+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: luks v1- sha1-aes-xts_p64 - only mode 14600 ? (is this correct?) (/thread-11364.html)
luks v1- sha1-aes-xts_p64 - only mode 14600 ? (is this correct?) - hashcatUser94712 - 03-26-2023
Im trying to crack an older 500mb luks partition i made many years ago (~2017) - First are my 2x questions, below that are the relevant details / info.
2x questions:
1- Even though Luks v1 / SHA-1 / AES / XTS_Plain64 - does NOT seem to be covered by any modes of: -m 29511 through -m 29543 , will -m 14600 still work ? (assuming the correct passphrase gets tried, ofcourse)
2- what is the relevance of Luks v1 / SHA-1 / AES / XTS_Plain64 - NOT being covered by one of the 29511 through 29543 modes? (are those faster modes vs 14600 ? what is the advantage of ever using -m 29511 vs -m 14600 if i were to have a VALID "29511 - LUKS v1 SHA-1 + AES" supported hash?
NB: based upon the sample hash for Mode 29511 , cbc-plain64 is expected vs my hash which used XTS_Plain64
from: https://hashcat.net/misc/example_hashes/hashcat_luks_sha256_aes_cbc-plain64_128.txt
via: https://hashcat.net/wiki/doku.php?id=example_hashes
My details:
---
ID luks partition/device (just confirmation):
blkid -t TYPE=crypto_LUKS -o device
/dev/sdc1
I extracted the luks v1 header:
dd if=/dev/sdc1 bs=1 count=2066432 of=luksHeader.dd
Verify my header extract is valid:
Code:
cryptsetup luksDump ./luksHeader.dd
LUKS header information for ./luksHeader.dd
Version: 1
Cipher name: aes
Cipher mode: xts-plain64
Hash spec: sha1
Payload offset: 4096
MK bits: 256
MK digest: d9 a3 5b c8 7a bc 00 dd 19 4a 28 27 6c b8 44 a8 14 68 80 a5
MK salt: fe ec 4e f6 53 14 48 06 c7 e6 9f 8e 46 df fd 29
d8 a9 45 8a 46 75 d4 88 93 43 6b fc 2e 10 f9 43
MK iterations: 63625
UUID: 88bcb795-e366-4dda-9998-fbf6b5fd0c84
Key Slot 0: ENABLED
Iterations: 250000
Salt: 3e f2 a9 79 d4 52 e8 36 39 3e 79 20 90 5d f8 b5
3c 87 0e 35 cf 6b 12 3f 6a 4c 85 91 b4 5f 04 2f
Key material offset: 8
AF stripes: 4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLEDConvert the header to a hashcat Hast file:
python3.6 luks2hashcat.py luksHeader.dd > out.hash
(nb; for luk2hashcat.py to execute: i first had to run/install : pip install dataclasses OR pip3 install dataclasses else i would get: ModuleNotFoundError: No module named 'dataclasses' )
cat out.hash:
$luks$1$Hash.SHA1$Cipher.AES$Mode.XTS_PLAIN64$256$250000$3ef2a97..................
readable: Luks v1 / SHA-1 / AES / XTS_Plain64
Mode 29511 will fail as it does not support XTS_PLAIN64:
hashcat -O -S -m 29511 -a 0 -w 3 -r blah.rule out.hash MYwordlist.txt
Code:
[2023-03-25 18:53:55] Counting lines in out.hash Please be patient...
Counted lines in out.hash
[b]Hashfile ' out.hash ' on line 1 ($luks$...76074b9aa95bee61f69f5c23cbcf7471): Signature unmatched[/b]
[2023-03-25 18:53:55] Parsing Hashes: 0/1 (0.00%)...
No hashes loaded.This does not fail / nor throw an error (however i have yet to crack it so far):
hashcat -O -S -m 14600 -a 0 -w 3 -r blah.rule luksHeader.dd MYwordlist.txt
or this also does not fail / nor throw an error:
hashcat -O -S -m 14600 -a 0 -w 3 -r blah.rule out.hash MYwordlist.txt
thanks for the help and your time.
( Great reference links for others / future):
https://hashcat.net/forum/thread-6225-post-33187.html#pid33187
https://diverto.github.io/2019/11/18/Cracking-LUKS-passphrases