[phpBB Debug] PHP Warning: in file [ROOT]/phpbb/session.php on line 580: sizeof(): Parameter must be an array or an object that implements Countable
[phpBB Debug] PHP Warning: in file [ROOT]/phpbb/session.php on line 636: sizeof(): Parameter must be an array or an object that implements Countable
3.14.by forum • [HowTo] BruteForce TrueCrypt!
Page 1 of 1

[HowTo] BruteForce TrueCrypt!

Posted: Mon Jul 19, 2010 5:49 pm
by SecUpwN
Dear BarsWF-Community,

in this thread I´d like to announce an awesome Project around a Tool from Coder "IsNull", which I´m amazed of. As you might know, even to the most skilled security professionals might happen an error - simply because we´re humans. But what to do when the password to a TrueCrypt-Volume containing extremely important data has been completely forgotten? In this case, the data is probably lost. But those who still remember parts of the password do in fact have a chance to gain access again. How? Through brute-forcing the password using a dictionary-attack...


"What exactly is TrueCrypt?"
Wikipedia wrote:TrueCrypt is a software application used for on-the-fly encryption (OTFE). It is distributed without cost and the source code is available. It can create a virtual encrypted disk within a file or encrypt a partition or (under MS Windows except Windows 2000) the entire storage device (pre-boot authentication). Further information available HERE.

To sum it up, TrueCrypt is an extremely useful tool - provided one know how to correctly operate it...

"I forgot my password – is there any way ("backdoor") to recover the files from my TrueCrypt volume?"
Truecrypt FAQ wrote:TrueCrypt does not contain any mechanism or facility that would allow partial or complete recovery of your encrypted data without knowing the correct password or the key used to encrypt the data. The only way to recover your files is to try to "crack" the password or the key, but it could take thousands or millions of years depending on the length and quality of the password/keyfiles, on software/hardware efficiency, and other factors. If you find this hard to believe, consider the fact that even the FBI was not able to decrypt a TrueCrypt volume after a year of trying.

Like the FAQ of TrueCrypt tells you, not even the FBI has been able to decrypt one of the TrueCrypt-Containers, even after years of trying. Go figure. Those who were eager enough to search for a solution within Google will find numerous Threads and Posts about the topic - but very unlikely a satisfactory solution. Don´t even expect to get help in the TrueCrypt-Forums. And that´s exactly where I come into play:

Due to the fact that you do (hopefully) remember parts of your won password (or you might even remember the complete contents, but not the exact order of the characters), here´s what I recommend you to do:

1. Create a custom Wordlist using CRUNCH erstellen (A big THANKS goes out to developer "bofh28"!).
A really useful and throughly written manual to operate CRUNCH correctly is to be found HERE.
2. Download the supercool Tool true.crypt.brute from within the download section of SecurityVision.


3. Configure the settings (locate TrueCrypt, set the path to the Wordlist, TC-Container as well as the drive letter for the volume):


4. Now BRUTE it and get a steaming hot coffee in between. As always the rule applies: Your Fu is just as strong as your Wordlist. So pay attention and try to remember as many characters of the password as possible when generating your Wordlist.

The projects future:
  • true.crypt.brute will be re-written in C#
  • Project will be OpenSource and hosted on gitorious
This brings the following advantages with it:
  • Solves some common problems
  • Cross-platform-compatibility (.NET depended)
  • Improvements of speed through usage of native code
  • Multi-Thread BruteForce-Tasks for a maximum of speed

You´ve got questions regarding the tools? Please take a look at the true.crypt.brute-FAQ! Suggestions and possible Improvements in mind? Write a message to the coder "IsNull" ! DONATIONS for development of the project as well as usable feedback are explicitly welcome any time!

Good luck with this excellent tool! ;)
Feel free to share further questions, usable critics and possible improvemend suggestions with me.

Re: [HowTo] BruteForce TrueCrypt!

Posted: Mon Jul 19, 2010 6:32 pm
by Rolf
Well, since TrueCrypt uses PKDBF key strengthening, I assume the speed wont exceed those of 500~2000 k/s.
Still, it's useful :wink:

Re: [HowTo] BruteForce TrueCrypt!

Posted: Tue Jul 20, 2010 7:40 am
by SecUpwN
Rolf wrote:Well, since TrueCrypt uses PKDBF key strengthening, I assume the speed wont exceed those of 500~2000 k/s.
Still, it's useful
Thanks for sharing your thoughts on it, Rolf - that´s exactly what I thought as well. Now, about the speed concern: Let´s see which the new, re-written version in C# can take. It´s a work in progress, but as far as I know the only one with some real potential. Oh, by the way: Dein Name klingt Deutsch - woher kommst du? ;)

Re: [HowTo] BruteForce TrueCrypt!

Posted: Tue Jul 20, 2010 2:27 pm
by Rolf
Well, I did some tests with it.
The speed is around 2~3 keys / second.
I've discovered why: the app doesnt attack a container by itself, but launches and kills TrueCrypt to do it.
Seems it just passes the command line parameters.
Really looking forward to a C# version.
I'm not from Germany, however, from the EU :D

Re: [HowTo] BruteForce TrueCrypt!

Posted: Fri Jul 30, 2010 10:26 am
by SecUpwN
UPDATE: true.crypt.brute 2 is in active development! Grab yourself the first ALPHA-VERSION for testing! Oh n' by the way: The project is looking for some good C-Coders and Crypto-Experts. If you´re interested in contributing, feel free to send "IsNull" a message through the contact page. Feel free 2 share your results. Happy testing! :twisted:

Re: [HowTo] BruteForce TrueCrypt!

Posted: Mon Aug 09, 2010 1:09 pm
by Rolf
Now, this is better!
With that latest alpha, I got 399 passwords tested per minute on Q6600 @ 3.0 Ghz.
There is a small cosmetic mistake: in the job config tab, in the lower right corner, there are two buttons with "confic" :wink: