+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Wrong password printed for LUKS -m 14600 (/thread-11679.html)
Pages:
1
2
Wrong password printed for LUKS -m 14600 - Zarhi - 11-02-2023
Hello,
I have old PC with Fedora 16 (Verne) with forgotten LUKS password.
I try to recover it with hashcat 6.2.6 but there is a problem:
On fedora 16:
# dd if=/dev/zero of=test_luks bs=32M count=1
# cryptsetup luksFormat test_luks
with password 'abcdefg_22!'
Then transfer test_luks to my work PC, RockyLinux 9.2, NVIDIA Corporation TU104GL [Quadro RTX 4000] (rev a1)
Result from hashcat:
Quote:# cat a.dict
abcdefg
# ./hashcat -m 14600 test_luks -1 '~!_#2' -a 6 a.dict ?1?1?1?1
hashcat (v6.2.6) starting
CUDA API (CUDA 12.3)
====================
* Device #1: Quadro RTX 4000, 7877/7974 MB, 36MCU
OpenCL API (OpenCL 3.0 CUDA 12.3.68) - Platform #1 [NVIDIA Corporation]
=======================================================================
* Device #2: Quadro RTX 4000, skipped
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Optimizers applied:
* Zero-Byte
* Single-Hash
* Single-Salt
* Slow-Hash-SIMD-LOOP
ATTENTION! Potfile storage is disabled for this hash mode.
Passwords cracked during this session will NOT be stored to the potfile.
Consider using -o to save cracked passwords.
Watchdog: Temperature abort trigger set to 90c
Host memory required for this attack: 1412 MB
Dictionary cache hit:
* Filename..: a.dict
* Passwords.: 1
* Bytes.....: 8
* Keyspace..: 625
The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework
Approaching final keyspace - workload adjusted.
test_luks:abcdefg2222
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 14600 (LUKS v1 (legacy))
Hash.Target......: test_luks
Time.Started.....: Thu Nov 2 11:01:18 2023 (1 sec)
Time.Estimated...: Thu Nov 2 11:01:19 2023 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Base.......: File (a.dict), Left Side
Guess.Mod........: Mask (?1?1?1?1) [4], Right Side
Guess.Charset....: -1 ~!_#2, -2 Undefined, -3 Undefined, -4 Undefined
Speed.#1.........: 1 H/s (0.33ms) @ Accel:8 Loops:128 Thr:512 Vec:1
Recovered........: 1/1 (100.00%) Digests (total), 1/1 (100.00%) Digests (new)
Progress.........: 1/625 (0.16%)
Rejected.........: 0/1 (0.00%)
Restore.Point....: 0/1 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:186880-186999
Candidate.Engine.: Device Generator
Candidates.#1....: abcdefg2222 -> abcdefg2222
Hardware.Mon.#1..: Temp: 60c Fan: 30% Util: 62% Core:1920MHz Mem:6500MHz Bus:16
Started: Thu Nov 2 11:00:35 2023
Stopped: Thu Nov 2 11:01:20 2023
Runnig with -d 2 (OpenCL) print same result.
Testing on Rocky 9:
# echo 'abcdefg_22!' | cryptsetup luksOpen --test-passphrase test_luks test
# echo 'abcdefg2222' | cryptsetup luksOpen --test-passphrase test_luks test
No key available with this passphrase.
Do I make some mistake?
RE: Wrong password printed for LUKS -m 14600 - v71221 - 11-03-2023
To simplify, I would try wordlist attack mode (not hybrid).
Create wordlist with these words
abcdefg_!_!
abcdefg2222
abcdefg_22!
Run the attack and post the results here, please
RE: Wrong password printed for LUKS -m 14600 - Zarhi - 11-06-2023
Quote:# cat t.dict
abcdefg_!_!
abcdefg2222
abcdefg_22!
# ./hashcat -m 14600 test_luks -a 3 t.dict
hashcat (v6.2.6) starting
CUDA API (CUDA 12.3)
====================
* Device #1: Quadro RTX 4000, 7877/7974 MB, 36MCU
OpenCL API (OpenCL 3.0 CUDA 12.3.68) - Platform #1 [NVIDIA Corporation]
=======================================================================
* Device #2: Quadro RTX 4000, skipped
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Optimizers applied:
* Zero-Byte
* Single-Hash
* Single-Salt
* Brute-Force
* Slow-Hash-SIMD-LOOP
ATTENTION! Potfile storage is disabled for this hash mode.
Passwords cracked during this session will NOT be stored to the potfile.
Consider using -o to save cracked passwords.
Watchdog: Temperature abort trigger set to 90c
Host memory required for this attack: 1412 MB
The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework
Approaching final keyspace - workload adjusted.
test_luks:abcdefg_!_!
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 14600 (LUKS v1 (legacy))
Hash.Target......: test_luks
Time.Started.....: Mon Nov 6 08:04:34 2023 (1 sec)
Time.Estimated...: Mon Nov 6 08:04:35 2023 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: abcdefg_!_! [11]
Guess.Queue......: 1/3 (33.33%)
Speed.#1.........: 1 H/s (0.04ms) @ Accel:64 Loops:16 Thr:512 Vec:1
Recovered........: 1/1 (100.00%) Digests (total), 1/1 (100.00%) Digests (new)
Progress.........: 1/1 (100.00%)
Rejected.........: 0/1 (0.00%)
Restore.Point....: 0/1 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:186992-186999
Candidate.Engine.: Device Generator
Candidates.#1....: abcdefg_!_! -> abcdefg_!_!
Hardware.Mon.#1..: Temp: 61c Fan: 30% Util: 54% Core:1920MHz Mem:6500MHz Bus:16
Started: Mon Nov 6 08:04:32 2023
Stopped: Mon Nov 6 08:04:36 2023
Same result with -a 0:
Quote:./hashcat -m 14600 test_luks -a 0 t.dict
Approaching final keyspace - workload adjusted.
test_luks:abcdefg_!_!
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 14600 (LUKS v1 (legacy))
Hash.Target......: test_luks
Time.Started.....: Mon Nov 6 08:18:18 2023 (1 sec)
Time.Estimated...: Mon Nov 6 08:18:19 2023 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Base.......: File (t.dict)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 4 H/s (0.16ms) @ Accel:128 Loops:64 Thr:64 Vec:1
Recovered........: 1/1 (100.00%) Digests (total), 1/1 (100.00%) Digests (new)
Progress.........: 4/4 (100.00%)
Rejected.........: 0/4 (0.00%)
Restore.Point....: 0/4 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:186944-186999
Candidate.Engine.: Device Generator
Candidates.#1....: abcdefg_!_! ->
Hardware.Mon.#1..: Temp: 60c Fan: 30% Util: 54% Core:1920MHz Mem:6500MHz Bus:16
RE: Wrong password printed for LUKS -m 14600 - Snoopy - 11-06-2023
well thats strange, i cannot even crack my testsetup, tried mode 14600 and the newer one 29521, dict and bruteforce no hit
can you please upload your test_luks file anywhere? i feel it kinda strange that none of my setups produces a cracked pass
RE: Wrong password printed for LUKS -m 14600 - Zarhi - 11-08-2023
https://cloud.zarhi.com/s/EGoWSJWKPxnrqHG
Same results are with 5.1.0 and 4.2.1. Lower versions does not compile on my system.
RE: Wrong password printed for LUKS -m 14600 - Snoopy - 11-10-2023
well now thats a strange behavior,
setup: hahscat 6.2.6 (and beta) bruteforce, mode 14600, mask abcdefg?s?d?d?s, --keep-guessing
test_luks:abcdefg#96!
test_luks:abcdefg{30#
test_luks:abcdefg;36~
test_luks:abcdefg=08}
test_luks:abcdefg%72
then i extracted the hash using the python-tool, same setup, mode 25911
abcdefg?26-
abcdefg;86)
abcdefg-00\
abcdefg~64<
abcdefg^48[
rerun this on different systems and using different backends CPU, GPU, opencl, cuda resulting in multiple similar outputs
maybe some of the devs can exlpain why this happen?
RE: Wrong password printed for LUKS -m 14600 - b8vr - 11-11-2023
(11-10-2023, 02:06 PM)Snoopy Wrote: well now thats a strange behavior,
setup: hahscat 6.2.6 (and beta) bruteforce, mode 14600, mask abcdefg?s?d?d?s, --keep-guessing
test_luks:abcdefg#96!
test_luks:abcdefg{30#
test_luks:abcdefg;36~
test_luks:abcdefg=08}
test_luks:abcdefg%72
then i extracted the hash using the python-tool, same setup, mode 25911
abcdefg?26-
abcdefg;86)
abcdefg-00\
abcdefg~64<
abcdefg^48[
rerun this on different systems and using different backends CPU, GPU, opencl, cuda resulting in multiple similar outputs
maybe some of the devs can exlpain why this happen?
This could maybe be a keyboard layout issue.
When creating a bootable LUKS partition, LUKS is changing the layout to english/US, meaning that if you have a different keyboard, you think you are supplying some specific characters, but if those characters are placed differently from an english/US keyboard, the password will actually contain the characters of the english/US layout.
RE: Wrong password printed for LUKS -m 14600 - Zarhi - 11-11-2023
Result are not consistent:
./hashcat -m 14600 test_luks -a 0 example.dict --keep-guessing
First run:
Quote:test_luks:1024ens
test_luks:jack1e
test_luks:joao2309
test_luks:kalaska
test_luks:kineee
test_luks:kurono
test_luks:letlove2
test_luks:lovebaby
test_luks:makaay05
test_luks:max1412
test_luks:milburn
test_luks:mozx246
test_luks:ncic142
test_luks:norte06
test_luks:orian70
test_luks:pavli090
test_luks:plokplok
test_luks:pvt1003
test_luks:randori44
test_luks:roberts
test_luks:sachiko
test_luks:seanptc
test_luks:simonsays
test_luks:spargel
test_luks:suriya
test_luks:temnaya
test_luks:tobidog
test_luks:tyke
test_luks:verano
test_luks:wearecor
test_luks:x1gfj
test_luks:yql-123456
test_luks:zzz666bc
Second run:
Quote:test_luks:051304
test_luks:41353109
test_luks:Klausi
test_luks:c6jbower
test_luks:futurebird
test_luks:ma0schel
test_luks:p7101309
test_luks:suca3000
Third run:
Quote:test_luks:06081961
test_luks:12bienen
test_luks:1e3654
test_luks:2832328110
test_luks:410186c3
test_luks:601902638
test_luks:86338633
test_luks:9bqj4
test_luks:PieriePierie
test_luks:a6pack4u
test_luks:atakan2121
test_luks:benutzen3
test_luks:calgon
test_luks:cpu80mhz
test_luks:dumcu113
test_luks:euro8469
test_luks:fw041679
test_luks:halloula
test_luks:intensecs
test_luks:k14589
test_luks:l1a2r3s4
test_luks:lunita
test_luks:mfgmikel
test_luks:nesquick
test_luks:penny
test_luks:qx24av12
test_luks:rockstar
test_luks:sfnasty
test_luks:superk
test_luks:tommi2005
test_luks:vvrzr
test_luks:xyzpq13
And so on. adding -w3, -S, -D2 ( Intel OpenCL on Xeon CPU) gives same random results.
RE: Wrong password printed for LUKS -m 14600 - Snoopy - 11-13-2023
after reporting this issue atom came up with the reason/explanation why this happen
please see
https://github.com/hashcat/hashcat/issues/3903
and
https://hashcat.net/forum/thread-6225.html
the problem seems, that the luks drive has to be a valid filesystem, see the 6225 thread on this why/how atom worked out the attackvector for luks, i was unaware on this one
this is also the problem why i cant crack my own setup, because i followed your setup without formatting the luksdrive
RE: Wrong password printed for LUKS -m 14600 - Banaanhangwagen - 11-14-2023
FYI, the tool "luks2hashcat.py" mentions the fact that there is a initialization error...