Posts: 4
Threads: 1
Joined: Feb 2026
02-05-2026, 07:51 PM
(This post was last modified: 02-05-2026, 07:52 PM by alain.)
Hi there,
if you can I would like some help cracking a veracrypt hidden volume, I know the password of the outer volume (it mounts and shows it's content correctly). Now, I would like to test some set of passwords first (variations of what I might have used for the correct password), so I created a file.txt with the list of passwords.
I think the algorithm used for the hidden volume are: Twofish (Serpent) + Whirlpool so I would like to start from here and if it doesn't work, keep trying with all the other algorithms.
I have a Ryzen 7 notebook APU, with no dedicated GPU, but since I have 2000 passwords to test it should suffice.
What is the correct command I should run? I already have "dd" installed and of course "hashcat".
Do I have to extract the hash from the container first? If so what is the correct command to be used?
Thank you.
Posts: 4
Threads: 1
Joined: Feb 2026
02-05-2026, 08:14 PM
(This post was last modified: 02-05-2026, 08:16 PM by alain.)
I have extracted the header using these commands in Powershell:
$header = New-Object byte[] 512
[IO.File]::OpenRead("nameofcontainer.hc").Read($header, 0, 512) | Out-Null
[IO.File]::WriteAllBytes("header.bin", $header)
Is this correct? Or the position of the hidden header is elsewhere?
Posts: 157
Threads: 1
Joined: Apr 2022
(02-05-2026, 08:14 PM)alain Wrote: I have extracted the header using these commands in Powershell:
$header = New-Object byte[] 512
[IO.File]::OpenRead("nameofcontainer.hc").Read($header, 0, 512) | Out-Null
[IO.File]::WriteAllBytes("header.bin", $header)
Is this correct? Or the position of the hidden header is elsewhere?
In hashcat there's a tools folder. It contains veracrypt2hashcat.py. Run that with the "hidden" option.
That will give you an actual hash you can work with in modules 294**
The header you need for the hidden container is located at a different offset from the outer container, which is what you extracted with your command.
Posts: 4
Threads: 1
Joined: Feb 2026
02-06-2026, 04:58 PM
(This post was last modified: 02-06-2026, 04:59 PM by alain.)
(02-06-2026, 07:56 AM)b8vr Wrote: In hashcat there's a tools folder. It contains veracrypt2hashcat.py. Run that with the "hidden" option.
That will give you an actual hash you can work with in modules 294**
The header you need for the hidden container is located at a different offset from the outer container, which is what you extracted with your command.
That's awesome, thank you for pointing that out.
To extract the hidden header is this command correct?
Code:
python veracrypt2hashcat.py --offset hidden "NameOfContainer.hc" > hash.txt
("NameOfContainer.hc" is replaced with the real name of the container that needs to be cracked)
Posts: 4
Threads: 1
Joined: Feb 2026
After this command:
Code:
.\hashcat.exe -m 29431 -a 0 hash.txt passwords.txt -o pwcracked.txt -w 4 -O -S -n 1 --force
I was receiving a "No hashes loaded." error, I had to convert the *.txt file to UTF-8 format and now everything seams to be working fine. Hashcat is working now
Posts: 157
Threads: 1
Joined: Apr 2022
(02-06-2026, 06:02 PM)alain Wrote: After this command:
Code:
.\hashcat.exe -m 29431 -a 0 hash.txt passwords.txt -o pwcracked.txt -w 4 -O -S -n 1 --force
I was receiving a "No hashes loaded." error, I had to convert the *.txt file to UTF-8 format and now everything seams to be working fine. Hashcat is working now
Yes, your use of verscrypt2hashcat is correct if it's an encrypted container and not a bootable partition.
Your hashcat command also looks good, although I don't understand why you use -n 1....
That is used for fine tuning which hashcat does automagically and setting to 1 would give a negative impact on hashcat performance.
