C++ Brutefocing Truecrypt

[BlaineSch]

TrueCrypt is a software application used for real-time on-the-fly encryption. It encourages a 20 character password which is obviously easy to forget. So just in case you did forget it I made this program for you!

You can download Truecrypt from their website:
TrueCrypt - Free Open-Source On-The-Fly Disk Encryption Software for Windows Vista/XP, Mac OS X and Linux

Made this program to break into a truecrypt container. Started in PHP, then Java, finally C++ lol just thought it would work better.

You need to make sure this is in the truecrypt directory. Make sure to set "charset" and "max"

If you want to change how this works you can check out line 15 and this link

Try using the code below as-is to crack this sample truecrypt container!

Code:

Sample File:
     http://www.blainesch.com/codecall/file.tc
File passord:
     hello

Code:

#include <iostream>
#include <sstream>
#include <string>
using namespace std;
//all possible characters in the password
string charset = "helo";
//maximum number of characters in password
int max = 5;
int length = charset.length();
char buffer[60];
char temp[60];
bool check(string password) {
	//checks if the password is correct or not
	strcpy(temp, password.c_str());
	sprintf(buffer, "truecrypt /s /lz /v file.tc /p %s /q", temp);
	if(system(buffer)==0) {
		cout << "True:  " <<password << endl;
		return true;
	} else {
	  	cout << "False: " << password << endl;
		return false;
	}
}
bool recurse(int width, int position, string base_string) {
	//this just creates the potential passwords recursively
	for (int i = 0; i < length; ++i) {
		if (position  < width - 1) {
			if(recurse(width, position + 1, base_string + charset.substr(i, 1))) {
				return true;
			}
		}
		//throws it into my test page
		if(check(base_string + charset.substr(i, 1))) {
			return true;
		}
	}
	return false;
}
main() {
	//discounts the Z drive to make sure its not already in use.
	system("truecrypt /dz");
	recurse(max, 0, "");
	int wait;
	cout << "Waiting...";
	cin >> wait;
}

v1.5
Took an if statement out of "recurse" and put it outside so it only had to check one instead of charset.length() times.
Made it so it guesses 3 passwords at a time. It checks each line just as fast but checks 3 passwords at a time so 3x faster!

Code:

#include <iostream>
#include <sstream>
#include <string>
using namespace std;
//all possible characters in the password
string charset = "helo";
int jj = 0;
string jp = "";
int length = charset.length();
char buffer[60];
bool check(string password) {
	if(jj == 2) {
    		jp += " /p "+password;
    		sprintf(buffer, "truecrypt /q /s /lx /v file.tc %s", jp.c_str());
		if(system(buffer)==0) {
			cout << "True:  " << jp << endl;
			return true;
		} else {
			cout << "False: " << jp << endl;
		}
		jj = 0;
		jp = "";      
	} else {
		jj++;
		jp += " /p "+password;
	}
	return false;
}
bool recurse(int width, int position, string base_string) {
	if(position < width - 1) {
		for (int i = 0; i < length; ++i) {
			if(recurse(width, position + 1, base_string + charset.substr(i, 1))) {
				return true;
			}
			if(check(base_string + charset.substr(i, 1))) {
				return true;
			}
		}
	} else {
		for (int i = 0; i < length; ++i) {
			if(check(base_string + charset.substr(i, 1))) {
				return true;
			}
		}
	}
	return false;
}
main() {
	recurse(5, 0, ""); //insert max width here
	int wait;
	cout << "Waiting...";
	cin >> wait;
}

[Brandon W]

Interesting, thanks mate I will run this later just for the fun of it but how do we create a truecrypt file and how do we encrypt it with a password?

[BlaineSch]

You can download truecrypt here!

Its just a file encryption program. The purpose is to encrypt things so I am sure once you download it you should find it simple enough to make a container. It comes with a tutorial tho just incase.

Edit:
Oh btw I did post a truecrypt file on a link up there.. the file.tc one

[Brandon W]

OK thanks mate I'm going to have fun with this now haha, see if it can get what I give it

I noticed, thanks mate

[BlaineSch]

I hope you like it I think I put something inside of file.tc .. I think it was the bruteforce program itself lol...

Well have fun and post your results here!

[Brandon W]

My TrueCrypt file is being stupid so I'll try it later. I'm going to go read for a little bit and hopefully feel a bit better

I'll post my results after, can I input the whole alphabet and numbers 0-9?

[BlaineSch]

Yes you can input any characters you want. I made it this way because I know some characters wont ever be in my password. I knew that I combined like 3 of my passwords and I just need to figure out which 3 I used. I know that none of my passwords contained some characters like "z" or "%" basically so I just omitted those.

Code:

string charset = "helo";

Just put all the characters you want in there e.g.

Code:

string charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_+-=";

That is pretty much all of them =)

Edit:
Do realize tho to figure out how many possible attempts it going to make its basically characters to the power of the password length.

So lets say you know its just lowercase, and its between 18 and 22 characters.
(26^22)-(26^17)=13,471,427,500,000,000,000,000,000,000,000

Thats a lot of possibilities, so the fewer characters you have in that variable the faster it goes!

[Brandon W]

I'm going to run one like that haha

[marwex89]

lol I use truecrypt a lot. My password is like 30 characters long, using both lowercase, uppercase, numbers and special characters.. How long do you think it will take to break it? remind me to +rep you when I get on the computer

Posted via CodeCall Mobile

[Brandon W]

Wow! That's very long marwex haha, I think it would take some time to get that cracked!