VeraCrypt & Sandboxie

Please post your problem description here

Moderator: Barb@Invincea

Post Reply
rodalsa
Posts: 12
Joined: Tue Apr 08, 2014 7:59 am

VeraCrypt & Sandboxie

Post by rodalsa » Tue Feb 23, 2016 9:15 am

Windows 7 Pro Version 6.1.7601 Service Pack 1 Build 7601
Sandboxie Version 5.06 (64-bit)
VeraCrypt Version 1.17 (64-bit)
Avast Pro 2015

1) Sandboxie contains….
a. Windows Media Player
b. Screenshot Captor
c. Paint
d. VeraCrypt. Call this instance “VeraCrypt 1”.
Loaded in that order.
2) I successfully created a volume in sandboxed Veracrypt 1.
3) VeraCrypt 1 will not mount its created volume.
4) Leaving Sandboxie (VeraCrypt 1) active I launched an instance of VeraCrypt (call it VeraCrypt 2) outside of Sandboxie.
5) The VeraCrypt 2 instance outside of Sandboxie mounted the same volume that was created inside Sandboxie (VeraCrypt 1).

That was interesting enough but then….

6) I accessed VeraCrypt 1. It now showed that the volume mounted by VeraCrypt 2 was mounted by VeraCrypt 1! I
double checked for the presence of Sandboxie’s yellow border between the two instances of VeraCrypt to make sure that I
was not screwing up. I was not.

This performance implies that VeraCrypt is not bound by Sandboxie’s boundary conditions.

To make things even stranger: Prior to the above described events, I had created and mounted a VeraCrypt volume inside of Sandboxie. I used different names for the volume and different passphrases for this earlier successful creation and mounting.

Do we have a leak? Is this inside / outside coupling intentional? What are the consequences of this coupling?

rodalsa

For me to believe is insufficient for you to know. - rodalsa

Craig@Invincea
Sandboxie Support
Sandboxie Support
Posts: 3523
Joined: Thu Jun 18, 2015 3:00 pm
Location: DC Metro Area
Contact:

Re: VeraCrypt & Sandboxie

Post by Craig@Invincea » Tue Feb 23, 2016 9:28 am

The yellow border is not the only way way to see if something is Sandboxed. It's just a user GUI.
In Sandboxie Control, Program view = What's running?
Use the "Is this Window Sandboxed" tool under Sandboxie Control>File

1. SBIE does't create any partitions. You're using your C: (or whatever drive SBIE is installed on) (The hierarchy created isn't necessarily real, it's just so that Sandbox programs can run. http://www.sandboxie.com/index.php?SandboxHierarchy)
2. Don't confuse the "sandbox" with an actual partition. It's not.
3. SBIE simply creates a folder on your drive for which this Sandbox environment runs. (C:\Sandbox)
4. How is veracrypt installed? Directly into the sandbox? Or is it installed on you host machine and then run "sandboxed?"
5. SBIE isolation isn't meant for long term, permanent storage.

Craig@Invincea
Sandboxie Support
Sandboxie Support
Posts: 3523
Joined: Thu Jun 18, 2015 3:00 pm
Location: DC Metro Area
Contact:

Re: VeraCrypt & Sandboxie

Post by Craig@Invincea » Wed Feb 24, 2016 1:34 pm

Also, VeraCrypt installs a driver
"....The reason for that is that VeraCrypt needs a device driver to provide transparent on-the-fly
encryption/decryption, and users without administrator privileges cannot install/start device ..."


Which means, if you installed VeraCrypt on your host machine..that driver is present. If you then run Veracrpyt "as sandboxed" and it requests that driver, it's going to access that driver. SBIE doesn't block that valid request.

FYI: You cannot install a program directly into a sandbox that requires a driver installation. Drivers cannot be installed into a sandbox. But, a driver present on your host..and then requested by a sandbox program can. Same reason why your video/sound works while sandboxed.

rodalsa
Posts: 12
Joined: Tue Apr 08, 2014 7:59 am

Re: VeraCrypt & Sandboxie

Post by rodalsa » Sat Feb 27, 2016 10:47 pm

Thanks for the replies Craig. I offer these answers to your statements and questions.

1. “SBIE does't create any partitions.” Understood.
4. “How is veracrypt installed?” It is installed on my host machine and then run "sandboxed?"

Sandboxie is installed as: "C:\Program Files\Sandboxie"
VeraCrypt is installed as: "C:\Program Files\VeraCrypt"

I have not installed any program within the bounds of Sandboxie. I have used the drag and drop technique on the *.exe file.

I can see where VeraCrypt's Exe file would have to access its support files for it to function appropriately and that those files reside outside of the memory domain that Sandboxie claims as its secure place.

I have over the past week generated five JPG's (3 attached, 2 in a follow on reply) that are mixed graphics and text that may
clarify the multiple questions that I am addressing. Those questions are;

1. Why does VeraCrypt IN Sandboxie refuse to mount a volume that it just created?
2. Why does VeraCrypt OUTSIDE of Sandboxie appear to mount a volume both outside and inside of Sandboxie simultaneously?
Perhaps the common driver has something to do with this.
3. Does the answer to question 3 imply that files that I may manipulate in VeraCrypt's volume in Sandboxie and save to the
sandboxed volume appear also in the non-sandboxed volume thusly requiring additional work to secure hiding when
Sandboxie is closed?
4. Why would a volume that VeraCrypt has refused to mount on the basis of its report; "The system cannot find the file
specified" show up as mounted at some time later?

That is a deep enough pile for now. I recognize that the answers to these questions involve both the design of Sandboxie and VeraCrypt. What I need is to understand what the consequences are of the performance of these two programs operating
together and what I can do to maintain the security of the data stored in VeraCrypt's volumes. Right now I am concluding that VeraCrypt is not compatible with Sandboxie.

Thanks for your assistance...

My first wonder of the world is... Love to the extent that it reaches the least lovable -- and persists! - rodalsa
Attachments
VeraCrypt & Sandboxie 00.jpg
VeraCrypt & Sandboxie 00.jpg (189.25 KiB) Viewed 712 times
VeraCrypt & Sandboxie 01.jpg
VeraCrypt & Sandboxie 01.jpg (200.24 KiB) Viewed 712 times
VeraCrypt & Sandboxie 02.jpg
VeraCrypt & Sandboxie 02.jpg (174.85 KiB) Viewed 712 times

rodalsa
Posts: 12
Joined: Tue Apr 08, 2014 7:59 am

Re: VeraCrypt & Sandboxie

Post by rodalsa » Sat Feb 27, 2016 10:50 pm

The other two JPG's are here.

Rod
Attachments
VeraCrypt & Sandboxie 03.jpg
VeraCrypt & Sandboxie 03.jpg (182.03 KiB) Viewed 712 times
VeraCrypt & Sandboxie 06.jpg
VeraCrypt & Sandboxie 06.jpg (234.96 KiB) Viewed 712 times

Craig@Invincea
Sandboxie Support
Sandboxie Support
Posts: 3523
Joined: Thu Jun 18, 2015 3:00 pm
Location: DC Metro Area
Contact:

Re: VeraCrypt & Sandboxie

Post by Craig@Invincea » Mon Feb 29, 2016 9:52 am

There is a thread about TrueCrypt/VeraCrypt here and Curt's mention about mounting is not possible within SBIE.

http://forums.sandboxie.com/phpBB3/view ... nt#p116184

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest