+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: LUKS type (/thread-9925.html)
LUKS type - dekao - 03-12-2021
Anyone familiar with LUKS type?
It seems that neither hashcat nor bruteforce-luks are working.
I am testing bruteforcing a USB Stick password known 'a12345' /dev/sdg1 with LUKS:
# sudo hexdump -C -n 2000 /dev/sdg1
00000000 4c 55 4b 53 ba be 00 02 00 00 00 00 00 00 40 00 |LUKS..........@.|
00000010 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 00 |................|
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000040 00 00 00 00 00 00 00 00 73 68 61 32 35 36 00 00 |........sha256..|
00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000060 00 00 00 00 00 00 00 00 25 fd 5c b4 a5 43 20 73 |........%.\..C s|
00000070 03 57 e5 21 ea c8 c4 d4 fb ac 80 89 5f 83 29 85 |.W.!........_.).|
00000080 67 ea 4e 61 d7 dd 10 cf 13 83 72 7b 77 5e 6b 63 |g.Na......r{w^kc|
00000090 ef 01 7a 5b 98 e2 d5 64 99 e3 b6 09 80 9d 49 d4 |..z[...d......I.|
000000a0 e4 e8 22 27 d8 d6 44 a3 33 33 65 63 66 34 34 33 |.."'..D.33ecf443|
000000b0 2d 30 66 64 66 2d 34 34 63 37 2d 61 62 63 35 2d |-0fdf-44c7-abc5-|
000000c0 30 33 34 66 38 36 63 39 62 33 30 66 00 00 00 00 |034f86c9b30f....|
000000d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
I imaged the Stick and extracted the headers with dd:
# sudo dd if=/dev/sdg1 count=1 bs=16777216 > luks_header.img
# hexdump -C -n 1024 luks_header.img
00000000 4c 55 4b 53 ba be 00 02 00 00 00 00 00 00 40 00 |LUKS..........@.|
00000010 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 00 |................|
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000040 00 00 00 00 00 00 00 00 73 68 61 32 35 36 00 00 |........sha256..|
00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000060 00 00 00 00 00 00 00 00 25 fd 5c b4 a5 43 20 73 |........%.\..C s|
00000070 03 57 e5 21 ea c8 c4 d4 fb ac 80 89 5f 83 29 85 |.W.!........_.).|
00000080 67 ea 4e 61 d7 dd 10 cf 13 83 72 7b 77 5e 6b 63 |g.Na......r{w^kc|
00000090 ef 01 7a 5b 98 e2 d5 64 99 e3 b6 09 80 9d 49 d4 |..z[...d......I.|
000000a0 e4 e8 22 27 d8 d6 44 a3 33 33 65 63 66 34 34 33 |.."'..D.33ecf443|
000000b0 2d 30 66 64 66 2d 34 34 63 37 2d 61 62 63 35 2d |-0fdf-44c7-abc5-|
000000c0 30 33 34 66 38 36 63 39 62 33 30 66 00 00 00 00 |034f86c9b30f....|
000000d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
When trying to bruteforce the device or image:
sudo /opt/hashcat-6.1.1/hashcat.bin -a 0 -m 14600 /dev/sdg1 Dictionary.txt
hashcat (v6.1.1) starting...
Hashfile '/dev/sdg1': Invalid LUKS version
Testing the password with
#echo "a12345" | sudo cryptsetup --test-passphrase open luks_header.img
works just fine.
RE: LUKS type - Snoopy - 03-12-2021
i think hashcat wants the first 2 Megab/Mebi not 16 ...
see examples
https://hashcat.net/misc/example_hashes/hashcat_luks_testfiles.7z
RE: LUKS type - BotPass - 03-13-2021
After the first 6 bytes there is a short with the version of LUKS. Here it is version 2. As far as I know there is still no gpu worker for LUKS2 and it is not supported by hashcat, That's why it's telling you "Invalid LUKS version".
The current version of bruteforce-luks should be able to handle it on a current system -- bruteforce-luks only use the cryptsetup library. Why do you think it is not working?
RE: LUKS type - dekao - 03-15-2021
(03-13-2021, 12:19 AM)BotPass Wrote: After the first 6 bytes there is a short with the version of LUKS. Here it is version 2. As far as I know there is still no gpu worker for LUKS2 and it is not supported by hashcat, That's why it's telling you "Invalid LUKS version".
The current version of bruteforce-luks should be able to handle it on a current system -- bruteforce-luks only use the cryptsetup library. Why do you think it is not working?
Oh yes that explains the error!! thanks for mentioning the 6B. bruteforce-luks did the job.