+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Veracrypt system disk encryption (/thread-6494.html)
Veracrypt system disk encryption - jallis - 04-21-2017
I have a disk containing two encrypted partitions and a Veracrypt bootloader.
I have looked at https://hashcat.net/wiki/frequently_asked_questions#how_do_i_extract_the_hashes_from_truecrypt_volumes
However I am not sure if
Code:
for a TrueCrypt boot volume (i.e. the computer starts with the TrueCrypt Boot Loader) you need to extract 512 bytes starting with offset 31744 (62 * 512 bytes). This is true for TrueCrypt 7.0 or later. For TrueCrypt versions before 7.0 there might be different offsets.or
Code:
in case of a physical disk you need to copy the last 512 bytes of the *first logical volume*.is the correct option in my case?
Is there any way to figure out which hash format I have on my hands, or do I just have to guess?
The default settings for system encryption in Veracrypt is:
![[Image: 68kgcnq.png]](http://i.imgur.com/68kgcnq.png)
Not sure which hash format this translates to in Hashcat?
RE: Veracrypt system disk encryption - jallis - 05-04-2017
(04-21-2017, 01:04 PM)jallis Wrote: The default settings for system encryption in Veracrypt is:
Does hashcat actually support this default hash format for volumes in Veracrypt? I notice it says SHA-256 in the image above, but all Hashcat hashes seems to be SHA-512? (https://hashcat.net/wiki/doku.php?id=example_hashes)
EDIT/UPDATE:
I successfully cracked my FDE, with default Veracrypt settings.
The hash is located at offset 31744 from the start of the *disk* (The Veracrypt bootloader is at offset 0), and is 512 bytes long.
The hashmode for hashcat was 13761.
RE: Veracrypt system disk encryption - kiara - 05-04-2017
great !
what was the exact command that u were using to extract the raw data?
RE: Veracrypt system disk encryption - jallis - 05-04-2017
(05-04-2017, 03:09 PM)kiara Wrote: great !
what was the exact command that u were using to extract the raw data?
I did it in a hex-editor, but it can easily be done using dd in linux:
dd if=/dev/sdb of=Veracrypt.hash bs=512 skip=62 count=1
(replace /dev/sdb with your disk(image))