Brute TrueCrypt password
#1
Is it possible to crack the TrueCrypt volume password?

Encryption Algorithm: AES-Twofish-Serpent
Hash Algorithm: RIPEMD-160
Keyfile was used (which I have).

I tried all passwords I usually use, but none worked.
So basically, I have no clue anymore what it might be.

Can I recover my password with hashcat?
If yes, which options do I have to use?

Many thanks
Reply
#2
Yes it is possible.
What is the exact command you typed ?
Reply
#3
Code:
$ hashcat.exe -m 6213 -a 3 -w 3 --increment --increment-min 6 -o cracked.txt --truecrypt-keyfiles=kf.xyz sdb1_dump.dd -1 ?l?u ?a?1?1?1?1?1?a?a?a?a?a?a?a?a?a?a

I did some test runs on a created volume (no hidden, with partition, non-systen) and this seems (?!) to work. I took the first 512 bytes using dd.

I know the password in minimum 6 chars long, maximum 16 chars.
The first char can be anything, but the next 5 chars are for sure letters (upper- or lowercase).
The rest can be anything again.

Are the parameters I used correct?

Besides that, I was surprised to see that:
1. if -o isn't used, the cracked result is neither stored anywhere, nor displayed.
2. the mask needs to be at the end, otherwise "... Invalid argument" is shown.
Did I miss something?
Reply
#4
(02-21-2022, 07:40 PM)strcmp Wrote:
Code:
$ hashcat.exe -m 6213 -a 3 -w 3 --increment --increment-min 6 -o cracked.txt --truecrypt-keyfiles=kf.xyz sdb1_dump.dd -1 ?l?u ?a?1?1?1?1?1?a?a?a?a?a?a?a?a?a?a

I did some test runs on a created volume (no hidden, with partition, non-systen) and this seems (?!) to work. I took the first 512 bytes using dd.

I know the password in minimum 6 chars long, maximum 16 chars.
The first char can be anything, but the next 5 chars are for sure letters (upper- or lowercase).
The rest can be anything again.

Are the parameters I used correct?

Besides that, I was surprised to see that:
1. if -o isn't used, the cracked result is neither stored anywhere, nor displayed.
2. the mask needs to be at the end, otherwise "... Invalid argument" is shown.
Did I miss something?

1.) for default, stored in potfile, but it doesnt matter, because your attack will take hundreds of years Wink
Reply
#5
(02-22-2022, 12:15 PM)Sondero Wrote: 1.) for default, stored in potfile, but it doesnt matter, because your attack will take hundreds of years Wink

Yes, I saw now that it takes ages ... Sad
May I use a (my own) wordlist and tell hashcat to take any combination of these words?

BTW ... even if cracked, hashcat.potfile doesn't hold the found hash.
Reply
#6
Still looking for my lost password.

Just to be sure ... when I use dd from (e.g.) Ubuntu, does it matter if the (SATA) HDD is connected via USB bay, or does it need to connected via SATA (eSATA)?
Reply