TrueCrypt Example Hash in Boot Mode
#1
Hey,

first, thanks for adding TC-support!

I want to try and compare the performance to my commercial apps, but Ive got a problem extracting the correct input hash for hashcats truecrypt boot mode. What is exactly necessary? I read "first 512 bytes of HD" or "severel MB of the HD" ... In the the fst sector I see nothing else than the (plain text) bootloader. Do you mean the first 512 bytes of the encrypted system partition? I can't imagine because as I know only the truecrypt header is encrypted with the users passwords; the partition is encrypted with the master key, which resides in the encrypted head, which resides not within the partition ... d'oh.

so... I would much appreciate if you could explain where to extract the hash Smile


thx & regards
#2
Howdy.

You need to feed the last 512 bytes (sector) of the first logical drive track to oclhc.
You can use any hex editor you want for this purpose.

I've used WinHEX and WinXP under a VM to verify everything works.
WinHEX is good because it can provide you with additional information, which eases the dumping process.
The virtual disk had 63 sectors per track, so I dumped the last one and fed it to oclhc, password was found.

I've provided the dumps, everything should be obvious once you load em into a hex editor.

The password is 'biscotte'

Last thing: I am not a storage media expert, so I might have made a mistake somewhere.


Attached Files
.zip   temp.zip (Size: 32.3 KB / Downloads: 87)
#3
Thank you Rolf

I know this wasn't my question but I am grateful for your clear and thorough answer. I am sure it will help others also. Smile
#4
I followed your instructions and extracted the neccessary sector of my (DD-imaged-) Truecrypt testinstallation. The password was found.

With 2xGTS450 I get 32kp/s, with 1xGTX680 I get 55kp/s (sadly I get the cuStreamSynchronized 700 Error with both GTX680)

The commercial app I own reaches about 46kp/s with both GTX680 in TC-Boot Mode.

So...the cat is more than twice as fast.

congrats, thx & regards
#5
(09-20-2013, 05:08 PM)hellfish Wrote: So...the cat is more than twice as fast.
Oh, Atom will be delighted to hear that.
#6
Hello Rolf,

I am sorry if this is a (very) noob question, but how do I pass the last sector into oclHC? Should I do a base64 encode of the the sector?
#7
Hi, I have a similar problem and some more questions.
The first problem I come across is how to get the hash from the truecrypt device. I tried WinHex but I don't know which part exactly I need to use, also I am unsure of which method I used for creating (Ripe or sha). Even with your iso example (neither the iso nor a txt file with text from iso) I dont get a proper input for hashcat, so what did you do?

F:\Download\TC crack\HashcatGUI_0301\oclHashcat-plus-0.15>cudaHashcat-plus64.exe
-a 1 -m 1700 -p : --session=21135009 --force -o "F:\Download\TC crack\_found.tx
t" --outfile-format=2 -n 32 --gpu-temp-abort=75 "F:\Download\TC crack\forum-dump
-example\last sector.txt" "F:\Download\TC crack\forum-dump-example\pw.txt" ""
WARNING: Hashfile 'F:\Download\TC crack\forum-dump-example\last sector.txt' in l
═ßd♀): Line-length exception
WARNING: Hashfile 'F:\Download\TC crack\forum-dump-example\last sector.txt' in l
ine 2 (½ø┤­┌av}×ê╠┤L,╩¿Ï├àÏî8î☺öϨÈ►c$¨¦ªÑsÉ┴_►r♥t4ÜÓ³¯©ö"┌êŵ←┐↓7╔0úÊl5↔Ù¶rYR;j
J"ehúx?³¢►¬£Ï/╗î┤►N╔Ñ9Î‼Qv▲$♀Jz<öÆ┤C®¿♀¤ËD²Ì‼QÃí,÷¶8fÏC↓r'Ü?å←ú4◄#û▄°‼aÃÝ[∟M&↕bB
sq1þò▬YκEÉ3}@¸): Line-length exception
ERROR: No hashes loaded

Can you please tell me the correct cmd command and how to get the hashfile from the truecrypt container please?