+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: LUKS encryption with external header file (/thread-9882.html)
LUKS encryption with external header file - d7volker - 02-15-2021
Hi,
in the past I used a external header for full disk encryption. That means I have the header already available. But when I start hashcat I got the following:
d7v@nano:~/src/hashcat$ hashcat -a 3 -m 14600 ./xheader.img
hashcat (v6.1.1) starting...
* Device #1: WARNING! Kernel exec timeout is not disabled.
This may cause "CL_OUT_OF_RESOURCES" or related errors.
To disable the timeout, see: https://hashcat.net/q/timeoutpatch
CUDA API (CUDA 10.2)
====================
* Device #1: NVIDIA Tegra X1, 2475/3964 MB, 1MCU
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
Hashfile './xheader.img': Disabled LUKS key detected
No hashes loaded.
Started: Mon Feb 15 15:18:43 2021
Stopped: Mon Feb 15 15:18:43 2021
Any ideas about the error?
My header file looks as the following:
d7v@nano:~/src/hashcat$ file xheader.img
xheader.img: LUKS encrypted file, ver 1 [aes, xts-plain64, sha512] UUID: e205e22c-f4bc-4555-a17d-d8440db7e1b6
d7v@nano:~/src/hashcat$ cryptsetup luksDump --key-file - xheader.img
LUKS header information for xheader.img
Version: 1
Cipher name: aes
Cipher mode: xts-plain64
Hash spec: sha512
Payload offset: 4096
MK bits: 512
MK digest: c1 d1 92 50 ae 05 b4 1c 20 70 72 9b e2 00 31 96 b4 f0 40 fc
MK salt: 5b d2 5b 40 1a 9f be d3 b1 3a 3d 1b 48 10 2b 12
2f 27 ee c0 f6 c3 90 9f f5 c2 a6 aa e9 b6 c7 24
MK iterations: 341250
UUID: e205e22c-f4bc-4555-a17d-d8440db7e1b6
Key Slot 0: ENABLED
Iterations: 2727029
Salt: 6c 61 ca 9d 89 ec 0e 19 6c 17 68 46 ff ce 28 b6
1c a1 85 d1 1f 9a c0 08 d9 a7 28 83 41 7f 1d e5
Key material offset: 8
AF stripes: 4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED
Thank You!
Volker
RE: LUKS encryption with external header file - d7volker - 02-15-2021
It seems to be impossible to do this with hashcat, as it doesn't support external LUKS headers.
My header is 2097152 bytes long, if I pad the header to 2097664 bytes, hashcat does run on it, but it didn't find the password. I know the password, it was just a test case.
If I extract the header out of the disk it works. But this doesn't help me, because I need to get it working with the original header which I created in a file some time ago.
What needs to be done in hashcat that it recognized the external header?
RE: LUKS encryption with external header file - d7volker - 02-15-2021
I made test. I created a header exactly like I did it 2 years ago. My header was created like this:
# truncate -s 2M xheader.img
# cryptsetup luksFormat /dev/sda --hash=sha512 --key-size=512 --align-payload 4096 --header xheader.img
.... password is: test
# ls -l xheader.img
-rw-r--r-- 1 root root 2097152 Feb 15 20:59 xheader.img
Then I padded the file to 2097664 bytes:
# truncate -s 2097664 xheader
# ls -ltr xheader
-rw-rw-r-- 1 root root 2097664 Feb 15 21:08 xheader
Then hashcat:
# hashcat -a 3 -m 14600 xheader.img test -o out
hashcat (v6.1.1) starting...
* Device #1: WARNING! Kernel exec timeout is not disabled.
This may cause "CL_OUT_OF_RESOURCES" or related errors.
To disable the timeout, see: https://hashcat.net/q/timeoutpatch
CUDA API (CUDA 10.2)
====================
* Device #1: NVIDIA Tegra X1, 1850/3964 MB, 1MCU
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Applicable optimizers applied:
* Zero-Byte
* Single-Hash
* Single-Salt
* Brute-Force
* Slow-Hash-SIMD-LOOP
Watchdog: Hardware monitoring interface not found on your system.
Watchdog: Temperature abort trigger disabled.
Host memory required for this attack: 81 MB
The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework
Approaching final keyspace - workload adjusted.
Session..........: hashcat
Status...........: Exhausted
Hash.Name........: LUKS
Hash.Target......: xheader.img
Time.Started.....: Mon Feb 15 20:51:52 2021 (1 min, 13 secs)
Time.Estimated...: Mon Feb 15 20:53:05 2021 (0 secs)
Guess.Mask.......: test [4]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 0 H/s (1.65ms) @ Accel:16 Loops:64 Thr:64 Vec:1
Recovered........: 0/1 (0.00%) Digests
Progress.........: 1/1 (100.00%)
Rejected.........: 0/1 (0.00%)
Restore.Point....: 1/1 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:2726976-2727028
Candidates.#1....: test -> test
Started: Mon Feb 15 20:51:47 2021
Stopped: Mon Feb 15 20:53:06 2021
I am asking myself if I did something wrong. Any help is appreciated.
Thank you,
Volker
RE: LUKS encryption with external header file - d7volker - 02-15-2021
It seems to work when I write a filesystem on the device.
Now, I have another problem - my original disk is full encrypted. Tomorrow I try to merge the header file with data from the disk. However I think the first header is a header from a volume group instead of a filesystem.
RE: LUKS encryption with external header file - dekao - 03-12-2021
Can you tell how you created the header file? I always get invalid LUKS identifier or Device not a valid LUKS device.
RE: LUKS encryption with external header file - Alcanjp - 03-30-2022
I have the same problem with a test file that I know the password:
Hashfile 'Luks_Partition_500gb.dd': Disabled LUKS key detected
No hashes loaded.
I extracted the header with this
sudo dd if=Luks_Partition_500gb.001 of=LUKS_Header.dd bs=512 count=4079
Hashfile 'paddedLuks_Partition_500gb.dd': Invalid LUKS identifier
No hashes loaded.
I padded it and now I get this
And the password was not found in the dictionary that I KNOW is this one since it was a TEST
Session..........: hashcat
Status...........: Exhausted
Hash.Mode........: 14600 (LUKS)
Hash.Target......: paddedLuks_Partition_500gb.dd
Time.Started.....: Wed Mar 30 08:28:06 2022 (6 secs)
Time.Estimated...: Wed Mar 30 08:28:12 2022 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Base.......: File (Dictionary.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 0 H/s (0.42ms) @ Accel:128 Loops:256 Thr:1 Vec:8
Recovered........: 0/1 (0.00%) Digests
Progress.........: 1/1 (100.00%)
Rejected.........: 0/1 (0.00%)
Restore.Point....: 1/1 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:2216704-2216861
Candidate.Engine.: Device Generator
Candidates.#1....: Known Password -> Known Password
Hardware.Mon.#1..: Temp: 42c Util: 12%
The problem is that I have a real issue where I want to crack the password and It may not work because of this....
What is the issue?
RE: LUKS encryption with external header file - Alcanjp - 04-01-2022
Someone pointed out this https://hashcat.net/forum/thread-6225.html
But it does not make sense!
RE: LUKS encryption with external header file - Alcanjp - 04-01-2022
Found the issue it was this
sudo dd if=test_Luks_Partition.001 of=test_Luks_Partition.dd bs=512 count=4079
Changed it to
dd if=/dev/sda1 of=header.luks bs=512 count=4097
Cracked!! Hope it helps