Veracrypt password help
#1
I'm not very experienced and really need your help. I have a flash drive encrypted with Veracrypt. I need help to get back into it.

My operating system is Windows, and I have the flash drive cloned so I can use the clone as the file to crack.

My questions are:

1) How do I use Hashcat on Windows?

2) What command to use? (I don't know anything so I would really appreciate if you could please tell me exactly what to write as the command and if Hashcat will just tell me the password when it finds it).

What I know about the password:
1) it's SHA 512
2) I know the first 8 characters but I don't know what letters are lower case and what letters are lower case.
3) I know the password is more than 20 characters and less than 30.
4) From that point it gets tricky. I have an idea what the rest could be but I don't know all of the order and some things could have multiple possibilities

For example:
****33**33****5555**

The *** are possibility of characters or numbers that I have an idea what they could be but not the order or which one of the possibilities I can think of is right

It's also possible some of the spots with the **** don't exist and just some of them do.

Thank you for the help
Reply
#2
- Did you make an encrypted container (just a file), or an encrypted partition/drive?
- Did you make it standard or hidden?
- What encryption algorithms did you use? (default = AES) What hash algorithms did you use? (default SHA-512)

I you do not remember the answers, simply make a new one. Try to remember what you did. 

Now, exercise on this new Veracrypt-volume of which you know the easy password.
- Extract the hash. Read this https://hashcat.net/wiki/doku.php?id=fre...pt_volumes
- Look up which mode (-m) to use; see https://hashcat.net/wiki/doku.php?id=example_hashes; if you kept the default values when initializing, you should probably use -m 13721

Once you got your test validated, do the same on your "real" Veracrypt-volume of which you don't remember the pwd.

Finally, there are different possibilities to try the mask of the password. But that is for later.
Reply
#3
(07-18-2019, 04:41 PM)Karamba Wrote: - Did you make an encrypted container (just a file), or an encrypted partition/drive?
- Did you make it standard or hidden?
- What encryption algorithms did you use? (default = AES) What hash algorithms did you use? (default SHA-512)

I you do not remember the answers, simply make a new one. Try to remember what you did. 

Now, exercise on this new Veracrypt-volume of which you know the easy password.
- Extract the hash. Read this https://hashcat.net/wiki/doku.php?id=fre...pt_volumes
- Look up which mode (-m) to use; see https://hashcat.net/wiki/doku.php?id=example_hashes; if you kept the default values when initializing, you should probably use -m 13721

Once you got your test validated, do the same on your "real" Veracrypt-volume of which you don't remember the pwd.

Finally, there are different possibilities to try the mask of the password. But that is for later.

- Did you make an encrypted container (just a file), or an encrypted partition/drive? An encrypted partition/drive.
- Did you make it standard or hidden? I made it hidden but I remember the password for the hidden and regular partition are almost identical so either would work.
- What encryption algorithms did you use? (default = AES) What hash algorithms did you use? (default SHA-512)
The hash algorithm was SHA-512, and I think the encryption algorithm was AES-Twofish-Serpent or Serpent-Twofish-AES.

I explained in my original post what I remember about the password. What do I do now?

Thank you I appreciate it
Reply
#4
(07-18-2019, 09:25 PM)emmalove Wrote: - Did you make an encrypted container (just a file), or an encrypted partition/drive? An encrypted partition/drive.

- Did you make it standard or hidden? I made it hidden but I remember the password for the hidden and regular partition are almost identical so either would work.



- What encryption algorithms did you use? (default = AES) What hash algorithms did you use? (default SHA-512)



The hash algorithm was SHA-512, and I think the encryption algorithm was AES-Twofish-Serpent or Serpent-Twofish-AES.

Ok. The hashcat-mode you'll probably need to use is 13723.

As explained here - in order to get the hash - you need to extract:
- for the outer volume: the first 512 bytes of the logical partition (in your case: not needed)
- for the hidden volume: the first 512 bytes, beginning at sector 128 of the logical partition (this is what you need)

Be sure to start at the logical partition, and not at the beginning of the disk.

Again, try this first on a newly created Veracrypt-volume in order to check and double-check that what you are doing is correct.
Reply
#5
(07-19-2019, 11:24 AM)Karamba Wrote: Ok. The hashcat-mode you'll probably need to use is 13723.

As explained here - in order to get the hash - you need to extract:
- for the outer volume: the first 512 bytes of the logical partition (in your case: not needed)
- for the hidden volume: the first 512 bytes, beginning at sector 128 of the logical partition (this is what you need)

Be sure to start at the logical partition, and not at the beginning of the disk.

Again, try this first on a newly created Veracrypt-volume in order to check and double-check that what you are doing is correct.

I downloaded dd for Windows but have never used it before. What the command to use in the DD command window to get the hash and start at the logical partition, not at the beginning of the disk?

I downloaded the hashcat 5.1.0 binaries but when I try to open the file hashcat32, the window closes by itself. How do I use Hashcat on Windows?

I don't know what how to try the mask of the password so it won't take years to crack. I explained in my original post what I remember about the password. Can you help please?

Thank you I appreciate it
Reply