hashcat Forum
not cracking truecrypt volume when key file is archive - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: not cracking truecrypt volume when key file is archive (/thread-10137.html)



not cracking truecrypt volume when key file is archive - s0lari - 05-29-2021

So just tested this extensively with hashcat v6.2.1.

When truecrypt key file for a truecrypt container (standard or hidden does not matter) is a file of some compression archive type (tested zip, tar.gz and jar), then crack will not work, regardless of attack type (tested wordlist and bruteforce).

Steps to reproduce in TrueCrypt 7.1a:
1. Create new volume / Create an encrypted file container
2. Choose Standard or Hidden, does not matter
3. Choose file name
4. Choose any encryption algo and hash algo (does not matter), but let's say encryption algo AES, hash algo RIPEMD-160
5. Choose some size and simple password, say 'ab'
6. Use key files, and choose a file which is compressed archive, say test.zip (archive could be created from single text file, binary file, or multiple of those, does not matter)
7. Choose filesystem type, say FAT, does not matter, and finish the creation of truecrypt container
8. dd if=<your tc container> of=hash.bin bs=1 count=512 (skip=65536 if hidden volume)
9. hashcat -a 3 -m 6213 hash.bin ?l?l --truecrypt-keyfiles=test.zip

Output:

Session..........: hashcat                               
Status...........: Exhausted
Hash.Name........: TrueCrypt RIPEMD160 + XTS 512 bit
Hash.Target......: hash.bin
Time.Started.....: Sat May 29 12:29:53 2021 (0 secs)
Time.Estimated...: Sat May 29 12:29:53 2021 (0 secs)
Guess.Mask.......: ?l?l [2]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:    4438 H/s (1.35ms) @ Accel:32 Loops:512 Thr:1 Vec:8
Recovered........: 0/1 (0.00%) Digests
Progress.........: 676/676 (100.00%)
Rejected.........: 0/676 (0.00%)
Restore.Point....: 26/26 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:25-26 Iteration:1536-1999
Candidates.#1....: xa -> xq


10. Now create the same container but with key file which is not compressed archive.
11. Cracked


RE: not cracking truecrypt volume when key file is archive - atom - 05-29-2021

Excellent finding! I have this fixed with commit https://github.com/hashcat/hashcat/commit/f54643479d13395160df9dbb261db2503fdcd6f9

New beta up, too.


RE: not cracking truecrypt volume when key file is archive - s0lari - 05-29-2021

Great. Thank you Atom!