Wednesday, September 14, 2011

One day I forgot my Truecrypt password. Here's how I got it back...

This is the story of how I forgot my Truecrypt password and eventually got it back. I am posting this so that it may help you if you are in a similar situation. I am not a programmer, so I probably won't be able to help you much more than what I relate here, but I am sympathetic to your plight.  If you are here because you forgot your password I understand how you feel. You should prepare yourself for the reactions you may encounter on your journey, especially when you venture onto forums. Some people will mock you for forgetting your password (as if you're not kicking yourself already!) Others will call you a liar and accuse you of trying to break into someone else's Truecrypt container.  A third type of person will actually be helpful.   Don't let criticisms get to you; people do what they do for countless reasons.  Just keep in mind that you are only human and forgive yourself.  Now let's get on with this!

Password gone

I started using Truecrypt (v7) when I bought some bitcoins and got paranoid about keeping my wallet secure. I had a passphrase already but I concluded that it was too weak, so I inserted symbols around the words of my passphrase. Trouble is, a month or two later I forgot which symbols I used and this wretched little dialog kept appearing on my screen:


 After (frantically) trying all the variations of my password I could think of I had to accept that I had truly forgotten it. I felt stupid, of course, and I was in a funk for several days. But I decided that this was a long-term problem that I would take my time with, and in the worst case I would hang onto that Truecrypt container until quantum computing came along and fix it then!

So, the first thing I did was start research on cracking a Truecrypt container and I learned a few things. For one thing, if you forget your password entirely you are in a very bad spot unless you used a short, uncomplicated word or phrase because you will have to crack it using the entire set of characters on your keyboard, which could take a very long time. A more typical situation is one like mine where some of my passphrase is known and part of it isn't. I needed to be able to generate passphrases that accept the parts I know and insert into them the parts I don't know, using a set of characters I specify. This kind of problem is known as "password masking".


Password masking

Here is the phrase I started with:

thE mouse is cutE

As I mentioned, I inserted special characters (from the number row of the keyboard) around each word like this:

~thE%mouse@is#cutE+

but I couldn't remember the middle three characters (the question marks):

~thE?mouse?is?cutE+


So, I needed a software tool that would accept as given (mask) the parts I knew and generate passphrases using characters from the keyboard's special characters row in the spaces between the words. This was essential because if I tried to brute force the entire password it would take more than my lifetime!  None of the cracking tools had the masking features I needed, which meant I would have to use a two-step solution: first, I would use password generating software to create my password list and then I would feed this list to the cracking tool.


Password generators

I started looking into password-generating products, of which there are many!  I read the marketing literature, I described my problem to their sales people, I torrented copies to try out, but only a handful seemed to have the masking feature that I needed. And even if a product contained masking, that didn't mean I could use it. Some products used a strange syntax method that I couldn't understand or their masking didn't fit my particular problem, or they were too expensive. I eventually found a product that not only had useful masking, but also had helpful staff and that was Password Generator Pro by SoftFuse (v2.7). Here is the masking field on Password Gen Pro's screen:


Note where there are percent signs (%).  This is how I tell Password Gen Pro where I want it to use special characters.  Furthermore it lets me define what special characters to use in these positions via the following screen.  Look down to the special characters field. I can edit that to include only the ones I'm sure I may need.


Another of my requirements was that I needed to be able to export my long list (thousands) of passwords into a text file and only SoftFuse's Pro version could handle this much volume. So, $40 later I had a copy of Password Generator Pro!  (By the way, using the special characters shown in three positions I generated 2,197 passwords.)

Cracking tools

This article was helpful as it described several known ways to "brute force attack" a Truecrypt container. Here I learned of a program called "CrackTC", which seemed to be what I needed; it supposedly takes passwords from a list and tries them against Truecrypt, and runs on Linux, my operating system. It is only available through torrent, however, which didn't exactly inspire my confidence. I downloaded CrackTC and was initially impressed with how all the parts were neatly laid out: separate folders containing the source code, the test password file, a Truecrypt container to experiment with. But my initial excitement was chilled when I ran the program and it informed me that the first password in the list was THE ONE...only it wasn't. Turns out it didn't matter what list I gave it, this silly program always said the first one in the list was the answer. So much for CrackTC, so I moved on...

A couple more solutions were offered in the above article, but they were raw computer scripts or programs that I didn't understand, so I didn't mess with them. But in the comments section, someone mentioned they had success breaking a Truecrypt container using something called SecurityVision2011.

The Securityvision website looks sort of like Darth Vader and C3PO mashed together, but gives a very different experience than looking at somebody's raw computer code.  The cracking tool, true.crypt.brute, downloads easily from there. Unfortunately, it only ran on Windows, something I've been trying to move away from. Also, it didn't have an instruction manual (guess that's not cool among hackers). Fortunately, the interface was simple enough for me to muddle through it.  But another problem occurred to me. The user experience with true.crypt.brute may easier than working with a computer script, but how do I know I can trust it? At least with somebody's code I knew what it is doing (once I understood it). But with a slick cracking tool like true.crypt.brute I couldn't be sure that if the tool unlocks my container it won't mail the container and the newly-discovered password back to the tool's owner!   Just in case, I unplugged my computer from the internet before I ran true.crypt.brute and I only plugged it back on after I'd cleared off everything of value.

Another thing I learned: true.crypt.brute actually uses Truecrypt itself to crack the password (I have no idea how this is done).  I learned this the first time I tried to run true.crypt.brute and it gave me an error saying it couldn't find Truecrypt on my computer.  After I installed Truecrypt and pointed true.crypt.brute at it, the tool was happy.

Prepping the password list

True.crypt.brute needs the password list in the form of a .txt file with one password after another, each on a separate line. Fortunately, SoftFuse's tool has the flexibility to export passwords in just this format. Unfortunately, I didn't spend enough time looking for this feature and so I spent hours massaging the list in a word processing package to eliminate any extra characters and spaces. Ah well, but my mistake is your gain because you are not going to do that now!

The moment arrives...

By the time I had decided on the tools and had gotten everything ready for the BIG CRACK days had passed.  Once I had the password file ready I was almost afraid to try it with the cracking tool. What would I do if after all this none of the passwords opened the container? Well, fortunately this story ends well because one of the passwords was THE ONE! Though true.crypt.brute is pretty slow it still found my password within an hour. (Keep in mind that my solution only had three unknowns).

Conclusion

Okay, people, if you forgot your Truecrypt password, don't worry, you may get it back.  You may find yourself--as I did--shopping around for a password generation tool that fits your particular password situation.  Once you have that, plugging into a cracking tool like true.crypt.brute may just be the easy part.  I hope this helps you out. I can be reached at emtskp4u@fastmail.fm

12 comments:

  1. Thanks a lot for this article -- EXACTLY same predicament and I'm going to try this in the hopes of same successful ending :D

    ReplyDelete
  2. There's a free password generator with the features you require, at the following link. Granted, it's Windows-based ;)

    http://pwgen-win.sourceforge.net/downloads.html

    Found via here:
    http://www.hongkiat.com/blog/password-tools/

    ReplyDelete
    Replies
    1. Bro i am in trouble,i want to recover my true crypt password,could you please tell me the process step by step..so what should i have to do...Thanks in advance.

      Delete
  3. This option works better, IMO; OTFBrutusGUI, here:
    http://www.tateu.net/software/

    Found via http://security.stackexchange.com/questions/30605/brute-forcing-password-to-a-truecrypt-encrypted-file-with-partial-knowledge

    ReplyDelete
  4. Guys, use Truecrypt password recovery on video cards. It will give you a rise in the searching speed. Yes, the searching speed for Truecrypt will not be high but in case of GPU it will be, at least, higher by times than if you use just the processor. Google 'Truecrypt gpu password recovery' to find more information.

    ReplyDelete
  5. This comment has been removed by the author.

    ReplyDelete
  6. How complex was your password? Did your generator script take into account masks that closely resembled your password, since you had an idea what it was..... Or did you truly brute force your way thru it?

    ReplyDelete
  7. Hi,
    thanks for your advices, it helped me and brought me an idea how to get the password back.
    I tried Security Vision TCbrute 2, but it told me, all passwords in list are wrong, even if I gave there the right one. So I was really disappointed with it.
    I tried some password list generator, but it seemed to be useless. So I made simple generator on myself in PHP and it worked great.
    After that, i downloaded Jitbit Macro Recorder and learned it to use my list for Truecrypt. It was really slow, or let's say as fast as fastest human can be.
    It took few hours and it really found my almost forgotten password. So I am happy with that.
    Here is my source code for pass list generator:

    $p1 = array ("0", "o"); // the array can be as long as you want
    $p2 = array ("/", " ", "_", "*", "-");
    $p3 = array ("your", "her");
    $p4 = array ("e", "3");
    $p5 = array ("", ","); // the character could be in the password, but doesn't have to
    $p6 = array ("o", "O", "0");
    $p7 = array (".", "");
    $p8 = array ("?", "!?", "?!", "");
    for ($a = 0; $a < count($p1); ++$a){
    for ($b = 0; $b < count($p2); ++$b){
    for ($c = 0; $c < count($p3); ++$c){
    for ($d = 0; $d < count($p4); ++$d){
    for ($e = 0; $e < count($p5); ++$e){
    for ($f = 0; $f < count($p6); ++$f){
    for ($g = 0; $g < count($p7); ++$g){
    for ($h = 0; $h < count($p8); ++$h){
    echo "T".$p1[$a].$p2[$b].$p3[$c]." the hous".$p4[$d].$p5[$e]." is not allowed to g".$p6[$f].$p7[$g].$p8[$h]."
    ";
    }
    }
    }
    }
    }
    }
    }
    }

    // one of output passwords: T0/your the house is not allowed to go!?

    ReplyDelete
  8. Help me with truecrypt please

    Hi I have the same issue. I know the most of the password except 2 of the symbols. The only problem Im having is getting the software to work. I would like a link on how to use it. It could be that I am using it wrong.

    Can you teach me how to use Password gen pro , TCBrute. I also have bruteforcer and a copy of passware on my computer. I have gmail hangouts or if you would prefer a different msging app please suggest one and I will get it so we can have a easier way to talk. I also have team viewer so you can ghost my computer.

    Thanks,
    Benjamin

    ReplyDelete
  9. I am trying to crack into an external drive, and so far I cant get anything to see that device. Any suggestions? I cant even figure out how to do a Rubiks cube though, but would you have any ideas???

    ReplyDelete
  10. Does windows see the device? If yes, then it probably suggests you to format the drive (do not do it!). If not, you can use linux, or Acronis media to endable the drive, (or another PC).

    ReplyDelete