+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: CatHashing DiskCryptor (/thread-6515.html)
CatHashing DiskCryptor - hashtag - 04-30-2017
Hi folks,
can you guide me
how can one crack
a DC partition header?
DiskCryptor is one
worthwhile cypherpunk tool.
It can encrypt & sec erase
whole storage on-the-fly.
It also has very well
implemented bootloader.
Unfort it hasn't been ported
into liGNUx. Anyways.
Five years ago witchHunters stole
my mainframe, all my hardware, data.
They did their evil forensics and such.
Found nothing but that wasn't the point.
They wanted to hurt me. So they did.
Long story short. I got it back last year.
One of my hdds is encrypted with DC.
I'm kinda hell-bent on cracking it now.
Hashcat is my choice of course.
So how should it be done?
RE: CatHashing DiskCryptor - epixoip - 05-01-2017
Can't tell if this is an amazing poem or a terrible forum post.
RE: CatHashing DiskCryptor - jimby - 05-01-2017
(04-30-2017, 10:07 PM)hashtag Wrote: Hi folks,
can you guide me
how can one crack
a DC partition header?
DiskCryptor is one
worthwhile cypherpunk tool.
It can encrypt & sec erase
whole storage on-the-fly.
It also has very well
implemented bootloader.
Unfort it hasn't been ported
into liGNUx. Anyways.
Five years ago witchHunters stole
my mainframe, all my hardware, data.
They did their evil forensics and such.
Found nothing but that wasn't the point.
They wanted to hurt me. So they did.
Long story short. I got it back last year.
One of my hdds is encrypted with DC.
I'm kinda hell-bent on cracking it now.
Hashcat is my choice of course.
So how should it be done?
Ok, first let's clarify a few things. I'll assume you have received back a disk that was encrypted by DC in it's original condition - i.e. it wasn't modified by anyone while out of your control. I'll also assume that this disk was originally a Windows system disk that was encrypted by DC.
Based on the detail on the DC home page, you'll need to know the version of DC that was used to encrypt the disk. The home page notes "DiskCryptor releases from 0.1 to 0.4 were fully compatible with TrueCrypt". So if it was encrypted with one of those versions, you have a least a chance of getting this done. If this is the case, your basic plan is:
- Make a bitwise copy of the disk. On *nix systems, the dd(1) command is good for that.
- Set up your *nix system, some recent GPUs, and install the latest hashcat. hashcat is known to work well with Ubuntu Linux, but check the docs for the best *nix versions before you install the operating system.
- You will need to do a lot of reading, and testing out various features of hashcat. Try some simple hashes to get the feel of how to use hashcat. Then move on to trying your DC volume.
- Mount your disk and follow the instructions "How do I extract the hashes from TrueCrypt volumes?" that is found on the wiki at https://hashcat.net/wiki/doku.php?id=frequently_asked_questions If you remember the password, great. If you don't you'll have to do a bruteforce or hybrid attack. See the hashcat docs for additional detail.
- Once you have decrypted the disk, you'll still need to access information on the disk. You can remount the disk on a windows system, or mount it on your *nix system for access.
Good luck,
Jim B.
(Remember the forum rules, though - don't post hashes here or request cracking.)
RE: CatHashing DiskCryptor - hashtag - 05-02-2017
(05-01-2017, 07:33 PM)jimby Wrote: I'll assume you have received back a diskIt was the later version of course..
that was encrypted by DC in it's original condition -
i.e. it wasn't modified by anyone while out of your control.