08-16-2016, 12:31 PM
Hello,
This is Svante, the author of AxCrypt. The terminology is a bit confusing, AxCrypt is not a hashed password store, so what you're looking for is not a hash as such, but the KeyWrap1, A 128-bit Data Enc Key wrapped with 128-bit KEK, Header Block Type 4. Not sure just what parameters hashcat requires but you may have to break out the iteration count as well. See http://www.axcrypt.net/documentation/technical/ for a description of the file formats. AxCrypt 1 and AxCrypt 2 differs, but the general idea is the same. If you have a file encrypted with AxCrypt 2, it's Header Block Type 13 you want - but I don't think hashcat supports this currently.
The AxCrypt module for Hashcat also supports breaking AxCrypt 1 in-memory representation of the password derived key, but this is typically only useful if you are attacking a running AxCrypt process where the legitimate user has entered the password. It is unlikely to be useful for legitimate password recovery.
This is Svante, the author of AxCrypt. The terminology is a bit confusing, AxCrypt is not a hashed password store, so what you're looking for is not a hash as such, but the KeyWrap1, A 128-bit Data Enc Key wrapped with 128-bit KEK, Header Block Type 4. Not sure just what parameters hashcat requires but you may have to break out the iteration count as well. See http://www.axcrypt.net/documentation/technical/ for a description of the file formats. AxCrypt 1 and AxCrypt 2 differs, but the general idea is the same. If you have a file encrypted with AxCrypt 2, it's Header Block Type 13 you want - but I don't think hashcat supports this currently.
The AxCrypt module for Hashcat also supports breaking AxCrypt 1 in-memory representation of the password derived key, but this is typically only useful if you are attacking a running AxCrypt process where the legitimate user has entered the password. It is unlikely to be useful for legitimate password recovery.