Commit 099a2b9d authored by Milan Broz's avatar Milan Broz

Add TCRYPT password search example.

parent 3b442422
TARGET=luks_dict
TARGET=crypt_dict
CFLAGS=-O2 -g -Wall -D_GNU_SOURCE
LDLIBS=-lcryptsetup
CC=gcc
......
Simple example how to use libcryptsetup
for password search.
Run: luks_dict <device|image> <dictionary> [cpus]
Run: crypt_dict luks|tcrypt <device|image> <dictionary> [cpus]
luks|tcrypt specified device type (LUKS or TrueCrypt)
<device|image> is LUKS or TrueCrypt device or image
<device|image> is LUKS device or image
<dictionary> is list of passphrases to try
(note trailing EOL is stripped)
......@@ -12,6 +15,8 @@ cpus - number of processes to start in parallel
Format of dictionary file is simple one password per line,
if first char on line s # it is skiped as comment.
You have it run as root (device-mapper cannot
For LUKS, you have it run as root (device-mapper cannot
create dmcrypt devices as nrmal user. Code need
to map keyslots as temporary dmcrypt device.)
For TrueCrypt devices root privilege is not required.
/*
* Example of LUKS password dictionary search
* Example of LUKS/TrueCrypt password dictionary search
*
* Run this as root, e.g. ./luks_dict test.img /usr/share/john/password.lst 4
* Copyright (C) 2012 Milan Broz <gmazyland@gmail.com>
*
* Copyright (C) 2012 Milan Broz <asi@ucw.cz>
* Run this (for LUKS as root),
* e.g. ./crypt_dict test.img /usr/share/john/password.lst 4
*
* This copyrighted material is made available to anyone wishing to use,
* modify, copy, or redistribute it subject to the terms and conditions
......@@ -27,6 +28,8 @@
#define MAX_LEN 512
static enum { LUKS, TCRYPT } device_type;
static void check(struct crypt_device *cd, const char *pwd_file, unsigned my_id, unsigned max_id)
{
FILE *f;
......@@ -65,7 +68,16 @@ static void check(struct crypt_device *cd, const char *pwd_file, unsigned my_id,
}
/* printf("%d: checking %s\n", my_id, pwd); */
r = crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, pwd, len, 0);
if (device_type == LUKS)
r = crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, pwd, len, 0);
else if (device_type == TCRYPT) {
struct crypt_params_tcrypt params = {
.flags = CRYPT_TCRYPT_LEGACY_MODES,
.passphrase = pwd,
.passphrase_size = len,
};
r = crypt_load(cd, CRYPT_TCRYPT, &params);
}
if (r >= 0) {
printf("Found passphrase for slot %d: \"%s\"\n", r, pwd);
break;
......@@ -82,16 +94,25 @@ int main(int argc, char *argv[])
int i, status, procs = 4;
struct crypt_device *cd;
if (argc < 3 || argc > 4) {
printf("Use: %s <LUKS_device|file> <password file> [#processes] %d\n", argv[0], argc);
if (argc < 4 || argc > 5) {
printf("Use: %s luks|tcrypt <device|file> <password file> [#processes] %d\n", argv[0], argc);
exit(EXIT_FAILURE);
}
if (argc == 4 && (sscanf(argv[3], "%i", &procs) != 1 || procs < 1)) {
if (argc == 5 && (sscanf(argv[4], "%i", &procs) != 1 || procs < 1)) {
printf("Wrong number of processes.\n");
exit(EXIT_FAILURE);
}
if (!strcmp(argv[1], "luks"))
device_type = LUKS;
else if (!strcmp(argv[1], "tcrypt"))
device_type = TCRYPT;
else {
printf("Wrong device type %s.\n", argv[1]);
exit(EXIT_FAILURE);
}
/* crypt_set_debug_level(CRYPT_DEBUG_ALL); */
/*
......@@ -108,14 +129,15 @@ int main(int argc, char *argv[])
setpriority(PRIO_PROCESS, 0, -5);
/* we are not going to modify anything, so common init is ok */
if (crypt_init(&cd, argv[1]) || crypt_load(cd, CRYPT_LUKS1, NULL)) {
printf("Cannot open %s.\n", argv[1]);
if (crypt_init(&cd, argv[2]) ||
(device_type == LUKS && crypt_load(cd, CRYPT_LUKS1, NULL))) {
printf("Cannot open %s.\n", argv[2]);
exit(EXIT_FAILURE);
}
/* run scan in separate processes, it is up to scheduler to assign CPUs inteligently */
for (i = 0; i < procs; i++)
check(cd, argv[2], i, procs);
check(cd, argv[3], i, procs);
/* wait until at least one finishes with error or status 2 (key found) */
while (wait(&status) != -1 && WIFEXITED(status)) {
......
......@@ -12,7 +12,7 @@ will be reencrypted (default is whole device).
Note that reencryption context is stored in ramdisk, any
fail can mean complete lost of data!
Copyright (C) 2012 Milan Broz <asi@ucw.cz>
Copyright (C) 2012 Milan Broz <gmazyland@gmail.com>
This copyrighted material is made available to anyone wishing to use,
modify, copy, or redistribute it subject to the terms and conditions
......
......@@ -2,7 +2,7 @@
# Try to get LUKS info and master key from active mapping and prepare parameters for cryptsetup.
#
# Copyright (C) 2010,2011,2012 Milan Broz <asi@ucw.cz>
# Copyright (C) 2010,2011,2012 Milan Broz <gmazyland@gmail.com>
#
# This copyrighted material is made available to anyone wishing to use,
# modify, copy, or redistribute it subject to the terms and conditions
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment