Brute Force Password Tools

Topics: Users Discussion
Sep 6, 2015 at 12:16 AM
Are there any tools for VeraCrypt 1.13 that will run dictionary attacks on the VC system partition password? I'm looking for something similar to Truecrack or but that will support running against VC and the new pim feature.

Suggestions or advice on building such a tool is appreciated as well. Thanks.
Sep 9, 2015 at 6:21 PM
Nice try NSA.
Sep 9, 2015 at 6:43 PM
Thanks Astrid92 for a stupid joke and nothing constructive.
Sep 9, 2015 at 7:43 PM
Why would you want such a tool if you aren't law enforcement?
Sep 11, 2015 at 10:15 PM
Edited Sep 11, 2015 at 10:17 PM
GuyMontag could also be a thief, a spy, or perhaps something even worse. VeraCrypt's designed to firmly resist GuyMontag's apparently nefarious activities; that's why we support the VeraCrypt project and why we correctly reject people like GuyMontag. Thanks Astrid92 for defending the VeraCrypt community!
Sep 11, 2015 at 11:22 PM
There are many common and non-nefarious use cases for brute force (and side channel) attacks on security tooling. Verification that the software actually does what it claims is a pretty big one. Auditing weak user passwords is another. Data recovery due to possibly misspelled passwords is yet another.

You all would know that though if you had any idea what you're talking about.
Sep 11, 2015 at 11:55 PM
Verification that the software actually does what it claims is accomplished by being an open source project, subject to independent compilation and independent code review. Data recovery due to possibly misspelled passwords is accomplished by spelling the password correctly.

VeraCrypt is, by design, a tool to empower individuals against spying. It is certainly not a password surveillance tool, nor is it intended to in any way help persons like yourself who would attempt to spy upon the passwords of VeraCrypt users.

Your stated belief that password surveillance is a "non-nefarious use case" is contrary to the fundamental values of the VeraCrypt community, as is your deeply mistaken belief that anyone here has any intention of helping you in your highly inappropriate quest to compromise VeraCrypt's security.
Sep 12, 2015 at 12:05 AM
Well then. Have a great day. :)
Sep 19, 2015 at 2:06 AM
Holy Christ this community looks more toxic than DOTA. Hes asking for a tool to brute force it, not asking how to circumvent the crypto. I came to the forms to see how professional the community looked and this and other posts makes me think ill stay with 7.1a a bit longer. You need to take a online Pentest course or something commenter8 because if you think GuyMontag is a "threat" then you have no idea what the real threats are.
Sep 21, 2015 at 5:58 PM
Many adversaries use brute force tools successfully on TrueCrypt to commit unauthorized entry where users have selected weak passwords. Such tools therefore represent a security concern. At this time no such tools are known to exist for VeraCrypt (thanks to the new PIM feature) and that's a very positive achievement of the PIM strategy.
Sep 28, 2015 at 5:07 PM
I'm really disappointed by this thread. The VeraCrypt community should be encouraging efforts to test and break VC's encryption. If anyone believes that NO bad actors with near-limitless resources are working on vulnerabilities within VC, they are delusional.

Bad actors with near-limitless resources do not rely on helpful advice from community forums to do their work.

This of course doesn't address that GuyMontag is NOT looking to even break VC's encryption - they are looking to TEST it. To brute force crack it, aka putting their resources up against VC's claims of eg "10 years required to crack based on the new default number of iterations".

They are asking for a tool that will work with PIM. While PIM has a function in varying the speed of a brute force attach, in the context of this request it is essentially just a second password.

The VC community is not hiding its code - which I believe is a sound practice.

The VC community should also not reject efforts to test the effectiveness of its code.
Sep 28, 2015 at 5:39 PM
Edited Sep 28, 2015 at 5:53 PM
GuyMontag -

AFAIK there is no tool to crack VeraCrypt containers at the moment. I am searching as well, to recover a drive with lost password.

If you have the programming skills, I would recommend starting with an open source project with many existing configuration possibilities. OTFBrutus is a potential for Windows, written in C (I think), although it is only current through TrueCrypt v7.0a so it may not work due to VeraCrypt being based on TC v7.1a. TrueCrack may be a better alternative, I'm not familiar with it.

Add functionality to specify the number of iterations (that's all PIM is after all), then you MIGHT BE good to go. If there were other updates to the mounting process, you will have to dig through VC's source and changelog.

My programming skills are limited, so I have been working on batch files that utilize the VC command line interface. I don't know if this is the fastest approach, but it's simple enough that I've been able to make it work.

I used to create my line-by-line batch file. It allows you to create a list based on regular expressions.

eg, putting this expression through regldg

VeraCrypt.exe /q /s /v /a /p foo([1-3]) /m label=\1 /e

will yield a resulting batch file with

VeraCrypt.exe /q /s /v /a /p foo1 /m label=1 /e
VeraCrypt.exe /q /s /v /a /p foo2 /m label=2 /e
VeraCrypt.exe /q /s /v /a /p foo3 /m label=3 /e

I then search/replaced "/v" with "/v \Device\bar\bar" in order to specify the volume to mount. I could never get it to come out right in regldg.

The goal here is to iterate through passwords eg foo1, and apply a key as a label to the drive so that once it's decrypted you can reference the label of the drive against your password list. /e is added so that once you successfully mount the drive it will open an Explorer window to alert you, but it should cycle through the rest of the batch file quickly and without processing anything anyway. You can also specify the PIM through the command line.

You will need to mess around with regldg to figure out how to make it work correctly, it's a little complicated and doesn't follow regular expression syntax exactly. One thing I will recommend is don't mess around with character universes unless you don't have to - just specify exactly what your parameters are (eg [a-z][1-99999999]) and add -uc 0 to prevent universe checking.

My goal now is to separate the VC header from the drive and place it on an EC2 instance where I can iterate through this batch file much more quickly. The drive itself is much too large to upload to EC2.

If anyone has any suggestions on how to separate the header in such a way that it will be mounted by VC, but won't require the entire drive to be present, please let me know.
Sep 29, 2015 at 6:16 AM
Thanks a lot for the ideas cbcodeplex. It looks like pim is a valid cmdline arg so I'll probably try scripting something first.

Also you might want to check out the app testcrypt for ideas on how to find and extract the volume header.

Thanks again.
Sep 29, 2015 at 7:01 PM
Some more updates here.

I looked into oclHashcat, unfortunately they do not (seem) to have a solution that's compatible with VC yet. Probably the TC settings are tied to the old number of iterations.

Through oclHashcat research I learned how to grab the VC header. The VC header is the first 512 bytes of the volume, HOWEVER VC actually uses the first ~67000 bytes to confirm decryption. dd can accomplish reading these bytes from your volume:

dd if=[file or device with volume] of=[header] ibs=102400 count=1 iflag=direct

I created a test volume, and after extracting 102400 bytes using dd I was able to mount the volume. Of course Windows will throw an end of file error when you try to access.

I'm now crunching through the various password combos. I added the /hash sha512 parameter to the VC command since I think the hash is most likely SHA512 - this resulted in roughly 75% reduction in processing time.
Sep 29, 2015 at 7:54 PM
Success!! I'm so happy this worked out.

The last pieces of advice I can share about parallelizing this on EC2:

I found no significant performance difference between c4.large and c4.8xlarge instances. It would seem that VC isn't very successful at deploying parallelization across a large number of cores, or potentially it has to do with virtualization. At any rate, Windows on a c4.large goes for ~$0.10/hr on the spot market, whereas c4.8xlarge goes for ~$1.50/hr, so you are much better off manually parallelizing across c4.large instances. After specifying SHA512, I'm getting 1 mount attempt every three seconds.

Create a ZIP file containing a package of files that you can distribute to test and crack on each instance.

My package contains

setup.bat - set path properly, attempt to mount the test volume
testhead - header of test volume with known password
head - header of volume to crack
VeraCrypt installation package
passwords1.bat - first set of passwords
passwordsx.bat - etc etc

Anyway, good luck GuyMontag and whoever else drops by here.