Is it possible to crack the TrueCrypt volume password?
Encryption Algorithm: AES-Twofish-Serpent
Hash Algorithm: RIPEMD-160
Keyfile was used (which I have).
I tried all passwords I usually use, but none worked.
So basically, I have no clue anymore what it might be.
Can I recover my password with hashcat?
If yes, which options do I have to use?
Many thanks
Yes it is possible.
What is the exact command you typed ?
Code:
$ hashcat.exe -m 6213 -a 3 -w 3 --increment --increment-min 6 -o cracked.txt --truecrypt-keyfiles=kf.xyz sdb1_dump.dd -1 ?l?u ?a?1?1?1?1?1?a?a?a?a?a?a?a?a?a?a
I did some test runs on a created volume (no hidden, with partition, non-systen) and this seems (?!) to work. I took the first 512 bytes using dd.
I know the password in minimum 6 chars long, maximum 16 chars.
The first char can be anything, but the next 5 chars are for sure letters (upper- or lowercase).
The rest can be anything again.
Are the parameters I used correct?
Besides that, I was surprised to see that:
1. if -o isn't used, the cracked result is neither stored anywhere, nor displayed.
2. the mask needs to be at the end, otherwise "... Invalid argument" is shown.
Did I miss something?
(02-21-2022, 07:40 PM)strcmp Wrote: [ -> ]Code:
$ hashcat.exe -m 6213 -a 3 -w 3 --increment --increment-min 6 -o cracked.txt --truecrypt-keyfiles=kf.xyz sdb1_dump.dd -1 ?l?u ?a?1?1?1?1?1?a?a?a?a?a?a?a?a?a?a
I did some test runs on a created volume (no hidden, with partition, non-systen) and this seems (?!) to work. I took the first 512 bytes using dd.
I know the password in minimum 6 chars long, maximum 16 chars.
The first char can be anything, but the next 5 chars are for sure letters (upper- or lowercase).
The rest can be anything again.
Are the parameters I used correct?
Besides that, I was surprised to see that:
1. if -o isn't used, the cracked result is neither stored anywhere, nor displayed.
2. the mask needs to be at the end, otherwise "... Invalid argument" is shown.
Did I miss something?
1.) for default, stored in potfile, but it doesnt matter, because your attack will take hundreds of years
(02-22-2022, 12:15 PM)Sondero Wrote: [ -> ]1.) for default, stored in potfile, but it doesnt matter, because your attack will take hundreds of years
Yes, I saw now that it takes ages ...
May I use a (my own) wordlist and tell hashcat to take any combination of these words?
BTW ... even if cracked, hashcat.potfile doesn't hold the found hash.
Still looking for my lost password.
Just to be sure ... when I use dd from (e.g.) Ubuntu, does it matter if the (SATA) HDD is connected via USB bay, or does it need to connected via SATA (eSATA)?