Benji’s blog !

Brute-Force of Luks?

First and foremost, you should know that bruteforcing Luks is no easy task: the PBKDF2 norm, used by Luks, make it hard to brute-force : Luks doesn’t use the passphrase you give him as a source to decrypt data. It use your passphrase as a source for a very complex alogrithm, done a great number of times (in my case 191609 times), which, at the end, requires about 1 full second of CPU time on my server to compute the resulting key. As a result, for each pass tried on this machine, it will take 1 second to know if it’s the right one or not!

This protection is very effective to prevent the usual brute-force attack which consist of trying every possible password on a supercomputer ...

In my case, I had a pretty good idea of what could be that passphrase: "Courage is the ability to ignore your options." could be a good candidate, and "a great banker is a dead one" also ... but of course it was neither the first nor the second.

However, my passphrase could be one of those:

• Courage is the ability to ignore your options.
• Courage is the ability to ignore your options
• "Courage is the ability to ignore your options."
• courage is the ability to ignore your options.
• courage is the ability to ignore your options
• "courage is the ability to ignore your options."
• courage is the ability to ignore your option
• (Courage is the ability to ignore your option)

well... you can guess my problem: with or without quotes, or parenthesis, with or without period, coma, upcase characters etc. I had to find my passphrase among those 2 * 5 * 2^3 * 3 ... well, something like 10000 combinations...

But I really didn’t want to test them all by hand.

A program to brute-force Luks

Since I didn’t find any program on the Internet to help me bruteforcing Luks, I wrote this small php-script

Here it is for your greatest pleasure:

luks-brute-force.php

This script allows you to try to open a luks partition (here /dev/md1, replace it by your partition name such as /dev/sda3 or /dev/mapper/encrypted-root) by trying every possible combinations from a set of possible passphrases and their variations.

Before using it, you need to:

• replace /dev/md1 by your Luks partition;
• replace the array of arrays by each passphrase this could be, with all their variations (with or without ., () space etc.).
• replace the email address by your email: If the program find the right passphrase, it will tell you!

Launch this program, for example in a screen console, using php-cli, and let it blow your real passphrase (you will need patience, even more patience if the number of combinations is high)

This program saved me a nice bunch of personal data (here a 2TB hard drive with 15 years of photos...), enjoy it if it can help you in that way: it is distributed under GPL-v3 license.