TCHunt-ng 1.3

TCHunt-ng attempts to reveal encrypted files stored on a filesystem. The program is successful in finding TrueCrypt, VeraCrypt, CipherShed containers; LUKS, EncFS, PGP/GPG encrypted files; OpenSSH and PEM private keys; password databases; files made up of random data. The code is based on ideas laid out in the project of Stephen Judge named TCHunt, hence the name.

Tags tchunt tchunt-ng truecrypt veracrypt ciphershed openssl detect reveal crypto decrypt encryption pgp gpg
License GNU GPLv3
State initial

Recent Releases

1.319 Feb 2017 10:25 minor feature: Newly recognized file-types: LUKS encrypted file, Chiasmus encrypted data, Chiasmus key, mcrypt encrypted data, GNOME keyring, Mac OS X Keychain File, Vim encrypted file data. Get rid of the options '-r' and '-x'. Passing a directory on a command line is no longer valid. Recursive scanning is a difficult problem to tackle that requires additional options on par of the program. Simply the task is beyond the scope of TCHunt-ng. Use find(1) to pass found files to TCHunt-ng. Accept file names via stdin. This behavior is enabled by passing '-' as the first non-option argument (i.e. ./command options -). Change the way exit codes are used. If an error occurs for any given file, exit immediately with status 1. If any input file specified on a command line is not detected as random/encrypted, exit with status 2 after processing the rest of the files. Exit status 1 always takes precedence over status 2. When option '-s' is in effect, attempt to further classify the file (i.e. data, pgp/gpg ).
1.214 Jan 2017 12:31 minor feature: Accept multiple files specified on a command line. New option '-T' to toggle the TCHunt compatibility mode. In this mode a file's size is checked to be greater than 19 kiB and of modulo 512. New option '-s' to show a class to which a matching file belongs to. New option '-q' that treats no results as success. The program terminates with exit status equal to 0 instead of 2. New option '-p' to preserve last access time of a file analyzed. New option '-x' to stay on the same device as the file from which a descent began. This option only makes sense when recursively scanning a directory (option '-r').
1.119 Dec 2016 21:38 major feature: Newly recognized file-types: OpenSSH keys (public/private), PEM private keys (RSA/DSA/EC), Keepass password database, Password Safe V3 database, cvs password text file. Recognize content of different sizes. The solution is based on model data computed from a pool of random data for individual lengths of power of 2 (2 5, 2 6,...).
1.028 Nov 2016 05:00 minor feature: