TCHead - Decrypt TrueCrypt Headers

Discussion in 'privacy technology' started by 16s, Dec 4, 2011.

Thread Status:
Not open for further replies.
  1. 16s

    16s Registered Member

    Joined:
    Jan 7, 2011
    Posts:
    32
    TCHead decrypts and verifies TrueCrypt headers. I thought some on Wilders may find it of interest. It includes full source code and is simple and easy to use:

    http://16s.us/TCHead/
     
  2. Warlockz

    Warlockz Registered Member

    Joined:
    Oct 30, 2008
    Posts:
    642
    For people who would like more of an understanding of what this is capable and incapable of? read the TCHead FAQ

    IMO this tool is as weak as the passwords it cracks

     
  3. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I don't understand what this means. Can this software crack into a truecrypt volume?
     
  4. 16s

    16s Registered Member

    Joined:
    Jan 7, 2011
    Posts:
    32
    No, it only decrypts the header if you know the password (or guess it correctly).
     
  5. marktor

    marktor Registered Member

    Joined:
    Dec 4, 2011
    Posts:
    143
    So this tool can basically brute force TC containers? But a strong password defeats this correct? And without knowing the password this tool can do nothing. Am I understanding this correctly?
     
  6. 16s

    16s Registered Member

    Joined:
    Jan 7, 2011
    Posts:
    32
    TCHead can be used for brute-force, but it's not optimized to do that. Currently, it can only try about 50 words a second when using a word list. And yes, strong passwords would prevent that (even from more efficient tools purpose-built to brute-force).

    The goal of TCHead is to demonstrate simple code that can decrypt TrueCrypt volume headers so that others can see clearly how the decryption works. There are other good examples out there, but they tend to focus too much on cryptographic primitives and abstract math (IMO) and this confuses many.
     
  7. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    991
    Location:
    Hawaii
    Displaying the contents of decrypted TC headers is both useful and educational. This tool will be quite handy for me, as one of my hobbies is to "poke apart" TC volumes and their headers under various circumstances to see how they work and how they break. Thanks!
     
  8. tateu

    tateu Registered Member

    Joined:
    Dec 10, 2010
    Posts:
    60
    Location:
    Los Angeles, CA USA
    Yet, it is faster than OTFBrutusGUI in single thread mode. Interesting, since I have a test version of OTFBrutusGUI that uses the Botan crypto lib and it is much slower than the version using TrueCrypt's crypto lib and the version using the Crypto++ lib (the default).

    Thanks for the software.
     
  9. 16s

    16s Registered Member

    Joined:
    Jan 7, 2011
    Posts:
    32
    Thanks.

    I suspect that's because TCHead v0.1 only attempts to decrypt individual ciphers. Once cascading ciphers are added, TCHead should slow down to roughly 30 passwords per second. Not too bad, but certainly nothing to brag about.

    If I needed to brute-force a TC volume, I'd probably use something such as OTFBrutus. And should the volume have a strong password/key files I would say that brute-force is infeasible at this point in time (even with very good software and hardware) as it's just too computationally expensive (slow) to attack TC volumes in the fashion.
     
  10. 16s

    16s Registered Member

    Joined:
    Jan 7, 2011
    Posts:
    32
    I added the ability to decrypt hidden volume headers. That has been the most requested feature so far. Download v0.2 if you want to test that: http://16s.us/TCHead
     
  11. tateu

    tateu Registered Member

    Joined:
    Dec 10, 2010
    Posts:
    60
    Location:
    Los Angeles, CA USA
    And I just figured out why I thought it was faster. It actually is not. It runs at just about the same speed with both running on a single thread on my Windows 7, dual Quadcore Xeon machine.

    I was testing TCHead vs OTFBrutusGUI using a short wordlist with the correct password as the last item in the list. OTFBrutusGUI goes through the list in the order in which the passwords are stored in the wordlist but TCHead sorts the passwords alphabetically. This meant that OTFBrutusGUI was testing all 625 passwords before finding the correct one at #625 whereas TCHead was only testing 195 passwords and finding the correct one at #195.

    Anyway, nothing too important here. I was just always really bothered by the fact that TCHead seemed so much faster.
     
  12. 16s

    16s Registered Member

    Joined:
    Jan 7, 2011
    Posts:
    32
    The sort you speak of is just the standard C++ data container std::set and its implicit ordering. I use std::set to prevent the same password from being tried more than once. TCHead is not intended to be fast, only to show in simple terms code that will decrypt TrueCrypt headers and to demonstrate a very basic brute-force.
     
  13. tateu

    tateu Registered Member

    Joined:
    Dec 10, 2010
    Posts:
    60
    Location:
    Los Angeles, CA USA
    If you're looking for fast and only need to decrypt a container that uses SHA512 and does not use Keyfiles, the developer of Ivan Golubev's Password Recovery Suite posted a link on the TrueCrypt forums the other day: http://www.golubev.com/igprs/

    It currently only handles SHA512 and does not work with Keyfiles but it is much faster than anything I have previously seen. And it is also GPU enabled for supposedly as much as 27,000 password attempts per second on a container encrypted with SHA512 and just AES. I don't have a compatible GPU but I did try it in CPU mode.

    OTFBrutus (Dual QuadCore Xeon X5550 @2.67 GHz, 16 Threads)
    0815 p/s - SHA512, XTS, All Encryption Algorithms
    0820 p/s - SHA512, XTS, only AES

    Ivan Golubev's Password Recovery Suite (CPU mode only, Dual QuadCore Xeon X5550 @2.67 GHz, 16 Threads):
    3126 p/s - SHA512, XTS, All Encryption Algorithms
    9677 p/s - SHA512, XTS, only AES
     
Loading...
Thread Status:
Not open for further replies.