Sharing a TrueCrypt Physical Partition From a Linux Portable Virtualbox Guest

Submitted by Kevin Kleinfelter on Wed, 05/19/2010 - 17:27

First, I'll describe what I did; then why; then how.

What:

  • I've got a Windows XP computer (host).
  • I've got Portable VirtualBox (PVB).
  • I've got a physical partition on the computer that is encrypted with TrueCrypt (TC).
  • I've got Ubuntu 10.4 (Lucid Lynx) installed as a guest in PVB.
  • I made the TC partition available in the guest as a physical partition.
  • I mounted the TC partition with TC in Lucid.
  • I shared the mounted TC file system from Lucid.
  • I accessed the shared file system from the host.

Why:

  • To see if I could!
  • I have a very aggressive anti-virus installed on the host. It treats several legitimate programs as "PUPs" (potentially unwanted programs) and it deletes them. It does NOT do this on network shared drives. I want these files accessible both in a VM and on the host. The AV program is an all-or-nothing affair.

How:

  1. See Portable VirtualBox to set up PVB.
  2. Installing Ubuntu in PVB is not covered here. It is a plain vanilla Ubuntu install.
  3. Create a Virtualbox physical partition descriptor for the TC partition:
    • vboxmanage internalcommands listpartitions -rawdisk \\.\PhysicalDrive1
      • MY TC partition is on my second physical drive, which Windows calls \\.\PhysicalDrive1. If you have only a single physical drive, it is probably called \\.\PhysicalDrive0
      • Note that the Windows TC's partition numbering scheme does not match VirtualBox's, so you really do have to do this step!
    • VBoxManage internalcommands createrawvmdk -filename raw-k.vmdk -rawdisk \\.\PhysicalDrive1 -partitions 8
      • Substitute the file name of your choice for raw-k.vmdk.
      • Substitute the partition number of your choice for 8. You can list multiple partitions, separated with commas.
    • Move raw-k.vmdk and raw-k-pt.vmdk to \pvb\pvb-data\.VirtualBox\HardDisks
    • Use the VirtualBox GUI to add raw-k.vmdk to you list of available virtual disks (File/Virtual Media Manager/Add...)
    • Use the VirtualBox GUI to add the vmdk to your Machine's disks. Mine was added as IDE Secondary Slave.
  4. Start your virtual machine via the GUI, and mount the partition from Lucid. I recommend mounting it read-only, at least until you're sure things are set up correctly. Run /usr/bin/truecrypt and mount it via the GUI. Then dismount it, and set up a shell script to run:
    • mkdir /media/tc
    • /usr/bin/truecrypt --mount /dev/sdc8 /media/tc
      • Of course, you will want to substitute YOUR correct device for /dev/sdc8
  5. Because I'm using PVB, I don't have any network interfaces created by installing VirtualBox. I needed to set up port forwarding with VirtualBox's NAT pseudo-interface. First configure a loopback adapter:
    1. Create a loopback adapter in the host: Cpanel/Add Hardware/Yes I have already connected the hardware/Add a new hardware device/Install the hardware that I manually select/Network Adapters/Microsoft/Microsoft Loopback Adapter.
    2. Rename the loopback adapter to "loopback1"
    3. Bind Client for Microsoft Networks to loopback1.
    4. Un-bind File and Printer Sharing from loopback1. This frees up port 139 on loopback1.
    5. Bind TCP/IP to loopback1. Set TCP properties to Address=192.168.2.1, Interface Metric=9999, Enable LMHOSTS, Disable NetBIOS over TCP.
  6. Set up port forwarding ("ubuntu-10.4" is MY guest's machine name; use your own. smb139 is an arbitrary name for the forwarding rules; use your own. 139 is the port for Windows SMB/CIFS file sharing):
    1. vboxmanage setextradata "ubuntu-10.4" "VBoxInternal/Devices/pcnet/0/LUN#0/Config/smb139/HostPort" 139
    2. vboxmanage setextradata "ubuntu-10.4" "VBoxInternal/Devices/pcnet/0/LUN#0/Config/smb139/GuestPort" 139
    3. vboxmanage setextradata "ubuntu-10.4" "VBoxInternal/Devices/pcnet/0/LUN#0/Config/smb139/Protocol" TCP
  7. Not it is time to share /media/tc from Lucid. I was lazy, so I installed KDE. Then I clicked System/Preferences/System Settings (which KDE adds, even to Gnome)
    1. On the Advanced tab, click Samba
    2. Workgroup=HOME (Use your choice of workgroups)
    3. NetBIOS Name=UVM104 (Use your choice of computer name)
    4. Server String=%h (Use your choice of server description)
    5. Security Level=Share
    6. Add a share for /media/tc, named tc.
    7. Allow All unspecified users.
    8. Users: Add kevin and kk. (Note: I created a synonym user "kk" to match my host user ID by editing /etc/password, copying kevin, renaming it to kk, keeping the same UID and GID, and passwording kk.)
    9. /etc/service restart smbd
    10. /etc/service restart nmbd
  8. From Windows map a network drive to \\192.168.2.1\tc, using user=kevin. (I eventually got kk working, after I defined an SMB password for kk to match kk's password in Windows.)

Some helpful links:

Add new comment