Sunday, 11 May 2014

While working on some assignments, I wanted to copy data from my friends TrueCrypt Volume which was encrypted with password and he forget password!!!! and that's my journey started towards TrueCrypt Hacking!

 TrueCrypt is an open source program to create and mount virtual encrypted disks in Windows Vista/XP/2000 and Linux and OS X as well as Whole Disk Encryption on Windows. It provides two levels of plausible deniability (hidden values / no signatures to make a distinction from random data), on the fly encryption and supports AES, Serpent and Twofish. As of version 6.0 TrueCrypt now supports hidden Operating Systems under Windows only.

Favorite attack is Dictionary Based / Brute Force, for which there are multiple tools available for Linux as well as Windows.

Tools :
  1. TrueCrack  (Most Reliable Tool)
  3. TCHead
  4. TCBrute 2
  5. Passware Passwod Recovery Kit Forensic (Commercial)
  6. Hashcat/CudaHashcat

Also there are attacks for extracting Master Keys for TrueCrypt from Memory Dump.


TrueCrack In Action with Dictionary Attack 

Pure Brute Force attack with Digits :


TCHead In Action with Dictionary Attack :

TCBrute 2

Specified Dictionary & TrueCrypt Encrypted file, but for some reason TCBrute seems unreliable as I was unable to crack password although it was present in dictionary, Visitors can cross check and comment.

Password not cracked, although it was present in mentioned dictionary file :

Passware Passwod Recovery Kit Forensic (Commercial) 

First of all this is commercial tool, and can perform various known attacks agains TrueCrypt encrypted volume.

 Brute Force with Digits :

Password Cracked :

Mount TrueCrypt volume using Command Line :

Command line options for TrueCrypt :

Mount TrueCrypt Encrypted Volume using Command :

/l = Drive Letter

TrueCrypt Reference Links

Hope you enjoyed, I will post more interesting Information soon!


1 comment: