Posts Tagged ‘full disk encryption’

Well, as you might have noticed (and some of you knew) I haven’t been updating auditme or my blog or well much of anything else. Quite simply this was because I locked away most of my data (including auditme) in a LUKS encrypted drive… I know… I’m smart huh?

Incidentally if you have a server with pretty decent uptime you might well forget that LUKS passphrase you’ve probably only used one time when you configured it 😛

So instead of giving up all my data to the encryption gods I decided that I would brute force the pass phrase. This generally speaking is utterly pointless with LUKS full drive encryption. However, in this case I knew all the characters in the passphrase however I did not know the order I had put them in. (This is usually how it works for most people).

In my particular case the passphrase was in the format of !word1@word2*word3& etc… So I created a simple program to brute force the passphrase, and voila I recovered it, along with the rest of my data. I decided since this is quite a common occurence (at least so it would seem on Ubuntu forums) that I would post the utility that I used to do this so that everyone in a similar situation may use it.

Note : This really is only effective if you KNOW some or all of the passphrase, this is not a good idea if you’ve stolen a computer and have NO clue what the passphrase is, so if you happen to be one of those law enforcement types that thinks this is a cool way to break crypto, it’s not it’s slow and inefficient.

Using the utility

Using this application is pretty straight forward. The first thing you will need to do is pull the drive and place it in another system, barring that you can boot from a liveCD (I used Fedora because I had one handy, but Ubuntu will work fine as well.)

Then simply grab the files from moi.

wget http://dangertux.no-ip.org/downloads/luksbrute.tar.gz

Extract them

tar xzvf luksbrute.tar.gz

Note : you may need to make the following files executable.

chmod 755 lukscrack.py
chmod 755 luksbrute

Then create a file full of words you wish to use the permutations of. For instance if you knew you used the special characters ! , @ and # and the words , word1 word2 and word3 the file would look like this.

!
@
#
word1
word2
word3

So now let’s assume your password was in the format !word1@word2#word3 that’s 6 elements that we want permutations of, so we can have lukscrack.py generate our wordlist for us (if you already have a wordlist you’d like to use I’ll explain how to do that in a second.

So we would run

./lukscrack.py -g /path/to/permutation/list -m 6

and it will generate your wordlist and begin cracking with that wordlist.

If you want to use a wordlist you’ve already generated you can simply do the following

./lukscrack.py -w /path/to/my/wordlist

Hopefully this helps someone , it was rather useful to me. 🙂

Advertisements