hashcat Forum

Full Version: TrueCrypt 7.1a Decrypt
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hello,

I ask you please help to decrypt a file. I remember the password, part of the password, or so I think. I'm not an expert in softrware, I do not program. That's why I strongly urge you how to get it.

I have a file, which I mounted with truecrypt.

I think the steps I have to follow are these:

     1.- Remove the Hash from the encrypted file that I have.
     2.- Create a dictionary.
     3.- Make hashcat decrypt

It is right?, crep I have extracted the hash, with the following command in ubuntu:

dd skip=31744 count=512 if=output.binary of=output.binary bs=1

*output.binary=File encrypted

now I have a file called "output.binary":, which is not checked if it is correct, and I do not know the next step.

PD: if you know any company, specialist I am willing to pay for the service.
Since you used the offset 31744 from the start, I assume that you are trying to crack a TrueCrypt boot volume (see https://hashcat.net/wiki/doku.php?id=fre...pt_volumes )

This means that you need to run something like this:
Code:
hashcat -a 0 -m 6243 -w 3 output.binary dict.txt

The hash mode (e.g. -m 6243) must be choosen depending on the encryption + hashing combination that you selected while creating the volume (see the output of --help to find the correct combination of 62XY hash modes, just run hashcat --help)
The file dict.txt should contain the password candidates that you want to try.

I always recommend to create a new test volume (on a disk/partition that is new or at least does not contain any important data etc) with similar/identical settings, same type of volume (boot volume), same hashing and encryption algorithm combination, a known password that is similar to the one that was actually used etc.
Then you try to extract the "hash" from this test volume and try to crack it... if everything is working correctly, it should also work with your original "hash".