TrueCrack

Overview

TrueCrack is a specialized password cracking tool designed to recover passwords for TrueCrypt and VeraCrypt encrypted volumes. It uses GPU acceleration to perform brute force and dictionary attacks against encrypted containers, making it significantly faster than CPU-only approaches. TrueCrack is commonly used in forensic investigations and authorized penetration testing to recover access to encrypted storage devices.

TrueCrack leverages NVIDIA CUDA and OpenCL for GPU acceleration, achieving millions of passwords-per-second throughput compared to thousands with CPU-only methods.

Installation

Prerequisites

# Install CUDA toolkit (for NVIDIA GPU)
sudo apt-get install nvidia-cuda-toolkit

# Install OpenCL libraries (for AMD GPU)
sudo apt-get install ocl-icd-libopencl1 amdgpu-pro

# Python and libraries
sudo apt-get install python3 python3-pip

From Kali Linux

sudo apt-get update
sudo apt-get install truecrack

From Source

git clone https://github.com/e-ago/truecrack.git
cd truecrack
make

Docker Installation

docker run --gpus all -it kalilinux/kali-rolling truecrack

Basic Usage

Command	Purpose
`truecrack -t VOLUME`	Start cracking TrueCrypt/VeraCrypt volume
`truecrack -t VOLUME -w WORDLIST`	Dictionary attack with wordlist
`truecrack -t VOLUME -c CHARSET`	Brute force with character set
`truecrack -t VOLUME -k KEYFILE`	Test with keyfile
`truecrack -t VOLUME --outdir DIR`	Save recovery log

Volume Preparation

Mounting Encrypted Volumes

# Identify encrypted volume
lsblk -a
sudo fdisk -l

# Example: /dev/sdb1 is the encrypted volume
sudo file /dev/sdb1
# Should show: LUKS encrypted file, ...

Creating Test Volumes

# Create TrueCrypt volume for testing
truecrypt --create test_volume.tc --size 100M --password testpass123

# Create VeraCrypt volume
veracrypt --create test_volume.vc --size 100M --password testpass123

# Verify volume
file test_volume.tc

Volume Extraction

# Extract volume file from mounted USB
sudo dd if=/dev/sdb1 of=encrypted_volume.tc bs=4M

# Verify extraction
ls -lh encrypted_volume.tc
file encrypted_volume.tc

Dictionary Attack

Basic Dictionary Cracking

# Single wordlist attack
truecrack -t encrypted_volume.tc -w /usr/share/wordlists/rockyou.txt

# Output shows password if found:
# [+] Password found: MyPassword123!
# [+] Time elapsed: 2 min 34 sec

Multiple Wordlists

# Chain multiple wordlists
cat wordlist1.txt wordlist2.txt > combined.txt
truecrack -t encrypted_volume.tc -w combined.txt

# Test common passwords
truecrack -t encrypted_volume.tc -w /usr/share/wordlists/fasttrack.txt

Wordlist Generation

# Generate custom wordlist from keywords
crunch 8 12 "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" > custom.txt

# Generate from dictionary with mutations
hashcat -w 1 --stdout rockyou.txt | sort -u > expanded.txt

# Create date-based passwords
for year in 2015 2016 2017 2018 2019 2020 2021; do
    echo "Password$year" >> dates.txt
done

truecrack -t encrypted_volume.tc -w dates.txt

Brute Force Attack

Character Set Definition

# Lowercase letters only
truecrack -t encrypted_volume.tc -c "abcdefghijklmnopqrstuvwxyz" -m 8

# Numbers only
truecrack -t encrypted_volume.tc -c "0123456789" -m 8

# Alphanumeric
truecrack -t encrypted_volume.tc -c "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" -m 8

# Special characters included
truecrack -t encrypted_volume.tc -c "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()" -m 8

Length Parameters

# Set minimum length
truecrack -t encrypted_volume.tc -c "abcdefghijklmnopqrstuvwxyz" -m 4

# Set maximum length
truecrack -t encrypted_volume.tc -c "abcdefghijklmnopqrstuvwxyz" -M 8

# Range: minimum and maximum
truecrack -t encrypted_volume.tc -c "abcdefghijklmnopqrstuvwxyz" -m 6 -M 10

GPU Acceleration Options

# Use NVIDIA GPU
truecrack -t encrypted_volume.tc -c "abcdefghijklmnopqrstuvwxyz" --gpu nvidia

# Use AMD GPU
truecrack -t encrypted_volume.tc -c "abcdefghijklmnopqrstuvwxyz" --gpu amd

# Use all available devices
truecrack -t encrypted_volume.tc -c "abcdefghijklmnopqrstuvwxyz" --gpu all

# Specify GPU device
truecrack -t encrypted_volume.tc -c "abcdefghijklmnopqrstuvwxyz" --device 0

Keyfile Cracking

Keyfile Attack

# Test with suspected keyfile
truecrack -t encrypted_volume.tc -k keyfile.bin

# Multiple keyfiles
for keyfile in *.bin; do
    truecrack -t encrypted_volume.tc -k "$keyfile"
done

Keyfile Generation

# Extract potential keyfile from disk
sudo dd if=/dev/sdb of=potential_key.bin bs=1 count=64 skip=1000000

# Test extracted keyfile
truecrack -t encrypted_volume.tc -k potential_key.bin

# Common keyfile locations
sudo find / -name "*.key" 2>/dev/null | while read keyfile; do
    truecrack -t encrypted_volume.tc -k "$keyfile"
done

Advanced Attack Strategies

Hybrid Attack (Dictionary + Brute Force)

# Dictionary attack followed by patterns
hashcat -a 6 -m 13711 encrypted_volume.tc rockyou.txt ?d?d?d

# Use rules on dictionary
hashcat -r rules/best64.rule rockyou.txt > mutated.txt
truecrack -t encrypted_volume.tc -w mutated.txt

Pattern-Based Attacks

# Test common patterns
patterns="Password1 Password123 Admin123 Welcome2021 Company123"
echo "$patterns" | tr ' ' '\n' > patterns.txt
truecrack -t encrypted_volume.tc -w patterns.txt

Rainbow Table Attack

# Create pre-computed hashes (time-intensive, runs once)
rtgen LM alpha 1 8 0 3000 0

# Use with truecrack
truecrack -t encrypted_volume.tc --rainbow rainbow_table.rt

Performance Optimization

GPU Utilization

# Check GPU status
nvidia-smi

# Monitor GPU during cracking
watch -n 1 nvidia-smi

# Adjust GPU memory usage
truecrack -t encrypted_volume.tc -w rockyou.txt --gpu-mem 4096

Performance Benchmarking

# Benchmark cracking speed
truecrack -t encrypted_volume.tc -c "abcdefghijklmnopqrstuvwxyz" --benchmark

# Output shows:
# Passwords per second: 15,234,567
# Estimated time for 8-char password: ~14 hours

Parallel Processing

# Use multiple GPU devices
truecrack -t encrypted_volume.tc -w rockyou.txt --device 0,1,2,3

# Distribute across machines
split -l 1000000 rockyou.txt wordlist_
for file in wordlist_*; do
    truecrack -t encrypted_volume.tc -w "$file" &
done
wait

VeraCrypt Specific Options

VeraCrypt Volume Detection

# Identify VeraCrypt volumes
file encrypted_volume.vc

# Test VeraCrypt-specific features
truecrack -t encrypted_volume.vc --veracrypt

# VeraCrypt hidden volume
truecrack -t encrypted_volume.vc --veracrypt --hidden

VeraCrypt Algorithms

# Specify encryption algorithm
truecrack -t encrypted_volume.vc --algorithm AES

# Test multiple algorithms
for algo in AES Serpent Twofish; do
    truecrack -t encrypted_volume.vc --algorithm $algo -w rockyou.txt
done

VeraCrypt with PIM (Personal Iterations Multiplier)

# Standard PIM (default)
truecrack -t encrypted_volume.vc -w rockyou.txt

# Custom PIM value
truecrack -t encrypted_volume.vc -w rockyou.txt --pim 485

# Test PIM range
for pim in 485 1000 5000; do
    truecrack -t encrypted_volume.vc -w rockyou.txt --pim $pim
done

Recovery and Verification

Successful Recovery

# When password found
[+] Password found: MySecurePassword123!
[+] Time elapsed: 2 min 34 sec
[+] Total attempts: 45,234,567

# Mount recovered volume
truecrypt --text --mount --password "MySecurePassword123!" encrypted_volume.tc /mnt/recovered

# Verify access
ls -la /mnt/recovered/

Save Progress

# Resume from checkpoint
truecrack -t encrypted_volume.tc -w rockyou.txt --resume checkpoint.bin

# Save progress every N seconds
truecrack -t encrypted_volume.tc -w rockyou.txt --save-interval 300

Logging

# Save detailed log
truecrack -t encrypted_volume.tc -w rockyou.txt --log cracking.log

# Monitor log in real-time
tail -f cracking.log

# Extract successful password
grep "found\|succeeded" cracking.log

Forensic Applications

Chain of Custody

# Create forensic copy
sudo dcfldd if=/dev/sdb of=forensic_image.dd hashlog=dcfldd.log

# Calculate hash
sudo md5sum forensic_image.dd > forensic_image.md5

# Work on copy, not original
truecrack -t forensic_image.dd.tc -w rockyou.txt

Documentation

# Create incident report
cat > incident_report.txt << EOF
Evidence: encrypted_volume.tc
Date collected: $(date)
Hash: $(md5sum encrypted_volume.tc)
Method: Dictionary attack with GPU acceleration
Wordlist: rockyou.txt
Result: Password recovered
Password: [REDACTED]
Time elapsed: 2 hours 45 minutes
EOF

Troubleshooting

Common Issues

Issue	Solution
GPU not detected	Install proper drivers: `nvidia-smi`
Memory error	Reduce GPU memory, use CPU mode
Volume not recognized	Verify volume type with `file` command
No progress shown	Check volume path, ensure sufficient permissions
Extremely slow cracking	Verify GPU is being used, check memory

Debug Mode

# Verbose output
truecrack -t encrypted_volume.tc -w rockyou.txt -v

# Show all attempts
truecrack -t encrypted_volume.tc -w rockyou.txt -vv

# Debug GPU initialization
truecrack --debug-gpu

Performance Diagnosis

# Check CUDA installation
nvcc --version

# Test GPU memory
nvidia-smi --query-gpu=memory.total --format=csv

# Verify OpenCL
clinfo | grep Device

Estimation and Planning

Time Estimation Calculator

# Calculate estimated time
# For 8-character lowercase: 26^8 = 208,827,064,576 combinations
# At 15M passwords/sec: ~4 hours

# For 8-character alphanumeric: 62^8 = 218,340,105,584,896
# At 15M passwords/sec: ~460 hours (19 days)

# Estimate function
estimate_time() {
    charset_size=$1
    password_length=$2
    speed=$3
    total=$((charset_size ** password_length))
    echo "Estimated time: $((total / speed / 3600)) hours"
}

# Example: 26 chars, 8 length, 15M speed
estimate_time 26 8 15000000

Security Considerations

Authorization: Only crack volumes you own or have explicit permission to test
Data Protection: Handle recovered data with confidentiality protocols
Legal Compliance: Follow applicable laws and organizational policies
Documentation: Maintain detailed records for audit trails
Destruction: Securely destroy sensitive recovered data when no longer needed

Resources

TrueCrack GitHub: https://github.com/e-ago/truecrack
TrueCrypt Documentation: https://www.truecrypt.org/
VeraCrypt Documentation: https://www.veracrypt.fr/
NVIDIA CUDA: https://developer.nvidia.com/cuda-downloads
GPU Password Cracking: https://hashcat.net/

TrueCrack is essential for forensic investigators and security professionals who need to recover access to encrypted TrueCrypt and VeraCrypt volumes during authorized investigations and authorized penetration testing engagements.