Unlock your TrueCrypt Encrypted Device without the Exact Password

So here’s the rather embarrassing story…

A couple of years ago, I encrypted a USB stick using TrueCrypt encryption to store some important/valuable files. I then put it in my bag and forgot about it. This weekend I came back to it and realised I had forgotten the password. I could remember using a combination of a couple of other passwords for increased security, but I couldn’t remember which passwords I had used, or in what order or combination. After numerous manual attempts to find the right combination, I gave up resigned to the fact that I would just have to wipe the device and start again.

Then something occurred to me – “Hang on a minute, I’m a programmer!”. And then I thought “How could I lose such an important password?”. Since I encrypted this USB stick, I’ve become a disciplined user of KeePass and LastPass, and to be fair this is the only password not in my password database. But still, it must be possible for me to solve this problem.

The first piece of the puzzle was the command-line interface to the Windows version of TrueCrypt. This is more than adequate to be wrapped with a script. The second piece of the puzzle was the itertools Python module, which provides some very nice functions for iterating over various permutations/combinations of values.

So the stage was set – how easy will it be to write a Python script to solve this problem? It turns out the answer is pretty easy. I found the itertools.product() function to be the best fit for my requirements, as it will generate the Cartesian product of an iterable list of possible password components with itself, giving me every possible combination of the specified password components.

The other critical part of my solution was discovering the right combination of command-line arguments to provide TrueCrypt. Here is the magic Python statement, which will attempt to mount the specified device as drive letter “T:” using the given password in a non-interactive manner:

truecrypt_command = "\"%s\" /q /s /v %s /lT /m ro /a /p \"%s\" /b" % ( truecrypt_exe, truecrypt_device, password )Code language: Python (python)

The rest was just glue code to read in the list of possible password components from a separate text file, and then loop over every possible combination/permutation until the password is found (or we run out of options).

Good news – the script works, and it found my missing password! The script is very basic and still uses some hard-coded settings, but you can download TrueCryptPasswordHunter.py if you think it will be of any use to you. It was written and tested with Python v2.7.3 32 bit on a Windows 7 64 bit machine.

Usage

Create a text file called password_components.txt in the same directory as the script, and populate it with possible password components, one per line. For example, if you think your missing password might be “monkeydoghorse” or “horsedogmonkey”, or something similar, then your password components file should contain the following:

monkey
dog
horse

Then just run the script and cross your fingers.

This Post Has 2 Comments

  1. sandip

    plz can u guide me step by step i have lost my truecrypt password

    1. Ian Thomas

      Sorry to hear that Sandip. This method will only work if you know the parts/sections of your password but cannot remember exactly which order they are in. If you have completely forgotten the password, you will need to use a brute force dictionary method to try all the different possible passwords until you find the right one, which I can’t help you with I’m afraid.

      Hope that helps. Good luck!

      Ian

Leave a Reply