Sep 28, 2015 at 5:39 PM
Edited Sep 28, 2015 at 5:53 PM
AFAIK there is no tool to crack VeraCrypt containers at the moment. I am searching as well, to recover a drive with lost password.
If you have the programming skills, I would recommend starting with an open source project with many existing configuration possibilities. OTFBrutus is a potential for Windows, written in C (I think), although it is only current through TrueCrypt v7.0a so it
may not work due to VeraCrypt being based on TC v7.1a. TrueCrack may be a better alternative, I'm not familiar with it.
Add functionality to specify the number of iterations (that's all PIM is after all), then you MIGHT BE good to go. If there were other updates to the mounting process, you will have to dig through VC's source and changelog.
My programming skills are limited, so I have been working on batch files that utilize the VC command line interface. I don't know if this is the fastest approach, but it's simple enough that I've been able to make it work.
I used http://regldg.com/
to create my line-by-line batch file. It allows you to create a list based on regular expressions.
eg, putting this expression through regldg
VeraCrypt.exe /q /s /v /a /p foo([1-3]) /m label=\1 /e
will yield a resulting batch file with
VeraCrypt.exe /q /s /v /a /p foo1 /m label=1 /e
VeraCrypt.exe /q /s /v /a /p foo2 /m label=2 /e
VeraCrypt.exe /q /s /v /a /p foo3 /m label=3 /e
I then search/replaced "/v" with "/v \Device\bar\bar" in order to specify the volume to mount. I could never get it to come out right in regldg.
The goal here is to iterate through passwords eg foo1, and apply a key as a label to the drive so that once it's decrypted you can reference the label of the drive against your password list. /e is added so that once you successfully mount the drive it will
open an Explorer window to alert you, but it should cycle through the rest of the batch file quickly and without processing anything anyway. You can also specify the PIM through the command line.
You will need to mess around with regldg to figure out how to make it work correctly, it's a little complicated and doesn't follow regular expression syntax exactly. One thing I will recommend is don't mess around with character universes unless you don't have
to - just specify exactly what your parameters are (eg [a-z][1-99999999]) and add -uc 0 to prevent universe checking.
My goal now is to separate the VC header from the drive and place it on an EC2 instance where I can iterate through this batch file much more quickly. The drive itself is much too large to upload to EC2.
If anyone has any suggestions on how to separate the header in such a way that it will be mounted by VC, but won't require the entire drive to be present, please let me know.