How to crack a TrueCrypt password via dictionary attack? - Page 2

Scrapheap · July 30th, 2007, 04:28

Circuit learn about how encryption works. Without the password you can't decrypt the data file. Just making the program think it has decrypted the file doesn't work as the data file will just be garbish.

rsaddey · August 26th, 2007, 06:16

Quote:

Originally Posted by circuit

get softice or any other software that loads .exe into assembly.....
search the net for password window code
i think the jump code is 79 in assembly..
when u enter an incorrect password it jumps to the code saying "INCORRECT PASS".... if u remove the jump instruction correctlty the correct password code would be executed and there u r...... U hav cracked it...

do post the crack back .... it would b a great..... all u need is research...

That's not the way, TrueCrypt works - and it would be tremendously silly, if it did.

In short: Your password is used to construct the actual key used for encrypting and decrypting data. If it does not match, decrypted data will just be a random stream of bits like the encrypted data itself.

sunjester · August 26th, 2007, 12:01

http://en.wikipedia.org/wiki/TrueCrypt

lolox · December 25th, 2007, 22:02

*Hijacking thread*

Yarr I just ran into the same problem. Just installed TrueCrypt (awsome program btw), created a volume, moved some very important files to it, made a password and all that. Even trained several times using that password, so I wouldnt forget it. Then I went playing UT2004 and BAM! Retard me had forgotten the password.

However! I DO remember alot of the letters and numbers, and the other letters which I'm unsure about, I still know if they're vowels or consonants... or even better: if they're a selection of some specifc vowels or consonats. Anyway. I calculated @ this and found out that there couldn't be more than approx. 40 000 combinations. Not bad eh? Considering it's a 20+ letter password.

ANYHOW! Is there somekind of program I can use to crack this password, where I can input that this and that letter must be a selection of these? Kinda like:

[abd]L[ea]k

(lowercase a, b or d, then an uppercase L, then e or a, and then a lowercase k)

You get the idea... Help anyone?

EDIT

I found some really great software that can generate passwords with such specifications that I desire (Password Generator Professional 2007). Now I just have to find some program that can use a dictionary to attack TrueCrypt.

EDIT

I used my lolzor java skills to make a really silly app. The app tries to run "truecrypt -p password truecrypt-file" in linux, where password is a line from a file, until it either succeeds in running the app or until the file with the passwords has come to endfile. Avg. 4 passwords / sec lol! Well it works if you've generated around a couple of thousand passwords (the app does 14 760 passwords / hour).

EDIT

LOL! And I found the password!

You can find the java app here:
http://rapidshare.com/files/80314740/CrackTC.zip

EDIT

lol someone has stolen CrackTC and put it up on TPB. Not that I mind it being uploaded there. When I say stolen I mean that the one who uploaded it is taking the credit for making the program, which is bs.

The truth is out there! (Or here, lol)

Scrapheap · December 30th, 2007, 08:10

Well done lolox, you have already surpassed most new members here by actually writing a program to solve your problem. I assume that it isn't big so you could post it in the programming sections, code repository so that everyone can see it and benefit from it when they need it two years down the line.

We might also be able to suggest improvements. A simple one normally is to run a number of attempts in parallel, the only problem being that Java tends to run on just one processor and ignore the other ones so you wouldn't see a big improvement, there would also be problems with the locking of the file (though you could avoid that by each thread simply using a copy of the file)

steku · December 30th, 2007, 08:53

I have exactly problem that lolox had.
Now I´m just waiting to get that java app.

lolox · December 30th, 2007, 09:17

Quote:

Originally Posted by Scrapheap

Well done lolox, you have already surpassed most new members here by actually writing a program to solve your problem. I assume that it isn't big so you could post it in the programming sections, code repository so that everyone can see it and benefit from it when they need it two years down the line.

We might also be able to suggest improvements. A simple one normally is to run a number of attempts in parallel, the only problem being that Java tends to run on just one processor and ignore the other ones so you wouldn't see a big improvement, there would also be problems with the locking of the file (though you could avoid that by each thread simply using a copy of the file)

How/where do I post it in the programming sections, code repository?
And Im prob not gonna work more on this. It solved my problem, and now Im sharing it. If you wanna imporve it then go ahead.

Quote:

Originally Posted by steku

I have exactly problem that lolox had.
Now I´m just waiting to get that java app.

Yeah I sent you a PM. Im updating my post above now with link..

Scrapheap · December 30th, 2007, 15:31

Quote:

Originally Posted by lolox

How/where do I post it in the programming sections, code repository?

The programming forum has a sub forum that is the code repository. Just post it in their like a normal post (using code tags of course)

Charles · June 12th, 2008, 08:44

i need a real hacker that can scam bank account..........contact me - Email address removed from bots quote post to view -
------Automerged Doublepost------
hey
sgalf;klasflk ppaskflasf
safkjsflsf

zimzum · June 16th, 2008, 22:52

okay, So i need to crack a TrueCrypt file bad, so I wrote a BruteForce attack for it.

if you would like to run it.... goto download AutoIt (either google it, or goto http://www.autoitscript.com/autoit3/)

anyhow, here is the code...

Quote:

dim $one, $two, $three, $four, $five, $six, $seven, $eight, $pw
dim $Array[94]
$Array[0]="a"
$Array[1]="b"
$Array[2]="c"
$Array[3]="d"
$Array[4]="e"
$Array[5]="f"
$Array[6]="g"
$Array[7]="h"
$Array[8]="i"
$Array[9]="j"
$Array[10]="k"
$Array[11]="l"
$Array[12]="m"
$Array[13]="n"
$Array[14]="o"
$Array[15]="p"
$Array[16]="q"
$Array[17]="r"
$Array[18]="s"
$Array[19]="t"
$Array[20]="u"
$Array[21]="v"
$Array[22]="w"
$Array[23]="x"
$Array[24]="y"
$Array[25]="z"
$Array[26]="A"
$Array[27]="B"
$Array[28]="C"
$Array[29]="D"
$Array[30]="E"
$Array[31]="F"
$Array[32]="G"
$Array[33]="H"
$Array[34]="I"
$Array[35]="J"
$Array[36]="K"
$Array[37]="L"
$Array[38]="M"
$Array[39]="N"
$Array[40]="O"
$Array[41]="P"
$Array[42]="Q"
$Array[43]="R"
$Array[44]="S"
$Array[45]="T"
$Array[46]="U"
$Array[47]="V"
$Array[48]="W"
$Array[49]="X"
$Array[50]="Y"
$Array[51]="Z"
$Array[52]="!"
$Array[53]="@"
$Array[54]="#"
$Array[55]="$"
$Array[56]="%"
$Array[57]="^"
$Array[58]="&"
$Array[59]="*"
$Array[60]="("
$Array[61]=")"
$Array[62]="_"
$Array[63]="+"
$Array[64]="~"
$Array[65]="`"
$Array[66]="1"
$Array[67]="2"
$Array[68]="3"
$Array[69]="4"
$Array[70]="5"
$Array[71]="6"
$Array[72]="7"
$Array[73]="8"
$Array[74]="9"
$Array[75]="0"
$Array[76]="-"
$Array[77]="="
$Array[78]="["
$Array[79]="]"
$Array[80]="\"
$Array[81]="{"
$Array[82]="}"
$Array[83]="|"
$Array[84]=";"
$Array[85]=":"
$Array[86]="'"
$Array[87]=""""
$Array[88]=","
$Array[89]="<"
$Array[90]="."
$Array[91]=">"
$Array[92]="/"
$Array[93]="?"

;Start brute Force
For $one = 0 to 93
$pw = $Array[$one]
Run(@COMSPEC & " /c " & 'C:\fubar\TrueCrypt.exe /q background /s /p "' & $pw & '" /e /m ro /m rm /v "c:\fubar\fubar.ENC"' )
Next

for $two = 0 to 93
for $one = 0 to 93
$pw = $Array[$one]
$pw &= $Array[$two]
Run(@COMSPEC & " /c " & 'C:\fubar\TrueCrypt.exe /q background /s /p "' & $pw & '" /e /m ro /m rm /v "c:\fubar\fubar.ENC"' )
Next
Next

for $three = 0 to 93
for $two = 0 to 93
for $one = 0 to 93
$pw = $Array[$one]
$pw &= $Array[$two]
$pw &= $Array[$three]
Run(@COMSPEC & " /c " & 'C:\fubar\TrueCrypt.exe /q background /s /p "' & $pw & '" /e /m ro /m rm /v "c:\fubar\fubar.ENC"' )
Next
Next
Next

for $four = 0 to 93
for $three = 0 to 93
for $two = 0 to 93
for $one = 0 to 93
$pw = $Array[$one]
$pw &= $Array[$two]
$pw &= $Array[$three]
$pw &= $Array[$four]
Run(@COMSPEC & " /c " & 'C:\fubar\TrueCrypt.exe /q background /s /p "' & $pw & '" /e /m ro /m rm /v "c:\fubar\fubar.ENC"' )
Next
Next
Next
Next

for $five = 0 to 93
for $four = 0 to 93
for $three = 0 to 93
for $two = 0 to 93
for $one = 0 to 93
$pw = $Array[$one]
$pw &= $Array[$two]
$pw &= $Array[$three]
$pw &= $Array[$four]
$pw &= $Array[$five]
Run(@COMSPEC & " /c " & 'C:\fubar\TrueCrypt.exe /q background /s /p "' & $pw & '" /e /m ro /m rm /v "c:\fubar\fubar.ENC"' )
Next
Next
Next
Next
Next

FOR $six = 0 to 93
for $five = 0 to 93
for $four = 0 to 93
for $three = 0 to 93
for $two = 0 to 93
for $one = 0 to 93
$pw = $Array[$one]
$pw &= $Array[$two]
$pw &= $Array[$three]
$pw &= $Array[$four]
$pw &= $Array[$five]
$pw &= $Array[$six]
Run(@COMSPEC & " /c " & 'C:\fubar\TrueCrypt.exe /q background /s /p "' & $pw & '" /e /m ro /m rm /v "c:\fubar\fubar.ENC"' )
Next
Next
Next
Next
Next
Next

for $seven = 0 to 93
FOR $six = 0 to 93
for $five = 0 to 93
for $four = 0 to 93
for $three = 0 to 93
for $two = 0 to 93
for $one = 0 to 93
$pw = $Array[$one]
$pw &= $Array[$two]
$pw &= $Array[$three]
$pw &= $Array[$four]
$pw &= $Array[$five]
$pw &= $Array[$six]
$pw &= $Array[$seven]
Run(@COMSPEC & " /c " & 'C:\fubar\TrueCrypt.exe /q background /s /p "' & $pw & '" /e /m ro /m rm /v "c:\fubar\fubar.ENC"' )
Next
Next
Next
Next
Next
Next
Next

for $eight = 0 to 93
for $seven = 0 to 93
FOR $six = 0 to 93
for $five = 0 to 93
for $four = 0 to 93
for $three = 0 to 93
for $two = 0 to 93
for $one = 0 to 93
$pw = $Array[$one]
$pw &= $Array[$two]
$pw &= $Array[$three]
$pw &= $Array[$four]
$pw &= $Array[$five]
$pw &= $Array[$six]
$pw &= $Array[$seven]
$pw &= $Array[$eight]
Run(@COMSPEC & " /c " & 'C:\fubar\TrueCrypt.exe /q background /s /p "' & $pw & '" /e /m ro /m rm /v "c:\fubar\fubar.ENC"' )
Next
Next
Next
Next
Next
Next
Next
Next

Change all 'fubar' to reflect the path/filename that you are looking for.

You can easily change this into a dictionary attack by replacing the Arrays (Check the forums to figure out how to parse a text file into an array).

if you need more than an 8 character password attack, just create more routines using the same methodoligy.

you can change out 'Run' for 'RunWait' but it takes a lot longer to hack (But it dosn't run your system into the dirt either).

I know that this isn't the best looking code in the universe, but hell, its all I could come up with in a few hours.
------Automerged Doublepost------
Well, going over that code, using a 400mg TrueCrypt file, it gave me mad errors once the CMD windows started stacking in excess of 70. RunWait will have to be used instead of Run, but then it kills my cycle time down to about 1/s. Trying to figure out how to get the script to run hard but not error out.