seabreg / tcgetkey Goto Github PK
View Code? Open in Web Editor NEWLicense: GNU General Public License v3.0
License: GNU General Public License v3.0
What is tcgetkey? ================= This is my simple (ugly) PoC at recovering TrueCrypt keys from memory dumps gathered from linux systems using the FireWire bus. It will then use the recovered keys to decrypt the volume. It contains 2 programs: get_mem_dump gets the memory image via firewire tcgetkey scans the dump and decrypts the volume In order to identify the keys, a new approach was employed, by calculating and comparing Shannon entropy of certain memory regions. This is a very rough PoC with probably a lot of stupid bugs in the code. How to build tcgetkey? ====================== Just run 'make'. You'll need the following: openssl-dev for the AES routines libforensic1394 for the FireWire code You can get OpenSSL from: http://www.openssl.org/ You can get libforensic1394 from: https://freddie.witherden.org/tools/libforensic1394/ How to use the tools? ===================== You should first acquire a memory dump, by typing: sudo ./get_mem_dump memory_dump.image Then you should obtain the truecrypt container (e.g tc.image) and analyze it: ./tcgetkey memory_dump.image tc.image decrypted.image If it successfully finds your keys, it would attempt to decrypt the whole volume. You would get instructions on how to proceed, but it's basically: losetup /dev/loopX decrypted.image mount /dev/loopX /mnt/decrypted Limitations =========== tcgetkeys supports only physical memory images gathered from Linux hosts. It is (well sort of) kernel/architecture-independent except that it only supports little-endian ones now. Hidden volumes are not supported (this is pending further investigation). Disclaimer ========== DO NOT use the tools to illegally break into encrypted containers. I am not responsible for any harm these tools can do on your systems. Credits ======= Freddie Witherden for writing and maintaining libforensic1394 Dhiru Kholia for his cooperation wiki.kernel.org for their detailed documentation of the on-disk layout of EXT filesystems Torbjörn Pettersson for his "Cryptographic key recovery from Linux memory dumps" paper. Author ====== Milen Rangelov <gat3way-at-gat3way.eu>
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.