[SOLVED] TrueCrypt keyfiles are ignored -- what can be wrong? Broken?
#1
Hello,

I want to use hashcat to obtain my forgotten password for an old hidden TrueCrypt container which ueses two keyfiles.

I created a testfile with a hidden container and known key which is found successfully. However, as soon as I add keyfiles I get

Code:
Status...........: Exhausted

This is my command line:

Code:
hashcat --status -m 6213 -a 0 -w 3 --truecrypt-keyfiles="2012/files/Küdo.pdf,2012/files/File Number Two.txt" 2012/2012-test5-hash-hidden 2012/dict_inner.txt

Of course, the files exist and are definitely the correct ones (I can mount the container via TrueCrypt).
However, what freaks me out a bit more is that it doesn't seem to matter which files I supply. In fact, --truecrypt-keyfiles does seem to be ignored completely. For example, I do:

Code:
hashcat --status -m 6213 -a 0 -w 3 --truecrypt-keyfiles=XXX 2012/2012-test5-hash-hidden 2012/dict_inner.txt

where XXX does not exist and I get the identical output (no error message that key file can't be found but Status: Exhausted).


Can it be that --truecrypt-keyfiles is broken?

Thanks!

EDIT: I looked into the source and it seems there is indeed no warning/error if a file cannot be read -- via (hc_path_read (keyfile)). I tried it with just one file, gave it a simple name (TC) and I am absolutely confident the file exists and is readable. Also, it seems hashcat generates a cumulative CRC32 sum among all keyfiles: cpu_crc32 (keyfile, (u8 *) tc->keyfile_buf); .... looks correct at a first glance. Please help me on this! Thanks!
Reply
#2
Ok, finally I got it working. Phew.

For everyone who finds this: This parameter is extremely finicky. Be very careful about the file names etc.
  • There is no indication (error message, warning) if one or all key files cannot be found, opened etc!
  • The function silently fails when there are special characters: Avoid umlauts, spaces or in general any characters in the filename.
I recommend just renaming the keyfiles to KF1, KF2 etc. and placing them in the same directory to avoid any reading problems.
Reply