hashcat Forum

Full Version: veracrypt dump plausible correct syntax?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Just to be on the safe side before I crack into the void: Hashcat recognizes by the hash syntax and the selected hash mode whether the hash is plausible in form or not. Does hashcat recognize this also if it is a section/dump of a Veracrypt encryption or can hashcat not check this (for reasons) and tries to crack it without verifying it? I just want to make sure that I have correctly dumped the section in which the hash is located. Hashcat does not show me an error message when cracking.

Edit: oh, btw, do i need utf8 encoding for my wordlist in order to crack veracrypt related hashes or is a binary file ok? I checked my wordlist like this "file -i wordlist.txt" and get "filtered.txt: application/octet-stream; charset=binary". I want to eleminate all possible mistakes.
(07-18-2022, 04:08 PM)matt99 Wrote: [ -> ]Just to be on the safe side before I crack into the void: Hashcat recognizes by the hash syntax and the selected hash mode whether the hash is plausible in form or not. Does hashcat recognize this also if it is a section/dump of a Veracrypt encryption or can hashcat not check this (for reasons) and tries to crack it without verifying it? I just want to make sure that I have correctly dumped the section in which the hash is located. Hashcat does not show me an error message when cracking.

Edit: oh, btw, do i need utf8 encoding for my wordlist in order to crack veracrypt related hashes or is a binary file ok? I checked my wordlist like this "file -i wordlist.txt" and get "filtered.txt: application/octet-stream; charset=binary". I want to eleminate all possible mistakes.

short answer no

true/veracrypt input is in binary form and hashcat cannot check the validity of the input beforehand, in fact you could provide more than 512 bytes, e.g. an inputfile of 1mb, hashcat will take the first 512 bytes and tries to crack it

regarding the wordlist, when running HC, take a look at the hashcat line telling candidates: > , how do the candidates look like? plain words and or readable ascii? if yes, your file seems okay, it could be, that your file is an uft8-bom file and therefore "mistaken" as binary file
(07-20-2022, 01:22 PM)Snoopy Wrote: [ -> ]short answer no


true/veracrypt input is in binary form and hashcat cannot check the validity of the input beforehand, in fact you could provide more than 512 bytes, e.g. an inputfile of 1mb, hashcat will take the first 512 bytes and tries to crack it
Ok, i think the dump should be correct.
Code:
dd if=./veracrypt_encrypted_device_image of=./veracrypt_encrypted_device_dump bs=512 count=1


(07-20-2022, 01:22 PM)Snoopy Wrote: [ -> ]regarding the wordlist, when running HC, take a look at the hashcat line telling candidates: > , how do the candidates look like? plain words and or readable ascii? if yes, your file seems okay, it could be, that your file is an uft8-bom file and therefore "mistaken" as binary file

Yes, i can read the candidates in plain text. Readable, no binary/whatever format.