Tuesday, October 25, 2022

Decrypting Unknown Image Challenge

I was given an unknown image.  I always take things like this, put it on a Linux machine and do strings to see if there's any header information that can be of use.  In this case, I see LUKS, aes, xts-plain64, sha1.  I'm not familiar with this format, so I Google.  This is a format used to protect disks and encrypt containers.  Breaking LUKS Encryption | By Oleg Afonin - eForensics (eforensicsmag.com).  While this is interesting, I didn't use this to solve the problem.

I'd gotten a Talino (Forensic Laptop | Extremely Portable Forensic Workstation (sumuri.com) a couple years ago - I tend to save up and overbuild my machines.  It's a nice forensics laptop. I'm interested in forensics, so I asked them how much it would cost to get certain tools added into the price of the laptop.  One of those tools was a nice application called Passware.  It's very easy to use.  I just opened it, dragged the image file into the GUI, and it automatically detected what type of image it was.



After that, I just clicked on the "Next" button and it started the attack.  It took a bit for it to iterate through the lists, but keep in mind, this machine is a couple years old.  They seem to update the password lists quite a bit, so that's nice.  (I blocked out the password just in case others want to try this challenge so that there aren't spoilers.)


You can add your own dictionaries in the menu at the top under Tools>Dictionary Manager, but if I recall it has to be in a certain format to be accepted.  I find that theirs is good, though.

I'm not in any way affiliated or sponsored by them.  I just think this is a neat tool and I'm glad I asked about it when I purchased my Talino.  I'm not affiliated or sponsored by Sumuri either.  A colleague recommended their laptops.  I'm happy with it as well.  It makes a good gaming rig.






No comments:

Post a Comment