08-04-2015, 10:06 PM
I've recently been asked to give a shot at cracking a TrueCrypt boot volume. Having never done so before, I just wanted to sanity check what I've done.
To extract the binary data needed for the crack, I ran the following:
dd if=/dev/sdc of=/path/to/file.tc bs=1 skip=31744 count=512
Since this is a boot volume, the data should be at offset 31744 - according to the Wiki, the last sector of the first track. We're extracting 512 bytes to give to cudaHashcat.
To crack it, we would then run:
./cudaHashcat64.bin -a 0 -m 6241 /path/to/file.tc /path/to/wordlists/
Assuming I was given the correct information and that the volume uses RIPEMD-160 and AES.
Like I said, since this is the first TrueCrypt volume I've run, I just want to make sure I did this right. Thanks all.
To extract the binary data needed for the crack, I ran the following:
dd if=/dev/sdc of=/path/to/file.tc bs=1 skip=31744 count=512
Since this is a boot volume, the data should be at offset 31744 - according to the Wiki, the last sector of the first track. We're extracting 512 bytes to give to cudaHashcat.
To crack it, we would then run:
./cudaHashcat64.bin -a 0 -m 6241 /path/to/file.tc /path/to/wordlists/
Assuming I was given the correct information and that the volume uses RIPEMD-160 and AES.
Like I said, since this is the first TrueCrypt volume I've run, I just want to make sure I did this right. Thanks all.