hoehrmann/truecrypt-apply-keyfiles-to-password.pl

## truecrypt-apply-keyfiles-to-password.pl
#!perl -w
use Modern::Perl;
use String::CRC32;
use MIME::Base64;
use autodie;

#####################################################################
# Apply keyfiles to TrueCrypt passwords -- TrueCrypt allows users to
# specify one or more keyfiles that are applied to user passwords to
# make password recovery more difficult. Oddly, many of the popular
# TrueCrypt password recovery programs do not support keyfiles. This
# tool computes the derived password offline to close that gap. Note
# that derived passwords usually contain bytes outside the range of
# printable ASCII, and TrueCrypt does not really support passwords
# with non-ASCII characters in them, and password recovery tools are
# often unable to handle newlines in passwords. At least on Windows
# though, with the proper escaping applied the bytes pass through ok,
# see the code below. The derived password is printed out with a pre-
# fix `base64:` followed by the encoded bytes to be binary-safe.
#####################################################################

die "Usage: $0 password /path/to/keyfile1 ...\n" unless @ARGV > 1;
my ($p, @files) = @ARGV;

sub apply_keyfiles_to_password {
  my ($p, @files) = @_;

  my $P   = $p;
  my $kpl = 64;
  my @KP  = (0) x ($kpl);
  if ($kpl > length($P)) {
    $P .= ("\x00") x ($kpl - length($P));
  }

  for my $keyfile (@files) {
    my $pool_pos = 0;
    my $bytes    = do {
      open my $f, '<', $keyfile;
      binmode $f;

      # TrueCrypt will read no more than 1 MB of a keyfile
      local $/ = \1048576;
      <$f>;
    };

    my $crc = crc32('');
    for my $byte (split //, $bytes) {
      $crc = crc32($byte, $crc);
      my @digest = split //, pack('N', ~$crc);
      for my $crc_byte (@digest) {
        $KP[ $pool_pos++ % $kpl ] += ord($crc_byte);
      }
    }
  }

  my $pwd = do {
    my @P = map { ord } split //, $P;
    for my $ix (0 .. $kpl - 1) {
      $P[$ix] += $KP[$ix];
    }
    join '', map { chr($_ % (2**8)) } @P;
  };

}

my $pwd = apply_keyfiles_to_password($p, @files);
print "base64:" . do { encode_base64($pwd) =~ s/\s+//r };

__END__

use Win32;
use Win32::Process;
use Win32::ShellQuote qw//;

my $quoted_pwd = Win32::ShellQuote::quote_native($pwd);

Win32::Process::Create(
  my $ProcessObj,
  "TrueCrypt.exe",
  "/v example.truecrypt /p $quoted_pwd /s /q /l x:",
  0,
  NORMAL_PRIORITY_CLASS,
  "."
) or die;
	#!perl -w
	use Modern::Perl;
	use String::CRC32;
	use MIME::Base64;
	use autodie;

	#####################################################################
	# Apply keyfiles to TrueCrypt passwords -- TrueCrypt allows users to
	# specify one or more keyfiles that are applied to user passwords to
	# make password recovery more difficult. Oddly, many of the popular
	# TrueCrypt password recovery programs do not support keyfiles. This
	# tool computes the derived password offline to close that gap. Note
	# that derived passwords usually contain bytes outside the range of
	# printable ASCII, and TrueCrypt does not really support passwords
	# with non-ASCII characters in them, and password recovery tools are
	# often unable to handle newlines in passwords. At least on Windows
	# though, with the proper escaping applied the bytes pass through ok,
	# see the code below. The derived password is printed out with a pre-
	# fix `base64:` followed by the encoded bytes to be binary-safe.
	#####################################################################

	die "Usage: $0 password /path/to/keyfile1 ...\n" unless @ARGV > 1;
	my ($p, @files) = @ARGV;

	sub apply_keyfiles_to_password {
	my ($p, @files) = @_;

	my $P = $p;
	my $kpl = 64;
	my @KP = (0) x ($kpl);
	if ($kpl > length($P)) {
	$P .= ("\x00") x ($kpl - length($P));
	}

	for my $keyfile (@files) {
	my $pool_pos = 0;
	my $bytes = do {
	open my $f, '<', $keyfile;
	binmode $f;

	# TrueCrypt will read no more than 1 MB of a keyfile
	local $/ = \1048576;
	<$f>;
	};

	my $crc = crc32('');
	for my $byte (split //, $bytes) {
	$crc = crc32($byte, $crc);
	my @digest = split //, pack('N', ~$crc);
	for my $crc_byte (@digest) {
	$KP[ $pool_pos++ % $kpl ] += ord($crc_byte);
	}
	}
	}

	my $pwd = do {
	my @P = map { ord } split //, $P;
	for my $ix (0 .. $kpl - 1) {
	$P[$ix] += $KP[$ix];
	}
	join '', map { chr($_ % (2**8)) } @P;
	};

	}

	my $pwd = apply_keyfiles_to_password($p, @files);
	print "base64:" . do { encode_base64($pwd) =~ s/\s+//r };

	__END__

	use Win32;
	use Win32::Process;
	use Win32::ShellQuote qw//;

	my $quoted_pwd = Win32::ShellQuote::quote_native($pwd);

	Win32::Process::Create(
	my $ProcessObj,
	"TrueCrypt.exe",
	"/v example.truecrypt /p $quoted_pwd /s /q /l x:",
	0,
	NORMAL_PRIORITY_CLASS,
	"."
	) or die;