Return to forum

darkhero77 · August 11, 2022 at 5:12 PM

i have these files that i encrypted using luks a couple of years ago. and now i cannot seem to remember the passphrase/password. is there a way to bruteforce it?

Leonhart_z · August 21, 2022 at 4:55 AM

You could try building python script that bruteforce the password

kojirou · August 21, 2022 at 5:20 AM

It depend on the encryption method of your password. If the algorithm is based on hashing , then it's impossible to decrypt password.

altdudf3uniz · August 21, 2022 at 2:41 PM

It will be slow, but you can try something like this :

#!/bin/bash
for PASSWD in $(cat passwords.txt)
do
    echo "$PASSWD"
    echo "$PASSWD" | cryptsetup open --test-passphrase crypted.img cryptmap - && break 
done

Not tested, but you get the idea.

ciyusan · August 21, 2022 at 3:14 PM

(August 11, 2022, 05:12 PM)darkhero77 Wrote: i have these files that i encrypted using luks a couple of years ago. and now i cannot seem to remember the passphrase/password. is there a way to bruteforce it?

with Pexpect module

passparts = [["t", "T"], ["h"], ["e", "3"], ["_", ""], ["p"], ["a", "4"], ["s"], ["s"]]
possibilities = itertools.product(*passparts)
for x in possibilities:
    possible = "".join(x)
    print possible
    child = pexpect.spawn('udisksctl unlock -b /dev/sdc2')
    child.logfile = open("/tmp/mylog", "w")
    child.expect(".*")
    child.sendline(possible)
    child.expect(".*")
    print(child.before)
    child.expect(pexpect.EOF, timeout=None)
    print child.before
    print child.after

unuxhou709 · August 22, 2022 at 6:58 AM

you can try to write your own app in python using multithreading

DataDumper · August 22, 2022 at 1:46 PM

It looks like hashcat has support for bruteforcing luks so might be worth a look. Also found this article on it: https://www.forensicfocus.com/articles/bruteforcing-linux-full-disk-encryption-luks-with-hashcat/

dongscorp · September 8, 2022 at 4:23 PM

I'm no expert in cryptography but executing a dictionary attack, and especially a brute force attack, against LUKS would likely take a looong time and require a significant amount of computing resources. I wouldn't bother unless I had a massive cluster with powerful hardware, personally. But I may be wrong.

sockpuppet3 · September 8, 2022 at 9:10 PM

(September 8, 2022, 04:23 PM)dongscorp Wrote: I'm no expert in cryptography but executing a dictionary attack, and especially a brute force attack, against LUKS would likely take a looong time and require a significant amount of computing resources. I wouldn't bother unless I had a massive cluster with powerful hardware, personally. But I may be wrong.

I mean no matter the strength of the cryptography it is still worth trying out at least top few thousand common passwords, maybe ones specific for your country etc. Intersection of people configuring luks and having terrible password is probably small but ya never know

trollinator321 · September 9, 2022 at 2:25 PM

what is it inside? Is it so important? :D