3

I encrypted important files with Veracrypt and I remember most of the password but some parts are forgotten. I need some advice as to what would be the most efficient way of getting the encryption password.

My operating system is Windows.

I've been trying to get the password for months now. Any help would be appreciated.

Daisetsu
  • 5,110
  • 1
  • 14
  • 24
Xem
  • 41
  • 1
  • 4
  • 1
    Welcome to Information Security! _Probably_ you can achieve that, with simple brute-force attack. Can you include _-in your question-_ length of password (overall/known/unknown) and/or the pattern to let me calculate the combinations? [This](https://sourceforge.net/p/veracrypt/discussion/general/thread/41009b8d/), also, may help you. – mike Nov 22 '18 at 17:30

1 Answers1

5

To elaborate further on Mike's comment. You will need an idea of the last known password and then use John the Ripper to produce a wordlist mutation (similar) passwords. You will need to create a rules configuration file for John, the wordlist will give a smaller password set if thought through carefully. Hence, a smaller keyspace to brute force; reducing overall brute force time.

root@kali:~# john –wordlist=mustangwords.txt –stdout –rules:convtolowerplus000 > newmustangwords.txt

Basically this is broken up as follows:

john self-explanitory, start John the Ripper
–wordlist= specifying the word list we want to mutate
–stdout output the words generated
–rules: this is the rule set we generated in the configuration file
> output the results to a new text file

Next, you will need to brute force the VeraCrypt header key this can be done with vUte. vUte is a VeraCrypt Bruteforcer written in BASH. As I understand the header key can be obtained via use of a hex editor, A back-to-front TrueCrypt recovery story: the plaintext is the ciphertext. For context, Is there a reason to use TrueCrypt over VeraCrypt?.

As I understand HashCat can do a similar process, with less intermediate steps. However, I am not familiar with this. Furthermore, due to the nature of this brute force, it is not known to be a particularly fast crack. VeraCrypt uses PBKDF2, see About how fast can you brute force PBKDF2?.

safesploit
  • 1,827
  • 8
  • 18
  • I opened the Veracrypt volume via use of a hex editor and there was some data but I wasn't sure if it was the header key or what to do with it. When I tried using vUte with bash.exe binary for Windows NT and derived systems it didn't work well and crushed. Is there an easier way to do this, especially for Windows users? – Xem Dec 04 '18 at 15:25