Help with Truecrypt partition decryption
#1
Hello!

I had my drives encrypted with truecrypt but because I had my system up and running in almost a year and today I had a power surge, I now cannot remember for the love of god my password. I know some bits, because it was me who thought it but can't remember the whole password. So I would really appreciate some help.
As far as I have read and understood, I first need to extract the hash from the partition and then run it with hashcat.

1) I first run dd to extract the hash. It's the whole disk drive so if I understand correctly I run something like
"dd.exe if=\Device\Harddisk6\Partition2 of=c:\temp\partition_hash.tc bs=512 count=1"

2)Because I know some bits about the password for example I know the first 10 characters and then I also know a string of characters (6 in total, just letters) and I also know the last 2 characters. How can I use this information to speed up the whole process?

3) I am not sure if I used AES-Twofish-Serpent or Serpent-Twofish-AES, is there a way to combine these two or do I have to run them seperatly?

4)Again I am not sure if I used SHA-512 or Whirpool, is there a way to combine these two or do I have to run them separately?

5) I have an RTX-2070 can I use it to speed things up?

6)I have now 16TB of locked data, so if anyone can feel my pain, I would appreciate enormously if someone could help me with the final syntax, I know it is a lot to ask, but I am a little desperate right now.

I would like to thank each and every one who read my post and even more everybody that answers. Excuse me for my bad English and I wish you a pleasant day!
Reply
#2
1. yeah the first 512 bytes are sufficent

2) you can use a maskattack for this, given your example your mask should be something like this
custom charset -1 ?u?l (upper and lower chars, or if you are sure that the 6 letters are upper or lower only you can modify this)
mask:
10charpass?1?1?1?1?1?1last2chars

3) it doesnt matter (there is an old thread about this)

4) you will need to runs this seperatly BUT are you sure you used sha or whirlpool? because the default with truecrypt was ripemd160 back then

5) with cuda sdk and driver yeah should work
Reply
#3
1) if you have the standard drive it's first 512 bytes, if it's hidden use the command
Code:
dd if=\Device\Harddisk6\Partition2 of=partition_hash.tc bs=1 skip=65536 count=512
2) you can use a mask to speed up the recovery process
3) and 4) you will have to run them separately
5) of course you can use your GPU power to speed up the process if you have opencl or cuda installed
6) 
Code:
hashcat -a 3 -m [6221|6222|6223|6231|6232|6233] -O partition_hash.tc <mask> 
where mask is <your 10 known chars>?a<string of 6 chars>?a<last 2 chars> but use the ?a that many times you suppose you have an unknown char of the password

Best wishes

Maroslaw
Reply
#4
Thank you so much for answering me!

I will put this information to use. Thanks again!
Reply