Break TrueCrypt hard drive encryption quickly

The place for what's new and going on in the tech, innovation, and science world.

Break TrueCrypt hard drive encryption quickly

Postby Egaladeist » Mon Apr 05, 2010 11:53 am

The latest version of Passware Kit Forensic has become the first commercially available software to break TrueCrypt hard drive encryption without applying a time-consuming brute-force attack. It was also the first product to decrypt BitLocker drives.

Long believed unbreakable, TrueCrypt is a free open-source full-disk encryption software for Windows 7/Vista/XP, Mac OS X and Linux, that creates virtual hard disks with real-time encryption.

Passware Kit Forensic allows for memory acquisition of a seized computer over the FireWire port, even if the computer is locked. When a target computer is seized and turned on with the encryption disk accessible, the software scans its memory image and extracts the encryption keys, so law enforcement personnel can access the stored data.

Passware Kit Forensic 9.7 is a complete encrypted evidence discovery solution that reports all password-protected items on a computer and gains access to these items using the advanced decryption and password recovery algorithms. The software, which can also run in portable mode from a USB drive, is capable of finding encrypted data and recovering file and website passwords without making any changes to the target computer.


http://www.net-security.org/secworld.php?id=9077
User avatar
Egaladeist
I am the Eg man : Coo Coo Ca Choo
 
Posts: 18852
Joined: Sun Dec 25, 2005 1:02 am
Location: Canada

Re: Break TrueCrypt hard drive encryption quickly

Postby rapier57 » Mon Apr 05, 2010 5:50 pm

Yes, I saw that on Net Security. I dug into the material for that tool and, yes, they do crack the TrueCrypt password and thus the encryption. But, the tool must be connected to a live system to accomplish that. What it does is gather the current hash and other data in memory or off the disk and does the work. So, basically this is a live-system forensics tool.

And, it just shows that physical access will trump just about any security layer you wish to put into play.

:redcard:r
Rapier57.

Jayne: Testing. Testing. Captain, can you hear me?
Mal: I'm standing right here.
Jayne: You're coming through good and loud.
Mal: 'Cause I'm standing right here.


@rapier57
User avatar
rapier57
I've posted HOW many
 
Posts: 3113
Joined: Thu Mar 02, 2006 10:43 pm
Location: Spokane, WA USA

Re: Break TrueCrypt hard drive encryption quickly

Postby SirDice » Tue Apr 06, 2010 8:23 am

rapier57 wrote:And, it just shows that physical access will trump just about any security layer you wish to put into play.

Especially if it has a firewire port. Firewire allows a device direct access to memory (DMA).
Oliver's Law:
Experience is something you don't get until just after you need it.
User avatar
SirDice
I've posted HOW many
 
Posts: 4198
Joined: Mon May 15, 2006 9:59 am
Location: Netherlands

Re: Break TrueCrypt hard drive encryption quickly

Postby rapier57 » Tue Apr 06, 2010 3:07 pm

Yeah, Firewire ...


/rapier57 goes and gets the Epoxy and fills the Firewire port on his Mac.

Yeah, Firewire.
Rapier57.

Jayne: Testing. Testing. Captain, can you hear me?
Mal: I'm standing right here.
Jayne: You're coming through good and loud.
Mal: 'Cause I'm standing right here.


@rapier57
User avatar
rapier57
I've posted HOW many
 
Posts: 3113
Joined: Thu Mar 02, 2006 10:43 pm
Location: Spokane, WA USA

Re: Break TrueCrypt hard drive encryption quickly

Postby Aspman » Thu Apr 15, 2010 11:46 am

Sweet hack. Nicer than the cold memory hack.

But then how many computers are running firewire these days. It's a minority.

And if you have physical access there are probably be easier ways to get the key.

When it comes down to it if I really want your data and it's worth enough money your technical security isn't worth a sh1t.
I'll tie you to a chair and brute for my way through your toes with a ball-pein hammer. Security can always be compromised if the data gets read by a human at any point.

It's the same with cars and banks.
Your car alarmed and immobilised? They'll break into your house and steal the keys.
Time locks, armed guards, 24/7 monitoring of your safe? They'll kidnap your family and force they guy will honest access to open the door and steal the money.
"Man will never be free until the last king is strangled with the entrails of the last priest."
- Denis Diderot (1713-1784)
User avatar
Aspman
Frustrated Mad Scientist
 
Posts: 8872
Joined: Mon Jan 09, 2006 10:07 am
Location: Scotland

Re: Break TrueCrypt hard drive encryption quickly

Postby Harry » Thu Apr 15, 2010 5:58 pm

Most of this is hype - its been known for a year or two than you can crack most encrypted hard drives if they are powered on and logged into and if firewire is running with DMA active.

I've had a tool for a similar vendors encryption software for over 12 months that does this and have a few 0days for driver exploits for practicaly all vendors encryption software, including the one recrommended by CESG for SECRET use....when I told them they said they weren't intreseted..

However, if you have access to a laptop that is powered on and logged into (from an encryption software point of view) then there a million easier things to do..all you got to ensure is that the battery doesnt die :)
Drugs have taught an entire generation of kids the metric system..

TAZ's better half: http://www.theadminzone.com/
User avatar
Harry
Site Admin
 
Posts: 6784
Joined: Sat Feb 11, 2006 10:44 pm
Location: UK :-)


Return to Tech News Zone

Who is online

Users browsing this forum: No registered users and 8 guests

cron