forked from glv2/bruteforce-luks
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME
130 lines (72 loc) · 3.31 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
bruteforce-luks
===============
The purpose of this program is to try to find the password of a LUKS
encrypted volume.
It can be used in two ways:
- try all the possible passwords given a charset
- try all the passwords in a file
There is a command line option to specify the number of threads to use.
Sending a USR1 signal to a running bruteforce-luks process makes it print
progress and continue.
## Exhaustive mode
The program tries to decrypt at least one of the key slots by trying
all the possible passwords. It is especially useful if you know
something about the password (i.e. you forgot a part of your password but still
remember most of it). Finding the password of a volume without knowing
anything about it would take way too much time (unless the password is really
short and/or weak).
There are command line options to specify:
- the minimum password length to try
- the maximum password length to try
- the beginning of the password
- the end of the password
- the character set to use (among the characters of the current locale)
## Dictionary mode
The program tries to decrypt at least one of the key slots by trying all the
passwords contained in a file. The file must have one password per line.
## Dependencies
The program requires the cryptsetup library.
## Compilation
Install the dependencies. For example on a GNU/Linux Debian-like system, enter
the commands:
sudo apt install dh-autoreconf
sudo apt install libcryptsetup-dev
For Fedora, enter the commands:
sudo dnf install dh-autoreconf
sudo dnf install cryptsetup-devel
If you are building from the raw sources, you must first generate the
configuration script:
./autogen.sh
Then, build the program with the commands:
./configure
make
You can run the tests to check if things work correctly with:
make check
To install it on your system, use the command:
make install
## Examples
Try to find the password of a LUKS encrypted volume using 4 threads, trying
only passwords with 5 characters:
bruteforce-luks -t 4 -l 5 -m 5 /dev/sdb1
Try to find the password of a LUKS encrypted volume using 8 threads, trying
only passwords with 5 to 10 characters beginning with "W4l" and ending with "z":
bruteforce-luks -t 8 -l 5 -m 10 -b "W4l" -e "z" /dev/sda2
Try to find the password of a LUKS encrypted volume using 8 threads, trying
only passwords with 10 characters using the character set "P情8ŭ":
bruteforce-luks -t 8 -l 10 -m 10 -s "P情8ŭ" /dev/sdc3
Try to find the password of a LUKS encrypted volume using 6 threads, trying
the passwords contained in a dictionary file:
bruteforce-luks -t 6 -f dictionary.txt /dev/sdd1
Instead of passing a block device to the program, you can copy the beginning
of the LUKS volume to a file and pass this file to the program:
sudo cryptsetup luksHeaderBackup --header-backup-file /tmp/luks-header /dev/sda1
sudo chown $USER /tmp/luks-header
bruteforce-luks -t 4 -l 5 -m 5 /tmp/luks-header
Print progress info:
pkill -USR1 -f bruteforce-luks
Print progress info every 30 seconds:
bruteforce-luks -t 6 -f dictionary.txt -v 30 /dev/sdd1
Save/restore state between sessions:
bruteforce-luks -t 6 -f dictionary.txt -w state.txt /dev/sdd1
(Let the program run for a few minutes and stop it)
bruteforce-luks -t 6 -w state.txt /dev/sdd1