[SOLVED] How to handle TrueCrypt hidden *container*?
#1
Hi,

How to handle Truecrypt hidden containers (not hidden partitions/OS)?

I created a test file (TC 7.1a) with RIPEMD-AES as outer container and RIPEMD-Serpent-Twofish-AES as hidden container.

I can successfully get the outer container:

Code:
hashcat --status -m 6213 -a 0 -w 3 2012/2012-test4.tc 2012/dict.txt
hashcat (v6.1.1) starting...

OpenCL API (OpenCL 1.2 ) - Platform #1 [Intel(R) Corporation]
=============================================================
* Device #1: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz, skipped
* Device #2: Intel(R) HD Graphics 4000, 1336/1400 MB (350 MB allocatable), 16MCU

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 64

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1

Applicable optimizers applied:
* Zero-Byte
* Single-Hash
* Single-Salt
* Slow-Hash-SIMD-LOOP

Watchdog: Hardware monitoring interface not found on your system.
Watchdog: Temperature abort trigger disabled.

Host memory required for this attack: 99 MB

Dictionary cache built:
* Filename..: 2012/dict.txt
* Passwords.: 11
* Bytes.....: 200
* Keyspace..: 11
* Runtime...: 0 secs

The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework

Approaching final keyspace - workload adjusted.

2012/2012-test4.tc:KYTaNF5aXnrKakHQaTJL
Session..........: hashcat
Status...........: Cracked
Hash.Name........: TrueCrypt RIPEMD160 + XTS 1536 bit
Hash.Target......: 2012/2012-test4.tc
Time.Started.....: Tue Nov 24 04:32:40 2020 (1 sec)
Time.Estimated...: Tue Nov 24 04:32:41 2020 (0 secs)
Guess.Base.......: File (2012/dict.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#2.........:      18 H/s (4.33ms) @ Accel:64 Loops:16 Thr:8 Vec:1
Recovered........: 1/1 (100.00%) Digests
Progress.........: 11/11 (100.00%)
Rejected.........: 0/11 (0.00%)
Restore.Point....: 0/11 (0.00%)
Restore.Sub.#2...: Salt:0 Amplifier:0-1 Iteration:1984-1999
Candidates.#2....: 02938483 -> KYTaNF5aXnrKakHQaTJL
Started: Tue Nov 24 04:32:38 2020
Stopped: Tue Nov 24 04:32:42 2020


However, the inner container fails:

Code:
hashcat --status -m 6213 -a 0 -w 3 2012/2012-test4.tc 2012/dict.txt
hashcat (v6.1.1) starting...

OpenCL API (OpenCL 1.2 ) - Platform #1 [Intel(R) Corporation]
=============================================================
* Device #1: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz, skipped
* Device #2: Intel(R) HD Graphics 4000, 1336/1400 MB (350 MB allocatable), 16MCU

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 64

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1

Applicable optimizers applied:
* Zero-Byte
* Single-Hash
* Single-Salt
* Slow-Hash-SIMD-LOOP

Watchdog: Hardware monitoring interface not found on your system.
Watchdog: Temperature abort trigger disabled.

Host memory required for this attack: 99 MB

Dictionary cache built:
* Filename..: 2012/dict.txt
* Passwords.: 11
* Bytes.....: 140
* Keyspace..: 11
* Runtime...: 0 secs

The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework

Approaching final keyspace - workload adjusted.

Session..........: hashcat
Status...........: Exhausted
Hash.Name........: TrueCrypt RIPEMD160 + XTS 1536 bit
Hash.Target......: 2012/2012-test4.tc
Time.Started.....: Tue Nov 24 04:33:07 2020 (1 sec)
Time.Estimated...: Tue Nov 24 04:33:08 2020 (0 secs)
Guess.Base.......: File (2012/dict.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#2.........:      18 H/s (4.33ms) @ Accel:64 Loops:16 Thr:8 Vec:1
Recovered........: 0/1 (0.00%) Digests
Progress.........: 11/11 (100.00%)
Rejected.........: 0/11 (0.00%)
Restore.Point....: 11/11 (100.00%)
Restore.Sub.#2...: Salt:0 Amplifier:0-1 Iteration:1984-1999
Candidates.#2....: 02938483 ->
Started: Tue Nov 24 04:33:05 2020
Stopped: Tue Nov 24 04:33:09 2020

If course, in the first case, the password list contains the password of the outer container but not the hidden and in the second case, it contains the password of he hidden container only.


Is anything special required to handle hidden TrueCrypt containers?

Bonus: The careful reader should have found something seemingly impossible to happen:
Code:
-m 6213
is the hash mode for XTS 1536 bit (i.e. Triple Encryption such as Serpent-AES-Twofish). However, the outer container is only AES, so the hash mode is wrong! How come that hashcat still finds the correct password for the outer container although the hash mode is wrong?

Thanks!
Reply
#2
Using the entire volume is entirely unsupported. You should extract the required header as described here: https://hashcat.net/wiki/doku.php?id=fre...pt_volumes
Reply
#3
(11-24-2020, 10:41 PM)undeath Wrote: Using the entire volume is entirely unsupported. You should extract the required header as described here: https://hashcat.net/wiki/doku.php?id=fre...pt_volumes

I had read this page already but thanks for re-affirming!

I was bogged down because of

Quote:if TrueCrypt uses a hidden partition, you need to skip the first 64K bytes (65536) and extract the next 512 bytes.
[...]
[*]in all other cases (files, non-booting partitions) you need the first 512 Bytes of the file or partition.

That's also why I emphasized container in the title of the thread.
Indeed, what's written there seems to be true not just for partitions but also containers!

I did the following:

Code:
dd if=2012-test4.tc of=2012-text4-hash-hidden bs=1 skip=65536 count=512

and indeed it finds the correct password. I cannot update the Wiki unfortunately but I think that would be good to update since it's confusing.

What's left is my bonus question (which now becomes even more interesting when you say "Using the entire volume is entirely unsupported"): How come that hashcat finds the right password for the wrong hash mode? Can this be coincidence?


EDIT: Ok, I understand. 6213 can also be used for 6211 (https://hashcat.net/forum/thread-8596.html)
Reply