index.html

<!DOCTYPE html>
<html>
<head>
<meta http-equiv="expires" content="0">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>How I compiled TrueCrypt 7.1a for Win32 and matched the official binaries</title>
<style type="text/css">
    html{margin:0;}
    body{font:12px Helvetica,"Arial",serif;line-height:24px;margin:0;}
    #page{margin:40px auto 0px;width:800px}
    h1{font-size:28pt;font-weight:700;margin:0 0 16px;padding:0 0 16px;box-shadow: 0 4px 2px -2px gray;line-height:35px;}
    #left-pic{border:0;float:left;margin:0 15px 0 0}
    .hr{margin:0px;padding-top:10px;border-bottom:1px solid #000;}
    div{text-align:justify}
    a{border-bottom:1px solid #000;color:#4D4D4D;text-decoration:none}
    .aimg{border-bottom:0;text-decoration:none}
    img{display: block; margin: 5px auto 5px auto}
    a:hover{border-bottom:none;color:#922338}
    img{border:0}
    h4{margin-bottom:4px}
    .sep{clear:left}
    .info-content{margin-left:75px}             
    .logo{margin-top:30px;margin-bottom:20px}
    .logo a,.logotest a{border-style:none}
    .logo a,.logotest img{margin-left: 10px; margin-right: 10px;}
    .center{display:block;margin-left:auto;margin-right:auto;text-align:center}
    #overview,.info-title{float:left}
    .checksums{margin-top:5px;margin-left:10px;padding-left:10px;border-left:1px solid #000;white-space: pre;display:block;font-family: monospace}
    .legend{font-weight: bold;text-align: center;padding-bottom:10px;}
    div.hide {display:none;}
    .success{color: #43740E;background-color: #DFF2BF;border: 1px solid;margin: 10px 0px;padding:15px 10px 15px 15px;background-repeat: no-repeat;}
    .warning{color: #db0000;background-color: #ffdf9b;border: 1px solid;margin: 40px 0px;padding:15px;}
</style>
<script style="text/javascript">
function showText(show,hide)
{
    document.getElementById(show).className = "show";
    document.getElementById(hide).className = "hide";
}
</script>
</head>
<body>

<div id="page">
  <div class="warning">This page is an archived version of the tutorial previously hosted at <a href="https://madiba.encs.concordia.ca/~x_decarn/truecrypt-binaries-analysis/">https://madiba.encs.concordia.ca/~x_decarn/truecrypt-binaries-analysis/</a>. It is provided as is. Since then, I graduated from my Master's, then PhD, and am now a professor. Make sure to check <a href="https://xavier2dc.fr">my website</a>.</div>
  <div id="title">
    <h1>How I compiled TrueCrypt 7.1a for Win32 and matched the official binaries</h1>
    <img src="img/tc_logo.png" width="120" height="155" alt="TrueCrypt Logo" id="left-pic">
      TrueCrypt is an open-source encryption software capable of on-the-fly encryption on file-, partition- or disk-based virtual disks. It supports various ciphers, including AES, Serpent, Twofish or some combination of them; provides a full disk encryption (FDE) feature under Windows environment with pre-boot authentication; and even allows plausible deniability.<br>
      Hence TrueCrypt seems to be a perfect solution to protect sensitive files. However, the recent news about the NSA programs enables all conspiracy theorists to imagine the worst of all. What if TrueCrypt was backdoored? What if the binaries provided on the website were different than the source code and they included hidden features?<br>
      We show in this article how to reproduce a deterministic compilation process specific to TrueCrypt 7.1a for Windows that matches the official binaries, and relieve the world from at least some concerns.
  </div>
  <div class="success">Since this article was put online, an extended version of the work has been published. Make sure to check the following paper:<br>
  	<a href="../papers/verifiable-build-acsac2014.pdf">Challenges and Implications of Verifiable Builds for Security-Critical Open-Source Software</a>. X. de Carné de Carnavalet and M. Mannan. <em>Annual Computer Security Applications Conference (ACSAC'14)</em>, Dec. 8-12, 2014, New Orleans, Louisiana, USA.
  </div>
  <div>
    <h2>Article versions changelog</h2>
    <ul>
    	<li>2014-05-29: Added a paragraph about v7.2 after the sudden shutdown of the TrueCrypt project</li>
      <li>2013-10-27: Added in appendix the checksums of the files downloaded in this analysis, provided better understanding of the installer checksum difference, verified MVC++ 1.52 found on the web with the original, fixed typos</li>
      <li>2013-10-24v2: Clarified few sentences about backdoors, explained the PDB info difference, made clear my results are meant to be reproduced</li>
      <li>2013-10-24: Added analysis results of v7.0a and v6.3a</li>
      <li>2013-10-23: Explained differences in more details, added assembly comparison</li>
      <li>2013-10-22: Added PGP/X.509 screenshots, clarified some comparison comments</li>
      <li>2013-10-21: First version</li>
    </ul>
  </div>
  <div>
    <h2>Challenges and implications</h2>
    TrueCrypt is a project that doesn't provide deterministic builds. Hence, anyone compiling the sources will get different binaries, as pointed by <a href="http://www.privacylover.com/encryption/analysis-is-there-a-backdoor-in-truecrypt-is-truecrypt-a-cia-honeypot/" onclick="target='_blank'">this article on Privacy Lover</a>, saying that "<i>it is exceedingly difficult to generate binaries from source that match the binaries provided by Truecrypt.</i>" This has led some speculations regarding the possibility of having backdoors in the official binaries that cannot be found easily.<br> 
    This concern has also been raised <a href="https://www.privacy-cd.org/downloads/truecrypt_7.0a-analysis-en.pdf" onclick="target='_blank'">in this analysis</a>, saying: "<i>Without a very expensive “reverse engineering” it can't be proved that they are compiled from the published source code. Since we haven't done such a reverse engineering we can't preclude that there is a back door hidden within those binary packages.</i>"<br>
Recently, the <a href="http://istruecryptauditedyet.com/" onclick="target='_blank'">IsTrueCryptAuditedYet</a> project was launched and aims at reviewing TrueCrypt's security and, among other things, providing deterministic build so as to enable everyone to compare her version to the official one. However, it is still at an early stage (as of October 2013) and tries to raise funds first.<br>
In this article, I present how I compiled TrueCrypt 7.1a for Windows and reached a very close match with the official binaries. I am also able to explain the small remaining differences and then prove that the official binaries indeed come from the public sources.
  </div>
  <div>
    <h2>UPDATE: Version 7.2</h2>
    The <a href="http://boingboing.net/2014/05/29/mysterious-announcement-from-t.html" onclick="target='_blank'">TrueCrypt project was apparently abruptly shut down</a> on May 28, 2014 and provides a farewell edition (v7.2) that is stripped of any code that enables the creation of new encrypted volumes and adds a feature to decrypt existing non-system encrypted drives in-place to facilitate the transition to other encryption tools.
    The legitimacy of this last release can be questioned, however you can at least verify that it matches the available sources (and hence again, that the given compiled source code is the one you can read) by following the steps in this article. Version 7.2 is compiled in the same way as version 7.1a, with a project path set to c:\truecrypt-7.2, consistent with the previous builds' scheme.
    According to my analysis, the binaries of v7.2 for Windows match the available sources. See checksums in appendix.<br>
    Note: Links to the TrueCrypt website are no longer working, you will have to find the files elsewhere such as on <a href="http://cyberside.net.ee/truecrypt/">cyberside.net.ee</a> or <a href="https://github.com/drwhax/truecrypt-archive">github.com/drwhax/truecrypt-archive</a>.
  </div>
  <div>
    <h2>Preparing the environment and compiling</h2>
    <h3>1. Download TrueCrypt binary and sources</h3>
    First of all, we want to download TrueCrypt and make sure it really is what the website is offering by checking the binary authenticity.<br>
    The download page is at <a href="http://www.truecrypt.org/downloads" onclick="target='_blank'">http://www.truecrypt.org/downloads</a> and doesn't provide HTTPS to download the software. Download TrueCrypt 7.1a for Windows 7/Vista/XP/2000 (<i>TrueCrypt Setup 7.1a.exe</i>).<br>
    <div class="checksums">Filename: TrueCrypt Setup 7.1a.exe
MD5:      7a23ac83a0856c352025a6f7c9cc1526
SHA1:     7689d038c76bd1df695d295c026961e50e4a62ea</div>
    <br>
    The PGP signature of the binary can be downloaded through the button PGP Signature, which makes you download <i>TrueCrypt Setup 7.1a.exe.sig</i> over HTTPS (although with the NSA in the middle, it might not mean much).<br>
    <div class="checksums">Filename: TrueCrypt Setup 7.1a.exe.sig
MD5:      015a30c68450b9559bda52eb2fa0ff3e
SHA1:     e1e3efaeac2fbcdbff0c2c62ac33233bd356edfa</div>
    <br>
    Next, download the PGP public key file (<a href="https://www.truecrypt.org/download/TrueCrypt-Foundation-Public-Key.asc" onclick="target='_blank'"><i>TrueCrypt-Foundation-Public-Key.asc</i></a>) to verify the signature over the TrueCrypt binary. It is provided through an HTTPS link too.<br>
    <div class="checksums">Filename: TrueCrypt-Foundation-Public-Key.asc
MD5:      41612478ceeee8448b87a5e872f07302
SHA1:     c871f833d6c115f4b4861eed859ff512e994b9fc</div>
    <br>
    On <a href="http://www.truecrypt.org/downloads2" onclick="target='_blank'">the source code/public key page</a>, download the sources (<i>TrueCrypt 7.1a Source.zip</i>) for Windows.<br>
    <div class="checksums">Filename: TrueCrypt 7.1a Source.zip
MD5:      3ca3617ab193af91e25685015dc5e560
SHA1:     4baa4660bf9369d6eeaeb63426768b74f77afdf2</div>
    <br>
    In order to verify the PGP signature of the binary, I use <a href="http://gpg4win.org/download.html" onclick="target='_blank'">Gpg4win 2.2.1</a>. Download and install it to follow the instructions below, or verify the signature with your favorite software.<br>
    <ol>
      <li>After the installation, launch Kleopatra.</li>
      <li>Import the .asc file in the keyring (File &gt; Import certificates).</li>
      <li>Now you should mark the key as trusted: right click on the <i>TrueCrypt Foundation</i> public key in the list under Imported Certificate tab &gt; Change Owner Trust, and set it as <i>I believe checks are casual</i>.<br>
        You should also generate your own key pair to sign this key in order to show you really trust it and get a nice confirmation when verifying the binary.
        <ol>
          <li>Go to File &gt; New Certificate, choose OpenPGP key pair and follow the instructions (no need to provide true data here).
          <li>Put any passphrase and remember it. Finally, no need to backup or send your key to a server.</li>
          <li>Once you have your keys, right click again on TrueCrypt's public key and choose Certify Certificate.</li>
          <li>Check <i>TrueCrypt Foundation</i>, look at the fingerprint given and compare it with the one shown on TrueCrypt's website (<a href="http://www.truecrypt.org/downloads2" onclick="target='_blank'">http://www.truecrypt.org/downloads2</a>): they should be the same.
          <li>If they are the same, check the box I have verified the fingerprint, click Next and Certify.</li>
          <li>Enter your passphrase to use your private key to sign TrueCrypt's key.</li>
        </ol>
      </li>
      <li>Now, to verify the binary signature, go to File &gt; Decrypt/Verify files... and choose <i>TrueCrypt Setup 7.1a.exe.sig</i> that you downloaded before. The signed data field should point to the binary to verify (<i>TrueCrypt Setup 7.1a.exe</i>).</li>
      <li>Click Decrypt/Verify: You should see a nice green label saying the signature is valid. This means that the <i>TrueCrypt Setup 7.1a.exe</i> file you downloaded is what TrueCrypt Foundation provides on their website and you downloaded that exact binary, as long as you trust their public key you downloaded over HTTPS.<br>
      <img src="img/tc-sign-pgp.png" width="656" height="220" alt="PGP signature over TrueCrypt Setup 7.1a.exe"></li>
    </ol>

    Checking the X.509 signature is more trivial:
    <ol>
      <li>Right click on the executable, go to Digital Signatures.</li>
      <li>Select <i>TrueCrypt Foundation</i> in the list, click on Details</li>
      <li>You should see <i>This digital signature is OK</i>. Now, you can trust this binary if you trust VerySign, a popular certificate authority, and its public key that is embedded in your OS.<br>
      <img src="img/tc-sign-x509.png" width="419" height="489" alt="X.509 signature over TrueCrypt Setup 7.1a.exe"></li>
    </ol>
    
    Now we are pretty sure that we are in possession of the official binaries to be compared to our build.
    
    <h3>2. Download the prerequisites</h3>
    In the sources, the Readme file specifies the following list of software to have on your system in order to compile TrueCrypt:
    <ul>
    <li>Microsoft Visual C++ 2008 SP1 (Professional Edition or compatible)</li>
    <li>Microsoft Visual C++ 1.52 (available from MSDN Subscriber Downloads)</li>
    <li>Microsoft Windows SDK for Windows 7 (configured for Visual C++)</li>
    <li>Microsoft Windows Driver Kit 7.1.0 (build 7600.16385.1)</li>
    <li>RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki) 2.20 header files</li>
    <li>NASM assembler 2.08 or compatible</li>
    <li>gzip compressor</li>
    </ul>
    
    The list is pretty long and some pieces are hard to find, notably Visual C++ 1.52 which was released in 1994 and is only available for MSDN subscribers (and I'm not).<br>
    <b>It is very important to use the same exact version of the compilers and tools used by the developers because a slight difference can completely change the output binary (as I have experienced), and can lead people to think TrueCrypt binaries are backdoored. Also, it is important to install the right software updates for Visual Studio 2008 SP1: no more, no less than what the developers had installed.</b><br>
    Let's examine how to gather the prerequisites:
    <ol>
    <li>For Microsoft Visual C++ 2008, I downloaded Microsoft Visual Studio 2008 (VS2008) Professional from my university's MSDNAA partnership. The <a href="http://www.microsoft.com/en-us/download/details.aspx?id=13276" onclick="target='_blank'">SP1 is available on Microsoft's website</a>.<br></li>
    <li>I found a copy of VC++ 1.52c on <a href="http://vetusware.com/download/Visual%20C%2B%2B%201.52c/?id=9008" onclick="target='_blank'">vetusware.com</a>. <del>Hopefully, it is trusted</del>. <ins>See appendix for checksums.</ins><br></li>
    <li><a href="http://www.microsoft.com/en-us/download/details.aspx?id=8442" onclick="target='_blank'">Microsoft Windows SDK for Windows 7</a> can be downloaded from Microsoft. The latest one is named <i>Microsoft Windows SDK for Windows 7 and .NET Framework 4</i>, for which you should have <a href="http://www.microsoft.com/en-us/download/details.aspx?id=17718" onclick="target='_blank'">Microsoft .NET Framework 4</a> installed first. The previous version was named <i>Microsoft Windows SDK for Windows 7 and .NET Framework 3.5 SP1</i> and only requires .NET Framework 3.5 SP1. Both are OK to use because TrueCrypt doesn't use .NET Framework anyway.<br>
    The ISO file is either <i>GRMSDK_EN_DVD.iso</i> for the 32-bit or <i>GRMSDKX_EN_DVD.iso</i> for the 64-bit version. Both are fine in our case; use the one matching your OS's architecture.
    <li><a href="http://www.microsoft.com/en-us/download/details.aspx?id=11800" onclick="target='_blank'">Microsoft Windows Driver Kit 7.1.0</a> is also found on Microsoft's website. The filename is <i>GRMWDK_EN_7600_1.ISO</i>.</li>
    <li>The PKCS #11 header files needed are <i>pkcs11.h</i>, <i>pkcs11f.h</i> and <i>pkcs11t.h</i>, available at <a href="ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20" onclick="target='_blank'">ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20</a>.</li>
    <li>NASM 2.08 can be found <a href="http://www.nasm.us/pub/nasm/releasebuilds/2.08/win32/" onclick="target='_blank'">on the official website</a>.</li>
    <li>According to <a href="http://stackoverflow.com/questions/13379644/how-do-i-build-truecrypt-on-windows/13414137#13414137" onclick="target='_blank'">this post on stackoverflow.com</a>, gzip for Windows can be found in <a href="http://sourceforge.net/projects/gnuwin32/files/gzip/1.3.12-1/" onclick="target='_blank'">the gnuwin32 project on SourceForge</a> (version 1.3.12-1 tested). A difference in the version used can lead to a different compression algorithm and a different binary. Fortunately this version works well for our purpose.</li>
    <li>dd, although not mentioned in the Readme, is required. Some dd for Win32 found on the Internet do not behave correctly during the compilation process (different arguments are expected and no output is generated). One compatible version can be found in <a href="http://gnuwin32.sourceforge.net/packages/coreutils.htm" onclick="target='_blank'">CoreUtils for Windows</a>.</li>
    </ol>
    
    Because TC 7.1a was released on 2012-02-07, and because TrueCrypt's developers are security-aware and installed their latest security updates (supposedly, but this can be verified by installing less updates and getting different binaries), we have to install the updates available at that time and not after. After installing VS2008 and the SP1, Microsoft Update indicates several updates. Only the following ones should be installed: 
    <a href="http://www.microsoft.com/en-us/download/details.aspx?id=26360" onclick="target='_blank'">KB2538241</a> (365.8 MB), <a href="http://www.microsoft.com/en-us/download/details.aspx?id=15303" onclick="target='_blank'">KB971092</a> (365.2 MB), <a href="http://www.microsoft.com/en-us/download/details.aspx?id=13433" onclick="target='_blank'">KB972222</a> (4.1 MB), <a href="http://www.microsoft.com/en-us/download/details.aspx?id=12076" onclick="target='_blank'">KB973675</a> (131.5 MB). A newer update is available, but couldn't have been installed by the developers because it has been released a month after TrueCrypt 7.1a was out.
    
    <h3>3. Installing the prerequisites</h3>
    This paragraph is directly taken and adapted from TC's Readme file.<br>
    <ul>
    <li><b>Microsoft Visual Studio 2008</b>: Install it with the Full configuration, or select Custom and check X64 Compilers and Tools under Microsoft Visual Studio 2008 Professional Edition/Language Tools/Visual C++. Once finished, install the SP1. Then, install the 4 updates one by one.</li>
    <li><b>Microsoft Visual C++ 1.52c</b>: Unzip the <i>MSVC15</i> folder from <i>Microsoft - Visual C++ 1.52c - Installation CD.zip</i> to C:\, so you have C:\MSVC15. Then, create an environment variable 'MSVC16_ROOT' pointing to that directory.<br>
        On Windows 7: Go to Control Panel &gt; System &gt; Advanced system settings &gt; click Environment Variables... &gt; Under System variables, click New... &gt; Put <i>MSVC16_ROOT</i> as variable name and <i>C:\MSVC15</i> as value.<br>
        Note: The 16-bit installer MSVC15\SETUP.EXE cannot be run on 64-bit Windows, but it is actually not necessary to run it. You only need to extract the folder 'MSVC15', which contains the 32-bit binaries required to build the TrueCrypt Boot Loader.
    </li>
    <li><b>Microsoft Windows SDK for Windows 7</b>: Use installation defaults. After installation, you need to switch SDK from version 6 to version 7.1 in Visual Studio. To do this, go to the Start Menu &gt; Microsoft Windows SDK v7.1 &gt; Visual Studio Registration &gt; Windows SDK Configuration Tool &gt; Select v7.1 and press Make Current.</li>
    <li><b>Microsoft Windows Driver Kit 7.1.0</b>: When installing WDK, only the <i>Build Environments</i> option is of importance for us, you can save some time by selecting this one only. Install in the default location (%SYSTEMDRIVE%\WinDDK).</li>
    <li><b>PKCS #11 header files</b>: Create a folder <i>PKCS11</i> in C:\ and put the 3 header files there. Then, create an environment variable 'PKCS11_INC' pointing to that directory.<br>
        On Windows 7: Go to Control Panel &gt; System &gt; Advanced system settings &gt; click Environment Variables... &gt; Under System variables, click New... &gt; Put <i>PKCS11_INC</i> as variable name and <i>C:\PKCS11</i> as value.
    </li>
    <li><b>NASM 2.08</b>: Install it (or unzip it) to C:\nasm. Then, add the installation path to the PATH environment variable.<br>
        On Windows 7: Go to Control Panel &gt; System &gt; Advanced system settings &gt; click Environment Variables... &gt; Under System variables, select the line whose variable is <i>Path</i>, click Edit... &gt; add a semi-colon (;) at the end of the line then append the installation path (C:\nasm in this case).
    </li>
    <li><b>gzip & dd</b>: Copy gzip.exe and dd.exe in C:\Windows\System32 for the 32-bit version of Windows, or in C:\Windows\SysWOW64 for the 64-bit version.</li>
    </ul>
    
    <h3>4. Compiling TrueCrypt</h3>
    Setting up the environment was the hardest task. Now:
    <ol>
    <li>Open the solution file 'TrueCrypt.sln' in Microsoft Visual Studio 2008 (select Visual C++ Development Settings when opening for the first time)</li>
    <li>Select 'All' as the active solution configuration</li>
    <li>Build the solution</li>
    <li>If successful, there should be newly built TrueCrypt binaries in the 'Release' folder.</li>
    </ol>

    Below is my compilation log:<br>
    <textarea cols="95" rows="15" readonly>
------ Build started: Project: Crypto, Configuration: Release Win32 ------
Performing Custom Build Step
Aes_hw_cpu.asm 
Performing Custom Build Step
Aes_x86.asm 
Compiling...
Whirlpool.c
Twofish.c
Sha2.c
Sha1.c
Serpent.c
Rmd160.c
Des.c
Cast.c
Blowfish.c
Aestab.c
Aeskey.c
Generating Code...
Creating library...
Build log was saved at "file://c:\Users\TrueCryptTest\Desktop\truecrypt\Crypto\Release\BuildLog.htm"
Crypto - 0 error(s), 0 warning(s)
------ Build started: Project: Boot, Configuration: Release Win32 ------
Performing Makefile project actions
 Assembling: ..\BootSector.asm
 Assembling: ..\BootCrt.asm
..\decompressor.c
..\bootconfig.cpp
..\bootconsoleio.cpp
..\bootdebug.cpp
..\bootdiskio.cpp
..\bootencryptedio.cpp
..\bootmain.cpp
..\bootmemory.cpp
..\intfilter.cpp
..\platform.cpp
..\..\..\common\crc.c
..\..\..\common\crypto.c
..\..\..\common\endian.c
..\..\..\common\pkcs5.c
..\..\..\common\volumes.c
..\..\..\common\xts.c
..\..\..\crypto\rmd160.c
..\..\..\crypto\aessmall.c
..\..\..\crypto\serpent.c
..\..\..\crypto\twofish.c
Linking...
 Assembling: ..\BootSector.asm
 Assembling: ..\BootCrt.asm
..\decompressor.c
..\bootconfig.cpp
..\bootconsoleio.cpp
..\bootdebug.cpp
..\bootdiskio.cpp
..\bootencryptedio.cpp
..\bootmain.cpp
..\bootmemory.cpp
..\intfilter.cpp
..\platform.cpp
..\..\..\common\crc.c
..\..\..\common\crypto.c
..\..\..\common\endian.c
..\..\..\common\pkcs5.c
..\..\..\common\volumes.c
..\..\..\common\xts.c
..\..\..\crypto\rmd160.c
Aes_hw_cpu.asm
AesSmall_x86.asm
..\..\..\crypto\aestab.c
Linking...
 Assembling: ..\BootSector.asm
 Assembling: ..\BootCrt.asm
..\decompressor.c
..\bootconfig.cpp
..\bootconsoleio.cpp
..\bootdebug.cpp
..\bootdiskio.cpp
..\bootencryptedio.cpp
..\bootmain.cpp
..\bootmemory.cpp
..\intfilter.cpp
..\platform.cpp
..\..\..\common\crc.c
..\..\..\common\crypto.c
..\..\..\common\endian.c
..\..\..\common\pkcs5.c
..\..\..\common\volumes.c
..\..\..\common\xts.c
..\..\..\crypto\rmd160.c
..\..\..\crypto\serpent.c
Linking...
 Assembling: ..\BootSector.asm
 Assembling: ..\BootCrt.asm
..\decompressor.c
..\bootconfig.cpp
..\bootconsoleio.cpp
..\bootdebug.cpp
..\bootdiskio.cpp
..\bootencryptedio.cpp
..\bootmain.cpp
..\bootmemory.cpp
..\intfilter.cpp
..\platform.cpp
..\..\..\common\crc.c
..\..\..\common\crypto.c
..\..\..\common\endian.c
..\..\..\common\pkcs5.c
..\..\..\common\volumes.c
..\..\..\common\xts.c
..\..\..\crypto\rmd160.c
..\..\..\crypto\twofish.c
Linking...
 Assembling: ..\BootSector.asm
 Assembling: ..\BootCrt.asm
..\decompressor.c
..\bootconfig.cpp
..\bootconsoleio.cpp
..\bootdebug.cpp
..\bootdiskio.cpp
..\bootencryptedio.cpp
..\bootmain.cpp
..\bootmemory.cpp
..\intfilter.cpp
..\platform.cpp
..\..\..\common\crc.c
..\..\..\common\crypto.c
..\..\..\common\endian.c
..\..\..\common\pkcs5.c
..\..\..\common\volumes.c
..\..\..\common\xts.c
..\..\..\crypto\rmd160.c
..\..\..\crypto\aessmall.c
..\..\..\crypto\serpent.c
..\..\..\crypto\twofish.c
Linking...
 Assembling: ..\BootSector.asm
 Assembling: ..\BootCrt.asm
..\decompressor.c
..\bootconfig.cpp
..\bootconsoleio.cpp
..\bootdebug.cpp
..\bootdiskio.cpp
..\bootencryptedio.cpp
..\bootmain.cpp
..\bootmemory.cpp
..\intfilter.cpp
..\platform.cpp
..\..\..\common\crc.c
..\..\..\common\crypto.c
..\..\..\common\endian.c
..\..\..\common\pkcs5.c
..\..\..\common\volumes.c
..\..\..\common\xts.c
..\..\..\crypto\rmd160.c
Aes_hw_cpu.asm
AesSmall_x86.asm
..\..\..\crypto\aestab.c
Linking...
 Assembling: ..\BootSector.asm
 Assembling: ..\BootCrt.asm
..\decompressor.c
..\bootconfig.cpp
..\bootconsoleio.cpp
..\bootdebug.cpp
..\bootdiskio.cpp
..\bootencryptedio.cpp
..\bootmain.cpp
..\bootmemory.cpp
..\intfilter.cpp
..\platform.cpp
..\..\..\common\crc.c
..\..\..\common\crypto.c
..\..\..\common\endian.c
..\..\..\common\pkcs5.c
..\..\..\common\volumes.c
..\..\..\common\xts.c
..\..\..\crypto\rmd160.c
..\..\..\crypto\serpent.c
Linking...
 Assembling: ..\BootSector.asm
 Assembling: ..\BootCrt.asm
..\decompressor.c
..\bootconfig.cpp
..\bootconsoleio.cpp
..\bootdebug.cpp
..\bootdiskio.cpp
..\bootencryptedio.cpp
..\bootmain.cpp
..\bootmemory.cpp
..\intfilter.cpp
..\platform.cpp
..\..\..\common\crc.c
..\..\..\common\crypto.c
..\..\..\common\endian.c
..\..\..\common\pkcs5.c
..\..\..\common\volumes.c
..\..\..\common\xts.c
..\..\..\crypto\rmd160.c
..\..\..\crypto\twofish.c
Linking...
Build log was saved at "file://c:\Users\TrueCryptTest\Desktop\truecrypt\Boot\Windows\Release\BuildLog.htm"
Boot - 0 error(s), 0 warning(s)
------ Build started: Project: Format, Configuration: Release Win32 ------
Creating Type Library...
Processing .\FormatCom.idl
FormatCom.idl
Processing C:\Program Files\Microsoft SDKs\Windows\v7.1\\include\wtypes.idl
wtypes.idl
Processing C:\Program Files\Microsoft SDKs\Windows\v7.1\\include\basetsd.h
basetsd.h
Processing C:\Program Files\Microsoft SDKs\Windows\v7.1\\include\guiddef.h
guiddef.h
Processing ..\Common\Password.h
Password.h
Processing C:\Program Files\Microsoft SDKs\Windows\v7.1\\include\oaidl.idl
oaidl.idl
Processing C:\Program Files\Microsoft SDKs\Windows\v7.1\\include\objidl.idl
objidl.idl
Processing C:\Program Files\Microsoft SDKs\Windows\v7.1\\include\unknwn.idl
unknwn.idl
Processing C:\Program Files\Microsoft SDKs\Windows\v7.1\\include\oaidl.acf
oaidl.acf
Compiling...
FormatCom.cpp
SecurityToken.cpp
Keyfiles.c
Dlgcode.c
Dictionary.c
BootEncryption.cpp
BaseCom.cpp
Tcformat.c
InPlace.c
Generating Code...
Compiling...
Xts.c
Xml.c
Wipe.c
Volumes.c
Tests.c
Registry.c
Random.c
Progress.c
Pkcs5.c
Password.c
Language.c
GfMul.c
Format.c
Fat.c
Endian.c
EncryptionThreadPool.c
Crypto.c
Crc.c
Combo.c
Cmdline.c
Generating Code...
Compiling resources...
Microsoft (R) Windows (R) Resource Compiler Version 6.1.7600.16385
Copyright (C) Microsoft Corporation.  All rights reserved.
Linking...
Embedding manifest...
Performing Post-Build Event...
        1 file(s) copied.
Build log was saved at "file://c:\Users\TrueCryptTest\Desktop\truecrypt\Format\Release\BuildLog.htm"
Format - 0 error(s), 0 warning(s)
------ Build started: Project: Mount, Configuration: Release Win32 ------
Creating Type Library...
Processing .\MainCom.idl
Processing C:\Program Files\Microsoft SDKs\Windows\v7.1\\include\wtypes.idl
MainCom.idl
wtypes.idl
Processing C:\Program Files\Microsoft SDKs\Windows\v7.1\\include\basetsd.h
basetsd.h
Processing C:\Program Files\Microsoft SDKs\Windows\v7.1\\include\guiddef.h
guiddef.h
Processing ..\Common\Password.h
Password.h
Processing C:\Program Files\Microsoft SDKs\Windows\v7.1\\include\oaidl.idl
oaidl.idl
Processing C:\Program Files\Microsoft SDKs\Windows\v7.1\\include\objidl.idl
objidl.idl
Processing C:\Program Files\Microsoft SDKs\Windows\v7.1\\include\unknwn.idl
unknwn.idl
Processing C:\Program Files\Microsoft SDKs\Windows\v7.1\\include\oaidl.acf
oaidl.acf
Compiling...
Favorites.cpp
SecurityToken.cpp
Keyfiles.c
Dlgcode.c
Dictionary.c
BootEncryption.cpp
BaseCom.cpp
Mount.c
MainCom.cpp
Generating Code...
Compiling...
Xts.c
Xml.c
Volumes.c
Tests.c
Registry.c
Random.c
Pkcs5.c
Password.c
Language.c
GfMul.c
Endian.c
EncryptionThreadPool.c
Crypto.c
Crc.c
Combo.c
Cmdline.c
Hotkeys.c
Generating Code...
Compiling resources...
Microsoft (R) Windows (R) Resource Compiler Version 6.1.7600.16385
Copyright (C) Microsoft Corporation.  All rights reserved.
Linking...
Embedding manifest...
Performing Post-Build Event...
        1 file(s) copied.
Build log was saved at "file://c:\Users\TrueCryptTest\Desktop\truecrypt\Mount\Release\BuildLog.htm"
Mount - 0 error(s), 0 warning(s)
------ Build started: Project: Driver, Configuration: Release Win32 ------
Performing Makefile project actions
------ Building truecrypt.sys: Release x86 ------
Starting dirs creation...Completed.
cache.c
crc.c
crypto.c
encryptionthreadpool.c
endian.c
gfmul.c
pkcs5.c
volumes.c
xts.c
tests.c
wipe.c
Generating Code...
aeskey.c
aestab.c
blowfish.c
cast.c
des.c
rmd160.c
serpent.c
sha1.c
sha2.c
twofish.c
whirlpool.c
Generating Code...
drivefilter.c
dumpfilter.c
encryptedioqueue.c
ntdriver.c
ntvol.c
volumefilter.c
Generating Code...
   Creating library c:\users\truecrypttest\desktop\truecrypt\driver\obj_driver_release\i386\truecrypt.lib and object c:\users\truecrypttest\desktop\truecrypt\driver\obj_driver_release\i386\truecrypt.exp
------ Building truecrypt.sys: Release x64 ------
Starting dirs creation...Completed.
cache.c
crc.c
crypto.c
encryptionthreadpool.c
endian.c
gfmul.c
pkcs5.c
volumes.c
xts.c
tests.c
wipe.c
aeskey.c
aestab.c
blowfish.c
cast.c
des.c
rmd160.c
serpent.c
sha1.c
sha2.c
twofish.c
whirlpool.c
drivefilter.c
dumpfilter.c
encryptedioqueue.c
ntdriver.c
ntvol.c
volumefilter.c
Generating code
Finished generating code
Build log was saved at "file://c:\Users\TrueCryptTest\Desktop\truecrypt\Driver\Release\BuildLog.htm"
Driver - 0 error(s), 0 warning(s)
------ Build started: Project: Setup, Configuration: Release Win32 ------
Compiling...
ComSetup.cpp
Dlgcode.c
Dictionary.c
BootEncryption.cpp
Wizard.c
Setup.c
Generating Code...
Compiling...
Registry.c
Language.c
Inflate.c
Endian.c
Crc.c
Xml.c
SelfExtract.c
Dir.c
Generating Code...
Compiling resources...
Microsoft (R) Windows (R) Resource Compiler Version 6.1.7600.16385
Copyright (C) Microsoft Corporation.  All rights reserved.
Linking...
Embedding manifest...
Performing Post-Build Event...
        1 file(s) copied.
Build log was saved at "file://c:\Users\TrueCryptTest\Desktop\truecrypt\Setup\Release\BuildLog.htm"
Setup - 0 error(s), 0 warning(s)
========== Build: 6 succeeded, 0 failed, 0 up-to-date, 0 skipped ==========
    </textarea>
       
  </div>
  <div>
    <h2>Comparison with the official binaries</h2>
    <h3>Flat comparison</h3>
    
    My compiled files have the following properties:
    <table style="width:100%">
    <tr><td style="width:150px"><b>Name</b></td><td style="width:80px"><b>Size (B)</b></td><td><b>MD5</b></td><td><b>SHA1</b></td></tr>
    <tr><td>TrueCrypt.exe</td><td>1,508,864</td><td>a34df1c7f1ad4fd9f2eb4ad7e5cf18db</td><td>b90e23030ba2370f9aecf186e5548765eab8b93c</td></tr>
    <tr><td>TrueCrypt Format.exe</td><td>1,603,072</td><td>b673d02aab960cad1b42f7dfd92161c3</td><td>27351c6501797972ad600a3ecd3d7a9594c988b8</td></tr>
    <tr><td>TrueCrypt Setup.exe</td><td>1,058,816</td><td>0b37078976b7fb2bb3e5cfe13890b945</td><td>ef491a6817201c9d086b8f9e29cd57655c4eb020</td></tr>
    <tr><td>TrueCrypt Setup 7.1a.exe</td><td>3,436,448</td><td>fc611c31f1de30cfcbe4c4956e81f99b</td><td>e2c837cfb123f5a61b7526bdcce1d6e1f947303c</td></tr>
    <tr><td>truecrypt.sys</td><td>224,128</td><td>055241c3e5a21cd8bac65f8163b1b233</td><td>b973a254e971a75b6c893444e4c98938e57386a4</td></tr>
    <tr><td>truecrypt-x64.sys</td><td>223,744</td><td>4fc3ea4aa4e4d00744ffbb00f86f7a84</td><td>ad84b6c2fd7c2a29c1d541e4e24e8fd534fd839c</td></tr>
    </table>
    <div class="legend">Table 1. Files, their size and checksums, from my own build</div>
    
    The original files have the following properties:
    <table style="width:100%">
    <tr><td style="width:150px"><b>Name</b></td><td style="width:80px"><b>Size (B)</b></td><td><b>MD5</b></td><td><b>SHA1</b></td></tr>
    <tr><td>TrueCrypt.exe</td><td>1,516,496</td><td>fa8f08013422a4eb68072668b3a73293</td><td>4c4891f5eafcf9b96be01e31031992d9e98d39c3</td></tr>
    <tr><td>TrueCrypt Format.exe</td><td>1,610,704</td><td>48538c19abe905d22e147b1c25d90880</td><td>34442e400e6cb2534f33a0b1599defe36eefef2a</td></tr>
    <tr><td>TrueCrypt Setup 7.1a.exe</td><td>3,466,248</td><td>7a23ac83a0856c352025a6f7c9cc1526</td><td>7689d038c76bd1df695d295c026961e50e4a62ea</td></tr>
    <tr><td>truecrypt.sys</td><td>231,760</td><td>ed5e4ce36c54f55e7698642e94d32ec7</td><td>62fc4f76540740e63c7f0a33e3a1b66411f0a303</td></tr>
    <tr><td>truecrypt-x64.sys</td><td>231,376</td><td>370a6907ddf79532a39319492b1fa38a</td><td>17c46ebc6f4977afbcf4aa11eccee524fd95b1c8</td></tr>
    </table>
    <div class="legend">Table 2. Files, their size and checksums, from the original binaries</div>

    It should not be expected at this point to have produced the same binaries as the official ones, for several reasons:
    <ol>
    <li>The official binaries are all signed with TrueCrypt certificate, which is impossible to reproduce without being the TrueCrypt's developers. We will see a way around for our purpose.</li>
    <li>The installer (<i>TrueCrypt Setup.exe</i>) has to be called with the /p switch to package the binaries inside itself and output a complete installer named <i>TrueCrypt Setup 7.1a.exe</i>. The binaries should be signed prior to being packaged to hope reproducing the original installer. Above, I packaged my non-signed compiled ones.</li>
    <li>Timestamps in the output executables are obviously different from the original ones; this is expected and should be taken into account when simply comparing hashes of the binaries.</li>
    </ol>
    
    Someone not aware of these concerns can falsely conclude that all official binaries are bigger and hence include malicious hidden content.
    
    <h3>Understanding the differences</h3>
    In order to understand the differences between our compiled binaries and the original ones, a hexadecimal byte-by-byte comparison helps a lot. Below I analyze all files, one by one.
    
    <h4>TrueCrypt.exe</h4>
    There are three regions where differences can be seen. The first region between the two versions of TrueCrypt.exe is shown in Fig.&nbsp;1.
    <a href="img/tcexe_hex1.png" class="aimg"><img src="img/tcexe_hex1.png" alt="Differences between compiled TrueCrypt.exe and origial one (1)" width="800"></a>
    <div class="legend">Fig 1. First block of differences between my TrueCrypt.exe (left) and the original one (right)</div>
    These differences are located in the file header, precisely at file offset 000000F8 corresponding to Time/Date Stamp in COFF/PE file header (offset 4); file offset 00000148 corresponding to a CheckSum in the PE Optional header (offset 64); and file offset 00000188 corresponding to the Certificate Table in the Optional Data Directories header (offset 128 of PE Optional headers). I used <a href="http://www.cgsoftlabs.ro/studpe.html" onclick="target='_blank'">Stud_PE</a> to analyze the headers. Fig.&nbsp;2 is an example of details about file offset 000000F8 in the original TrueCrypt.exe.<br>
    <img src="img/studpe_hex1.png" width="718" alt="Stud_PE showing timestamp">
    <div class="legend">Fig 2. Stud_PE pointing at the part of the original TrueCrypt.exe related to the Time/Date Stamp</div>
    According to <a href="http://www.openwatcom.org/ftp/devel/docs/pecoff.pdf" onclick="target='_blank'">Microsoft's documentation on Portable Executable and Common Object File Format Specification</a>, Time/Date Stamp is the time and date the file was created. I -obviously- compiled TrueCrypt at a different time than the developers, hence this difference is legitimate. Then, CheckSum corresponds to the image file checksum. This checksum is different because our compiled executable has slight differences, resulting in different checksums. This difference is also legitimate, and only the changes resulting in such checksums are interesting to analyze. Finally, the Certificate Table contains a field Certificate Data which is a pointer to a certificate data in the file, and a field Size of Certificate which indicates the size of the certificate data. This table provides information regarding the X.509 signature over the file that is included on the official binaries. Because I do not have certified binaries, my Certificate Table is all zeros, whereas the original file points to some certificate data at offset 0x170600 in the file. We will see it matches the third region of differences.<br><br>
    
    Then, the second region of differences is shown in Fig.&nbsp;3, located at about two thirds of the file.<br>
    <a href="img/tcexe_hex2.png" class="aimg"><img src="img/tcexe_hex2.png" alt="Differences between compiled TrueCrypt.exe and origial one (2)" width="800"></a>
    <div class="legend">Fig 3. Second block of differences between my TrueCrypt.exe (left) and the original one (right)</div>
    The interpretation is obvious; it's a time and date difference and what seems to be also a timestamp difference. To be clear about it, let's check it: the original file contains 0x4F30EA22, which gives 1328605730 in decimal, which is the timestamp of 2012-02-07 09:08:50 GMT. It also reads a date of 'Tue Feb 07 10:08:49 2012' right before, which matches the alleged timestamp and even gives us the time zone of the compiler's machine: GMT+1 (mainly Western Europe).<br><br>
    
    Finally, at the end of the file, the third region of differences starts at 0x170600 and shows us that the original file contains more information, which is completely related to the certificate, as the Certificate Table points to this location. We can safely ignore the presence of the certificate in the official binaries, because a signature and certificate are normally harmless. Also, Microsoft's documentation indicates that "<i>These certificates are not loaded into memory as part of the image.</i>" This means that if this section contains malicious code, it has to be loaded by the program first, which would be seen in the source code. However, auditing the source code is not in our scope (IsTrueCryptAuditedYet? project aims at it).<br>
    <a href="img/tcexe_hex3.png" class="aimg"><img src="img/tcexe_hex3.png" alt="Differences between compiled TrueCrypt.exe and origial one (3)" width="800"></a>
    <div class="legend">Fig 4. Third block of differences between my TrueCrypt.exe (left) and the original one (right)</div>
    It is to be noted that apart from these three unimportant mismatches (timestamps, checksum, presence of certificate), the rest of the files are strictly identical.
    
    <h4>TrueCrypt Format.exe</h4>
    This file presents the same exact patterns of difference as TrueCrypt.exe. Fig 5. shows the differences present in both TrueCrypt Format.exe.<br>
    <a href="img/tcformatexe_hex1.png" class="aimg"><img src="img/tcformatexe_hex1.png" alt="Differences between compiled TrueCrypt Format.exe and origial one (1)" width="800"></a>
    <a href="img/tcformatexe_hex2.png" class="aimg"><img src="img/tcformatexe_hex2.png" alt="Differences between compiled TrueCrypt Format.exe and origial one (2)" width="800"></a>
    <a href="img/tcformatexe_hex3.png" class="aimg"><img src="img/tcformatexe_hex3.png" alt="Differences between compiled TrueCrypt Format.exe and origial one (3)" width="800"></a>
    <div class="legend">Fig 5. Differences between my TrueCrypt Format.exe (left) and the original one (right)</div>
    Because we explained the unimportance of these differences in the case of TrueCrypt.exe, we can conclude that these binaries are also the same.
    
    <h4>truecrypt.sys</h4>
    This file is the 32-bit driver that takes care of all features related to the OS, such as providing virtual disks or supporting full disk encryption or system partition encryption. The number of differences, shown in Fig.&nbsp;6, is greater than in the previous executables.<br>
    <a href="img/tcsys_hex1.png" class="aimg"><img src="img/tcsys_hex1.png" alt="Differences between compiled truecrypt.sys and origial one (1)" width="800"></a>
    <div class="legend">Fig 6. Differences between my truecrypt.sys (left) and the original one (right)</div>
    First of all, the difference at file offset 00000270 corresponds to the Time/Date Stamp in the headers, as confirmed by Stud_PE on the original file in Fig.&nbsp;7. We already argued why this difference is completely benign. File offsets 0001EA44 and 00034184 show the same timestamp difference.<br>
    <img src="img/tcsys_studpe1.png" width="718" alt="Stud_PE showing timestamp in driver">
    <div class="legend">Fig 7. Stud_PE highlighting Time/Date Stamp attribute in the original truecrypt.sys, pointing at offset 00000270</div>
    File offset 000002C0 is the Optional PE CheckSum header, which also differs for the same reason as in the .exe files, namely the file is different so the checksum is different but it's not important. File offset 00000300 is the Certificate Table difference, which we explained is normal. Single-byte differences at file offsets 00000390, 00006731, 0001EA50 and 0002CBA0, and few bytes at 00036844 are not exactly clear at this point.
    The end of the original file contains more information, namely the certificate. Also, the block difference starting at 0002CBAC and ending at 0002CC7F is certainly only related to the difference in project path. The project folder on my machine was on the desktop while developer's had it apparently in c:\truecrypt-7.1a. Let's compile the project again after moving the project directory to the same location as the developers, and see what happens. Comparison from this build with the original file is shown in Fig.&nbsp;8.<br>
    <a href="img/tcsys_hex2.png" class="aimg"><img src="img/tcsys_hex2.png" alt="Differences between compiled truecrypt.sys and origial one (2)" width="800"></a>
    <div class="legend">Fig 8. Differences between my truecrypt.sys compiled from the same project directory as the developers (left) and the original one (right)</div>
    Miraculously, all the unexplained single-byte differences are gone. Only the section starting at 0002CBAC remains unclear. My guess is that it is only related to some compilation details and not a difference in the source code. To prove this, let's compare two versions compiled from the same project directory. Results are shown in Fig.&nbsp;9.<br>
    <a href="img/tcsys_hex3.png" class="aimg"><img src="img/tcsys_hex3.png" alt="Differences between two compiled truecrypt.sys (1)" width="800"></a>
    <div class="legend">Fig 9. Differences between two builds of truecrypt.sys on my system using the same project directory</div>
    Using the same source and same project directory results in the same pattern of difference in the block starting at 0002CBAC, as the pattern shown between my build from the correct project directory and the original file. This means that this difference is a normal result of the compilation process, and can be considered harmless from our point of view.<br>
    <b><u>UPDATE</u></b>: As pointed out to me by some readers, these 16 bytes of differences correspond to the <a href="http://www.godevtool.com/Other/pdb.htm" onclick="target='_blank'">RSDS PDB (debug) information</a>, specifically the GUID (Globally Unique Identifier) that is regenerated in each build.<br>
    Thus, all differences between my build and the original truecrypt.sys have been explained.
    
    <h4>truecrypt-x64.sys</h4>
    Expecting the same patterns of difference as for the 32-bit driver file, the analysis of the 64-bit version of the driver is straightforward. Let's start by comparing directly my build from c:\truecrypt-7.1a. Comparison is shown in Fig.&nbsp;10.<br>
    <a href="img/tcsys64_hex1.png" class="aimg"><img src="img/tcsys64_hex1.png" alt="Differences between compiled truecrypt-x64.sys and origial one (1)" width="800"></a>
    <div class="legend">Fig 10. Differences between my truecrypt-x64.sys compiled from the same project directory as the developers (left) and the original one (right)</div>
    We have indeed the same types of difference, namely, file offsets 000000F8 and 000212E4 are timestamps, 00000140 is for the CheckSum, 00000198 is for the Certificate Table, from 0002F494 to 0002F4A3 is <del>the benign block (because it is different even between two of my own builds)</del> <ins>the GUID in PDB, meant to change in each build</ins>, and from 00036A00 to the end, it is the additional certificate on the original file. Hence, there is no unexplained or dangerous difference either in the 64-bit version of the driver.
    
    <h4>TrueCrypt Setup 7.1a.exe</h4>
    Finally, the installer remains. Because the original installer packages the original signed files, I am going to package the original files with my compiled installer to avoid painful comparison. We already demonstrated that TrueCrypt.exe, TrueCrypt Format.exe, truecrypt.sys and truecrypt-x64.sys are the same as the originals, given some room for minute details like timestamps, checksums or additional certificates.
    After packaging the original files with my compiled installer, I get an installer of 3,458,614 bytes, again pretty close to the original installer (3,466,248 bytes). Fig.&nbsp;11 shows the comparison between my packaged installer and the original one.<br>
    <a href="img/tcsetupexe_hex1.png" class="aimg"><img src="img/tcsetupexe_hex1.png" alt="Differences between compiled TrueCrypt Setup 7.1a.exe and origial one (1)" width="800"></a>
    <div class="legend">Fig 11. Differences between my TrueCrypt Setup 7.1a.exe packaging the original files (left) and the original one (right)</div>
    Again, the usual TimeDateStamp, CheckSum and Certificate Table differ, and the original installer has a certificate at the end of its file. A new difference occurs at 0034C632 on 4 bytes. It looks like checksum. Let's change the timestamp at 000000F0 from E2 to E3 to see if the difference in timestamp explains this difference. When launching the executable, a popup occurs saying "This distribution package is damaged", which confirms that the last 4 bytes are actually a checksum over the whole file before the certificate.<br>
    <b><u>UPDATE</u></b>: Someone pointed me that this conclusion is weak. By investigating TrueCrypt's source code, I was able to deduce how to reproduce this checksum: Replace bytes between file offsets 00000130 and 000001FF (inclusive) with zeros, so as to zero out the Certificate Table (and even a bit more). Truncate the file after the magic word "TCINSCRC", which is located right before the alleged checksum. In other words, remove the checksum and the remaining of the file (the certificate data). Compute the CRC32 over the modified/truncated file. The resulting CRC32 is exactly what is written in little-endian format in these 4 bytes.<br>
    Thus, no unexplained differences can be found in the installer either.
    
    <h3>Getting as closely as possible</h3>
    In order to relieve some doubts about the additional certificate on all the original files, we can compare the original files unsigned against my build. Unsigning can be done with some tools, such as <a href="http://forum.xda-developers.com/showthread.php?p=2508061" onclick="target='_blank'">delcert</a> or <a href="http://www.fluxbytes.com/software-releases/fileunsigner-v1-0/" onclick="target='_blank'">FileUnsigner</a> (both produce the same result). Fig.&nbsp;12-16 are the closest match one can get when compiling TrueCrypt to match the official binaries. I use c:\truecrypt-7.1a as the project directory in this case.<br>
    <a href="img/tcexe-un_hex.png" class="aimg"><img src="img/tcexe-un_hex.png" alt="Differences between compiled TrueCrypt.exe and unsigned origial one" width="800"></a>
    <div class="legend">Fig 12. Differences between my TrueCrypt.exe (left) and the original one unsigned (right)</div>
    <a href="img/tcformatexe-un_hex.png" class="aimg"><img src="img/tcformatexe-un_hex.png" alt="Differences between compiled TrueCrypt Format.exe and unsigned origial one" width="800"></a>
    <div class="legend">Fig 13. Differences between my TrueCrypt Format.exe (left) and the original one unsigned (right)</div>
    <a href="img/tcsys-un_hex.png" class="aimg"><img src="img/tcsys-un_hex.png" alt="Differences between compiled truecrypt.sys and unsigned origial one" width="800"></a>
    <div class="legend">Fig 14. Differences between my truecrypt.sys (left) and the original one unsigned (right)</div>
    <a href="img/tcsys64-un_hex.png" class="aimg"><img src="img/tcsys64-un_hex.png" alt="Differences between compiled truecrypt-x64.exe and unsigned origial one" width="800"></a>
    <div class="legend">Fig 15. Differences between my truecrypt-x64.sys (left) and the original one unsigned (right)</div>
    <a href="img/tcsetupexe-un_hex.png" class="aimg"><img src="img/tcsetupexe-un_hex.png" alt="Differences between compiled TrueCrypt Setup 7.1a.exe and unsigned origial one" width="800"></a>
    <div class="legend">Fig 16. Differences between my TrueCrypt Setup 7.1a.exe packaging the original files (left) and the original one unsigned (right)</div>
    All files match in large portions and differences are understood to be benign. We can <b>conclude that the official TrueCrypt binaries are indeed coming from the public sources and do not contain a hidden backdoor not visible from the sources</b>. Of course, we need to <a href="http://dl.acm.org/citation.cfm?id=358210" onclick="target='_blank'">trust the compiler</a>, but in this case, it is independent of TrueCrypt.
  </div>
  
  <h2>Functional comparison</h2>
  We saw that compiled binaries are almost the same as the original and only few unimportant details differ. In order to get a 100% match, disassembling my build and the original files seems to be the ultimate solution. Any differences in the disassembled executables could be analyzed and reverse-engineered to understand their reason. Hopefully, there are not many of them...<br>
  To disassemble a file, I use objdump available in <a href="http://mingw-w64.sourceforge.net/" onclick="target='_blank'">MinGW-w64</a>. We need MinGW-w64 and not MinGW because the last one is unable to disassemble the 64-bit driver. It can run on 32-bit platform, though. The syntax of the command is shown below. The -d switch is for disassembling while -M intel is to use Intel instructions (vs. AT&amp;T).
  <div class="checksums">objdump -d -M intel file.exe &gt; file.asm.exe</div>
  Below are the commands I used to disassemble my build and the original files, given the paths explained and used in the above analysis.
    <textarea cols="95" rows="15" readonly>
C:\truecrypt-7.1a\Release\Setup Files&gt;objdump -d -M intel TrueCrypt.exe &gt; TrueCrypt.exe.asm

C:\truecrypt-7.1a\Release\Setup Files&gt;objdump -d -M intel "TrueCrypt Format.exe" &gt; "TrueCrypt Format.exe.asm"

C:\truecrypt-7.1a\Release\Setup Files&gt;objdump -d -M intel truecrypt.sys &gt; truecrypt.sys.asm
BFD: truecrypt.sys: Warning: Ignoring section flag IMAGE_SCN_MEM_NOT_PAGED in section .text
BFD: truecrypt.sys: Warning: Ignoring section flag IMAGE_SCN_MEM_NOT_PAGED in section .rdata
BFD: truecrypt.sys: Warning: Ignoring section flag IMAGE_SCN_MEM_NOT_PAGED in section .data

C:\truecrypt-7.1a\Release\Setup Files&gt;objdump -d -M intel truecrypt-x64.sys &gt; truecrypt-x64.sys.asm
BFD: truecrypt-x64.sys: Warning: Ignoring section flag IMAGE_SCN_MEM_NOT_PAGED in section .text
BFD: truecrypt-x64.sys: Warning: Ignoring section flag IMAGE_SCN_MEM_NOT_PAGED in section .rdata
BFD: truecrypt-x64.sys: Warning: Ignoring section flag IMAGE_SCN_MEM_NOT_PAGED in section .data
BFD: truecrypt-x64.sys: Warning: Ignoring section flag IMAGE_SCN_MEM_NOT_PAGED in section .pdata

C:\truecrypt-7.1a\Release\Setup Files&gt;cd C:\Users\TrueCryptTest\Desktop\testinstaller

C:\Users\TrueCryptTest\Desktop\testinstaller&gt;objdump -d -M intel "TrueCrypt Setup 7.1a.exe" &gt; "TrueCrypt Setup 7.1a.exe.asm"

C:\Users\TrueCryptTest\Desktop\testinstaller&gt;cd C:\Users\TrueCryptTest\Desktop\TrueCryptOrig

C:\Users\TrueCryptTest\Desktop\TrueCryptOrig&gt;objdump -d -M intel TrueCrypt.exe &gt; TrueCrypt.exe.asm

C:\Users\TrueCryptTest\Desktop\TrueCryptOrig&gt;objdump -d -M intel "TrueCrypt Format.exe" &gt; "TrueCrypt Format.exe.asm"

C:\Users\TrueCryptTest\Desktop\TrueCryptOrig&gt;objdump -d -M intel truecrypt.sys &gt; truecrypt.sys.asm
BFD: truecrypt.sys: Warning: Ignoring section flag IMAGE_SCN_MEM_NOT_PAGED in section .text
BFD: truecrypt.sys: Warning: Ignoring section flag IMAGE_SCN_MEM_NOT_PAGED in section .rdata
BFD: truecrypt.sys: Warning: Ignoring section flag IMAGE_SCN_MEM_NOT_PAGED in section .data

C:\Users\TrueCryptTest\Desktop\TrueCryptOrig&gt;objdump -d -M intel truecrypt-x64.sys &gt; truecrypt-x64.sys.asm
BFD: truecrypt-x64.sys: Warning: Ignoring section flag IMAGE_SCN_MEM_NOT_PAGED in section .text
BFD: truecrypt-x64.sys: Warning: Ignoring section flag IMAGE_SCN_MEM_NOT_PAGED in section .rdata
BFD: truecrypt-x64.sys: Warning: Ignoring section flag IMAGE_SCN_MEM_NOT_PAGED in section .data
BFD: truecrypt-x64.sys: Warning: Ignoring section flag IMAGE_SCN_MEM_NOT_PAGED in section .pdata

C:\Users\TrueCryptTest\Desktop\TrueCryptOrig&gt;cd ..

C:\Users\TrueCryptTest\Desktop&gt;objdump -d -M intel "TrueCrypt Setup 7.1a.exe" &gt; "TrueCrypt Setup 7.1a.exe.asm"

C:\Users\TrueCryptTest\Desktop&gt;</textarea>
  Now, let's compare the disassembled binaries. Files size and checksums of my build are reported in the Table 3.
  <table style="width:100%">
    <tr><td style="width:200px"><b>Name</b></td><td style="width:80px"><b>Size (B)</b></td><td><b>MD5</b></td><td><b>SHA1</b></td></tr>
    <tr><td>TrueCrypt.exe.asm</td><td>10,050,203</td><td>d84d9529eeef94f10ea64043718d4db4</td><td>3fbece921cab0c02464834cefb2f6b9f1062a5d2</td></tr>
    <tr><td>TrueCrypt Format.exe.asm</td><td>9,841,926</td><td>568a41d9d40487b0d69c5c250bcdd8e0</td><td>98945b1d0c8cd727d99ef11b89ffb7517751819c</td></tr>
    <tr><td>truecrypt.sys.asm</td><td>2,249,768</td><td>74740de231de78da1d29b1f074d6738f</td><td>78cd0b6a6045210abf64fc9c8bf0871cdde4f20a</td></tr>
    <tr><td>truecrypt-x64.sys.asm</td><td>2,015,137</td><td>735ddcaf11cf3c57689854d8eec50a49</td><td>1a929fc19e8f1a5fc4f9e642f490573b7152928c</td></tr>
    <tr><td>TrueCrypt Setup 7.1a.exe.asm</td><td>4,717,188</td><td>2b2301f52b6cf4ce6911ae04fb8d4021</td><td>b06350262b00d87f444a57d1c58eb288fab896bf</td></tr>
    </table>
    <div class="legend">Table 3. Disassembled binaries, their size and checksums, from my own build</div>
    Files size and checksums of the original files are reported in the Table 4.
  <table style="width:100%">
    <tr><td style="width:200px"><b>Name</b></td><td style="width:80px"><b>Size (B)</b></td><td><b>MD5</b></td><td><b>SHA1</b></td></tr>
    <tr><td>TrueCrypt.exe.asm</td><td>10,050,203</td><td>d84d9529eeef94f10ea64043718d4db4</td><td>3fbece921cab0c02464834cefb2f6b9f1062a5d2</td></tr>
    <tr><td>TrueCrypt Format.exe.asm</td><td>9,841,926</td><td>568a41d9d40487b0d69c5c250bcdd8e0</td><td>98945b1d0c8cd727d99ef11b89ffb7517751819c</td></tr>
    <tr><td>truecrypt.sys.asm</td><td>2,249,768</td><td>74740de231de78da1d29b1f074d6738f</td><td>78cd0b6a6045210abf64fc9c8bf0871cdde4f20a</td></tr>
    <tr><td>truecrypt-x64.sys.asm</td><td>2,015,137</td><td>735ddcaf11cf3c57689854d8eec50a49</td><td>1a929fc19e8f1a5fc4f9e642f490573b7152928c</td></tr>
    <tr><td>TrueCrypt Setup 7.1a.exe.asm</td><td>4,717,188</td><td>2b2301f52b6cf4ce6911ae04fb8d4021</td><td>b06350262b00d87f444a57d1c58eb288fab896bf</td></tr>
    </table>
    <div class="legend">Table 4. Disassembled binaries, their size and checksums, from the original binaries</div>
    Don't you notice anything? Oh, they are identical. This means both versions are performing the same exact tasks, no single difference. One can be concerned that a different Entry Point into the program can result in a different behavior. This is legitimate, but dangerous behaviors could be seen from the source, and we did not notice any differences in the file headers regarding the AddressOfEntryPoint. Only the Date/Time Stamp, the Checksum and the Certificate Table differ (all understood and legitimate differences).
    
    <h2>Conclusion</h2>
    Given this analysis, we can conclude that <b>I compiled TrueCrypt from the official sources and matched the official binaries</b>, and everyone who is able to gather the prerequisites for compiling TrueCrypt the same way as I did, is able to prove the same thing.<br>
    Before reaching this interesting result though, I was suspicious like many other people. I first compiled TrueCrypt with Visual Studio 2010 SP1 with all updates, and I got significantly different binaries, whose disassembled versions also differed a lot. I then switched to Visual Studio 2008 SP1 with all updates, but I got again significant changes, although less than compared to the build from VS2010. I had to be careful at reproducing the environment of the developers as close as possible, which made me reinstall VS2008 with SP1 but only with the post-SP1 updates released before TrueCrypt 7.1a was released. This means I omitted one available update. Only then, I could achieve an identical build and prove to myself that TrueCrypt is not backdoored by the developers in a way that is not visible from the sources. People should not take this conclusion for granted and are encouraged to reproduce this result by themselves.<br>
    My analysis can serve the <a href="http://istruecryptauditedyet.com/" onclick="target='_blank'">IsTrueCryptAuditedYet</a> to understand the importance of running the exact same compiler version in order to provide a deterministic build. Fortunately, TrueCrypt sources come with a working Visual Studio solution ready to compile, and thus relieve lots of problems that can arise from differences in the project configuration. Now, efforts can be focused on auditing the source code, rather than trying to reverse-engineer the whole software to search for non-existent backdoors.
    
    <h2>Extension</h2>
    Now we know version v7.1a is not backdoored <ins>between the sources and the official binaries</ins>, what about previous versions? Were they backdoored?<br>
    We can prove very easily that version 7.0a was compiled from the provided sources. Sources and official builds can be found on <a href="http://cyberside.planet.ee/truecrypt/">planet.ee</a> with digital signatures to verify their authenticity, because TrueCrypt's official website doesn't provide the old sources anymore. The prerequisites for v7.0a are very similar to v7.1a. However, because it was released on September 2010, we need to uninstall KB2538241 for Visual Studio 2008 which was released in June 2011. From there, all the analysis conducted on v7.1a applies to v7.0a (the original project was located in c:\truecrypt-7.0a based on information in the .sys driver). Binaries match up to the difference in timestamps, checksums and additional certificates. Disassembled versions are identical. I didn't analyze v7.1 and v7.0 as they lived a short life.<br>
    Version 6.3a was another popular version. At that time, WDK was at version 7.0.0, so the version 7.1.0 needs to be uninstalled first, then 7.0.0 can be found on the Web (not at Microsoft apparently). NASM was used in version 2.06, however it fails to compile the 64-bit version of the driver on my test machine, so I used back version 2.08 which worked fine. No other VS2008 updates to uninstall, except KB2538241 which wasn't even used for v7.0a. Once compiled (the project was located in c:\truecrypt), the same analysis can be conducted again on this version and binaries can be proven to originate from the public source code, as I found myself. These conclusions should relieve many concerns regarding the trustworthiness of TrueCrypt in general, although only the audit of the source code should be relied on now.
    
  <div class="hr"></div>
  <div id="displaychecksum" class="show"><a onclick="showText('checksums','displaychecksum')" href="javascript:void(0);"><h2>[+] Appendix: Checksums</h2></a></div>
  <div id="checksums" class="hide">
  <a onclick="showText('displaychecksum','checksums')" href="javascript:void(0);"><h2>[-] Appendix: Checksums</h2></a>
  Below are the checksums of all files downloaded and used in this analysis.<br>
    Microsoft Windows 7 Professional SP1 x64:
    <div class="checksums">Filename: en_windows_7_professional_with_sp1_x64_dvd_u_676939-alleditions.iso
MD5:      93062fb2c66e833714b18e8dc3b40648
SHA1:     3ae906a2a3457d354d3bf854624fb46b0bb897f1</div>
    Actually based on this one patched with eicfg removal utility from <a href="http://code.kliu.org/misc/winisoutils/">http://code.kliu.org/misc/winisoutils/</a> (which doesn't actually make any effect on the edition selection):
    <div class="checksums">Filename: en_windows_7_professional_with_sp1_x64_dvd_u_676939.iso
MD5:      ed15956fe33c13642a6d2cb2c7aa9749
SHA1:     0bcfc54019ea175b1ee51f6d2b207a3d14dd2b58</div>
    
    Microsoft Visual C++ 2008:
    <div class="checksums">Filename: en_visual_studio_2008_professional_x86_x64wow_dvd_X14-26326.iso
MD5:      ba1ba1a6ddd0c93441153af9e93a7b22
SHA1:     69702515f0d7e085cbec39bff3a3b7ae5050ca3c</div>
    Microsoft Visual C++ 2008 SP1 update:
    <div class="checksums">Filename: VS2008SP1ENUX1512962.iso
MD5:      0c5c6b7e4e80b66cd299b1dba6a819db
SHA1:     2459232f67b38594de192778020145dcd0b0df9f</div>
    Security Update for Microsoft Visual Studio 2008 Service Pack 1 ATL for Smart Devices (KB973675) 2009-08-10:
    <div class="checksums">Filename: VS90SP1-KB973675-x86.exe
MD5:      21f7c6480a5de367aa12de6a552a3bbc
SHA1:     2f3125344060328e88927a006d300aef9c6ec5c4</div>
    Security Update for Microsoft Visual Studio 2008 Service Pack 1 (KB971092) 2009-08-03:
    <div class="checksums">Filename: VS90SP1-KB971092-x86.exe
MD5:      552bcf106d8967c4528c8f28699ba428
SHA1:     2b405e4704121d10a91374905e64a76eea5b5239</div>
    Security Update for Microsoft Visual Studio 2008 Service Pack 1 (KB972222) 2009-10-12:
    <div class="checksums">Filename: VS90SP1-KB972222-x86.exe
MD5:      650a7bf6aee5189bae91a11358ce744d
SHA1:     c7f2248adeab92f5f373228b1ad322e7daad4f63</div>
    Security Update for Microsoft Visual Studio 2008 Service Pack 1 (KB2538241) 2011-06-07:
    <div class="checksums">Filename: VS90SP1-KB2538241-x86.exe
MD5:      8fda84c109a4a954a6b08da52a88535f
SHA1:     82f12f8516a97b043ba4691e562672b35b5d538b</div>
    Microsoft Visual C++ 1.52c (from vetusware)
<div class="checksums">Filename: Microsoft - Visual C++ 1.52c - Installation CD.zip
MD5:      1cc30b5bbc1faaf10004d822b0e22fe6
SHA1:     266b04a8a7e692fa59ef459928f14e48de7f3883</div>
    Microsoft Visual C++ 1.52c (original, kindly provided to me) has a 170-byte file less (MSVC.WSP) and an additional almost empty NTHOST.GID. None are accessed during the builds, so compilation with the vetusware's version doesn't need to be trusted more than the original.
<div class="checksums">Filename: en_vc152.exe
MD5:      08dfc372571de28274564fd71c5b2d4c
SHA1:     71f6469f9b136a58a9957108fff14e854b031d6c</div>
    Microsoft Windows SDK for Windows 7 and .NET Framework 4 (x64)
<div class="checksums">Filename: GRMSDKX_EN_DVD.iso
MD5:      09ab322d876ae4cf10fdae23249807d3
SHA1:     9203529f5f70d556a60c37f118a95214e6d10b5a</div>
    Microsoft Windows Driver Kit 7.0.0
<div class="checksums">Filename: GRMWDK_EN_7600.ISO
MD5:      59296616f20277f425d3eac6e0e8fcdf
SHA1:     8cb1f754acde465dcaee17c9b1558681941eb844</div>
    Microsoft Windows Driver Kit 7.1.0
<div class="checksums">Filename: GRMWDK_EN_7600_1.ISO
MD5:      8fe981a1706d43ad34bda496e6558f94
SHA1:     de6abdb8eb4e08942add4aa270c763ed4e3d8242</div>
    PKCS #11 headers
<div class="checksums">Filename: pkcs11.h
MD5:      713ac88786b436a5df02bface7dfce45
SHA1:     4a87fd021aed6304bccf3987107812b9d701dfe9</div>
<div class="checksums">Filename: pkcs11f.h
MD5:      652434a5793eb14aae7b5baa07f6cfc7
SHA1:     853ad63da8961ac309bac902d270d3497a8e3356</div>
<div class="checksums">Filename: pkcs11t.h
MD5:      aeebc839b98e672982abf566e6a25525
SHA1:     1909623adf647589c7d7e8f49672936c8e03d500</div>
    NASM assembler 2.08
<div class="checksums">Filename: nasm-2.08-installer.exe
MD5:      6ca37399edf93ddf862df87e087f3b90
SHA1:     5efb0265c6d2a9da1eda5dd3ca3abbffc1a625f4</div>
    gzip
<div class="checksums">Filename: gzip.exe
MD5:      bf2aaf579a213e86903031a3f95050e2
SHA1:     5108786e02247c7df6906625a2873ddac5f125be</div>
    dd
<div class="checksums">Filename: dd.exe
MD5:      9c36fdfdca4551c377c0fe97c5d64aef
SHA1:     97a97a62664b71f49df745063bce9d613d3b3cb4</div>
    delcert
<div class="checksums">Filename: delcert.exe
MD5:      f4e191421d300c901a59b6f2e1dd00cb
SHA1:     f38aae5b976375d6bfeacca0f2206dbce3718ca4</div>
    FileUnsigner 1.2.1.0
<div class="checksums">Filename: FileUnsigner.exe
MD5:      0db54cf6cc4b447a6da27f7ccb90b804
SHA1:     4cfabea67a9d0f734cf2fe5a850c9cf5f49f912a</div>
    MinGW-w64 objdump
<div class="checksums">Filename: objdump.exe
MD5:      6187e8b2c511a3d8123258d361066f96
SHA1:     3dc8eccfecf586d80bb17a853527a3b5efea927a</div>
    Beyond Compare 3.3.3.14128
<div class="checksums">Filename: BCompare-3.3.3.14128.exe
MD5:      2f2258023e02eea3b1f14c3183387965
SHA1:     94bf910f329fb4505a23a64f9dadd3390abf5b47</div>
    TrueCrypt 6.3a
<div class="checksums">Filename: TrueCrypt 6.3a Source.zip
MD5:      6c1f585957cb07e58c51732c83dad1e0
SHA1:     d21d22754584e419cda332d4e9561145d79d3475</div>
<div class="checksums">Filename: TrueCrypt Setup 6.3a.exe
MD5:      e14e7bd954482e5f43f9f8ce0ab2f7e2
SHA1:     2a31c146a5a4dbff00884678d8c2eca44928e03d</div>
    TrueCrypt 7.0a
<div class="checksums">Filename: TrueCrypt 7.0a Source.zip
MD5:      752479c674bc18d6bcf55d056560f0a7
SHA1:     8f9bf2ae13461fb3bfb4d1f7acb76c7c1c7ed29d</div>
<div class="checksums">Filename: TrueCrypt Setup 7.0a.exe
MD5:      354e280c4bb56704e3925770f282588f
SHA1:     9ebe5de6130deae5d361306bf0add7a6789f6fbc</div>
    TrueCrypt 7.1a
<div class="checksums">Filename: TrueCrypt 7.1a Source.zip
MD5:      3ca3617ab193af91e25685015dc5e560
SHA1:     4baa4660bf9369d6eeaeb63426768b74f77afdf2</div>
<div class="checksums">Filename: TrueCrypt Setup 7.1a.exe
MD5:      7a23ac83a0856c352025a6f7c9cc1526
SHA1:     7689d038c76bd1df695d295c026961e50e4a62ea</div>
    TrueCrypt 7.2
<div class="checksums">Filename: TrueCrypt-7.2-source.zip
MD5:      1165b1d22f05d926d7b62c286cd90e67
SHA1:     f562238ad3547a4ee9ba676306a7a742c35b63f3</div>
<div class="checksums">Filename: TrueCrypt-7.2.exe
MD5:      8af39ed9c2080fa9b3061fa7c0ff792f
SHA1:     859c63110fba8747d16d9e7be49bbee7639ab84c</div>
  </div>
  <div class="hr"></div>
  <div>
    <i><a href="http://users.encs.concordia.ca/~x_decarn/">Xavier de Carné de Carnavalet</a><br>Master's student in Information Systems Security at Concordia University, Canada</i>
  </div>
  <p class="logo center">
    <a href="http://www.concordia.ca/" onclick="target='_blank'">
      <img src="img/concordia_logo.png" style="display:inline" width="300" height="72" alt="Concordia University" />
    </a>
    <a href="http://www.encs.concordia.ca/" onclick="target='_blank'">
      <img src="img/encs_logo.png" style="display:inline" width="235" height="72" alt="Engineering and Computer Science Department" />
    </a>
    <a href="http://www.ciise.concordia.ca/" onclick="target='_blank'">
      <img src="img/ciise_logo.png" style="display:inline" width="64" height="72" alt="Concordia Institute of Information Systems Engineering" />
    </a>
  </p>
</div>
</body>
</html>