OTFBrutus.exe will attempt to determine the password for your TrueCrypt file/device by brute force.  It can work with a predefined dictionary list (a text file with one password per line) or it has it's own simplified password generator.  It works with file hosted volumes, device/partition hosted volumes, backup headers and system rescue discs.  It works on standard, hidden and system volumes.  It can try all hash algorithms, encryption modes and encryption algorithms or it can try just a small subset of them, if you know which ones you used.  Using a small subset, especially of the hash algorithms, can significantly speed up the process.

The most important thing, before attempting brute force recovery of your password, is to narrow down the password list.  If you remember all of your password except for the last 4 characters, then you have a fighting chance of recovery.  If you have forgotten 5 characters and those 5 characters could be upper or lower case "abcdefghijklmnopqrstuvwxyz" + "0123456789," then you're pretty much out of luck.  5 characters of "abcdefghijklmnopqrstuvwxyz" + "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + "0123456789" is 916,132,832 possible passwords (62^5).  At a maximum speed in the neighboorhood of 800 passwords per second on a Dual Quad Core Xeon machine running 16 threads, that many passwords could take OTFBrutus 13.25 days to process.  And how many of you have a Dual Quad Core Xeon machine laying around?  Expect your actual passwords per second to be much less.

The second most important thing is if you know which hash algorithm you used.  By far, the most time consuming function in the brute force process involves the hash algorithm.

It is also very important to set the number of threads with the -t parameter.  It should be set to the number of CPU cores you have in your machine.  If you set "-t 1" and open Task manager and OTFBrutus is only using 25% of your CPU, then you should set "-t 4."  If it is only using 6-7%, then you should set "-t 16."

Here are some actuall speed examples:

1 Thread running on a Dual Quad Core Xeon X5550 @2.67GHz Machine
	 15 passwords per second - the hash method is unknown so it has to try RipedMD, SHA512 and Whirlpool
	 24 passwords per second - just trying RipeMD
	101 passwords per second - just trying SHA512
	 71 passwords per second - just trying Whirlpool

16 Threads running on a Dual Quad Core Xeon X5550 @2.67GHz Machine
	160 passwords per second - the hash method is unknown so it has to try RipedMD, SHA512 and Whirlpool
	270 passwords per second - just trying RipeMD
	810 passwords per second - just trying SHA512
	630 passwords per second - just trying Whirlpool

You can also specify a subset of encryption modes and encryption algorithms but I have found that those don't have much impact on speed.




And here are some examples of useage:

Attempt to decrypt the standard volume from a TrueCrypt file hosted volume using the all of the current and legacy encryption/hash settings and a password pattern
And my computer has 4 CPU cores
OTFBrutus -i "C:\MyTrueCryptFile.tc" -p "known[1234]{2}" -t 4
	the password generator will create 16 passwords from "known[1234]{2}"
		known11 known12 known13 known14 known21 known22 known23 known24
		known31 known32 known33 known34 known41 known42 known43 known44



Attempt to decrypt the hidden volume from a TrueCrypt partition hosted volume using the all of the current (TrueCrypt v7.0a) encryption/hash settings and a password pattern
And my computer has 2 CPU cores
OTFBrutus -i "\\?\GLOBALROOT\Device\Harddisk0\Partition1" -p "[1234]{1}(pineapple|banana){1}[1234]{1}" -v 1 -h "-2" -m "-2" -c "-2" -t 2
	the password generator will create 32 passwords from "[1234]{1}(pineapple|banana){1}[1234]{1}"
		1pineapple1 2pineapple1 1banana1 2banana1
		1pineapple2 2pineapple2 1banana2 2banana2
		1pineapple3 2pineapple3 1banana3 2banana3
		1pineapple4 2pineapple4 1banana4 2banana4
		3pineapple1 4pineapple1 3banana1 4banana1
		3pineapple2 4pineapple2 3banana2 4banana2
		3pineapple3 4pineapple4 3banana3 4banana3
		3pineapple4 4pineapple3 3banana4 4banana4



Attempt to decrypt the system volume from a TrueCrypt rescue disc using a precomputed dictionary list and only checking a subset of passwords from the list starting at line 100 and ending at line 200
And my computer has only 1 CPU core
OTFBrutus -i "C:\RescueDisc.iso" -d "C:\word_list.txt" -v 2 -s 100 -e 200 -t 1



Attempt to decrypt the standard volume from a TrueCrypt backup header using a precomputed dictionary list and only SHA512, XTS Mode and Twofish
And my computer has 16 CPU cores
OTFBrutus -i "C:\BackupHeader.h" -d "C:\word_list.txt" -v 0 -h "1" -m "0" -c "2" -t 16
