Steal BTC

1. The Target
2. We’re going after a LUKS-encrypted GPT partition, as created by the Tails OS installer. Setting that up is outside the scope of this blog, but it’s pretty easy. Full details are available, but here is a quick summary:
3.  
4. Download the Tails OS iso.
5. Download the Tails OS installer.
6. Use the installer to write the ISO to a USB.
7. Boot from the USB into a live Tails environment.
8. Select “Application” > “Tails” > Configure persistent volume.
9. Set a passphrase.
10. Write some data to ~/Persistent/
11. Shut down.
12. Tools
13. Cracking these volumes is fairly hardware-intensive, especially when using really long wordlists. For this tutorial, we are using a Linux-based computer with an Nvidia GPU.
14.  
15. You’ll need a few things ready to go:
16.  
17. Hashcat. Get the newest version from this link, some Linux package managers are woefully behind on this stuff.
18. A text file that contains your encryption passphrase. While you are practicing, just make a short text file with 10 lines in it, one of them being the passphrase you set on your practice USB. Here are some good resources for cracking the real stuff:
19. My passphrase wordlist. This is a work in progress aimed at collecting common short phrases.
20. Crackstation’s wordlist. This holds more common passwords, as most people aren’t really using phrases yet.
21. For advanced cracking, a rule list. I like these:
22. Hob0Rules.
23. OneRule.
24. First Up - Find the Encrypted partition
25. You should be booted into your standard host OS right now - not into Tails. Insert the USB stick and wait until your computer recognizes it.
26.  
27. First, we need to figure out if there is an encrypted volume there at all, and if so where it is. You may get an alert right away when you plug the drive in, asking for a password. If so, just dismiss that.
28.  
29. Open up a terminal and use the lsblk command to list all block devices. On my computer, it looks like this:
30.  
31. $ lsblk
32. sda 8:0 1 3.7G 0 disk
33. ├─sda1 8:1 1 2.5G 0 part
34. └─sda2 8:2 1 1.3G 0 part
35. Yours may not be sda, as that is commonly the boot volume. You should be able to easily distinguish based on the size reported.
36.  
37. The device sda has two partitions - sda1 and sda2. This was created by the Tails Installer, which we happen to know uses the first partition for the boot volume and the second partition for encrypted persistent storage. To verify, we can run the following command and you should see output similar to mine:
38.  
39. $ sudo cryptsetup luksDump /dev/sda2
40. LUKS header information for /dev/sda2
41.  
42. Version: 1
43. Cipher name: aes
44. Cipher mode: xts-plain64
45. Hash spec: sha256
46. Payload offset: 4096
47. MK bits: 256
48. MK digest: b7 e5 d9 40 35 52 03 1a 42 3d a1 49 8f a3 0f 59 af cd 68 04
49. MK salt: 3b 5a 3b 42 4b 88 7d 63 b7 dd 16 d7 7e 51 47 04
50. de 47 92 32 f2 f6 53 a7 fb 4e dd 07 6a c2 56 34
51. MK iterations: 351500
52. UUID: 2f2fde5c-0a41-4f1d-9e08-b013a94c1edf
53.  
54. Key Slot 0: ENABLED
55. Iterations: 2763832
56. Salt: 63 99 a0 26 9c 26 58 0c f2 4e 5b a6 04 70 67 03
57. 76 3f 25 01 4b 40 2b 09 d8 b8 d3 33 77 54 8a ad
58. Key material offset: 8
59. AF stripes: 4000
60. Key Slot 1: DISABLED
61. Key Slot 2: DISABLED
62. Key Slot 3: DISABLED
63. Key Slot 4: DISABLED
64. Key Slot 5: DISABLED
65. Key Slot 6: DISABLED
66. Key Slot 7: DISABLED
67. Awesome, that’s what we’re looking for. You can see specifics on the encryption methods used in “Cipher name”, “Cipher mode”, “Hash spec”, etc.
68.  
69. Don’t get too excited - I created this drive especially for this tutorial, so don’t hope to snatch any coins by anything you see here. :)
70.  
71. If you run this same command against a non-encrypted volume, you’ll see something like this:
72.  
73. $ sudo cryptsetup luksDump /dev/sda1
74. Device /dev/sda1 is not a valid LUKS device.
75. Next - Clone the Encrypted Volume
76. USB drives can be volatile, with many of them being cheap pieces of shit that will lose your data at the worst time possible. Do NOT try to recover encrypted data directly from a USB drive.
77.  
78. We want to make a local copy of our target, /dev/sda2 on our cracking machine. This is easy accomplished using dd. The following command will create a file called “crypt.img” in the local directory.
79.  
80. $ sudo dd if=/dev/sda2 of=./crypt.img status=progress
81. Once that completes, you can use the same method of checking for an encrypted volume we used above. The new command should like this:
82.  
83. $ sudo cryptsetup luksDump ./crypt.img
84. The output should look the same as when you ran it directly against the USB stick. Remove that stick now, to make sure you don’t accidentally delete those sweet sweet coins.
85.  
86. Get Cracking - Standard Dictionary Attack
87. Now comes the fun. Cracking passwords is an art, and consistent success requires really fine tuning your approach. If you want to learn some advanced methods, Google around a bit or check out this great book.
88.  
89. Assumptions:
90.  
91. You’ve downloaded hashcat and placed the files into /opt/hashcat.
92. You’ve configured your drivers as recommended here. This is important.
93. You’ve created a short text file, with one potential password per line, your password being one of them. That text file is at ~/wordlist.txt
94. The crypt.img file is also in your homefolder, at ~/crypt.img.
95. First, we are going to run a straight-up dictionary attack. This means that password has to be found in your wordlist exactly - with correct case, special characters, etc.
96.  
97. Here we go:
98.  
99. # Try it this way first, with some hardware optimization parameters:
100. $ /opt/hashcat/hashcat64.bin -a 0 -m 14600 ~/crypt.img ~/wordlist.txt -O -w 3
101.  
102. # If that doesn't work, try this:
103. $ /opt/hashcat/hashcat64.bin -a 0 -m 14600 ~/crypt.img ~/wordlist.txt
104. Press the S key at any time to see that status of your cracking session.
105.  
106. If your session completes successfully, you should see an output with your password. If the session completed and you aren’t sure it was successful, running the command as follows will show you all successfully cracked passwords for a given target:
107.  
108. $ /opt/hashcat/hashcat64.bin -a 0 -m 14600 ~/crypt.img --show
109. If the output of the above command is blank, the password has not yet been cracked.
110.  
111. Getting Tricky - Rule-Based Attacks
112. As humans, we are pretty dumb when it comes to making passwords. We think doing things like adding an ! or replacing an S with a $ makes them more secure.
113.  
114. When it comes to password cracking, this may slow us down a bit but certainly doesn’t stop us. We can use a pre-defined set of rules for transforming files in a wordlist to many possible permutations.
115.  
116. If you’d like to test this out, use a password like ThisPasswordSucks! for your USB stick, but in the wordlist you create enter only ThisPasswordSucks. This isn’t really stressing your rule list, but you get the idea.
117.  
118. Assumptions:
119.  
120. You’ve downloaded Hob0Rules and placed it in /opt/rules/.
121. Follow the same process as before, but alter the command to use one of the rule sets as follows:
122.  
123. $ /opt/hashcat/hashcat64.bin -a 0 -m 14600 ~/crypt.img ~/wordlist.txt -r /opt/rules/Hob0Rules/hob064.rule -O -w 3
124. Happy Hacking!