Results 1 to 10 of 25

Thread: Brute Force AES/Truecrypt with a simple password

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Jul 2007
    Posts
    19

    Default Brute Force AES/Truecrypt with a simple password

    I just got truecrypt installed on my BT3 install and I have gone through the options and made a couple different types of file containers. Now I know from the prompts about making a strong password and all the posts of trying to brute force even a rar file that if the length is over 12 characters its going to take a while. How would I brute force a truecrypt container? Is there a specific set of tools needed for something like this. I have used rarcrack and its worked fine because I can set what characters that run against my file. I have not used anything else, nor have I cracked a hash file or .htaccess file, hence why I am asking for advice. For my test I have made two containers one AES and one Two-fish. The password is the same (open) for both containers. Search's for brute force, AES and truecrypt give me little go off of. I did see a post about JTR talking about Blowfish, MD5 and DES, but nothing about AES or the other forms that are in Truecrypt.

  2. #2

    Default

    Not that I have looked extensively, but I would assume you could create a script using your favorite language (perl, python, ruby etc) and start running a bruteforce or dictionary against the container.

  3. #3
    Just burned his ISO
    Join Date
    Jul 2007
    Posts
    19

    Default

    Seeing how I have limited ability in this field, I wouldn't know where to begin. All I have taken so far in college is C, Java, Networking and A+ Prep. A friend showed my BT and I have been learning as I go. I don't work in the field and I won't for a couple more years. I have found a couple perl scripts that I could get and run against files but I don't understand enough about cryptography to know if the end result would be the same for each container since they are encrypted differently. I understand the different methods of encryption are the way in which the data is scrambled so it can't be read but the end result of having the password would output the information contained in the container. But if that was the case I could make a TC container with a .rar extension and run against rarcrack and it should spit out the passkey... But it didn't work for me.

  4. #4

    Default

    I've never used truecrypt before, but I'm going to assume it has some kind of command line you can run to encrypt/decrypt the container contents?

    If this is the case, I think you could build a perl/python/bash script wrapper that calls truecrypt, and then pulls words from a dictionary or call random strings, iterating through each line in the dictionary until success. I'm sure there is something better out there, but as I mentioned in my OP, I haven't looked too hard.

    Scripting isn't too difficult and is a skill that is well worth your time to learn. This would be a good project for you to start with.

    If this isn't what you were looking for, then sorry that I've misunderstood what you were asking.

  5. #5
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  6. #6
    Just burned his ISO
    Join Date
    Jul 2007
    Posts
    19

    Default

    Thanks for the links. Yes what I found wasn't much help either. I think my best bet would be to try the java version and change some settings to make it do only certain characters. I don't need a brute force dictonary attack as is my only option with the truecryptbrute.

  7. #7
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by JohnMa69 View Post
    Thanks for the links. Yes what I found wasn't much help either. I think my best bet would be to try the java version and change some settings to make it do only certain characters. I don't need a brute force dictonary attack as is my only option with the truecryptbrute.
    Or you could make a dictionary file that contains all of the key combinations you want to try...

    Using something like crunch.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •