Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Brute force a TrueCrypt volume password with a known list on Mac OS X (works similarly on linux/ubuntu)
# First you need to know the name of your TrueCrypt disk. In this example, after running the `diskutil list` command,
# you can see that my 2TB TrueCrypt disk is mounted at /dev/disk2, and the encrypted partition is named "disk2s1"
# (see the IDENTIFIER column). That's the name I need to use in the ruby script.
$ diskutil list
/dev/disk0
#: TYPE NAME SIZE IDENTIFIER
0: GUID_partition_scheme *251.0 GB disk0
1: EFI EFI 209.7 MB disk0s1
2: Apple_CoreStorage 250.1 GB disk0s2
3: Apple_Boot Recovery HD 650.0 MB disk0s3
/dev/disk1
#: TYPE NAME SIZE IDENTIFIER
0: Apple_HFS Macintosh HD *249.8 GB disk1
Logical Volume on disk0s2
3577AD73-007A-460D-BD6A-047FB4A2E189
Unlocked Encrypted
/dev/disk2
#: TYPE NAME SIZE IDENTIFIER
0: FDisk_partition_scheme *2.0 TB disk2
1: DOS_FAT_32 2.0 TB disk2s1
# Next, download and run the ruby file with your list of passwords after the "passwords = <<END" line, and before the next "END"
# The script will try mounting the volume with each password in your passwords array. You can get clever with things like
# Ruby's Array#product to automatically generate a lot of passwords.
# run this file with:
# ruby truecrypt-bruteforce.rb
# disk name found from the `diskutil list` command
disk = "/dev/disk2s1"
# enter the passwords to try between the two ENDs, one per line
passwords = <<END
letmein
abc123
123456
END
passwords = passwords.split("\n")
p passwords
passwords.each do |password|
puts
puts "Trying #{password}"
cmd = "sudo /Applications/TrueCrypt.app/Contents/MacOS/Truecrypt --text --non-interactive --password=#{password} --mount #{disk} /Volumes/TrueCrypt"
if system(cmd)
puts "password found! It's #{password}"
exit
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.