EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Bitlocker & Admin Rights

Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.
#31407
Posted: 11/16/2014 16:58:42
by Steve Dorr (Basic support level)
Joined: 11/16/2014
Posts: 4

Hi,
I am evaluating this software and I thought I would ask a couple of questions before I got started.

1). If bitlocker or other full disk encryption is installed on a PC and I access sectors via RawDisk, will they be encrypted or un-encrypted? If I write a file with RawDisk is it encrypted or unencrypted on the volume. I guess it boils down to order of precedence. Are both drivers active (bitlocker and RawDisk) when access the volume or am I just access the volume with RawDisk?

2). Will the program I write in VB.Net require the user to be an Admin user, or can they be a standard user to run this software?

I am trying to develop a short routine to verify encryption is on a volume, possibly by writing a short file without rawdisk and then reading it back with rawdisk and seeing if it is encrypted. This will be one of many checks we are performing on our user PC's to verify they are following our standards.

Thanks

Steve Dorr
#31408
Posted: 11/17/2014 00:15:09
by Eugene Mayevski (EldoS Corp.)

Thank you for the interesting question. We'll need to check how RawDisk works with BitLocker.

Regarding your second question: the main purpose of RawDisk is to let applications being run under limited accounts to access the disk . So your application doesn't need admin rights to *access* the disk. However you need to install RawDisk driver to the system in order to use it, and installation does require admin rights (but installation of software itself in many cases requires such rights as well).


Sincerely yours
Eugene Mayevski
#31417
Posted: 11/17/2014 06:44:39
by Volodymyr Zinin (EldoS Corp.)

Concerning the first question. I am not sure but it seems the behavior will be the following -
In the case the BitLocker works (volume is accessible) and a partition is opened (for example "\??\X:") reading sectors via RawDisk will return unencrypted data. But because BitLocker works on the partition basis so if you open the storage at all (for example by specifying "\??\PhysicalDrive0") then reading data will be encrypted. Actually it depends where in the storage driver stack the Bitlocker performs encryption.
#31419
Posted: 11/18/2014 00:53:17
by Eugene Mayevski (EldoS Corp.)

We've checked the situation with BitLocker.

1. When you open a file with RawDisk, you'll get decrypted content. This is because BitLocker works on sector level, not on file level (unlike NTFS encryption, for example).

2. When you use RawDisk to open the disk itself and read sectors from it, you'll get encrypted data. The question is that in this approach to read file contents you'd need to read file information and find location of the file on the disk, which is probably an overkill for your task.


Sincerely yours
Eugene Mayevski
#31429
Posted: 11/18/2014 16:29:43
by Steve Dorr (Basic support level)
Joined: 11/16/2014
Posts: 4

Thank you very much for this feedback. That is exactly the behavior I would like to have happen. I'm thinking there is probably a system sector that I can read that will be encrypted that I will be able to tell if the hard drive is encrypted or not, so I do not have to even write a file to the drive.

A wonderful enhancement would be to send back the starting sector of a file that is written to a drive, if that is even possible.

Unfortunately I am stuck. I am definitely a novice VB.net programmer and I am having difficulty just getting the open and read functions to work. Would it be possible just to have a small sample program that just does a read? I understand you are not interested in posting programs due to the sensitive nature of writing to a drive at a sector level.

I have added the imports Rawdisk command to my VB project. I have figured out how to go in and add the reference for 32 bit 4.5.1 . I have figured out how to target the EXE to be x86 only. I cannot figure out how to code the open command.

I have tried:
Rawdisk.Open(...) But Open is not an option. None of the functions listed are options. So I am not understanding how I call it. Sorry for my ignorance in this matter.

Steve
#31445
Posted: 11/19/2014 07:38:50
by Volodymyr Zinin (EldoS Corp.)

Quote
Steve Dorr wrote:
I'm thinking there is probably a system sector that I can read that will be encrypted that I will be able to tell if the hard drive is encrypted or not, so I do not have to even write a file to the drive.

Ask google about it. There should be a possibility to check whether a drive is encrypted.

Quote
Steve Dorr wrote:
A wonderful enhancement would be to send back the starting sector of a file that is written to a drive, if that is even possible.

It is possible to do by finding an MFT record for the file (in the case of NTFS volume) and find there the starting sector.a

Quote
Steve Dorr wrote:
Would it be possible just to have a small sample program that just does a read?

Just open a volume at all via the RawDisk.Open.For example RawDisk.Open("\??\C:") and then use the obtained system handle to read/write the volume. In the case of win32 use ReadFile and WriteFile API. In order to close the obtained handle call CloseHandle.
#31447
Posted: 11/19/2014 07:53:23
by Eugene Mayevski (EldoS Corp.)

About VB.NET:

1. In project properties go to References Tab.
2. Add RawDisk3Net.dll to the list of referenced assemblies
3. In the list below (on the same tab) there's a "Referenced Namespaces" list. Check RawDisk there.
4. To call Open method write
Code
CRawDisk.Open("\??\C:", Flags, "your license key here")


Flag values can be taken from MSDN: http://msdn.microsoft.com/en-us/libra...85%29.aspx
You'll probably need the value of GENERIC_WRITE which is 0x80000000

The method returns a handle to the opened device, which can be used in consequent calls to ReadFile() WinAPI function or in calls to ReadSectors() method of RawDisk.


Sincerely yours
Eugene Mayevski
Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.

Reply

Statistics

Topic viewed 5709 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!