View unanswered posts | View active topics It is currently Wed, 2017/10/18 4:55 pm



Reply to topic  [ 9 posts ] 
OTFBrutusGUI: "Incorrect password or not a TrueCrypt volume" 
Author Message

Joined: Thu, 2013/11/21 7:16 pm
Posts: 5
Unread post OTFBrutusGUI: "Incorrect password or not a TrueCrypt volume"
Hi guys,

Firstly, Tateu, thank you so much for such a wonderful piece of software! I am absolutely DESPERATE to get my data back so just wondering if you could possibly help me cross a few T's to maximise my chance of success(?)

Won't bore you with too many of the details (I also have a thread here if anyone wants to read it) although I would like to be thorough:

Five months ago I created a 110 GB (118,111,600,640 bytes) standard encrypted file container using TrueCrypt. It's simply called "SYSTEM_DRIVE" (with no file extension) and located - unhidden - on my C: drive. I'm pretty new to this whole thing so almost positive I would have just used the standard AES Encryption Algorithm, and RIPEMD-160 Hash (although can't be 100% sure). (Is there any way to check?)

Used it just perfectly for the longest time, filled it - almost entirely (think I had about 1GB free the last time I checked) with very personal, irreplacable files, photos & documents - but now I'm getting the dreaded "Incorrect password or not a TrueCrypt volume".

Strange thing is, like a few of the other posters here I'm >99% sure the password I'm typing / copying and pasting / brute forcing is correct. (I'm not gonna lie / confuse things with false confidence: I've been on holiday and haven't used it for a month or so which is where that 1% human-error possiblity comes in.) May have written it down somewhere which is what I'm going to concentrate on finding soon (for 110% clarity).

In the meantime, just in case - and to perhaps make matters even more confusing: I have identical backups of the same file on two other computers (I copied and pasted the 110GB file from my desktop to external hard drive & laptop pre-holiday) which also opened and worked fine right up until this error started appearing yesterday / post-holiday.

System info: created original encrypted container using TrueCrypt 7.1a (on an internal desktop drive), using Windows 7 SP1. Copied to external HDD and also backup laptop (which again: worked on last attempt pre-holiday).

Re: Password recovery / Brute Forcing: Have run 20 (and counting) different "Password Pattern" combos of what I'm absolutely positive my 18-24 digit password is / was using OTFBrutusGUI just in case. Each line brute forces about 9000 passwords and nothing has worked so far...!

Used these steps to examine the HEX Data of each file:

Quote:
1) Go to http://www.x-ways.net/winhex/index-m.html, download an evaluation copy of WinHex 15.4 and install it on your computer.

2) In WinHex, it's just "File: Open" then select the file.

3) Click once in the "Offset" column (blue colored) to change the offset display to Decimal. (This toggles back and forth each time you click it)

4) The first 512 bytes of this partition contain the most important portion of TrueCrypt's Volume Header. Here's how to block and select this area so you can post it here on the forum:

5) Open the "Edit" menu and choose "Define Block"

6) Under "Beginning", enter 0 (it's probably already there). On the right, make sure it says "Beginning of Block".

7) Under "End", enter 511. On the right, make sure it says "End of Block", then click "OK".

8) A 512-byte block should now be selected (highlighted). To confirm this, look in the lower right corner of the screen. It should say 512.

These bytes should appear to be completely random. Look in the right-hand column, which converts the hex display into readable characters. There should not be any recognizable text in there. There should also not be any long strings of zeros or other repetitive characters.

(I can't tell whether or not you've selected the correct area, and I also don't know what's stored on your hard drive, so you need to make sure that you won't be mistakenly posting any confidential data to the forums. Examine the right-hand column closely and make sure there isn't any readable, confidential data in there.)

9) Open the "Edit" menu, select "Copy Block", then select "Editor Display".

10) Open Notepad (Windows Menu: Start, All Programs, Accessories, Notepad)

11) In Notepad, pull down the "Edit" menu and choose Paste (or press Ctrl+V) to paste the copied data from WinHex into Notepad.


And these are my results (and perhaps where things get interesting):

Quote:
TWO of the three copies (external and desktop) read:

Quote:
Offset 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

000000000 D9 15 E5 21 90 03 5F 4C A5 C1 F4 AE 5A CB 60 35 Ù å! _L¥Áô®ZË`5
000000016 BE 4C AF AB 10 C5 B8 5C C2 09 B5 49 30 10 1A 28 ¾L¯« Ÿ\ µI0 (
000000032 A0 56 7E AF D3 B6 D9 50 DB 41 37 39 96 77 02 F9 V~¯Ó¶ÙPÛA79–w ù
000000048 A4 2E 4D 04 D5 5E 5D E8 D0 05 5F 65 90 9D 26 10 ¤.M Õ^]èÐ _e &
000000064 8F DB 69 A9 97 E4 4C 43 A0 08 3C CA 0F 1F DF 63 Ûi©—äLC <Ê ßc
000000080 BF 37 84 04 4E FE 86 E8 77 4A C2 73 F6 2B 55 CC ¿7„ Nþ†èwJÂsö+UÌ
000000096 7B 96 E3 A0 54 CE 8F 22 27 24 AF 34 4D ED 3B AA {–ã TÎ "'$¯4Mí;ª
000000112 1B 7D 18 C2 E2 3D E1 85 44 3A 0E C0 9D A5 71 0F } Ââ=á…D: À ¥q
000000128 58 42 40 E3 8C 06 78 7D 6D F2 1E 12 24 24 0E A6 XB@㌠x}mò $$ ¦
000000144 68 62 D3 05 CC 12 FF 61 DA 2F CB D1 B5 78 0A 67 hbÓ Ì ÿaÚ/Ëѵx g
000000160 3A 03 1B 51 DA 97 84 24 3B C4 4B EB 7A CF 9A F3 : QÚ—„$;ÄKëzÏšó
000000176 78 40 4A 8A C1 8B DF 99 24 4F 80 3C C9 44 EB 38 x@JŠÁ‹ß™$O€<ÉDë8
000000192 76 99 86 29 06 9A 91 4D B9 4A 83 CA 7C C4 B8 40 v™†) š‘M¹JƒÊ|ĸ@
000000208 02 90 B3 E5 39 B3 FA 6C A7 4B 87 18 24 3F 0B BC ³å9³úl§K‡ $? ¼
000000224 5B 06 07 2D DE 21 E6 F0 4A 33 26 05 9F 35 1F FB [ -Þ!æðJ3& Ÿ5 û
000000240 BE 00 B5 0E 1F 99 F6 96 CA 7F E3 10 35 83 13 77 ¾ µ ™ö–Ê ã 5ƒ w
000000256 81 EB F7 0A 7F F7 4A BF F1 2F C1 9A 01 42 CF 21 ë÷ ÷J¿ñ/Áš BÏ!
000000272 B7 1D 7B 82 58 4B D9 62 51 FB A4 1F 80 DF A9 9F · {‚XKÙbQû¤ €ß©Ÿ
000000288 CB 79 70 02 7D 8A 8A B3 A9 F5 A3 AE 58 B9 BB 61 Ëyp }ŠŠ³©õ£®X¹»a
000000304 D9 41 5C 08 56 B3 49 E1 07 D3 EB 57 77 A7 B2 0C ÙA\ V³Iá ÓëWw§²
000000320 0D 89 F3 3B 2B 2C 78 B4 7C 8A 9B 6C F3 F5 21 0E ‰ó;+,x´|Š›lóõ!
000000336 07 0E 32 D1 7A F7 8E 64 39 93 78 AD 18 D6 1E 60 2Ñz÷Žd9“x­ Ö `
000000352 05 B2 86 32 6E 77 9D C2 7B 46 3E C7 8E 40 B6 13 ²†2nw Â{F>ÇŽ@¶
000000368 6A 8D 2B C9 73 5D 40 8A 63 F8 E9 55 5D 8C A0 9E j +És]@ŠcøéU]Œ ž
000000384 98 BF EF 91 7A 48 B2 92 BE 82 1D 88 D2 93 A0 F1 ˜¿ï‘zH²’¾‚ ˆÒ“ ñ
000000400 07 10 5B F7 21 C2 24 43 22 29 52 36 CC F8 C6 F2 [÷!Â$C")R6ÌøÆò
000000416 B9 34 26 CD AD E2 91 3C AC 52 9A 10 4E 28 08 78 ¹4&Í­â‘<¬Rš N( x
000000432 EC 9A F6 8B EA A3 11 9E 67 B6 C4 8F D2 2B 42 7B ìšö‹ê£ žg¶Ä Ò+B{
000000448 75 D5 32 AC 81 17 9E B6 57 83 99 80 FB E9 EC A0 uÕ2¬ ž¶Wƒ™€ûéì
000000464 1F 6E BC 05 12 7A C2 AB BD C9 5F CD 26 20 E6 51 n¼ z«½É_Í& æQ
000000480 60 5E 1D 16 06 FC 3A 37 D7 BE 56 F6 63 F3 85 26 `^ ü:7×¾Vöcó…&
000000496 93 70 0D 72 48 8C 0C 93 6D 41 65 D5 84 94 78 E1 “p rHŒ “mAeÕ„”xá

Date Modified: 26/06/2013 01:21
Date Created: 26/06/2013 00:16


Whilst the third (laptop) reads a very different:

Quote:
Offset 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

000000000 A7 55 E6 34 BD 38 8A CE A0 37 E8 C2 75 DC 21 46 §Uæ4½8ŠÎ 7èÂuÜ!F
000000016 DA BE B2 44 01 31 66 BC 96 E5 A9 A0 FB FE EF 32 Ú¾²D 1f¼–å© ûþï2
000000032 57 B0 73 5C 29 DD 8D C9 DE 35 44 82 AC D9 D0 11 W°s\)Ý ÉÞ5D‚¬ÙÐ
000000048 44 71 B4 7F F0 02 42 B1 3C A1 64 1F 28 C4 11 B8 Dq´ ð B±<¡d (Ä ¸
000000064 DF 99 FB 39 AE 9E DC 82 83 2E 0F F0 5E 42 43 32 ß™û9®žÜ‚ƒ. ð^BC2
000000080 D0 49 F4 6D 47 8C F0 FE 41 F2 E2 A0 2F A1 C4 13 ÐIômGŒðþAòâ /¡Ä
000000096 FC 55 82 93 F8 F3 29 C6 7F 5B 23 04 EB C8 BB E2 üU‚“øó)Æ [# ëÈ»â
000000112 3C 62 E4 7A 4C EC 2E 66 C0 E3 8D E5 BC 09 E4 56 <bäzLì.fÀã å¼ äV
000000128 8B 68 03 14 85 74 A2 95 BD A0 2A CE BB 4B E8 F8 ‹h …t¢•½ *λKèø
000000144 A8 76 99 6A 67 25 F7 BB 80 30 E1 82 99 AA 1E CF ¨v™jg%÷»€0á‚™ª Ï
000000160 E5 08 49 E1 D0 75 54 E7 01 E3 AA 07 94 28 44 74 å IáÐuTç 㪠”(Dt
000000176 FE 3B A5 53 65 4E 1E C7 26 94 38 C0 E5 E4 97 08 þ;¥SeN Ç&”8Àåä—
000000192 A9 86 29 C1 AB F6 2A 07 23 20 4B 16 72 55 35 15 ©†)Á«ö* # K rU5
000000208 A9 45 5B EF EE F5 AE 2F 47 3A 5A F5 39 DD 0A 0E ©E[ïîõ®/G:Zõ9Ý
000000224 54 1D CA 88 C3 E9 63 07 1C 27 0B AD A1 20 C3 D3 T ʈÃéc ' ­¡ ÃÓ
000000240 13 7E 78 DB DD D8 E5 D3 81 82 7E 9C 25 4B 89 2F ~xÛÝØåÓ ‚~œ%K‰/
000000256 4A 89 71 89 76 A2 81 3D 13 CB 57 96 7D F2 BF 0E J‰q‰v¢ = ËW–}ò¿
000000272 CF C7 66 4B 05 79 3D 7D BD 3B 60 7A 21 C3 A3 76 ÏÇfK y=}½;`z!ãv
000000288 D3 19 1E E5 73 A0 B7 8B 44 E5 F9 DE A8 F8 CA E6 Ó ås ·‹DåùÞ¨øÊæ
000000304 BF E2 E2 28 D6 94 4A 93 00 30 F9 CD 16 25 1E 5C ¿ââ(Ö”J“ 0ùÍ % \
000000320 13 35 A4 C4 98 8B 1B 8A 37 14 2E 30 4E DD 80 5F 5¤Ä˜‹ Š7 .0NÝ€_
000000336 79 E3 5F 75 03 8F 2B 49 23 D2 60 FA F2 D7 4B FE yã_u +I#Ò`úò×Kþ
000000352 E8 97 0C 2D 6C E0 A7 A5 D6 48 66 85 B9 22 EC BD è— -l৥ÖHf…¹"ì½
000000368 5E 2C E3 B2 A4 FD C2 4B 50 73 2F 00 EE 29 FB 41 ^,㲤ýÂKPs/ î)ûA
000000384 03 8E 8E B6 E6 78 40 67 D2 91 D0 F7 C0 B8 7C 35 ŽŽ¶æx@gÒ‘Ð÷À¸|5
000000400 1D E2 AE D2 84 A4 03 0F A4 E9 21 F4 C7 AE 46 A3 â®Ò„¤ ¤é!ôÇ®F£
000000416 9A C9 4C B1 0D F5 16 AF 03 65 49 46 DB 6F 60 A7 šÉL± õ ¯ eIFÛo`§
000000432 B2 67 CD 3B F4 AB 1A 0D F3 7D FE 72 FA 15 51 91 ²gÍ;ô« ó}þrú Q‘
000000448 1B BD 64 F8 B1 D2 9C BD 13 8D A6 44 05 B4 62 39 ½dø±Òœ½ ¦D ´b9
000000464 A7 4E 1E 82 BC EA A9 05 9E 30 EE B6 52 00 DD 02 §N ‚¼ê© ž0î¶R Ý
000000480 9D 9A 50 26 E4 F3 87 CB DA E6 BA D4 73 8E EF CF šP&äó‡ËÚæºÔsŽïÏ
000000496 0E 5B BB 5F 43 85 99 9C CC E9 E6 ED 75 99 4B 6F [»_C…™œÌéæíu™Ko

Date created: 25/06/2013 18:37
Date Modified: 25/06/2013 19:34

Guessing I hadn't updated that third one as recently(?)


Have since been brute forcing BOTH copies of the files - on two different machines - with variations of what I'm almost positive my 18-24 digit password is / was (self doubt has started to set in so I've literally been trying every combination possible).

Correctly using the [Xx][Yy][Zz] kind of patterns and have run 24 lines (with slight variations) so far today alone to no avail. (Takes about 40 minutes to run each line as I can't even remember which algorithm I chose on creation so I have to test against all!) The worst thing is, is that I vividly remember screenshotting every single step of the container creation ...only to move said screenshots INTO the encrypted file once completed! DOH! (Have also tried to run Recuva to get those back but alas, they're long since re-written.)

Anyway, on with a few specific questions (if you wouldn't mind):

[*]Read a post here saying there were issues with correct passwords towards the top of a list not being found if you were running 2 or more threads(?) Has this been fixed or should I re-run all brute forces with just the 1 thread? I really am ...was so sure that this password was correct! Pulling my hair out.

[*]Is there a changelog / are there many differences between OTFBrutusGUI v0.2.0.3 & OTFBrutusGUI v0.2.0.4? Have been using 0.3 as it wasn't the beta but please lemme know if I should change.

[*]Is there anyway to run a sequence of password patterns in a row? Have been using those (password patterns) rather than single wordlists but it'd be handy to just run a batch of them at once - overnight for example.

Thanks so much for any, any, ANY advice you can give! This data literally means the world to me - I will (can) never give up on this. ...and/or ever be able to sleep. Thanks again.


Fri, 2013/11/22 5:47 am
Profile
Site Admin

Joined: Sun, 2005/04/03 7:02 pm
Posts: 302
Location: Los Angeles, CA USA
Unread post Re: OTFBrutusGUI: "Incorrect password or not a TrueCrypt vol
There is a history.txt file included in each download.

0.2.0.4 2012-03-16
Add the choice to use the embedded backup header (TrueCrypt v6.0 or greater)

The bug with "correct passwords towards the top of a list not being found if you were running 2 or more threads" has never been fixed. It seems to be hit or miss. Right now, I am running "---Outer Container Tests [1]---" from the thread you linked to with 16 threads and it has worked 20 times in a row. I saved the password pattern to a word list and ran it again using the word list, it failed the first time but has worked every time since.

What you can do, if your pattern doesn't create a super giant word list (and this will also help with your question about running multiple patterns at once):
1) Enter your 1st password pattern, press the "save word list" button. Open this word list in a text editor and add 40 or 50 dummy passwords at the top (this should get around the bug)
2) Enter your 2nd password pattern, press the "save word list" button. Open this word list in a text editor, copy it and paste it at the bottom of the 1st word list.
3) Enter your 3rd password pattern, press the "save word list" button. Open this word list in a text editor, copy it and paste it at the bottom of the 1st word list.
4) etc.
5) Change OTFBrutusGUI to process a word list instead of a password pattern and load the combined word list


Other suggestions...hmm, I don't have anything too helpful. Did you maybe use a keyfile? Do you want to show me your password patterns and tell me a little about your password to see if I think your patterns work?

If you have a supported GPU and only used AES, you could try oclHashcat Plus (have not tried it myself). It supposedly can be more than 100 times faster than my program.


Fri, 2013/11/22 1:00 pm
Profile WWW

Joined: Thu, 2013/11/21 7:16 pm
Posts: 5
Unread post Re: OTFBrutusGUI: "Incorrect password or not a TrueCrypt vol
Thanks for such a prompt reply, Tateu. Much appreciated! Not much to report from my end, but, an update nevertheless:

tateu wrote:
There is a history.txt file included in each download.

0.2.0.4 2012-03-16
Add the choice to use the embedded backup header (TrueCrypt v6.0 or greater)


Upgraded and ran all wordlists/patterns again using 0.2.0.4 (and also against the embedded headers). Sorry for not reading / noticing the .txt before.

tateu wrote:
The bug with "correct passwords towards the top of a list not being found if you were running 2 or more threads" has never been fixed. It seems to be hit or miss. Right now, I am running "---Outer Container Tests [1]---" from the thread you linked to with 16 threads and it has worked 20 times in a row. I saved the password pattern to a word list and ran it again using the word list, it failed the first time but has worked every time since.

What you can do, if your pattern doesn't create a super giant word list (and this will also help with your question about running multiple patterns at once):
1) Enter your 1st password pattern, press the "save word list" button. Open this word list in a text editor and add 40 or 50 dummy passwords at the top (this should get around the bug)
2) Enter your 2nd password pattern, press the "save word list" button. Open this word list in a text editor, copy it and paste it at the bottom of the 1st word list.
3) Enter your 3rd password pattern, press the "save word list" button. Open this word list in a text editor, copy it and paste it at the bottom of the 1st word list.
4) etc.
5) Change OTFBrutusGUI to process a word list instead of a password pattern and load the combined word list


Was helpful. Again, thank you.

Re-ran my 20 potential password patterns (this time against the embedded header) and saved each as a seperate .txt as per your method above, cut and paste them all into one .txt and then added "one" to "forty" - each on a seperate line (as below) - above.

one
two
three
four
five
six
seven
eight
nine
ten
eleven
twelve
thirteen
fourteen
fifteen
sixteen
seventeen
eighteen
nineteen
twenty
twentyone
twentytwo
twentythree
twentyfour
twentyfive
twentysix
twentyseven
twentyeight
twentynine
thirty
thirtyone
thirtytwo
thirtythree
thirtyfour
thirtyfive
thirtysix
thirtyseven
thirtyeight
thirtynine
forty

This then gave me 85,094 lines of potential password variations which I ran as a word list overnight last night (took 03:08:37 @ 7.52/s) but alas, nothing. No password found.

Either a. I changed my password to something COMPLETELY different pre-holiday, forgot it and now - for the life of me - can't remember (it is possible), or b. all three containers have somehow simultaneously corrupted themselves... Obviously leaning towards the first but man, this is driving me insane. Might try a defrag as per: http://hardforum.com/showthread.php?t=1570400 but yeah, really scraping the barrel now.

(Also recently tore my home AND computers apart looking for anywhere I may have written the "new" password down, too. I'm so sure I didn't change it but even if I did? Definitely didn't write it down anywhere.) On the plus side, using Recuva I did manage to ...recuva some of the (now lost) data that was on my hard drive before going into the container. Not sure if this has made me happy to have kept something or even sadder as it's a constant reminder of the rest that I have lost!

tateu wrote:
Other suggestions...hmm, I don't have anything too helpful. Did you maybe use a keyfile?


No, definitely didn't use a keyfile. I'm on the Desktop I used to create my container right now and (whether or not this actually means anything or not): the only files in AppData\Roaming\TrueCrypt are Configuration.xml and History.xml - no Default Keyfiles.xml which "may be absent if the corresponding TrueCrypt feature is not used". (I'm also absolutely positive I didn't use one. Also positive my password is the correct one though so...!) Again, losing my mind.

tateu wrote:
Do you want to show me your password patterns and tell me a little about your password to see if I think your patterns work?


My pass/won't-work-word is/was essentially just a miscellaneous 19-digit letter/number sequence that I've "memorised" over the years.

Basically, where an "A" represents a letter, "1" a number and "#" a symbol I'm pretty sure my password is/was:

AAAAAAAA1#1AAAAA1A

To make sure I was getting the order/case right I simply put every letter in a bracket with it's upper/lower case counterpart (and re-arranging them slightly each time):

[Aa][Bb][Cc][#][7&] etc etc etc. Definitely acting as I wanted (as seen in the saved wordlists generated my the password patterns).

The only next step I can think of right now is to perhaps generate a 19-digit pattern containing every character I think is in there, and letting it test literally EVERY combination of said letters possible (regardless of the order I think they should be in).

Would I be right in thinking I just need to test "AAAAAAAA1#1AAAAA1A{19:1}"? Don't even want to know how long that's going to take but, who knows, could get lucky early on(?)

tateu wrote:
If you have a supported GPU and only used AES, you could try oclHashcat Plus (have not tried it myself). It supposedly can be more than 100 times faster than my program.


Looked into it, sounds promising. Unfortunately, no, I don't have the spec. (Yet.) Will start saving as of yesterday. I'm really not sure if it was only AES I used either. Encryption... never again(!)

Thanks again for all of your help so far. Will hopefully solve this one day!


Sun, 2013/11/24 11:37 am
Profile
Site Admin

Joined: Sun, 2005/04/03 7:02 pm
Posts: 302
Location: Los Angeles, CA USA
Unread post Re: OTFBrutusGUI: "Incorrect password or not a TrueCrypt vol
The 2 versions of your headers above look random so it's not possible to tell, just from looking at them, whether they are valid or not. You say 2 of the 3 versions were created by copying the entire 110GB file. This means that all 3 headers should be 100% identical. The only way for the header to have changed is corruption or by using the "TC change password feature." And, as you have noted, it seems unlikely that all three files were corrupted separately and at the same time. And it's even more unlikely to have had 2 of the files corrupted in the same manner so that they still have an identical header.

Your 19 digit pattern would actually be [list of characters]{19:1}, so if you list of possible characters was aAdDhHrRtTyY4$8*.; it would look like [aAdDhHrRtTyY4$8*.;]{19:1}

Unfortunately, that is way beyond anything that can be tested. You'd be hard pressed to even solve [aAdDhHrRtTyY4$8*.;]{6:1} at ~7 p/s


Sun, 2013/11/24 12:09 pm
Profile WWW

Joined: Thu, 2013/11/21 7:16 pm
Posts: 5
Unread post Re: OTFBrutusGUI: "Incorrect password or not a TrueCrypt vol
tateu wrote:
The 2 versions of your headers above look random so it's not possible to tell, just from looking at them, whether they are valid or not. You say 2 of the 3 versions were created by copying the entire 110GB file. This means that all 3 headers should be 100% identical. The only way for the header to have changed is corruption or by using the "TC change password feature." And, as you have noted, it seems unlikely that all three files were corrupted separately and at the same time. And it's even more unlikely to have had 2 of the files corrupted in the same manner so that they still have an identical header.

Your 19 digit pattern would actually be [list of characters]{19:1}, so if you list of possible characters was aAdDhHrRtTyY4$8*.; it would look like [aAdDhHrRtTyY4$8*.;]{19:1}

Unfortunately, that is way beyond anything that can be tested. You'd be hard pressed to even solve [aAdDhHrRtTyY4$8*.;]{6:1} at ~7 p/s


Agreed.

Actually (finally) got some sleep last night - ran Photorec at 4am and managed to get back about 2,000 of my photos (pre-container) which made me feel a little better. (For anyone else reading this present or future who is perhaps in the same boat - check out Photorec - worked much better than Recuva as I mentioned using in my previous post.)

Woke up in a shitty mood however, absolutely adament that no, I did not change my password but upon re-reading your post, yeah, you're right: why wouldn't my "password" work in ANY of the three volumes(?) Cue spiral of self doubt again. What have I done(?!?!?!?!) ...did I change my password ...three times... and forget?!?!?!?!?!?!?!??!?!?!?!?!? I still don't think so, but...

There are a few people scattered across various forums with the same problem, mind (this one also from the past few days):

Quote:
Unhappy Truecrypt is unstable
I'm coming out openly today to say that Truecrypt is unstable.

My 230GB non-OS Truecrypt encrypted static container suddenly fails to accept correct password. No I did not forget the password. This is the second time it transpires within 2 years. Luckily, I have extra backup of my files.

Believe it or not, I know of a company working close to military, which uses Truecrypt as full disk encryption and they experience Truecrypt corruption. Sad stories but many people are still depending on Truecrypt as savior.

Such things do not happen to other encryption programs that I've been using like Dxxx and Jetico.

Thus, I do not recommend Truecrypt to anyone unless he/she is prepared to have extra data backup.


http://www.wilderssecurity.com/showthread.php?t=355934

Quote:
From my own experience and from reading hundreds of forum posts, here is what I would say about TrueCrypt stability.
The vast majority of "Incorrect password or not a TrueCrypt volume" issues are caused by instabilities in the Windows operating system and/or hardware failures. Windows crashes, sudden power losses, and hard disk failures can and do cause corrupted TrueCrypt volumes.


I really haven't had any crashes, hardware failures or sudden power losses though - especially across all three machines. Wonder if it could be something to do with a recent Windows 7 Update perhaps(?)

Anyway, will keep each and every one of my containers and no doubt occasionally keep trying anything and everything that comes to mind (literally for the rest of my life), but other than that I think I'm going to have to attempt to stop obsessing over this before I drive myself to (further) insanity.

Thanks for all of your support so far, Tateu, maybe in a few years...


Mon, 2013/11/25 4:36 am
Profile

Joined: Thu, 2013/11/21 7:16 pm
Posts: 5
Unread post Re: OTFBrutusGUI: "Incorrect password or not a TrueCrypt vol
Quote:
Originally Posted by Mark R
Truecrypt encrypted drives are extemely fragile in case of unclean shutdown, or unsafe drive removal. I've experimented a lot with truecrypt. I've tested unclean shutdowns (e.g. PC crash, power failure, reset button pressed) and unclean removal - in 100% of my tests, all data on the drive was unrecoverable.


Quote:
About unclean shutdowns - sure an encrypted drive is obviously much more fragile (and don't even start about recovering data), but I'd think if you made sure that no data was buffered by the OS (both windows and linux do have that option iirc) that should make this safer. At least that way you have to yank it right while it's writing data to corrupt it - and that problem could only be solved by using an advanced FS (and since most USB practically need to use FAT for compatibility reasons we're doomed there :p )


Quote:
That's what I thought, and is why I tested it very thoroughly.

Even if the drive had been idle for a considerable period of time, I had 100% corruption every unclean shutdown.


http://forums.anandtech.com/showthread.php?t=2166480

Maybe this is where it got me.


Mon, 2013/11/25 5:03 am
Profile
Site Admin

Joined: Sun, 2005/04/03 7:02 pm
Posts: 302
Location: Los Angeles, CA USA
Unread post Re: OTFBrutusGUI: "Incorrect password or not a TrueCrypt vol
I've had a file hosted TC container on my work Win 7 x64 computer since November 2009 that gets automounted when the computer boots.. It has never had a single issue and my computer has both bluescreened and been shutdown uncleanly.


Mon, 2013/11/25 11:15 am
Profile WWW
Site Admin

Joined: Sun, 2005/04/03 7:02 pm
Posts: 302
Location: Los Angeles, CA USA
Unread post Re: OTFBrutusGUI: "Incorrect password or not a TrueCrypt vol
Are you trying to open a standard volume or a hidden volume? You must select the correct "Volume Type" option in OTFBrutusGUI.


Mon, 2013/11/25 12:08 pm
Profile WWW

Joined: Thu, 2013/11/21 7:16 pm
Posts: 5
Unread post Re: OTFBrutusGUI: "Incorrect password or not a TrueCrypt vol
tateu wrote:
Are you trying to open a standard volume or a hidden volume? You must select the correct "Volume Type" option in OTFBrutusGUI.


Standard. (Volume Type is/has been correct.)

Saving up for a new rig (for Hashcat Plus) and a new hard drive (for multiple backups) and then I'm going to run a few chkdsks etc etc just to completely rule out corruption. THEN I will truly go to town with the brute forcing. Even if takes ten years, I will get these files back...!

Will let you know if/when I make any progess. Thanks again (so much) for your assistance so far.


Wed, 2013/12/04 3:38 am
Profile
Display posts from previous:  Sort by  
Reply to topic   [ 9 posts ] 

Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by ST Software