hashcat Forum

Full Version: need help ( paid )
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hello, i got a 1TB veracrypt volume but i forgot the password, i read the tutorial on another thread on how to recover the hash however when i run the command this is what i get

C:\Users\Administrator\Downloads>dd.exe if=hashcat_ripemd160_AES_hidden.raw of=D:\file04 bs=1 skip=65536 count=512
rawwrite dd for windows version 0.6beta3.
Written by John Newbigin <jn@it.swin.edu.au>
This program is covered by terms of the GPL Version 2.

skip to 65536
0+0 records in
0+0 records out

C:\Users\Administrator\Downloads>

anyone that can help me? i'm willing to pay anyone who helps me to recover the hash in bitcoin
thank you.
Pretty sure this violates the terms and conditions of the forum rules. Sorry mate.
yeah, I agree. It's also against the spirit of this forum. we are willing to explain and teach you how to use hashcat if you are willing to invest some time and brain power into it... you need to be open to try to understand things and learn things and you should be good to go.

Of course we are not here for holding hands, but we can give you some hints or link to resources (other posts/wiki,...) etc
https://hashcat.net/wiki/doku.php?id=fre...pt_volumes


I think the first hint I could give you here is that you need to run the dd command on the full file/volume etc not on the already extracted "hash". It seems that you are using the already extracted hash from the example hashes page (file called "hashcat_ripemd160_AES_hidden.raw" from https://hashcat.net/wiki/example_hashes). This file is already the extracted "hash". That means that the dd command was already run and that file is already the result of the dd command execution.
Again, this means that if you want to run it on a different file/volume/partition, you need to follow the FAQ https://hashcat.net/wiki/doku.php?id=fre...pt_volumes and do both the dd + hashcat, while for the already extracted data (the "hash") you need to skip the dd step.
(04-14-2018, 11:40 AM)philsmd Wrote: [ -> ]yeah, I agree. It's also against the spirit of this forum. we are willing to explain and teach you how to use hashcat if you are willing to invest some time and brain power into it... you need to be open to try to understand things and learn things and you should be good to go.

Of course we are not here for holding hands, but we can give you some hints or link to resources (other posts/wiki,...) etc
https://hashcat.net/wiki/doku.php?id=fre...pt_volumes


I think the first hint I could give you here is that you need to run the dd command on the full file/volume etc not on the already extracted "hash". It seems that you are using the already extracted hash from the example hashes page (file called "hashcat_ripemd160_AES_hidden.raw" from https://hashcat.net/wiki/example_hashes). This file is already the extracted "hash". That means that the dd command was already run and that file is already the result of the dd command execution.
Again, this means that if you want to run it on a different file/volume/partition, you need to follow the FAQ https://hashcat.net/wiki/doku.php?id=fre...pt_volumes and do both the dd + hashcat, while for the already extracted data (the "hash") you need to skip the dd step.

first of all, thanks for the help,
so from what i understood the first if= was supposed to be the encrypted volume? if so i ran
C:\Users\Administrator\Downloads>dd.exe if=D:\file04 of=D:\file04.hash bs=1 skip=65536 count=512
rawwrite dd for windows version 0.6beta3.
Written by John Newbigin <jn@it.swin.edu.au>
This program is covered by terms of the GPL Version 2.

skip to 65536
512+0 records in
512+0 records out

C:\Users\Administrator\Downloads>

and looks like it worked
thank you, will try to crack it now

edit:
ran with -m 13711
if it works does it mean its the right algorithm or it can be any other veracrypt algo?
it could be any veracrypt algo