Application: PAF.tc Wizard
Category: Privacy/Security
Description:
PAF.tc is a wrapper that will mount a TrueCrypt container file, launch a PortableApp from that mounted container, wait for the PortableApp to exit and then dismount the container file. PAF.tc is able to handle multiple instances and will only try to dismount after the last instance has exited. PAF.tc Wizard helps automate the setup of PAF.tc and integrates PAF.tc seamlessly into the Portable Apps Platform. PAF.tc Wizard and PAF.tc have the following requirements:
- Admin rights and a portable copy of TrueCrypt
- A locally installed copy of TrueCrypt
or
PAF.tc Wizard 1.0 Dev Test 6[329 KB download/392KB installed]
(MD5: 1C92E44DC0F4D492861CF3567796681D )
The format of PAF.tc.ini
[User Settings] TrueCrypt Location=:\PortableApps\TC\TrueCrypt.exe TrueCrypt Systray=false TC Container=FooPortable.tc Executable Path=:\FooPortableDirectory\FooPortable.exe Executable Parameters= -z100 Dismount Delay=100 Storage Only=false [Relaunch Tracking] Drive Letter=Z Mount Instances=0
PAF.tc.ini setting definitions (all settings are optional if default folder structure is used)
- TrueCrypt Location: Location of TrueCrypt.exe traveler installation on Portable Apps drive (sans drive letter)
- TrueCrypt Systray: if true TrueCrypt will be launched to the system tray. false by default.
- TC Container: Name of the TrueCrypt container file in the \Data directory that contains the PortableApp
- Executable Path: String that is appended to the mounted drive letter used to launch the encrypted app
- Executable Parameters: String of parameters to append to the launch command of the Portable App.
- Dismount Delay: Time in ms that PAF.tc waits after launched app exits before attempting to dismount the container.
- Storage Only: if true The TrueCrypt container will be mounted as storage only and PAF.tc will wait until the TrueCrypt container is dismounted before reseting the mount count in the ini file (Executable Path and Parameters are ignored.) Subsequent launches of PAF.tc will present the option to dismount the drive. If declined an explorer window will be opened showing the drive. default is false
- Drive Letter: Do not modify. Filled in by PAF.tc if not yet mounted. If is mounted then is used to locate where it is mounted.
- Mount Instance: Do not modify. Filled in by PAF.tc to track how many instances of the encrypted app are running. PAF.tc will not dismount the container until the Mount Instances goes to zero
Release Notes:
Development Test 6 (2009-07-31):
- Fix-- Code for finding an available drive letter was not reliable. This has been reworked in both PAF.tc and the wizard.
- New-- If the execute command fails after the container has been mounted PAF.tc will present the option to launch in storage only mode.
- New-- Tweaked some error messages and code comments
Development Test 5 (2009-07-27):
- Fix-- Wizard now writes ini file with drive letter removed from truecrypt executable path. PAF.tc will now fill that in at run time.
- Fix-- rewrite for dev test 4 introduced some bugs that caused the wizard to be unable to mount the container to copy in the Portable App. This has been fixed.
Development Test 4 (2009-07-24):
- New-- Major rewrite of both PAF.tc and PAF.tc Wizard
- New-- Beefed up error handling.
- Fix-- PAF.tc and PAF.tc Wizard will properly defer to local TrueCrypt install when a local install is detected.
Development Test 3 (2009-07-12):
- Fix-- PAF.tc Wizard now properly dismounts when done.
- New-- PAF.tc Wizard now creates a placeholder file for the container file and launches TrueCrypt Format from that location. Step will be obsoleted when TrueCrypt Format allows commandline file creation
Development Test 2 (2009-07-12):
- Added PAF.tc Wizard. Does most of the setup work for PAF.tc.
- Will test for admin rights. If no admin rights, will look for a local install.
Development Test 1 (2009-06-26):
- Initial Release
Visit the Community page
Join our forums
Subscribe to our email newsletter
Subscribe with RSS
Follow us on Facebook
Follow us on LinkedIn
Follow us on Twitter
Follow us on Mastodon
Follow us on BlueSky
Hi,
I am using TC with my PortableApp installation, but it is done by "bat" scripts. It is very ugly solution. I like your approach better except the requirement for Admin Rights. I know that is because TC has to load a disk driver and it could be done only if the user has Admin rights. One workaround that I found for me is to have install TC on my laptop. That way the driver is loaded at start-up of the computer and TC don't need admin rights to mount my container. This workaround of course can have some problems. Most dangerous one is to have version mismatch between local install and the portable version. I have not tried, but I hope that TC will check for that and will quit before it causes any problem. So my question is: have you try to use your wrapper on computer with local install of TC?
I have set up PAF.tc to look for and use a local install of TrueCrypt if it is available and the user does not have admin rights. In this instance PAF.tc will open a messagebox showing the version of the local install and asking if it should be trusted. Haven't done much investigation into cross version usage but I will.
Thanks for the improvement idea.
Key ID: 0xDAE3095F
Fingerprint: 5D98 65D2 1844 21A5 76C1 F0F6 4BE6 D689 DAE3 095F
I can answer that one, since I've tried a range of versions in the past (been using TC since 4.x series).
The exe that you run to mount or dismount a container must match the version of the drivers exactly.
That means that if there is a version installed, you have to run a TrueCrypt.exe of exactly the same version. i.e. if the one on your key is different, it will fail.
I would suggest that if you detect an installed copy, you should always use it, admin rights or no.
If the issue is a question of trust, well, if you don't / can't trust the administrator of the machine, you're screwed anyway, and a bogus tc.exe is the least of your worries.
True, if you don't trust the local install then you probably should reconsider even putting your thumb drive in. But there are friends and family I do trust, but may not have kept their TrueCrypt installs up to date. So upon detection of a local install I still present the option to use it or quit out, presumably to tell your friend/family that they really need to update their old software.
Thank you for the info, it prompted me to go download some old versions of TrueCrypt to test out local installs and differing versions.
Key ID: 0xDAE3095F
Fingerprint: 5D98 65D2 1844 21A5 76C1 F0F6 4BE6 D689 DAE3 095F
I just run a bat that kills any local service in order to avoid conflicts.
what happens if you kill the local service and there are already mounted containers?
Haven't bothered testing that -- I dismount all the containers before killing the service. Obviously this solution doesn't work if you need to access those containers, but it's a good solution if you privilege your portable container(s) over those on the host machine.
Especially since one of the containers on the PC I'm sat at typing this is the system drive.
Killing the driver here would likely be disastrous...
I think I prefer the "use the local version" methodology.