TrueCrack
Overview
섹션 제목: “Overview”TrueCrack is a specialized password cracking tool designed to recover passwords for TrueCrypt and VeraCrypt encrypted volumes. It uses GPU acceleration to perform brute force and dictionary attacks against encrypted containers, making it significantly faster than CPU-only approaches. TrueCrack is commonly used in forensic investigations and authorized penetration testing to recover access to encrypted storage devices.
TrueCrack leverages NVIDIA CUDA and OpenCL for GPU acceleration, achieving millions of passwords-per-second throughput compared to thousands with CPU-only methods.
Installation
섹션 제목: “Installation”Prerequisites
섹션 제목: “Prerequisites”# Install CUDA toolkit (for NVIDIA GPU)
sudo apt-get install nvidia-cuda-toolkit
# Install OpenCL libraries (for AMD GPU)
sudo apt-get install ocl-icd-libopencl1 amdgpu-pro
# Python and libraries
sudo apt-get install python3 python3-pipFrom Kali Linux
섹션 제목: “From Kali Linux”sudo apt-get update
sudo apt-get install truecrackFrom Source
섹션 제목: “From Source”git clone https://github.com/e-ago/truecrack.git
cd truecrack
makeDocker Installation
섹션 제목: “Docker Installation”docker run --gpus all -it kalilinux/kali-rolling truecrackBasic Usage
섹션 제목: “Basic Usage”| Command | Purpose |
|---|---|
truecrack -t VOLUME | Start cracking TrueCrypt/VeraCrypt volume |
truecrack -t VOLUME -w WORDLIST | Dictionary attack with wordlist |
truecrack -t VOLUME -c CHARSET | Brute force with character set |
truecrack -t VOLUME -k KEYFILE | Test with keyfile |
truecrack -t VOLUME --outdir DIR | Save recovery log |
Volume Preparation
섹션 제목: “Volume Preparation”Mounting Encrypted Volumes
섹션 제목: “Mounting Encrypted Volumes”# Identify encrypted volume
lsblk -a
sudo fdisk -l
# Example: /dev/sdb1 is the encrypted volume
sudo file /dev/sdb1
# Should show: LUKS encrypted file, ...Creating Test Volumes
섹션 제목: “Creating Test Volumes”# Create TrueCrypt volume for testing
truecrypt --create test_volume.tc --size 100M --password testpass123
# Create VeraCrypt volume
veracrypt --create test_volume.vc --size 100M --password testpass123
# Verify volume
file test_volume.tcVolume Extraction
섹션 제목: “Volume Extraction”# Extract volume file from mounted USB
sudo dd if=/dev/sdb1 of=encrypted_volume.tc bs=4M
# Verify extraction
ls -lh encrypted_volume.tc
file encrypted_volume.tcDictionary Attack
섹션 제목: “Dictionary Attack”Basic Dictionary Cracking
섹션 제목: “Basic Dictionary Cracking”# Single wordlist attack
truecrack -t encrypted_volume.tc -w /usr/share/wordlists/rockyou.txt
# Output shows password if found:
# [+] Password found: MyPassword123!
# [+] Time elapsed: 2 min 34 secMultiple Wordlists
섹션 제목: “Multiple Wordlists”# Chain multiple wordlists
cat wordlist1.txt wordlist2.txt > combined.txt
truecrack -t encrypted_volume.tc -w combined.txt
# Test common passwords
truecrack -t encrypted_volume.tc -w /usr/share/wordlists/fasttrack.txtWordlist Generation
섹션 제목: “Wordlist Generation”# Generate custom wordlist from keywords
crunch 8 12 "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" > custom.txt
# Generate from dictionary with mutations
hashcat -w 1 --stdout rockyou.txt | sort -u > expanded.txt
# Create date-based passwords
for year in 2015 2016 2017 2018 2019 2020 2021; do
echo "Password$year" >> dates.txt
done
truecrack -t encrypted_volume.tc -w dates.txtBrute Force Attack
섹션 제목: “Brute Force Attack”Character Set Definition
섹션 제목: “Character Set Definition”# Lowercase letters only
truecrack -t encrypted_volume.tc -c "abcdefghijklmnopqrstuvwxyz" -m 8
# Numbers only
truecrack -t encrypted_volume.tc -c "0123456789" -m 8
# Alphanumeric
truecrack -t encrypted_volume.tc -c "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" -m 8
# Special characters included
truecrack -t encrypted_volume.tc -c "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()" -m 8Length Parameters
섹션 제목: “Length Parameters”# Set minimum length
truecrack -t encrypted_volume.tc -c "abcdefghijklmnopqrstuvwxyz" -m 4
# Set maximum length
truecrack -t encrypted_volume.tc -c "abcdefghijklmnopqrstuvwxyz" -M 8
# Range: minimum and maximum
truecrack -t encrypted_volume.tc -c "abcdefghijklmnopqrstuvwxyz" -m 6 -M 10GPU Acceleration Options
섹션 제목: “GPU Acceleration Options”# Use NVIDIA GPU
truecrack -t encrypted_volume.tc -c "abcdefghijklmnopqrstuvwxyz" --gpu nvidia
# Use AMD GPU
truecrack -t encrypted_volume.tc -c "abcdefghijklmnopqrstuvwxyz" --gpu amd
# Use all available devices
truecrack -t encrypted_volume.tc -c "abcdefghijklmnopqrstuvwxyz" --gpu all
# Specify GPU device
truecrack -t encrypted_volume.tc -c "abcdefghijklmnopqrstuvwxyz" --device 0Keyfile Cracking
섹션 제목: “Keyfile Cracking”Keyfile Attack
섹션 제목: “Keyfile Attack”# Test with suspected keyfile
truecrack -t encrypted_volume.tc -k keyfile.bin
# Multiple keyfiles
for keyfile in *.bin; do
truecrack -t encrypted_volume.tc -k "$keyfile"
doneKeyfile Generation
섹션 제목: “Keyfile Generation”# Extract potential keyfile from disk
sudo dd if=/dev/sdb of=potential_key.bin bs=1 count=64 skip=1000000
# Test extracted keyfile
truecrack -t encrypted_volume.tc -k potential_key.bin
# Common keyfile locations
sudo find / -name "*.key" 2>/dev/null | while read keyfile; do
truecrack -t encrypted_volume.tc -k "$keyfile"
doneAdvanced Attack Strategies
섹션 제목: “Advanced Attack Strategies”Hybrid Attack (Dictionary + Brute Force)
섹션 제목: “Hybrid Attack (Dictionary + Brute Force)”# Dictionary attack followed by patterns
hashcat -a 6 -m 13711 encrypted_volume.tc rockyou.txt ?d?d?d
# Use rules on dictionary
hashcat -r rules/best64.rule rockyou.txt > mutated.txt
truecrack -t encrypted_volume.tc -w mutated.txtPattern-Based Attacks
섹션 제목: “Pattern-Based Attacks”# Test common patterns
patterns="Password1 Password123 Admin123 Welcome2021 Company123"
echo "$patterns" | tr ' ' '\n' > patterns.txt
truecrack -t encrypted_volume.tc -w patterns.txtRainbow Table Attack
섹션 제목: “Rainbow Table Attack”# Create pre-computed hashes (time-intensive, runs once)
rtgen LM alpha 1 8 0 3000 0
# Use with truecrack
truecrack -t encrypted_volume.tc --rainbow rainbow_table.rtPerformance Optimization
섹션 제목: “Performance Optimization”GPU Utilization
섹션 제목: “GPU Utilization”# Check GPU status
nvidia-smi
# Monitor GPU during cracking
watch -n 1 nvidia-smi
# Adjust GPU memory usage
truecrack -t encrypted_volume.tc -w rockyou.txt --gpu-mem 4096Performance Benchmarking
섹션 제목: “Performance Benchmarking”# Benchmark cracking speed
truecrack -t encrypted_volume.tc -c "abcdefghijklmnopqrstuvwxyz" --benchmark
# Output shows:
# Passwords per second: 15,234,567
# Estimated time for 8-char password: ~14 hoursParallel Processing
섹션 제목: “Parallel Processing”# Use multiple GPU devices
truecrack -t encrypted_volume.tc -w rockyou.txt --device 0,1,2,3
# Distribute across machines
split -l 1000000 rockyou.txt wordlist_
for file in wordlist_*; do
truecrack -t encrypted_volume.tc -w "$file" &
done
waitVeraCrypt Specific Options
섹션 제목: “VeraCrypt Specific Options”VeraCrypt Volume Detection
섹션 제목: “VeraCrypt Volume Detection”# Identify VeraCrypt volumes
file encrypted_volume.vc
# Test VeraCrypt-specific features
truecrack -t encrypted_volume.vc --veracrypt
# VeraCrypt hidden volume
truecrack -t encrypted_volume.vc --veracrypt --hiddenVeraCrypt Algorithms
섹션 제목: “VeraCrypt Algorithms”# Specify encryption algorithm
truecrack -t encrypted_volume.vc --algorithm AES
# Test multiple algorithms
for algo in AES Serpent Twofish; do
truecrack -t encrypted_volume.vc --algorithm $algo -w rockyou.txt
doneVeraCrypt with PIM (Personal Iterations Multiplier)
섹션 제목: “VeraCrypt with PIM (Personal Iterations Multiplier)”# Standard PIM (default)
truecrack -t encrypted_volume.vc -w rockyou.txt
# Custom PIM value
truecrack -t encrypted_volume.vc -w rockyou.txt --pim 485
# Test PIM range
for pim in 485 1000 5000; do
truecrack -t encrypted_volume.vc -w rockyou.txt --pim $pim
doneRecovery and Verification
섹션 제목: “Recovery and Verification”Successful Recovery
섹션 제목: “Successful Recovery”# When password found
[+] Password found: MySecurePassword123!
[+] Time elapsed: 2 min 34 sec
[+] Total attempts: 45,234,567
# Mount recovered volume
truecrypt --text --mount --password "MySecurePassword123!" encrypted_volume.tc /mnt/recovered
# Verify access
ls -la /mnt/recovered/Save Progress
섹션 제목: “Save Progress”# Resume from checkpoint
truecrack -t encrypted_volume.tc -w rockyou.txt --resume checkpoint.bin
# Save progress every N seconds
truecrack -t encrypted_volume.tc -w rockyou.txt --save-interval 300Logging
섹션 제목: “Logging”# Save detailed log
truecrack -t encrypted_volume.tc -w rockyou.txt --log cracking.log
# Monitor log in real-time
tail -f cracking.log
# Extract successful password
grep "found\|succeeded" cracking.logForensic Applications
섹션 제목: “Forensic Applications”Chain of Custody
섹션 제목: “Chain of Custody”# Create forensic copy
sudo dcfldd if=/dev/sdb of=forensic_image.dd hashlog=dcfldd.log
# Calculate hash
sudo md5sum forensic_image.dd > forensic_image.md5
# Work on copy, not original
truecrack -t forensic_image.dd.tc -w rockyou.txtDocumentation
섹션 제목: “Documentation”# Create incident report
cat > incident_report.txt << EOF
Evidence: encrypted_volume.tc
Date collected: $(date)
Hash: $(md5sum encrypted_volume.tc)
Method: Dictionary attack with GPU acceleration
Wordlist: rockyou.txt
Result: Password recovered
Password: [REDACTED]
Time elapsed: 2 hours 45 minutes
EOFTroubleshooting
섹션 제목: “Troubleshooting”Common Issues
섹션 제목: “Common Issues”| Issue | Solution |
|---|---|
| GPU not detected | Install proper drivers: nvidia-smi |
| Memory error | Reduce GPU memory, use CPU mode |
| Volume not recognized | Verify volume type with file command |
| No progress shown | Check volume path, ensure sufficient permissions |
| Extremely slow cracking | Verify GPU is being used, check memory |
Debug Mode
섹션 제목: “Debug Mode”# Verbose output
truecrack -t encrypted_volume.tc -w rockyou.txt -v
# Show all attempts
truecrack -t encrypted_volume.tc -w rockyou.txt -vv
# Debug GPU initialization
truecrack --debug-gpuPerformance Diagnosis
섹션 제목: “Performance Diagnosis”# Check CUDA installation
nvcc --version
# Test GPU memory
nvidia-smi --query-gpu=memory.total --format=csv
# Verify OpenCL
clinfo | grep DeviceEstimation and Planning
섹션 제목: “Estimation and Planning”Time Estimation Calculator
섹션 제목: “Time Estimation Calculator”# Calculate estimated time
# For 8-character lowercase: 26^8 = 208,827,064,576 combinations
# At 15M passwords/sec: ~4 hours
# For 8-character alphanumeric: 62^8 = 218,340,105,584,896
# At 15M passwords/sec: ~460 hours (19 days)
# Estimate function
estimate_time() {
charset_size=$1
password_length=$2
speed=$3
total=$((charset_size ** password_length))
echo "Estimated time: $((total / speed / 3600)) hours"
}
# Example: 26 chars, 8 length, 15M speed
estimate_time 26 8 15000000Security Considerations
섹션 제목: “Security Considerations”- Authorization: Only crack volumes you own or have explicit permission to test
- Data Protection: Handle recovered data with confidentiality protocols
- Legal Compliance: Follow applicable laws and organizational policies
- Documentation: Maintain detailed records for audit trails
- Destruction: Securely destroy sensitive recovered data when no longer needed
Resources
섹션 제목: “Resources”- TrueCrack GitHub: https://github.com/e-ago/truecrack
- TrueCrypt Documentation: https://www.truecrypt.org/
- VeraCrypt Documentation: https://www.veracrypt.fr/
- NVIDIA CUDA: https://developer.nvidia.com/cuda-downloads
- GPU Password Cracking: https://hashcat.net/
TrueCrack is essential for forensic investigators and security professionals who need to recover access to encrypted TrueCrypt and VeraCrypt volumes during authorized investigations and authorized penetration testing engagements.