This document discusses tools for recovering a partially lost Truecrypt password using a GPU when 4-5 symbols of the password are unknown. It describes the tools TrueCrack and oclHashCat, how they work by using the salt and encrypted string in the Truecrypt header to brute force possible passwords, and provides an example command to use oclHashCat to try passwords with unknown case and symbols replaced with wildcards.

1. Daily hack
Truecrypt GPU partial password
recovery By George Lagoda
Feb 15, 2014

2. /wh0x41mi
George Lagoda
 Security expert
 Pentester
 Interests: [deep|web]penetrations,
revers, forensics,
Work at . . .

3. Again about recovery

4. Maybe again about Anna 

5. What I had?
• Partialy lost TC passwd
• 4-5 symbols lost or we have something like:
[Y|y]a[L|l]ublu[S|s]vou[K|k]isku
So we either do not remember 1-2-3-4-5
symbols
Or Don’t remember symbols’ case

6. Tools for Linux
TrueCrack
Written for Linux
Optimized for CUDA (NVDIA dependence )
Supports most of TC hash types and encryption
methods
But what is AMD or WINDOWS?

7. oclHashCat, the almighty 
Supports both CUDA and OpenCL, lot of
modules, hard to understand
>cudaHashcat64 –help
621Y = TrueCrypt 5.0+ PBKDF2-HMAC-RipeMD160
622Y = TrueCrypt 5.0+ PBKDF2-HMAC-SHA512
623Y = TrueCrypt 5.0+ PBKDF2-HMAC-Whirlpool
624Y = TrueCrypt 5.0+ PBKDF2-HMAC-RipeMD160 boot-mode

8. How this all work?
Offset(bytes) Size Description
0 64 Salt
64 4 ASCII string “TRUE” (encrypted)
Usually we know hash type, we have salt and encrypted string.
HACK Time?

9. Some more options

10. So lets give it a hack
cudaHashcat64.exe -m 6211 C:Tempanna_secret.tc -a 3 -1 ?l?u?d ?1?1wer?1Y -o
C:Tempanna.txt

11. Results 

12. Daily hack : Truecrypt GPU partial password recovery
The end.