No, that is not true. Your math is flawed:
0x14DFF-0x14C00 = 511
but remember between 0x14DFF (included) and 0x14C00 (included) their are 512 bytes. The same principle holds that is between 1 and 10 there are 10 - 1 + 1 (and therefore ten) numbers and not just 10 - 1 numbers (1,2,3,4,5,6,7,8,9,10).
Therefore the bytes between 0x14C00 and 0x14DFF are 512 bytes.
We can do the same with decimal numbers:
0x14DFF is 85503 and 0x14C00 is 84992
our math is x - y + 1 and therefore:
85503 - 84992 + 1 = 512 bytes
I hope this convinces you that your statement about the 1KB is completely incorrect.
Maybe you did extract it incorrectly or you did use the hex interpretation instead of the raw (binary) bytes.
hashcat expects 512 of raw/binary bytes.
Also note that:
- 1. there are several examples on https://hashcat.net/wiki/example_hashes also for VeraCrypt hashes
- 2. you should generate a new VeraCrypt volume/file with the exact same procedure you used to generate the original one and try to crack it (just to test that you are doing everything correctly and that hashcat works on your system)
- 3. you either need to remember the hashing algorithms and encryption algorithms or run all of them. There are only 2 hashing algorithms supported by VeraCrypt when using the boot mode, so you only need to test 2 different hashing algorithm if you are sure that you've used the boot mode option (if your system is starting with the VeraCrypt Bootloader). All modes are listed also within the --help output
Update: Please also tell us how exactly the VeraCrypt volume/file was created and which file/dump you use as input.
Is this a hidden partition, an entire encrypted drive, hidden operating system? Do you try to use the Recovery/rescue disk? How did you create the dump and where exactly did you find this "VeraCrypt Boot Loader" string (somewhere on the file system? within a file? at the start of a partition? at the start of a disk?) ? It's important to understand and distinguish these different types of VeraCrypt encrypted blobs, otherwise you might run a cracking job for several hours/days and the input data is not even the correct one (as said, best would be to try to generate an example that is almost exactly the same as the targeted one, except that you know the password for this new example, while you do not exactly remember the password for the one you try to crack).
update2: if you are sure that Serpent(Twofish(AES)) was used as encryption algorithm then -m 13722 is definitely the wrong hash type, you would need to use some hash type ending with the digit 3, e.g. -m 13723 if you are sure that PBKDF2-HMAC-SHA512 is used as hashing algorithm (but note: this mode is not supported by VeraCrypt as an algorithm for the boot mode, only -m 13743 (ripemd160) and -m 13763 (sha256) are supported by VeraCrypt for the boot mode)
0x14DFF-0x14C00 = 511
but remember between 0x14DFF (included) and 0x14C00 (included) their are 512 bytes. The same principle holds that is between 1 and 10 there are 10 - 1 + 1 (and therefore ten) numbers and not just 10 - 1 numbers (1,2,3,4,5,6,7,8,9,10).
Therefore the bytes between 0x14C00 and 0x14DFF are 512 bytes.
We can do the same with decimal numbers:
0x14DFF is 85503 and 0x14C00 is 84992
our math is x - y + 1 and therefore:
85503 - 84992 + 1 = 512 bytes
I hope this convinces you that your statement about the 1KB is completely incorrect.
Maybe you did extract it incorrectly or you did use the hex interpretation instead of the raw (binary) bytes.
hashcat expects 512 of raw/binary bytes.
Also note that:
- 1. there are several examples on https://hashcat.net/wiki/example_hashes also for VeraCrypt hashes
- 2. you should generate a new VeraCrypt volume/file with the exact same procedure you used to generate the original one and try to crack it (just to test that you are doing everything correctly and that hashcat works on your system)
- 3. you either need to remember the hashing algorithms and encryption algorithms or run all of them. There are only 2 hashing algorithms supported by VeraCrypt when using the boot mode, so you only need to test 2 different hashing algorithm if you are sure that you've used the boot mode option (if your system is starting with the VeraCrypt Bootloader). All modes are listed also within the --help output
Update: Please also tell us how exactly the VeraCrypt volume/file was created and which file/dump you use as input.
Is this a hidden partition, an entire encrypted drive, hidden operating system? Do you try to use the Recovery/rescue disk? How did you create the dump and where exactly did you find this "VeraCrypt Boot Loader" string (somewhere on the file system? within a file? at the start of a partition? at the start of a disk?) ? It's important to understand and distinguish these different types of VeraCrypt encrypted blobs, otherwise you might run a cracking job for several hours/days and the input data is not even the correct one (as said, best would be to try to generate an example that is almost exactly the same as the targeted one, except that you know the password for this new example, while you do not exactly remember the password for the one you try to crack).
update2: if you are sure that Serpent(Twofish(AES)) was used as encryption algorithm then -m 13722 is definitely the wrong hash type, you would need to use some hash type ending with the digit 3, e.g. -m 13723 if you are sure that PBKDF2-HMAC-SHA512 is used as hashing algorithm (but note: this mode is not supported by VeraCrypt as an algorithm for the boot mode, only -m 13743 (ripemd160) and -m 13763 (sha256) are supported by VeraCrypt for the boot mode)