-
Notifications
You must be signed in to change notification settings - Fork 3
Forgotten LUKS passphrase?
Encrypted drives are great until they are not. How to recover when something goes wrong?
note: I've painfully gone through each of these scenarios with different drives; remember to backup your data and also to backup your backups (copy the LUKS header, master key and passphrase)
$ sudo cryptsetup --dump-master-key luksDump /dev/sdX
WARNING!
========
Header dump with volume key is sensitive information
which allows access to encrypted partition without passphrase.
This dump should be always stored encrypted on safe place.
Are you sure? (Type uppercase yes): LUKS header information for /dev/sdX
Cipher name: aes
Cipher mode: xts-plain64
Payload offset: 4096
UUID: 50930e91-42fd-4a8b-8381-bb00163ec899
MK bits: 256
MK dump: e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
First verify the UUID above matches the drive you are attempting to unlock
$ sudo blkid /dev/sdX
/dev/sdX: UUID="50930e91-42fd-4a8b-8381-bb00163ec899" TYPE="crypto_LUKS"
The master key is a randomly generated sha256 hash, the MK dump value (without the spaces). Convert it to a binary file and use that to unlock and mount the drive.
$ echo "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" > key.txt
$ xxd -r -p key.txt key.bin
$ sudo cryptsetup --master-key-file key.bin luksOpen /dev/sdX foobar
$ sudo mount /dev/mapper/foobar /mnt/
Assuming you have some idea of the passphrase, for example the words but not the order or case-sensitivity.
Lorem
LOREM
lorem
Ipsum
IPSUM
ipsum
Foobar
FOOBAR
foobar
1234
000
[...]
dvorak
#!/usr/bin/env python2
import itertools
with open("dict.txt") as f:
content = f.readlines()
content = [x.strip() for x in content]
res = itertools.permutations(content, 2)
for i in res:
print ''.join(i)
Save output
LoremLOREM
Loremlorem
LoremIpsum
LoremIPSUM
Loremipsum
LoremFoobar
LoremFOOBAR
Loremfoobar
Lorem1234
Lorem000
LOREMLorem
LOREMlorem
LOREMIpsum
LOREMIPSUM
[...]
000ipsum
000Foobar
000FOOBAR
000foobar
0001234
[...]
dvorakDVORAK
Save off the header (first 2MB) and store somewhere safe
$ sudo dd if=/dev/sdX of=$HOME/sdX.luks bs=512 count=4097
LUKS is designed to be slow to bruteforce, so let's try GPU acceleration with hashcat
$ hashcat -m 14600 -a 0 -w 3 ~/sdX.luks permutations.txt -o pass.txt
hashcat (v4.2.1) starting...
* Device #1: This hardware has outdated CUDA compute capability.
OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce GTX ###, 499/1998 MB allocatable, 2MCU
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1
Applicable optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt
* Slow-Hash-SIMD-LOOP
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
Watchdog: Temperature abort trigger set to 90c
Dictionary cache hit:
* Filename..: permutations.txt
* Passwords.: 812
* Bytes.....: 10112
* Keyspace..: 812
The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework
Approaching final keyspace - workload adjusted.
Cracking performance lower than expected?
* Update your OpenCL runtime / driver the right way:
https://hashcat.net/faq/wrongdriver
* Create more work items to make use of your parallelization power:
https://hashcat.net/faq/morework
[s]tatus [p]ause [b]ypass [c]heckpoint [q]uit => s
Session..........: hashcat
Status...........: Running
Hash.Type........: LUKS
Hash.Target......: ~/sdX.luks
Time.Started.....: Sun Sep 25 09:46:13 2018 (13 secs)
Time.Estimated...: Sun Sep 25 09:47:49 2018 (1 min, 23 secs)
Guess.Base.......: File (permutations.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.Dev.#1.....: 10 H/s (10.24ms) @ Accel:2 Loops:256 Thr:1024 Vec:1
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 0/812 (0.00%)
Rejected.........: 0/0 (0.00%)
Restore.Point....: 0/812 (0.00%)
Candidates.#1....: LoremLOREM -> dvorakDVORAK
HWMon.Dev.#1.....: Temp: 41c Fan: 40%
Session..........: hashcat
Status...........: Cracked
Hash.Type........: LUKS
Hash.Target......: ~/sdX.luks
Time.Started.....: Sun Sep 25 09:46:13 2018 (1 min, 23 secs)
Time.Estimated...: Sun Sep 25 09:47:36 2018 (0 secs)
Guess.Base.......: File (permutations.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.Dev.#1.....: 10 H/s (10.18ms) @ Accel:2 Loops:256 Thr:1024 Vec:1
Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.........: 812/812 (100.00%)
Rejected.........: 0/812 (0.00%)
Restore.Point....: 0/812 (0.00%)
Candidates.#1....: LoremLOREM -> dvorakDVORAK
HWMon.Dev.#1.....: Temp: 46c Fan: 40%
Started: Sun Sep 25 09:45:57 2018
Stopped: Sun Sep 25 09:47:37 2018
Lucky for us, the passphrase was one of the permutations. Status is cracked, check the output file:
$ cat pass.txt
FOOipsum
Mount as usual
$ sudo cryptsetup luksOpen /dev/sdX foobar
$ mount /dev/mapper/foobar /mnt/
Power outage and the known passphrase no longer works. If no backup for the drive header (first 2MB), now have a paperweight.