Brute TrueCrypt password - Printable Version

Brute TrueCrypt password - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Brute TrueCrypt password (/thread-10629.html)

Brute TrueCrypt password - strcmp - 02-20-2022

Is it possible to crack the TrueCrypt volume password?

Encryption Algorithm: AES-Twofish-Serpent
Hash Algorithm: RIPEMD-160
Keyfile was used (which I have).

I tried all passwords I usually use, but none worked.
So basically, I have no clue anymore what it might be.

Can I recover my password with hashcat?
If yes, which options do I have to use?

Many thanks

RE: Brute TrueCrypt password - Banaanhangwagen - 02-21-2022

Yes it is possible.
What is the exact command you typed ?

RE: Brute TrueCrypt password - strcmp - 02-21-2022

Code:
$ hashcat.exe -m 6213 -a 3 -w 3 --increment --increment-min 6 -o cracked.txt --truecrypt-keyfiles=kf.xyz sdb1_dump.dd -1 ?l?u ?a?1?1?1?1?1?a?a?a?a?a?a?a?a?a?a

I did some test runs on a created volume (no hidden, with partition, non-systen) and this seems (?!) to work. I took the first 512 bytes using dd.

I know the password in minimum 6 chars long, maximum 16 chars.
The first char can be anything, but the next 5 chars are for sure letters (upper- or lowercase).
The rest can be anything again.

Are the parameters I used correct?

Besides that, I was surprised to see that:
1. if -o isn't used, the cracked result is neither stored anywhere, nor displayed.
2. the mask needs to be at the end, otherwise "... Invalid argument" is shown.
Did I miss something?

RE: Brute TrueCrypt password - Sondero - 02-22-2022

(02-21-2022, 07:40 PM)strcmp Wrote:
Code:
$ hashcat.exe -m 6213 -a 3 -w 3 --increment --increment-min 6 -o cracked.txt --truecrypt-keyfiles=kf.xyz sdb1_dump.dd -1 ?l?u ?a?1?1?1?1?1?a?a?a?a?a?a?a?a?a?a

I did some test runs on a created volume (no hidden, with partition, non-systen) and this seems (?!) to work. I took the first 512 bytes using dd.

I know the password in minimum 6 chars long, maximum 16 chars.
The first char can be anything, but the next 5 chars are for sure letters (upper- or lowercase).
The rest can be anything again.

Are the parameters I used correct?

Besides that, I was surprised to see that:
1. if -o isn't used, the cracked result is neither stored anywhere, nor displayed.
2. the mask needs to be at the end, otherwise "... Invalid argument" is shown.
Did I miss something?

1.) for default, stored in potfile, but it doesnt matter, because your attack will take hundreds of years Wink

RE: Brute TrueCrypt password - strcmp - 02-22-2022

(02-22-2022, 12:15 PM)Sondero Wrote: 1.) for default, stored in potfile, but it doesnt matter, because your attack will take hundreds of years

Yes, I saw now that it takes ages ... Sad

May I use a (my own) wordlist and tell hashcat to take any combination of these words?

BTW ... even if cracked, hashcat.potfile doesn't hold the found hash.

RE: Brute TrueCrypt password - strcmp - 03-21-2022

Still looking for my lost password.

Just to be sure ... when I use dd from (e.g.) Ubuntu, does it matter if the (SATA) HDD is connected via USB bay, or does it need to connected via SATA (eSATA)?