5. [Daily hack] Truecrypt

Daily hackTruecrypt GPU partial password

recovery By George Lagoda

Feb 15, 2014

/wh0x41mi

George Lagoda

Security expert Pentester Interests: [deep|web]penetrations,

revers, forensics,

Work at . . .

Again about recovery

Maybe again about Anna

What I had?• Partialy lost TC passwd• 4-5 symbols lost or we have something like:

[Y|y]a[L|l]ublu[S|s]vou[K|k]isku

So we either do not remember 1-2-3-4-5 symbolsOr Don’t remember symbols’ case

Tools for LinuxTrueCrack

Written for LinuxOptimized for CUDA (NVDIA dependence )Supports most of TC hash types and encryption methodsBut what is AMD or WINDOWS?

oclHashCat, the almighty

Supports both CUDA and OpenCL, lot of modules, hard to understand>cudaHashcat64 –help

621Y = TrueCrypt 5.0+ PBKDF2-HMAC-RipeMD160622Y = TrueCrypt 5.0+ PBKDF2-HMAC-SHA512623Y = TrueCrypt 5.0+ PBKDF2-HMAC-Whirlpool624Y = TrueCrypt 5.0+ PBKDF2-HMAC-RipeMD160 boot-mode

How this all work?Offset(bytes) Size Description

0 64 Salt

64 4 ASCII string “TRUE” (encrypted)

Usually we know hash type, we have salt and encrypted string.

HACK Time?

Some more options

So lets give it a hackcudaHashcat64.exe -m 6211 C:\Temp\anna_secret.tc -a 3 -1 ?l?u?d ?1?1wer?1Y -o C:\Temp\anna.txt

Results

Daily hack : Truecrypt GPU partial password recovery

The end.