Upload
defconmoscow
View
65
Download
4
Tags:
Embed Size (px)
Citation preview
Daily hackTruecrypt GPU partial password
recovery By George Lagoda
Feb 15, 2014
/wh0x41mi
George Lagoda
Security expert Pentester Interests: [deep|web]penetrations,
revers, forensics,
Work at . . .
Again about recovery
Maybe again about Anna
What I had?• Partialy lost TC passwd• 4-5 symbols lost or we have something like:
[Y|y]a[L|l]ublu[S|s]vou[K|k]isku
So we either do not remember 1-2-3-4-5 symbolsOr Don’t remember symbols’ case
Tools for LinuxTrueCrack
Written for LinuxOptimized for CUDA (NVDIA dependence )Supports most of TC hash types and encryption methodsBut what is AMD or WINDOWS?
oclHashCat, the almighty
Supports both CUDA and OpenCL, lot of modules, hard to understand>cudaHashcat64 –help
621Y = TrueCrypt 5.0+ PBKDF2-HMAC-RipeMD160622Y = TrueCrypt 5.0+ PBKDF2-HMAC-SHA512623Y = TrueCrypt 5.0+ PBKDF2-HMAC-Whirlpool624Y = TrueCrypt 5.0+ PBKDF2-HMAC-RipeMD160 boot-mode
How this all work?Offset(bytes) Size Description
0 64 Salt
64 4 ASCII string “TRUE” (encrypted)
Usually we know hash type, we have salt and encrypted string.
HACK Time?
Some more options
So lets give it a hackcudaHashcat64.exe -m 6211 C:\Temp\anna_secret.tc -a 3 -1 ?l?u?d ?1?1wer?1Y -o C:\Temp\anna.txt
Results
Daily hack : Truecrypt GPU partial password recovery
The end.