What Is Whole Disk Encryption?

Hard disk encryption refers to encrypting the hard disk of a computer user to prevent information leakage.

There are five methods for computer hard disk encryption: modify the hard disk partition table information, add passwords to the hard disk startup, implement user encryption management on the hard disk, implement write protection on a logical disk, and encrypt disk sector data.

Hard disk encryption to modify the partition table

The hard disk partition table information is very important for the startup of the hard disk. If you cannot find a valid partition table, you will not be able to boot from the hard disk or even if you boot from a floppy disk. Generally, the 0th byte of the first partition table entry is 80H, which indicates that the C drive is the active DOS partition. Whether the hard disk can boot depends on it. If you change the byte to 00H, you cannot boot from the hard disk, but after booting from the floppy disk, the hard disk can still be accessed. The fourth byte of the partition table is the partition type flag. The first partition here is usually 06H, which indicates that the C drive is the active DOS partition. If you modify the first partition here, you can play a role in encrypting the hard disk.

Specifically in:

1. If the byte is changed to 0, it means that the partition is not used, of course, it can no longer be booted from the C drive. After booting from the floppy disk, the original C drive is gone. The C drive you see is the original D drive, the D drive is the original E drive, and so on.

2. If the byte is changed to 05H, not only cannot boot from the hard disk, even if booting from the floppy disk, each logical disk of the hard disk is inaccessible, which means that the entire hard disk is encrypted. In addition, the valid flag of the hard disk master boot record is that the last two bytes of the sector are 55AAH. If these two bytes are changed to 0, the entire hard disk can be locked and cannot be accessed. The hard disk partition table is in the physical 0 cylinder 0 head 1 sector. You can use Diskedit in NortonforWin95 to directly call up and modify the sector and save it. Or use INT13H's 02H sub-function to read 1 sector of 0 cylinder 0 head in memory under Debug, modify it at the corresponding position, and then use INT13H's 03H sub-function to write 0 cylinder 0 head 1 sector.

Newman r007 The above encryption process is enough for ordinary users. But for experienced users, even if the hard disk is not accessible, you can use the 02H subfunction of INT13H to read the 0 cylinder 0 head 1 sector and modify the corresponding position data according to experience to unlock the hard disk because these locations The data is usually fixed or limited in several cases. Another safe but clumsy way is to back up the partition entries of the hard disk, and then change all of them to 0, so that others cannot unlock the hard disk and access the hard disk because they do not know the partition information.

Hard disk encryption boot password

We know that a system password can be set in CMOS so that illegal users cannot start the computer, and of course, they cannot use the hard disk. But this does not really lock the hard disk, as long as the hard disk is hung on another computer, the data and software on the hard disk can still be used. To start adding a password to the hard disk, you can first store the master boot record and partition information of hard disk 0 cylinder 0 head 1 sector in hidden sectors that are not used by the hard disk, such as 0 cylinder 0 head 3 sector. Then use Debug to rewrite a program that does not exceed 512 bytes (actually more than 100 bytes is sufficient) and load it into the hard disk 0 cylinder 0 magnetic head 1 sector. The function of this program is to first enter the password when executing it. If the password is incorrect, it enters an endless loop; if the password is correct, it reads the hidden sectors (0 cylinders, 0 magnetic heads, and 3 sectors) that store the master boot record and partition information on the hard disk. Area), and go to perform the master boot record.

When the hard disk starts, the BIOS first calls the bootloader INT19H to read the master boot record of the 0 cylinder 0 head 1 sector of the main hard disk into memory 0000: 7C00H, and we have stolen the beam and changed the column, and replaced the 0 cylinder 0 head 1 fan. Districts become our own programs. In this way, when booting from the hard disk, the first execution is not the main boot program, but the program we designed. When executing the program we designed, if the password is incorrect, it cannot continue to execute, and it will not start. Even when booting from a floppy disk, the hard disk can no longer be accessed because the sector information of the 0 cylinder 0 head 1 sector no longer exists. Of course, we can also design the program like a virus, and part of it resides in high-end memory, monitors the use of INT13H, and prevents the 0 cylinder 0 head 1 sector from being rewritten.

Hard drive encryption card

Hard drive encryption user encryption

The UNIX operating system can implement multi-user management. Under the DOS system, the hard disk management system can be improved, and similar functions can also be used for multi-user management. The management system can meet such requirements: 1. The hard disk is divided into a public partition C and several dedicated partitions D. Among them, "super user" manages area C, and can read and write and update the system in area C; "special users" (such as internal personnel in the computer room) use their own partitions to protect their files and data by passwords; "general users" (Such as ordinary people who go to the computer room to use the machine) Use the designated common area at will. The latter two types of users cannot write to the C drive. In this way, if the operating system and a large amount of application software are installed on the C drive, it can prevent other people in the public computer room from intentionally or unintentionally damaging the system and software, ensuring the system. Security and stability. 2. When the system starts, you need to use the floppy keypad to start the system, otherwise the hard disk is locked and cannot be used. The realization of this method can be realized by using assembly programming by using the partition linked list structure of each logical disk in the hard disk partition table.

Hard disk encryption write protection

We know that there is a write-protection gap on the floppy disk. Before writing to the floppy disk, the BIOS should check the status of the floppy disk. If the write-protection gap is closed, the write operation cannot be performed. The write protection function cannot be performed on the hardware for the hard disk, but can be implemented by software. Under the DOS system, the write operation of the disk includes several cases: write operations with support, such as MD, RD, COPY, etc .; some sub-functions in the DOS function call, such as function numbers 10H, 13H, 3EH, 5BH, etc. can write to the hard disk; Convert logical sectors to absolute sectors for writing through INT26H; Write to disks through subfunction numbers 03H, 05H, etc. of INT13H. But at the end of each write operation, the sub-function of INT13H is called to implement.

Therefore, if the INT13H is intercepted, the write operation to the specific logical disk of the hard disk can be prohibited. Because the write operation of the file on the disk is written through the 03H subfunction of INT13H, when this subfunction is called, the register CL indicates the starting sector number (in fact, only the lower 6 bits are used); CH indicates the track number, which is on the hard disk. Cylinder number, this cylinder number is represented by 10 digits, and its highest two digits are placed in the highest two of CL

Process Bit. When partitioning a hard disk, you can divide the hard disk into multiple logical drives, and each logical drive starts from a complete cylinder. For example, my hard disk is 2.5GB, which is divided into five disks: C, D, E, F, and G. The starting cylinder number of the C disk is 00H, the starting cylinder number of the D disk is 66H, the starting cylinder number of the E disk is E5H, the starting cylinder number of the F disk is 164H, and the starting cylinder number of the G disk is 26BH. . If INT13H is intercepted, when AH = 03H, and the cylinder number represented by the upper two bits of CL and CH is greater than E4H and less than 164H, it will return without doing anything, so that writing to the E disk can be prohibited.

Hard disk encryption Disk sector data encryption

Information such as computer files and partition tables are based on sector blocks and are stored in storage devices such as hard disks, U disks, or floppy disks. Using the relevant mathematical encryption algorithm, before data is written to the disk, it is encrypted and then written to the corresponding sector of the disk, so that the data in the disk exists in the form of ciphertext.

This method is true disk data encryption, which is different from modifying the partition table, adding a disk boot password, and tampering with the sector address. It cannot analyze the partition or file storage of the disk, nor can it obtain the files stored on the hard disk.

There are two software implementation schemes for this disk encryption method: one is a software scheme, and the other is a hardware encryption scheme.

Software encryption occupies CPU time and a large amount of memory, and has poor real-time performance; a better solution is to use a hard disk encryption card and a dedicated encryption and decryption chip to perform real-time encryption and decryption of data on the hard disk. The hard disk encryption card has two data ports, one is connected to the computer motherboard, and the other is connected to the hard disk.

Hard disk encryption chip structure

Hard disk encryption encryption scheme

Hard disk encryption, floppy disk encryption

This is the oldest encryption scheme on a computer. Its principle is to write some information in a special location on a floppy disk. The software needs to verify this information when it is running. This floppy disk is like a key. Software developers can make multiple key disks by investing in a set of encryption tools at one time. This method has simple encryption and low cost, and its flash points can be seen in different periods of software development. However, because the floppy drive is a slow device, checking the encryption points on the floppy disk multiple times will greatly slow down the running speed of the program, so the general encryption software is only checked once when the software is running. Copy software. And because the floppy disk is a vulnerable carrier, repeated reading and writing of encryption points by the encryption software can easily cause damage to the floppy disk. This encrypted disk cannot be backed up, and the software company has to cope with users' requests to replace the encrypted disk. In addition, because this encryption technology appeared earlier, the technology of hard decryption is relatively mature, like King-Copy software of Double Star Company can copy most encrypted floppy disks. Copy even the encryption point. The copied floppy disk is still encrypted.

Hard disk encryption card encryption

In the early 1990s, a variety of Hankas emerged, and the card encryption technology that followed them became popular. Due to various problems, this encryption technology is rare.

Hard drive encryption software lock

Software lock encryption first appeared abroad. It is a matchbox-sized device that is inserted into the printing port of a computer. There are certain data and algorithms stored in the dongle, and the computer can communicate with it to obtain the data or perform some calculations through the dongle. The software cannot run without the dongle. Because it does not need to open the computer case for installation like card encryption, but it can be accessed at any time like an encryption card, and the access speed is fast, so it was favored by software developers as soon as it was launched. All dongles provide a programmable interface. The user can control the contents of the dongle, and access the dongle arbitrarily through the dongle interface in the program. Foreign encryption locks generally only provide several algorithms, but good encryption locks can not only provide customers with encryption algorithms, but also allow customers to customize encryption algorithms according to their own wishes and allow customers to customize user ID numbers. However, the encryption lock is also lacking. Because the encryption lock uses the printing port of the computer, and the printing port was originally designed for the printer, the software lock must ensure that the user's encryption operation is correct and the printer must also work normal. However, due to the vastly different design of printer drivers, no encryption key can do this completely.

Hard disk encrypted disc encryption

Since floppy disk encryption is successful first, why can't there be optical disk encryption? However, there are indeed some problems in actual operation, because the optical disc has the ISO9660 standard protocol and its controllability is stricter than that of a floppy disk. It is really difficult to find a way that can only run but cannot be copied. But there have been several such products, and the encryption methods are not the same. The main principle is that some characteristic information on the special optical disc master is not reproducible, and most of these characteristic information are non-data content on the optical disc, which cannot be copied when the optical disc is copied. Because the investment is one-time, this encryption scheme can reduce the cost for large-scale production. And software data and encryption are on the same carrier, which is undoubtedly very convenient for users. But this is a newer encryption scheme, and many aspects need further verification. Moreover, due to the limitation of the encryption method, it is impossible to realize such encryption on the optical disc burned by the user, and it must be an optical disc produced on a production line. This is still difficult for some small-scale software manufacturers, and because of the read-only nature of the disc, once the encryption is wrong, it cannot be repaired.

Hard drive encryption Mobile hard drive encryption

(1) NTFS format for mobile hard disk encryption

EFS encryption can be performed on all files in the partition, provided that the partition format is NTFS.

Select the drive letter of the mobile hard disk or the folder to be encrypted, right-click, Properties, General-Advanced, check the "Encrypt content to protect data" check box at the bottom, and click three times to confirm. EFS encryption is fast. , No longer accessible on other computers. However, this method has a misunderstanding that once you reinstall the system, the encrypted file will not open.

(2) Use mobile hard disk encryption software to encrypt the mobile hard disk

Encryption software can be used to encrypt all files and folders in the U disk and mobile hard disk within a few seconds, or the files you need to encrypt and the folders you need to encrypt. When decrypting, you can also decrypt all encrypted files and encrypted folders or only the encrypted files and encrypted folders you need to use.

Hard drive encryption other schemes

All encryption schemes with additional hardware devices have a certain encryption cost in them. Of course, it does not matter for expensive software, but for those shareware or software with a low price itself, hardware encryption costs may be higher than software The price is still high, so a lot of soft encryption schemes have come out.

Hard disk encryption password table

At the beginning of the software operation, the user is required to enter a specific answer according to the prompt information on the screen. The answer is often in a copy-protected password form in the user manual. The user can only continue running after entering the correct password. This encryption scheme is simple to implement and does not require much cost. However, the user has to find the password every time the software is run, which inevitably makes the user feel very inconvenient. Most games like Taiwan use this encryption method. And often there are some who have patience to enter the entire password table into the computer and save it as a file, and publish it along with the pirated version of the software, leaving the encryptor helpless. Basically, it is an encryption method that prevents gentlemen and villains. Is a password library.

Hard disk encryption serial number

This encryption method is not a complete encryption scheme from a certain point of view. Many Shareware (shareware) nowadays mostly adopt this encryption method. Users do not need to pay for the trial period of the software. Once the trial period expires, If you want to continue using this software, you must register with the software company, and then the software company will generate a serial number based on the information you submit (usually the user's name). After you receive this serial number, and the software runs When you enter it, the software will verify that the relationship between your name and serial number is correct. If it is correctly stated that you have purchased this software, there is no date limit. This encryption scheme is simple to implement, and the purchase process is also completely implemented on the Internet. Both developers and buyers find it convenient. However, interested people may have noticed that the verification between the software name and serial number is done on your computer. Many hackers use this vulnerability to find out the conversion relationship between the name and serial number, and write a code called KeyMaker program, you only need to enter your name, this program will help you calculate the serial number, and then enter your name and this serial number into the software to become genuine software. And there is no better way to stop the user from spreading the serial number he obtained after registration.

Hard drive encryption license

This method can be said to be a variant of serial number encryption from a certain point of view. The software you download or buy from the Internet cannot be used directly. The software will check your computer during installation or operation. And generate a specific fingerprint of your computer according to the detection results. This fingerprint can be a small file or a string of numbers that no one can understand. You need to pass this fingerprint data through the Internet, E-mail, phone, fax After sending it to the developer, the developer will give you a registration code or registration file according to the fingerprint. You can get this registration code or registration file and follow the steps required by the software to complete registration on your computer before you can use it. This method of buying and selling is also carried out entirely through the network, and the software purchased by the user is restricted to run on his own computer only. If he switches to another computer, the registration code or registration file may no longer be valid. However, the replacement of some hardware devices by the user may also cause the registration code to become invalid, and the user will be unable to use the software for a period of time after completing the registration after receiving the software.

Hard disk encryption encryption software

Hard disk encryption Ming Dynasty Wanda hard disk encryption

The new generation of hard disk encryption technology released by the Ming Dynasty Wanda Chinasec is more intelligent, secure and reliable. In response to the above risks, it provides a full-disk encryption function of the computer, including all files saved on the local disk such as the system disk and data disk, effectively intercepting the read and write requests of the disk data by the operating system or application software; it solves the physical loss of computer equipment and external hard disk plug-ins. Data re-installation, operating system reinstallation, PE boot, and CD boot, etc .; data theft or malicious disclosure; ensuring the security of data stored in encrypted disks is a useful magic weapon to prevent important or sensitive data from being leaked.
The Ming Dynasty Wanda new generation hard disk encryption technology has the following characteristics:
First, boot authentication protection The system provides boot authentication function, that is, the authentication between the user and the machine takes precedence over the system startup. After the BIOS is started, the password is used for authentication, and legal authorization can start your computer to use the local disk data normally, which is equivalent to controlling at the bottom layer to ensure the safety of the hard disk data. At the same time, the system supports entering the system through the authorization code given by the administrator when the user forgets the authentication password.
Second, support a variety of encryption algorithms The system supports a variety of encryption algorithms, such as DES, AES and M4, etc., the system default built-in SM4 128-bit encryption algorithm, with policy compliance.
Third, the encryption method is flexible  Ming Dynasty Wanda Chinasec (An Yuan) disk encryption technology is divided into two methods: fast encryption and deep encryption. The fast encryption method only encrypts the disk partition table, which is characterized by short deployment time; the deep encryption method encrypts the entire disk data, which is characterized by high security. Enterprises can adopt a more reasonable encryption method according to their actual situation.
Fourth, the background without perception automatic encryption and decryption The system supports all types of hard disk sector-level dynamic encryption and decryption, all encryption processes are fully automated in the background, completely transparent to the user, the entire process users have no perception. When Windows starts, users will not see the files with any attributes related to "encryption" when viewing the files; but if you change the angle, for example, two systems are installed on one computer, or the hard disk containing the system is removed If I connect to another computer and try to access the partition where the system with hard disk encryption is applied, we will receive an access denied message.
5. Support breakpoint encryption and decryption. <During the encryption or decryption process, the client restarts the computer after abnormal operations such as system shutdown and power failure, and the client continues to perform the corresponding encryption and decryption actions.
6. Centralized deployment and unified security policy. The system issues security policies centrally, and the client is uniformly controlled by the management. When the policy is running, the user does not have the control right to modify the security policy. It becomes easier to enforce the security policy on the client, and the later maintenance is simpler.
Seven, perfect data recovery measures The server will record the current client state in real time. When the client loses power, the user forgets the password, loses the token, or leaves the organization, the client can safely recover to the current state; A help desk for online recovery tools can be created to remotely reset user passwords through the help desk.
8. Encrypt every sector of the hard disk, comprehensively and thoroughly.
Nine, simple to use, users only need to remember a password

Sophos Hard drive encryption Sophos protection

Enterprise-class data protection products, with seven modules including hard disk encryption, U disk encryption, and complete protection of your data security.

MagicLocker Hard Disk Encryption MagicLocker

Hard disk encryption protection tool, MagicLocker uses random keys for files

HDD Encryption

Zidian HDD Encryption God is the only hard disk partition encryption software. But it's not just hard drives. Software can protect virtually any partition, even floppy drives, optical drives, USB flash drives and removable hard drives.

Hard drive encrypted file encryption

Provide you with up to 1344Bit military hard disk encryption technology, fast encryption speed, high encryption strength

CompuSec Hard disk encryption CompuSec

CompuSec is software used to protect your system. It mainly uses some authentication mechanisms and hard disk encryption protection to ensure the system.

PWMBR Hard disk encryption PWMBR

A hard drive encryption tool

Prayaya Hard disk encryption Prayaya Encryption King

Prayaya Encryption King is an encrypted disk area created on your computer. You can store private files (photos, videos, financial information files, etc.) that need to be protected in Prayaya Encryption King.

How to use hard disk encryption

1. Copy this encryption tool to the root directory of your USB flash drive or mobile hard disk (not in a folder) to encrypt and hide all files on the USB flash drive or mobile hard disk. After encryption, you cannot see your files in the U disk or mobile hard disk, only this tool. But it does not affect your operation on the U disk or mobile hard disk. Your newly created files will be encrypted together in the next encryption. If you or someone else accidentally deleted this tool, rest assured that your encrypted file is still there, as long as you copy this tool again and use your original password to open it.

2. Put this encryption tool in the folder to encrypt only the current folder. If you need to encrypt multiple folders, you must install the tool in each folder. Different folders can use different passwords, but you must remember the passwords.

3. This tool can also encrypt the local partition or local folder in the computer. If the encrypted folder is copied and moved to other computers, you need to open your original password to see the files.

Ha ha, this time it is convenient for friends who use U disk or mobile hard disk. Never fear that someone will see your important documents

Important statement: Do not use this tool to encrypt the partition and system folder where your system is located. Make a backup of important files to prevent loss. It is recommended to first create a new folder to put some unimportant file encryption trials. Then encrypt your important files. I tested the encrypted folder and it was invalid after burning the disc ^[1]

Hard disk encryption and unlocking method

Hard drive encryption view hard drive

Connect the encrypted hard disk, enter the PC3000AT main menu interface, and press the DEL key on the small keyboard to see the current parameter table of the hard disk. Turn the page to the last page, you can see the following information:

passwordestablished: yes If yes here, the password is set for this disk;

If no, no password is set for this disk.

HDDlocked: yes indicates here whether this disk has been locked by a password.

Sequritylevel: Maximal here describes the security level of password lock;

There are only two cases: high and maximal. At the high level, you can use Masterpassword to unlock, and all the data is lossless. At the Maximal level, you cannot use Masterpassword to directly unlock, but you can use the Erase command to write all zeros to unlock, and all data is lost.

Mastercode: $ FFFE If it is $ FFFE, the Masterpassword of this disk is still the factory default value;

If it is 00, it means that the Masterpassword of this disk is not the factory default value.

General method of hard disk encryption

1. If you know the user's original password, you can press the 6 key (or right arrow key) of the keypad under the PC-3000AT main menu, select "Disksequritycommands" --- "unlockdisk", enter the correct password, and press Enter If the prompt is successful, the unlock is successful. Then, execute "Clearpassword" to completely clear the password set by the user. At this time, the data is not damaged.

2. If you do not know the password set by the user, but the Masterpassword is $ FFFE and Sequritylevel is high, then the unlocking steps are the same as above. However, you must select Passwordtype: master when entering the password, and enter the correct masterpassword.

3. If you do not know the password set by the user, but the Masterpassword is $ FFFE, and the Sequritylevel is maximum, you should execute "Disksequritycommands"-"Setpassword", enter the correct Masterpassword, and then execute "Erasedisk". After tens of minutes of data erasure, the hard drive can be restored to a usable state, but all the original data is lost.

4.If you don't know the password set by the user and the Masterpassword, you need to use a special method to remove the password.

5, you can also directly enter "Folder Encryption Software" in the Super Cyclone to download a software and it is ok.

Hard disk encryption encryption principle

I believe that everyone will encounter some embarrassing things in the daily office environment: their privacy is peeped, and when multiple people share a computer, their files have nowhere to hide. However, the emergence of "private disk" is simply a gospel for some friends who need confidentiality. It can put the files they need on the specified logical partition to hide according to user's customization. I won't comment too much on this software here. Friends who are interested can download it online. This article is mainly an analysis of the "private disk" software.

The software is developed by VB. The main program file name is srcp.exe. The file hiding function is borrowed from some features of the operating system itself to complete. "RECYCLER" is the name of a system folder. It is distributed in each partition and is usually stored as a hidden property of the system. Therefore, ordinary users cannot find this file without the help of tools. This folder is mainly used to store Spam and temporary files in the partition. "Private disk" is the use of the user's files in the hiding place provided by this system. We explain the entire process of creating a private space with this software:

First step click this button

At this time, the system executes the system command subst Z :: D: \ Recycled \ in the background.

The function of the subst command is to map the specified folder to the specified virtual disk. In this example, the Recycled directory of the D drive is mapped to the Z drive.

Second step click this button

Since the disk has been mapped with the SUBST command before, the drive letter of the Z drive has appeared on my computer, and file management can be performed like an ordinary partition. It can be used after being used up. At this time, the program also uses the SUBST command to perform the mapping release. In this way, even if the user can see the Recycled directory, they cannot see the hidden files in it, but they can be viewed by some third-party programs, such as anti-virus software. In the test I borrowed a program to observe the results:

The home directory is the storage point of the private disk. Using this scan, you can see that the 8 files I stored in the private disk total 61K.

In fact, the core work of this program is so simple. It provides users with a friendly interface so that users do not need to know the commands in depth. But at the same time, it can be seen that if you have enough knowledge of the operating system, it is also very helpful to your usual work.

The above are all about how to create and manage virtual disks. It is not difficult to know how to "crack" them. First, prepare Filemon, a file read-write tracking tool. You can use it to find "private disks." "Msudpas.dll in the system directory (X: \ windows \ system32) was operated during user login password verification. On the surface, it is a dynamic link library, but it is an out-of-the-box text file. Open it in Notepad and find that it is the plain text of the password that is stored in it, incredible. What you can do at this step, I think everyone knows it! It was found on the Internet that there are still 8.0 versions that have been tested with more image files (opened in Notepad is also clear text).