Hi there,
I need to recover the pass for an .axx file...how can I extract the hash? Can't find so much online, I'm really noob at this but i want to learn how to use this great tool...thanks for the help
(08-11-2016, 12:39 PM)philsmd Wrote: [ -> ]You can just use axcrypt2john.py (btw: the format - an example "hash" - is also mentioned here: https://hashcat.net/wiki/example_hashes )
Thanks! I've just download axcrypt2john.py but it says "invalid syntax" when I try to use it...
Using windows prompt i go into run folder, I also put my file there...than typing "axcrypt2john.py file.axx >file.hash" I got invalid syntax error...sorry I'm wasting your time...
I'm not sure about the exact error message you get but if it is a python error you should probably use a different (version of) Python (maybe Python 2.7 at least).
Since you didn't show the full error message, nor which tool the output originates, I can't recommend more than just try different versions of python and maybe try it on linux too (but in theory Python should work the same way on both platforms).
AFAIK the axcrypt2john.py tool was updated recently, too. So make sure you use the latest version from github
Hello,
This is Svante, the author of AxCrypt. The terminology is a bit confusing, AxCrypt is not a hashed password store, so what you're looking for is not a hash as such, but the KeyWrap1, A 128-bit Data Enc Key wrapped with 128-bit KEK, Header Block Type 4. Not sure just what parameters hashcat requires but you may have to break out the iteration count as well. See
http://www.axcrypt.net/documentation/technical/ for a description of the file formats. AxCrypt 1 and AxCrypt 2 differs, but the general idea is the same. If you have a file encrypted with AxCrypt 2, it's Header Block Type 13 you want - but I don't think hashcat supports this currently.
The AxCrypt module for Hashcat also supports breaking AxCrypt 1 in-memory representation of the password derived key, but this is typically only useful if you are attacking a running AxCrypt process where the legitimate user has entered the password. It is unlikely to be useful for legitimate password recovery.