View unanswered posts | View active topics It is currently Tue, 2018/12/18 12:02 pm



Reply to topic  [ 47 posts ]  Go to page 1, 2, 3, 4  Next
Unable to obtain known password during testing :( 
Author Message

Joined: Sat, 2013/03/16 11:39 am
Posts: 36
Unread post Unable to obtain known password during testing :(
Hi,
I am using OTFBrutusGUI_v0.2.0.4_beta, OTFBrutusGUI_x64 under Windows Home Premium 64-bit.

I have a 440GB truecrypt partition that I am happily using.
I have a different PC with a truecrypt partition that I have forgot part of the password for.

I am testing Brutus to find out how to use it properly on my known PC before trying to get my unknown password.
I have tried two methods, the dictionary and the pattern.

In my dictionary I have various words plus the exact password.
I tested the password by copying from my dictionary into truecrypt when it asked for the mount password, so I know that is correct.

I know the truecrypt location, \\?\GLOBALROOT\Device\Harddisk0\Partition6 and I am running as admin.
I can select the location in Brutus.

I tried various combinations for pattern, and even just copied the correct password on its own into the pattern.

I get Password not found.

At the moment it appears that this software does not work at all, which is a disappointment.

Can you help me please ?


Sat, 2013/03/16 11:54 am
Profile
Site Admin

Joined: Sun, 2005/04/03 7:02 pm
Posts: 307
Location: Los Angeles, CA USA
Unread post Re: Unable to obtain known password during testing :(
The only issue I know of where it does not work correctly is sometimes if the correct password is near the top of a list or pattern, it will fail because of an issue with my multithreading code. Also seen here: http://www.wilderssecurity.com/showthread.php?p=2168092

Set the number of threads to 1 and try your test case again. If it still doesn't work, have you selected all of the correct settings (hash and encryption modes, encryption methods and volume type)? Did you select the correct partition? Did you try creating a test file hosted volume with TrueCrypt and then use that inside of OTFBrutusGUI?


Sat, 2013/03/16 4:44 pm
Profile WWW

Joined: Sat, 2013/03/16 11:39 am
Posts: 36
Unread post Re: Unable to obtain known password during testing :(
Hi tateu,
Thank you for your reply.

Here is what I did today.
ran as admin,
selected pattern, pasted in the correct password
selected the correct device
set thread count to 1
ticked every box apart from key files, i am not using a key file.

pressed start. password not found.

since i know the password i can see in truecrypt volume properties the location,
ie device\harddisk0\partition6, so i have picked the right device/ location.

the only difference i can see is
PKCS-5 PRF HMAC-Whirlpool.

i did not visit the link you provided as there is an issue with that link's credentials.

i am using truecrypt 7.1a released on feb 7 2012.


Sun, 2013/03/17 7:23 am
Profile

Joined: Sat, 2013/03/16 11:39 am
Posts: 36
Unread post Re: Unable to obtain known password during testing :(
Further to my last post.
i created a file volume in TC.
Test mounted the file volume, then tried to run Brutus.
Was told the file was in use so dismounted it.
Tried Brutus again, still no password found.

I again had all the boxes ticked apart from key file, as I am not using a key file.
I again had threads at 1 and pasted in the password, so no error imputing there.

I must be doing something wrong, or the program is not working for me.

Please let me know what you would like me to test next.


Sun, 2013/03/17 9:42 am
Profile
Site Admin

Joined: Sun, 2005/04/03 7:02 pm
Posts: 307
Location: Los Angeles, CA USA
Unread post Re: Unable to obtain known password during testing :(
The only other thing I can see that you have not mentioned is whether or not you selected the correct Volume Type. Unlike TrueCrypt, you have to explicitly tell it whether you are searching for just a Standard Volume, just a Hidden Volume, etc. Other than that, I don't know what else could be going wrong.


Sun, 2013/03/17 1:34 pm
Profile WWW

Joined: Sat, 2013/03/16 11:39 am
Posts: 36
Unread post Re: Unable to obtain known password during testing :(
The properties in TC of my volume are Type: Normal.
This is the type i would expect it to be for both my usually mounted volume and the test file container.

Here is a little more information.
I have dual boot on the PC in question.
The single physical hard drive is partitioned many times.

I have encrypted the system partition.
It works like this in practice, if I put in the pre-boot TC password I boot into Windows as already mentioned.
If I skip the pre-boot I boot into a linux OS on a different partition.

The partition I am testing is a data partition that I can access from either Windows or Linux.
The test file container is located within that data partition.

I just tried with a test file container in the system partition, also with no luck.

Odd question, what are password start index and password end index for ?
atm password start index=1 and password end index =0.


Sun, 2013/03/17 5:04 pm
Profile
Site Admin

Joined: Sun, 2005/04/03 7:02 pm
Posts: 307
Location: Los Angeles, CA USA
Unread post Re: Unable to obtain known password during testing :(
The default values of all settings will work for a standard container created with v5.0 or greater. Their really isn't a whole lot that can go wrong. I am at a loss as what to suggest next.

The password start and end index values limit which passwords of your pattern or word list are tried. If you had a word list with 100 items, you could start testing from #50 by settings password start index.

I've attached a file container header here, if you want to try that, just to see if it works with volumes created by someone else. It's not a zip file, I just had to name it that in order to attach it to the forum. And it's just a backup header, it will work in OTFBrutusGUI but will not work correctly in TrueCrypt. The standard volume password is 1234 and the hidden password is 12345. If you have access to a second computer, I'd try your test volume on that too.


Attachments:
1234_12345.zip [128 KiB]
Downloaded 846 times
Sun, 2013/03/17 5:21 pm
Profile WWW

Joined: Sat, 2013/03/16 11:39 am
Posts: 36
Unread post Re: Unable to obtain known password during testing :(
Yup the test file you sent works like a champ.

I wonder if the issue is my password length ?
the one I am testing is 71 characters and the one I need to find will be 71-90


Sun, 2013/03/17 5:52 pm
Profile
Site Admin

Joined: Sun, 2005/04/03 7:02 pm
Posts: 307
Location: Los Angeles, CA USA
Unread post Re: Unable to obtain known password during testing :(
I just tried an 80 char password and it doesn't work. So there is an issue with my code and really, really long passwords. I'll look into it. One thing, though, you better know all but 5 or 6 of those 90 characters, or be able to severely limit the possible characters for each unknown position.


Sun, 2013/03/17 6:12 pm
Profile WWW

Joined: Sat, 2013/03/16 11:39 am
Posts: 36
Unread post Re: Unable to obtain known password during testing :(
Sorry to have found a quirk in your code.

Yes I know the passwords are very long.

the last 65 are a known.
as for the first 25 or less, probably only 7-10, they 'should' be easy.
they will be made from certain limited pool of words, so a dictionary with them and a certain amount of masking should do the trick.
i.e.
??made??{65} or
??loaf??{65}

if it is longer then I know the order of a second pool of 5 words, so again a little masking and robert is your dads brother so to speak.
:)

do you have a time scale for when you might offer up a revised version of this program ?
if its going to be a while I will have to wrack my noodle to see if I can remember or search for a similar program.
obviously I am eager to sort out my problem but don't want you to rush you.


Sun, 2013/03/17 6:27 pm
Profile
Site Admin

Joined: Sun, 2005/04/03 7:02 pm
Posts: 307
Location: Los Angeles, CA USA
Unread post Re: Unable to obtain known password during testing :(
I'll try to look at it Monday or Tuesday night Pacific time, but I can't guarantee it. And then, who knows what the problem is? Hopefully it's an easy fix.

This link has a list of the other similar software that I know of: viewtopic.php?f=2&t=246


Sun, 2013/03/17 6:42 pm
Profile WWW
Site Admin

Joined: Sun, 2005/04/03 7:02 pm
Posts: 307
Location: Los Angeles, CA USA
Unread post Re: Unable to obtain known password during testing :(
I found the problem. TrueCrypt doesn't even allow passwords larger than 64 characters. I just need to add a small check to my program to truncate your password string to the largest allowed by TrueCrypt.


Sun, 2013/03/17 9:06 pm
Profile WWW
Site Admin

Joined: Sun, 2005/04/03 7:02 pm
Posts: 307
Location: Los Angeles, CA USA
Unread post Re: Unable to obtain known password during testing :(
You can try this version: OTFBrutusGUI_v0.2.0.5

And you might as well forget about all the characters greater than 64 in your password because they are ignored by TrueCrypt.


Mon, 2013/03/18 3:17 am
Profile WWW

Joined: Sat, 2013/03/16 11:39 am
Posts: 36
Unread post Re: Unable to obtain known password during testing :(
Hi,
thanks for the work :)
I presume you are referring to this when you mention the maximum password length ?

" Note that the resulting file size is always 64 bytes (i.e., 512 bits), which is also the maximum possible TrueCrypt password length"

As for me, well the last part of my password is injected via an external device so I can do nothing about that.
since TC truncates and i use a number of passwords of varying length as prefixes, this is not something I need to worry about.

i will try out your updated program and get back to you asap.


Mon, 2013/03/18 9:12 am
Profile

Joined: Sat, 2013/03/16 11:39 am
Posts: 36
Unread post Re: Unable to obtain known password during testing :(
works like a champ :D

what does the button 'save word list' do ?

I would like to make 2 suggestions for improvements.

1 ability to use GPU to increase speed.
I suggest this as an option where you can select cpu affinity also.

2 a hybrid dictionary/pattern option.
from you help doc I see that
"use () to specify a string pattern type, with each string separated by |
(red|blue|black){2} will build a 2 string pattern using all of the available strings inside the parentheses
redred redblue redblack bluered blueblue blueblack blackred blackblue blackblack
You can also limit duplicate values in a string pattern type
(red|blue|black){2:1}
redblue redblack bluered blueblack blackred blackblue"
if you have say 20 words that you know are part of your password, building your pattern will end up with a very long string to enter into the pattern box.

I was thinking something like this,
(dic){2}
where dic is a dictionary file you select with the dictionary button

so your resulting pattern may be
abc(dic){1}def[a-z]{2:1}

i think you already have most of the code in place for this, ie you already have pick a dictionary and a good pattern system.

oh couple more thoughts,
i am trying [a-z]{6}65 with 16 threads on a PC with affinity to 8 cores,
after a few mins the ability to input ie interact with the PC was lost.
I am using a usb mouse and keyboard, I had to use the original keyboard [laptop] to remove some cores from the running program affinity to get the pc to allow the usb devices to work again. bit of an issue there.

you could set the threads to 1 in the case where you are trying single word patterns, like I was, just in case a false negative is given, i think you mentioned that possibility earlier.

i guess the final goal may be to use the server agent model that elcomsoft uses, but that would involve a lot of work to set up.

oh btw how do we get the pattern to use none ascII characters like !£$% etc ?
i see other similar software also allow for dictionary substitutions like ! for 1, & for 7 etc.

hope I have not given you too many suggestions.


Mon, 2013/03/18 9:59 am
Profile
Display posts from previous:  Sort by  
Reply to topic   [ 47 posts ]  Go to page 1, 2, 3, 4  Next

Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by ST Software