s handy. You can use it too if you like (Attention: you must have a working JRE installation): jDialog.zip.
  • Lines 9-11, 13-15, 17-19: The command wmic is used to find out the harddisk number using the serial number of the harddisk. I’m going to describe how to find out the correct serial number(s) for your harddisk(s) afterwards.
  • Lines 21-23: The encrypted partitions are mounted using the command line interface of TrueCrypt.
  • Lines 26-28: A final check is made if all partitions have been mounted correctly (the script returns 0 on success and 1 on error). For this to work properly you have to put empty files into the root directory of your harddisks (in my case drive1.txt, drive2.txt, drive3.txt). I think it’s also possible to just check the drive letters for existence but i want to ensure the correct order of the mounted partitions.
  • Lines 30-31: Here you can place programs to be started after the encrypted partitions have been mounted successfully.

Note: The script has only been tested on Microsoft Windows 7. I don’t know if it has a chance to also work on previous Windows versions. Give it a try.

How to find out the serial number(s) of your harddisk(s)

That should be easy. Enter the following command in the windows shell to get a list containing the caption, the current harddisk number and the serial number of your harddisks.

wmic diskdrive get SerialNumber,Index,Caption

Pick your serial, adapt the script, place it into Windows Autostart folder…that’s it. Easy huh?!

Finally I have to say that there might be easier solutions and sometimes I wonder about TrueCrypt not offering the ‘auto-mount on startup’ feature out of the box (Am I the first person having the problem of changing harddisk numbers in Windows?). If anyone reading this article has a better solution I would appreciate to hear from it. But I have to say that I’m really happy with my script so far.

ys Roland