THE SCRAMDISK TOOLKIT...A DEFENSE AGAINST HARDWARE AND SOFTWARE KEYLOGGERS.

Scramdicer v2.10 !
...enhanced security for the password protected encrypted containers produced by E4M, SCRAMDISK, and DRIVECRYPT.

( hover your cursor on the buttons and boxes for descriptions)

Updates in v2.10
1)...Relaxed the "Target Offset" range...extracted keyblock data or keyfile-passfile data can now be from 1 byte to 20Kb (0x1-0x5000) in size.
2)...Added "Key Mask Offset"...the user can now generate temporary keyfile-passfile data from any location within any large file when using the "Mask" option.

Overview of Scramdicer v2.10

SCD2.exe (Scramdicer) provides a useful mechanical service; it splits off the vital keyblock (about 10Kb of code) from a Scramdisk, E4M, or DriveCrypt container, saves it out to a separate file, and overwrites the original code with random garbage to disable all access to the container. The extracted keyblock can then be hidden elsewhere, on or off your system, using various combinations of the unique functions found in Scramdicer's companion programs from The Scramdisk Toolkit, the text and file processor Edxor and the bit-wise reversion tool Flip, which are used to hide the extracted keyblock from a dedicated search.

Scramdicer will easily replace this extracted bit of code into the container with a separate "Merge" function when access to the archive is needed, and restore's the containers ability to be opened with its own unique password. This protects your container from assault by cracking engines, keyloggers, and any unauthorised use of your passwords; by completely disabling the only route to the data for as long as you wish. Gaining access by brute force methods are ineffective as well.

Scramdicer can also use external "passfiles", or "keyfiles", to encrypt the keyblock in place by using its one-time-pad encryption function, "Mask".

In its simplest form, you may choose any file on your system or removable media to act as a "passfile", or "keyfile", which Scramdicer will use as a data-source to temporarily scramble your containers keyblock in a one-time-pad XOR operation. Repeating the procedure with the same keyfile-passfile will re-enable the containers password functions. In this mode, Scramdicer copies a specific amount of data from the beginning of any selected file (...9216 bytes, if the default value of 0x2400 is used in the "Target offset" box...) and uses this to Xor the keyblock. This "keyfile" can be from anywhere on or off the system. A particularly clever trick is to copy any file on your system into a RAM drive, zip it up there, and then use the newly zipped file as the keyfile. This file will disappear along with everything else in the RAM drive when the system is rebooted.

Scramdicer v2.10 is now capable of extracting a temporary "passfile", or "keyfile" from user-defined areas within any large file to use in a new variant of the Mask operation. A new "Keymask offset box" has been added to Scramdicer to define a specific location in the body of a selected "mother" file from which to draw the keyfile data used in the Mask procedure; and the offset range has been extended from 0x1 to 0x5000 (1 byte to 20Kb's) to accomodate wider variations in size of the keyfile data. In this variant of the Mask operation, there will be no separate passfile, or keyfile, for you to hide or for an attacker to seek; yet in a large file (...up to 4-gig...) the combinations of potential keyfile data can be staggering!

The Buttons

REMOVE...Splitting off the keyblock...enter the path to the target *.svl in the "Target File" box; give a name/path for the extracted keyblock in the "Key File" box, and click the "Remove" button to perform the split. Scramdisk, DriveCrypt, or E4M containers can be imagined has having two distinct parts...the keyblock at the top, and the encrypted data-portion on bottom. When separated from the keyblock, the data-portion, or the encrypted content of the container, cannot be accessed. Period. No password or cracking mechanism, however artfully applied, can open a container made by these OTFE programs without the keyblock in place.

merge

MERGE...Restoring the extracted keyblock...enter the path to the target *.svl into the "Target File" box and the path to its extracted keyblock in the "Key File" box and click the "Merge" button to restore the containers password mechanism. When Scramdicer merges the extracted keyblock back into place, the container can then be opened with its password. Scramdicers "Remove" and "Merge" option does not modify the core encryption functions of these OTFE programs; it just removes the relevant key-block to a safe place of your choosing, and replaces it when needed.

Overlaps into the data-portion of a container must be avoided at all costs when using Scramdicer's "Remove" and "Merge" procedures to extract, store, and replace a functional keyblock; because the files which are produced with these two functions are meant to be re-used, and must only contain keyblock data in order to prevent any data-loss when the files are decrypted. The default hex-value of 0x2400, or a decimal value of 9216, in Scramdicer's "Target offset" box is perfectly safe and effective to use with all containers; because the problem presented by Scramdicer to an attacker will be insurmountable, even if only a small part of the keyblock is modified.

mask

MASK...Masking the keyblock...When Masking a keyblock, the size restriction is not applicable, and any value up to 0x5000 (20Kb) can be used in the "Target offset" box; as long as the chosen keyfile is larger than 20Kb's. This keyfile can be any file on your system or removable media.

Enter the path to the target *.svl in the "Target file" box and the path to the chosen keyfile in the "Key file" box; and click the "Mask" button to XOR the target *.svl's keyblock in place with data taken from the keyfile. This provides an almost unbreakable encryption scheme, and effectively secures the keyblock from attack; as long as the same keyfile-data is not used when masking other keyblocks. Leave the default value of "0x0" in the new "Key mask offset" box if you wish to use Scramdicer's original Mask function.

Masking With Temporary Keyfiles....Scramdicer v2.10 is now capable of extracting a temporary "keyfile" or "passfile" to memory; and of using this data in the Mask operation to scramble a keyblock. The "keyfile" or "passfile" data can come from any position within ANY large file; such as another encrypted container; or from something like a 700Mb *.avi on a CD, or up to a 4Gb *.vob from a DVD. Any large file will serve as the "mother" for the data that Scramdicer needs for the "Mask" function; and this one large file can be the source of a staggering number of unique keyfiles or passfiles. The temporary data's size will be defined by the value in the "Target offset" box; and it's position within a "mother" file defined in the new "Key mask offset" box.

The user now has much more control over the source and size of data to be used with the "Mask" operation, and can readily change these values at any time to counter the threats of cryptographic analysis, brute force dictionary attacks, or to any unauthorised use of passwords gained through the use of keystroke recorders or social-engineering. This new variant of the "Mask" option rivals Scramdicers "Remove and Merge" functions in securing the keyblock of an encrypted container from attack.

HOW TO USE THE NEW "TEMPORARY KEYFILE" OPTION:

1...Enter a decimal value into the "Key mask offset" box in Scramdicer's window which will represent a specific location in the "mother" file; e.g. 250100500 (...250+Mb's from the start of the mother file, as an example...) and of a size indicated in the "Target offset" box. (...9216 bytes for a typical keyblock, if the default 0x2400 value is used...but any size up to 0x5000, or 20Kb's, is acceptable with the "Mask" function...)

2...Enter the path to your container in the "Target File" box below the buttons.

3...Enter the path to the "mother file" into the "Key File" box.

4...Click the "Mask" button to scramble the container's keyblock with data extracted from the chosen location in the "mother file".

In both "Mask" options, repeat the procedure with the same two offset values and passfile-keyfile to restore the password function of the container.

compare

COMPARE...Finding the exact size of a keyblock.... Scramdicer comes with a pre-set hex-value of 0x2400 (9216 bytes) which will achieve our purposes, but its actual range is 0x1 to 0x5000 (from 1 to 20,000 bytes). The "Compare" function can be used to determine the exact size of any containers keyblock, and this new value can be typed into the offset box for precise extractions when using Scramdicer's Remove and Merge function. This is not really necessary, given that the default values are sufficient for our purposes, but it can be helpful at times; especially if Scramdicer is being used with another type of container, such as a BestCrypt disk.

To determine the exact size (...in hex...) of any containers keyblock by using "Compare", first copy (...clone...) the container to another folder or partition; mount this cloned volume and empty it of all contents; and finally, dismount it. This will change the order of bytes in the encrypted "data-portion" of the cloned container. The byte-order of the "keyblock" will not differ from that of the original container.

Enter the path to the original *.svl in the "Target file" box of Scramdicer, the path to the clone in the "Key file" box, and click the "Compare" button to find the size (...in hex...) of the relevant keyblock. "Compare" will display the first byte that differs in the Results Message Box at the very bottom of Scramdicer's window. The displayed value will usually represent the very end of the keyblock, but it's advisable to step this value back by at least 5 or 10 bytes, in case there are any overlaps into the data-portion of the container. When you have your magic number, remove the keyblock of the clone before deleting it. Use the new offset-value from "Compare" for the "Remove and Merge" operations on the original container.

Brought to you by The SCD Team