Trying to brute force TrueCrypt

Hi, I have been very busy, but I promise your time has not been wasted. I will definitely try it once I have a peaceful moment.

 

Hello, I may have permanently damaged my brain trying to follow your discussion, but I more less understand what you want me to do

This is my first attempt and I am using version 0.1.0.8 and below template. For now I have selected only RipeMD160 to speed up the process. I will try others if needed.

Four questions: What am I supposed to expect to happen actually? What does Thread Count button do? What is Select Device for? And what is the difference between Volume types?

Thank you all very much for help!

 

1) When you press the start button, it should start trying passwords against your TrueCrypt volume. You should see some text in the grey status bar at the bottom of the OTFBrutusGUI window showing how much time has passed, is left, etc.

2) Thread count is how many passwords to try simultaneously. This should probably left at it's default value, as OTFBrutusGUI should automatically determine the maximum value allowed by your CPU. For my old computer at home (Pentium 4 with Hyperthreading) this value is 2 (1*2). For my Dual Quad Zeon with Hyperthreading system at work, this value is 16 (2*4*2).

3) When you created your TrueCrypt volume, did you create a File hosted or a Device hosted volume? Load your volume in OTFBrutusGUI the same way that you do in the TrueCrypt GUI.

4) When you created your TrueCrypt volume, did you create a Standard volume or Hidden volume. In OTFBrutusGUI, select the volume type that matches.

With your password pattern: were we correct in assuming that you never repeated any of your strings or special characters? Your password never looked like this:

^[string1]^[string2]
or
[string1]@[string1]


If you never repeated any strings, I think the easiest to try will be a single password pattern of
(s1|s2|s3|s4|s5|s6|s7|^|@| |\0){5:1}
which will try 63590 passwords (unfortunately, with a bunch of duplicates because of how I programmed the null character).

If you never repeated any strings, I think the most efficient to try would be 4 separate passes:
(s1|s2|s3|s4|s5|s6|s7|^|@| ){5:1}
(s1|s2|s3|s4|s5|s6|s7|^|@| ){4:1}
(s1|s2|s3|s4|s5|s6|s7|^|@| ){3:1}
(s1|s2|s3|s4|s5|s6|s7|^|@| ){2:1}
which will try 36100 passwords.


Easiest to try:

Most efficient to try:

After pressing the Start button, the large white dialog box should fill up with some info about the current job (volume name, password count, encryption methods, etc.) and the grey status bar at the bottom should tell you how much time has elapsed, is left, etc.

 

piotreg, sorry about the brain damage. I guess we were having too much fun and we got carried away. All of our brains are fried already, so we hardly even notice anymore.

tateu, I still haven't had a chance to thoroughly examine the workings of your new null character, but I've definitely noticed that it doesn't produce the same output as inserting a null "placeholder" character and then deleting it from the resulting wordlist. More dupes, definitely.

 

Well, I was hoping to have only one person post in response to piotreg, so that we don't have a bunch of people responding and add confusion.

So, let me preface this by saying this isn't directed to piotreg's issues.

I haven't noticed this behavior. Can you give a specific example of the null character producing more results than a placeholder.

Note that when you use tateu's new feature of limiting duplicates, you would expect more results with the null character than if you added a place holder. This is because there's no duplicate checking on the null character while there is duplicate checking on any placeholder that you use.

For instance,
(s1|s2|s3|s4|s5|s6|s7|^|@| |\0){5:1} produces 63590 results.

While,
(s1|s2|s3|s4|s5|s6|s7|^|@| |*){5:1} produces 55440 results.


I think this is the way it's supposed to be because using a placeholder in this circumstance can't be done. Only the null character bypasses all duplicate checking, so only the true null character can be used. A placeholder will produce incorrect results.

 

v0.1.0.9 available for testing
http://www.tateu.net/software/dl.php?f=OTFBrutusGUI_beta

I removed the null character in favor of true variable length support {1-5}

In the previous version using the null character
(s1|s2|s3|s4|s5|s6|s7|^|@| |\0){5:1}
produces 63590 results of varying length from 1-5 with lots of duplicates.

In the new version using variable length syntax
(s1|s2|s3|s4|s5|s6|s7|^|@| ){1-5:1}
produces 36100 results of varying length from 1-5 with no duplicates. That is about 43% less.


And if you want the older versions for comparison:
http://www.tateu.net/software/dl.php?f=OTFBrutusGUI_v0.1.0.8a_beta.7z
http://www.tateu.net/software/dl.php?f=OTFBrutusGUI_v0.1.0.7a_beta.7z
http://www.tateu.net/software/dl.php?f=OTFBrutusGUI_v0.1.0.6a_beta.7z

 

Nicely done. It seems to work perfectly so far.

I'll run some more tests on it.

So, for piotreg, if we haven't scared him or her off, the new password pattern is:

(s1|s2|s3|s4|s5|s6|s7|^|@| ){1-5:1}


Again, great work. FYI, I have some uses for this program other than password patterning. I often have the need to generate large patterned lists, such as for batch documents on Windows. It comes up all the time for me, so I know I'll be using this program even if I don't need it for password testing.

 

I'm not sure if this would be considered a bug, but...

[^@ ]{0-1} doesn't work. The zero is apparently not accepted.

So, it doesn't totally replace the null.

 

Oh, ok, I see. It doesn't actually make a difference in the above example (I changed to abc, I think it's easier to read):
[abc\0]{1} in v0.1.0.8 would produce 3 passwords
a
b
c
The fourth password is a null, empty string and so is skipped.

In v0.1.0.9
[abc]{1} also produces 3 passwords
a
b
c


but, if you wanted to do something like this:
[abc\0]{1}[d]{1} in v0.1.0.8 would produce
ad
bd
cd
d

in v0.1.0.9, the best you could do is
[abc]{1}[d]{1}
ad
bd
cd


I think (hope?) it's an easy fix. I've also already added character ranges [a-zA-Z0-9] and will package it all up when I get it done.

 

Fixed in v0.1.1.0
http://www.tateu.net/software/dl.php?f=OTFBrutusGUI_beta

A length of 0 can be used to skip over a pattern completely. The order is a little strange, it does the 0 length first and so it looks backwards to me. I have some other things to work on with the variable length strings (comma separated lengths {1,2,5-7}) and I think one of the side effects will be to put the 0 length pattern last and correct the out of "orderness" as seen below.

I also added character ranges: [a-d].

Code:

[12]{0-2}[ab]{1}
  a b 1a 1b 2a 2b 11a 11b 12a 12b 21a 21b 22a 22b

(s1|s2){0-1}(s3|s4){0-1}
  s3 s4 s1 s1s3 s1s4 s2 s2s3 s2s4

(s1){0-1}(s2){0-1}(s3){0-1}(s4){0-1}
  s4 s3 s3s4 s2 s2s4 s2s3 s2s3s4 s1 s1s4
  s1s3 s1s3s4 s1s2 s1s2s4 s1s2s3 s1s2s3s4

The following are the same:
  [a-d]
  [abcd]

The following are the same:
  [z-A0-9]
  [zyxwvutsrqponmlkjihgfedcba`_^\]\\\[ZYXWVUTSRQPONMLKJIHGFEDCBA0123456789]

And if you want the older versions for comparison:
http://www.tateu.net/software/dl.php?f=OTFBrutusGUI_v0.1.0.9a_beta.7z
http://www.tateu.net/software/dl.php?f=OTFBrutusGUI_v0.1.0.8a_beta.7z

 

So far so

I'll test some more.

Edit: To piotreg, if you're totally confused by this, you could just pick someone that you trust and let them test it for you. All they would need is the header of the volume (a few megabytes max) and your seven strings. They could find the password and give it to you. The header of the volume contains no actual files, so you're not giving any data from the volume.

I know you didn't want to give someone the strings, but it's worth considering if you can't get it to work. Good luck.

 

Hi! No luck so far, but I will keep on trying changing some variables. I think I understand what you guys advise enough to make valid runs.

What is the header of the volume?

I will try that next, should I use the latest version of the software?

I really appreciate your efforts and have only myself to blame

Yes, I am positive of that. Thank you for the software and involvement.

 

It's a small portion of the volume (less than 1MB) at the very beginning of the volume. TrueCrypt gives you the option to back it up if you know the password. Alternatively, we could probably tell you how to copy it off your volume if you wanted to give a copy to someone.

Yes, that password pattern will only work on the latest version.


Edit: If you could keep us updated on what you've tried, it may help us offer further suggestions.

 

In reply to the original post (I haven't read all of the posts in this thread), the following article would perhaps offer a way to solve the problem (academically speaking, of course in a contained environment local to the experiment - i.e. your own local network):

Build Your Own Supercomputer With Ubuntu 10.04.

-- Tom

 

Hello,

I have run Brutus for several days now, I have selected all combinations that came to my mind (ending up with more strings) and I have tried both hidden and standard volume types. Unfortunately I have had no luck.

I cannot imagine what password I must have created. Anyway, I would like to thank you for engaging in the discussion, bringing it to my level and helping out in general. You are great bunch.

 

I would be in this same boat if it weren't for KeePass!

 

I'm using 0.1.0.8 and I'm having difficulty with the syntax for )(

One of my known password srings is ABC)(123, where X is alphanumeric .

But when I type the string into the password pattern, I get the error:

ERROR @ POS 3, Found ')' that was not part of a pattern or escaped with a preceeding \.

I read the previous post and saw that it had to preceed with \, ok no problem. So I modified this part of my string to now be:

ABC\)(123

So now it says same error @ position 4..... not preceeded, etc...

So I added another \!!

ABC\\)(123

Same error @ position 5...

What the hell? I have brackets in the known password string, how can I make a combination if I cant use the known password

 

v0.1.1.1a is the latest...http://www.tateu.net/software/dl.php?f=OTFBrutusGUI_beta

but that won't change your situation...I guess the reported position indicator is a little misleading...I think the position indicator ignores the backslash \. Your second error message "So now it says same error @ position 4..... not preceded, etc..." actually means that the '(' character needs to be escaped with a backslash.

Off the top of my head, I forget exactly which characters need to be escaped but I know ()[]{} all need to be preceded by a backslash if they are actually part of the password.

In your case: ABC\)\(123

 

No I understand that the counter ignores the \. I'm saying it still doesn't work.

I still get the error message when using the string you provided (which I had already tried): ABC\)\(123

I just want to be sure that when you say "escaped" you mean just adding the \ in front right? Or do I actually have to do anything with the ESCAPE key?

 

Ignore my msg above, thing works with latest version. Guess the preceeding \ was a bug in 0.8.

Anyways, bit late to fiddle with it, I'll play with it more tomorrow.

Great program so far. I am 99.99% confident I WILL get my password with this lol.

 

Yes, I just checked, and you are right. It is a bug in the older version.

 

Bruteforcing the keyspace of algorithm used in TC is quite unfeasible, especially if a random key file was used. Bruteforcing a partially unknown password is another thing, but anyway would take a lot of time.
I would rather concentrate efforts in building a plausible dictionary, starting from social engineering of terms, names, numbers and dates relevant to the creator of the password, then a plain dictionary of most common words (and variants), and then of sentences, in the various languages known to the subject.
It is not as easy as writing a bruteforcing routine, but if a proper passphrase (sufficient length, not trivial to guess) was used it may probably be the only feasible solution in less than a billion of years.

 

http://www.overclock.net/networking-security/1031638-truecrypt-bruteforcer.html