Cracking TrueCrypt volumes with John the Ripper

TrueCrypt is a now discontinued encryption tool. A little while ago I stumbled upon an old TrueCrypt volume, unfortunately I couldn't remember the exact passphrase! Thankfully I was able to use John the Ripper to find the password and recover my old data. This post is going to go through the steps required to do this.

Installing John the Ripper

There are a few different versions of John the Ripper, unfortunately the official release doesn't support TrueCrypt volumes, therefore the example in this post is going to use the community-enhanced Jumbo version of John the Ripper. On CentOS it can be downloaded and compiled with the following steps:

  1. Install packages for building John the Ripper:

    yum -y group install "Development Tools"
    yum install git openssl-devel
    
  2. Clone the source code from GitHub:

    git clone https://github.com/magnumripper/JohnTheRipper.git
    
  3. Configure and compile the code:

    cd JohnTheRipper/src/
    ./configure && make -s clean && make -sj4
    

If everything goes well you should now be able to run john from the run/ directory:

$ ./JohnTheRipper/run/john
John the Ripper 1.8.0.12-jumbo-1-bleeding-f460ab8 2017-12-29 11:52:26 +0100 OMP [linux-gnu 64-bit x86_64 AVX AC]
Copyright (c) 1996-2017 by Solar Designer and others
Homepage: http://www.openwall.com/john/

Usage: john [OPTIONS] [PASSWORD-FILES]
--single[=(SECTION[,S2,..,Sn]|:rule)] "single crack" mode
--wordlist[=FILE] --stdin  wordlist mode, read words from FILE or stdin
                  --pipe   like --stdin, but bulk reads, and allows rules

Note: for additional instructions refer to docs/INSTALL.

Extracting hashes

The jumbo version of John the Ripper comes with a Python script called truecrypt2john.py. This can be used to extract hashes from a TrueCrypt volume with a command similar to the following:

./truecrypt2john.py test.tc > truecrypt_hashes.txt

The resulting file will look something like the following:

test.tc:truecrypt_RIPEMD_160$4262f638a43476577cf42b55f2a7bcfc53ae336e28cd5cbe272bad900d0e4de84fe22b99dcce74082b93784de904ed87e10ecf5fdbeb90d16f9e2f43c71613dc6de8236c57dfab25d1e236fc33983052778f911406afb1f77a0890ed76e9e096387a225d699c319eb373d12a9c180321478707ee72f5b79d971767101971997a48e678d7bdc0f7395c38e8f57e159c52214681a43dcdeffddb464059099929f56442b4aa79db8fee1333afe75d137a215c06586490751fcc79857aaf0da88d57bfa74b8e1d3bce4c6ffbea4afeac37f45cdc779156991569d369b5ad60310c20359c24057bb2d10b63775adb492d17f382816af0ceba1bd497367061deeea59d5435b8296fd737e82cdf910d8915e4b1b8f2f9b5eb0541e67c90ecd60fe5d1f5422c6a14ac1ed0f9d223cc06892110742c1d83dc397a8f9dc7efc2bcd310b7292b89cde4da55b0619b384b7bc6f181952a4a279ff218d63a6f2e842d04a22fa0f2dd138cffcc6072fa650f2a12aed44255bf4ecfe34ff88a7dc34474ba70ad9da22e42db121c67b9ded79af9dafda04e6b3bf00b763ac3fbc7a3301e727272492dc14d3fe840c13c285666912f044712504154631b78b2821aadcd383331bb3240d88a066c2df9fd258757131458365811ca2544f7dbde03cb6020a5d0d29b978d34a296be00850a7fad7f60302f4cefc0065f22c10540ca66e94ae8494b59b2:normal::::test.tc
test.tc:truecrypt_SHA_512$4262f638a43476577cf42b55f2a7bcfc53ae336e28cd5cbe272bad900d0e4de84fe22b99dcce74082b93784de904ed87e10ecf5fdbeb90d16f9e2f43c71613dc6de8236c57dfab25d1e236fc33983052778f911406afb1f77a0890ed76e9e096387a225d699c319eb373d12a9c180321478707ee72f5b79d971767101971997a48e678d7bdc0f7395c38e8f57e159c52214681a43dcdeffddb464059099929f56442b4aa79db8fee1333afe75d137a215c06586490751fcc79857aaf0da88d57bfa74b8e1d3bce4c6ffbea4afeac37f45cdc779156991569d369b5ad60310c20359c24057bb2d10b63775adb492d17f382816af0ceba1bd497367061deeea59d5435b8296fd737e82cdf910d8915e4b1b8f2f9b5eb0541e67c90ecd60fe5d1f5422c6a14ac1ed0f9d223cc06892110742c1d83dc397a8f9dc7efc2bcd310b7292b89cde4da55b0619b384b7bc6f181952a4a279ff218d63a6f2e842d04a22fa0f2dd138cffcc6072fa650f2a12aed44255bf4ecfe34ff88a7dc34474ba70ad9da22e42db121c67b9ded79af9dafda04e6b3bf00b763ac3fbc7a3301e727272492dc14d3fe840c13c285666912f044712504154631b78b2821aadcd383331bb3240d88a066c2df9fd258757131458365811ca2544f7dbde03cb6020a5d0d29b978d34a296be00850a7fad7f60302f4cefc0065f22c10540ca66e94ae8494b59b2:normal::::test.tc
test.tc:truecrypt_WHIRLPOOL$4262f638a43476577cf42b55f2a7bcfc53ae336e28cd5cbe272bad900d0e4de84fe22b99dcce74082b93784de904ed87e10ecf5fdbeb90d16f9e2f43c71613dc6de8236c57dfab25d1e236fc33983052778f911406afb1f77a0890ed76e9e096387a225d699c319eb373d12a9c180321478707ee72f5b79d971767101971997a48e678d7bdc0f7395c38e8f57e159c52214681a43dcdeffddb464059099929f56442b4aa79db8fee1333afe75d137a215c06586490751fcc79857aaf0da88d57bfa74b8e1d3bce4c6ffbea4afeac37f45cdc779156991569d369b5ad60310c20359c24057bb2d10b63775adb492d17f382816af0ceba1bd497367061deeea59d5435b8296fd737e82cdf910d8915e4b1b8f2f9b5eb0541e67c90ecd60fe5d1f5422c6a14ac1ed0f9d223cc06892110742c1d83dc397a8f9dc7efc2bcd310b7292b89cde4da55b0619b384b7bc6f181952a4a279ff218d63a6f2e842d04a22fa0f2dd138cffcc6072fa650f2a12aed44255bf4ecfe34ff88a7dc34474ba70ad9da22e42db121c67b9ded79af9dafda04e6b3bf00b763ac3fbc7a3301e727272492dc14d3fe840c13c285666912f044712504154631b78b2821aadcd383331bb3240d88a066c2df9fd258757131458365811ca2544f7dbde03cb6020a5d0d29b978d34a296be00850a7fad7f60302f4cefc0065f22c10540ca66e94ae8494b59b2:normal::::test.tc
test.tc:truecrypt_RIPEMD_160$df8414aa8854a2a931c0e53c9849c37789119c2824f70d29dc52accb39b8af9572d7fb021cd20961c5137bdda1a61c9856c2439a2b7646d17991236f549a358fab0b819934ebeb7340e4f7bd6fbf97953ea4ec90f4bbd12dcac2bde020c434fe5c08c926464eb0317a3ffabfbde45d4121f70dca3eaa0cc750fc193b2e433dd1e7d6f9e8b9a7c09cb3d9f0b106d20f5872ff0d00d4a6ea8e6bf646aa844ce740591fb3a95e807fdd32e83cb73ac8ef1066115f0ef8ca16c07021c3fd6a312644cfcca5dd631ffa0ee0b9fdf5e72b0d62c041eb26fc1d9795c11cf25bbc0e6d60793f7b89c899b63913daa92b1923e2b7019bdb103322a54ac29f63245b9019d359ba32125bcdb14b63566d0388591b7f766414df4ff749334c102134d0874735d6efb8ecd70562a4b5b7faa1961e31ba2b5e27cbb535c6e68fa8335658d960a3fb2b6347071622cb2995957de6cc982233fe887c13f445f67b3581bacbc6c20bda82182f3a4f012cbcdae6ab68643591d7c2dc9b960516be671a3a8cfdfd67debdc87f97f66f88a15f38a917023d1cbc574b68e4085af097a6193ab8bff4ef272c292af449ba24b0dbe86c0bdcd5b2fd1675dd8d162392ad48f534c0502db495fde2f4785dc5be939533a014e2aff470c80fe36deeb9ff73a79548c6386510dc288a1000d99056b8d5e7ffcd6fb00d609f6db075ea03665dc360b72c96610f9c:hidden::::test.tc
test.tc:truecrypt_SHA_512$df8414aa8854a2a931c0e53c9849c37789119c2824f70d29dc52accb39b8af9572d7fb021cd20961c5137bdda1a61c9856c2439a2b7646d17991236f549a358fab0b819934ebeb7340e4f7bd6fbf97953ea4ec90f4bbd12dcac2bde020c434fe5c08c926464eb0317a3ffabfbde45d4121f70dca3eaa0cc750fc193b2e433dd1e7d6f9e8b9a7c09cb3d9f0b106d20f5872ff0d00d4a6ea8e6bf646aa844ce740591fb3a95e807fdd32e83cb73ac8ef1066115f0ef8ca16c07021c3fd6a312644cfcca5dd631ffa0ee0b9fdf5e72b0d62c041eb26fc1d9795c11cf25bbc0e6d60793f7b89c899b63913daa92b1923e2b7019bdb103322a54ac29f63245b9019d359ba32125bcdb14b63566d0388591b7f766414df4ff749334c102134d0874735d6efb8ecd70562a4b5b7faa1961e31ba2b5e27cbb535c6e68fa8335658d960a3fb2b6347071622cb2995957de6cc982233fe887c13f445f67b3581bacbc6c20bda82182f3a4f012cbcdae6ab68643591d7c2dc9b960516be671a3a8cfdfd67debdc87f97f66f88a15f38a917023d1cbc574b68e4085af097a6193ab8bff4ef272c292af449ba24b0dbe86c0bdcd5b2fd1675dd8d162392ad48f534c0502db495fde2f4785dc5be939533a014e2aff470c80fe36deeb9ff73a79548c6386510dc288a1000d99056b8d5e7ffcd6fb00d609f6db075ea03665dc360b72c96610f9c:hidden::::test.tc
test.tc:truecrypt_WHIRLPOOL$df8414aa8854a2a931c0e53c9849c37789119c2824f70d29dc52accb39b8af9572d7fb021cd20961c5137bdda1a61c9856c2439a2b7646d17991236f549a358fab0b819934ebeb7340e4f7bd6fbf97953ea4ec90f4bbd12dcac2bde020c434fe5c08c926464eb0317a3ffabfbde45d4121f70dca3eaa0cc750fc193b2e433dd1e7d6f9e8b9a7c09cb3d9f0b106d20f5872ff0d00d4a6ea8e6bf646aa844ce740591fb3a95e807fdd32e83cb73ac8ef1066115f0ef8ca16c07021c3fd6a312644cfcca5dd631ffa0ee0b9fdf5e72b0d62c041eb26fc1d9795c11cf25bbc0e6d60793f7b89c899b63913daa92b1923e2b7019bdb103322a54ac29f63245b9019d359ba32125bcdb14b63566d0388591b7f766414df4ff749334c102134d0874735d6efb8ecd70562a4b5b7faa1961e31ba2b5e27cbb535c6e68fa8335658d960a3fb2b6347071622cb2995957de6cc982233fe887c13f445f67b3581bacbc6c20bda82182f3a4f012cbcdae6ab68643591d7c2dc9b960516be671a3a8cfdfd67debdc87f97f66f88a15f38a917023d1cbc574b68e4085af097a6193ab8bff4ef272c292af449ba24b0dbe86c0bdcd5b2fd1675dd8d162392ad48f534c0502db495fde2f4785dc5be939533a014e2aff470c80fe36deeb9ff73a79548c6386510dc288a1000d99056b8d5e7ffcd6fb00d609f6db075ea03665dc360b72c96610f9c:hidden::::test.tc

There are multiple hashes for a single volume because it's not possible to tell which hashing algorithm was used. If you do remember which algorithm was used it's worth deleting the unused hashes as this will make running john quicker.

Generating a wordlist

Once you've run truecrypt2john, the hard part is coming up with a wordlist. In my case I knew the passphrase was a combination of a few passwords joined together. I used the following script to generate a wordlist with every possible two or three word combination:

#!/usr/bin/env python

from __future__ import print_function

import itertools

words = [
    'zero',
    'one',
    'two',
    'three',
    'four',
    'five',
    'six',
    'seven',
    'eight',
    'nine',
]

for length in range(2, 4):
    for pw in itertools.permutations(words, length):
        print(''.join(pw))

Running the script generated a wordlist with 810 possible passphrases:

$ python generate_wordlist.py > truecrypt_wordlist.txt
$ wc truecrypt_wordlist.txt
  810   810 10170 truecrypt_wordlist.txt

Note: if you just want a list of dictionary words you can use /usr/share/dict/words, assuming you've got the words package installed. You could also look at using a wordlist generation tool like crunch.

Running john

Once you've got a wordlist, john can be used to try to brute force the password:

$ ./john --wordlist=truecrypt_wordlist.txt  truecrypt_hashes.txt
Warning: detected hash type "tc_aes_xts", but the string is also recognized as "tc_ripemd160"
Use the "--format=tc_ripemd160" option to force loading these as that type instead
Using default input encoding: UTF-8
Loaded 6 password hashes with 6 different salts (tc_aes_xts, TrueCrypt AES256_XTS [SHA512 128/128 AVX 2x /RIPEMD160/WHIRLPOOL])
Loaded hashes with cost 1 (hash algorithm [1:SHA512 2:RIPEMD160 3:Whirlpool]) varying from 1 to 3
Warning: OpenMP is disabled; a non-OpenMP build may be faster
Press 'q' or Ctrl-C to abort, almost any other key for status
zerofiveone      (test.tc)
1g 0:00:00:09 DONE (2017-12-29 17:35) 0.1004g/s 81.32p/s 419.0c/s 419.0C/s nineeightsix..nineeightseven
Use the "--show" option to display all of the cracked passwords reliably
Session completed

If everything goes well the --show option will print any matches:

$ ./john --show truecrypt_hashes.txt
test.tc:zerofiveone:normal::::test.tc

1 password hash cracked, 5 left

Note: for obvious reasons this post doesn't use real passwords!