View unanswered posts | View active topics It is currently Thu, 2018/05/24 2:52 am



Reply to topic  [ 5 posts ] 
So glad I found OTFBrutusGUI, a little help please 
Author Message

Joined: Sun, 2018/01/21 11:12 pm
Posts: 3
Unread post So glad I found OTFBrutusGUI, a little help please
Hi tateu, I have an old External Backup HDD which I've encrypted with TC few years ago, and it's a hidden partition...
I haven't accessed the drive for more than a year, and I'm sure that I know the password (or at least the most of it),
but I can't access it, I suspect that there is something wrong with that HDD, but I want to make sure before I trash it.

So I have tried with TrueCrypt on Windows8.1 and I have also tried with VeraCrypt on Linux (on TC mode) but no luck!
Both Windows and Linux see the hidden drive when I click on "Select device" and it's on: \Device\Hardisk3\Partition1

Password - I remember it clearly was: "WindowTrueCrypt007" or Maybe "WindowTrueCryptSSD007" - I know for sure that the 1st word is "Window"!

But now I have some doubts about 2nd (if Capitalized or not) and 3rd word (With/out SSD) and about the numbers (007/700/077) so I want to try with:

WindowTrueCrypt007
WindowTryecrypt007
Windowtruecrypt007

Each Word was used Once, so the combination has to be something like this: |Window| + |TrueCrypt| + (Don't know if there's + |SSD| before the Numbers) + |007|...
How do I do that?

Btw, I don't know if it helps, but I already tried other method with no luck, because unlike in his tutorial, I couldn't see the "TrueCrypt Boot Loader token" (maybe something went wrong with my External SSD? or perhaps it's because my HDD is hidden?).


Thanks! :wink:


Sun, 2018/01/21 11:44 pm
Profile
Site Admin

Joined: Sun, 2005/04/03 7:02 pm
Posts: 304
Location: Los Angeles, CA USA
Unread post Re: So glad I found OTFBrutusGUI, a little help please
To try different characters, enclose them in [] with no separator between them. And you can add a number range inside of {}

[07]{2} will give you 4 different options:
00
07
70
77

To try different words, enclose them in () with a | separator. And you can add a number range inside of {}

(SSD|DSS){0-1} will give you 3 different options {0-1} means to choose 0 or 1 of the previous words:
empty
SSD
DSS

Based on your example, the following sounds about right:
Window[tT]rue[cC]rypt(SSD){0-1}[07]{3}

It always starts with Windows
It tries variations of TrueCrypt with the T and C upper and lower case
It tries with SSD and without it
It tries all variations 777, 770, 707, 000, etc.


Mon, 2018/01/22 9:17 pm
Profile WWW

Joined: Sun, 2018/01/21 11:12 pm
Posts: 3
Unread post Re: So glad I found OTFBrutusGUI, a little help please
Wow, thanks Tateu, I'm gonna try it right now!

1. As for the HDD Header thing, should I be worried? since I couldn't see the "TrueCrypt Boot Loader token" in HEX Editor?
or is it because the HDD is hidden, what you think?

2. If I want larger numbers than 700, let's say 7000, all I need to do is change that to: [01]{4} ?

Thanks again! I really appreciate your help!


Tue, 2018/01/23 3:45 am
Profile
Site Admin

Joined: Sun, 2005/04/03 7:02 pm
Posts: 304
Location: Los Angeles, CA USA
Unread post Re: So glad I found OTFBrutusGUI, a little help please
1) The boot loader token is only there if you encrypted your operating system drive/partition. I'm not sure what you mean by "the HDD is hidden." Do you mean a TrueCrypt hidden "volume?" Regular TrueCrypt volumes and hidden volumes do not have a boot loader token because they are not bootable.

2) Yes. {4} will try all variations that are 4 characters long. {3-4} will try all variations that are 3 characters and 4 characters long.


Thu, 2018/01/25 1:07 am
Profile WWW

Joined: Sun, 2018/01/21 11:12 pm
Posts: 3
Unread post Re: So glad I found OTFBrutusGUI, a little help please
1) Yes - It's a TrueCrypt hidden "volume"! Good to know, I guess that even without the token, it's a good sign that I don't see zeros in Hex Editors, but random characters everywhere. but I can't still explain why I can't mount the drive or bruteforce it, I think it has some header issue.
After all, I know the password for sure, and even the "Auto-mount Device" is not working like it used to, so I wonder what else can I do in order to access it. :(

2) Thanks! tried it, no luck (I guess there's some problem with the drive).

Thanks again!


Thu, 2018/01/25 1:23 am
Profile
Display posts from previous:  Sort by  
Reply to topic   [ 5 posts ] 

Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by ST Software