Cracking a Truecrypt Container
#3
(01-27-2019, 10:30 PM)royce Wrote: That's hashcat mode 6223 (where 3 = "all" (all three algorithms)):

Code:
  62XY | TrueCrypt                                        | Full-Disk Encryption (FDE)
...
    X  | 2 = PBKDF2-HMAC-SHA512                           | Full-Disk Encryption (FDE)
...
     Y | 3 = XTS 1536 bit all                             | Full-Disk Encryption (FDE)

You can practice and validate your approach against this container with a known password ('hashcat'):

https://github.com/hashcat/hashcat/blob/...c?raw=true

You can do a basic mask attack like so:

hashcat -a 3 -w 4 -m 6223 --potfile-path=./test.potfile hashcat_sha512_aes-twofish-serpent.tc hashca?l

It sounds like your candidate wordlist will be complex; that will take some additional work (but can be done external to hashcat, as in "script_thing | hashcat -a 0 [...]"

Ok,Thanks
Reply


Messages In This Thread
Cracking a Truecrypt Container - by Cherubsamuel - 01-27-2019, 10:04 PM
RE: Cracking a Truecrypt Container - by royce - 01-27-2019, 10:30 PM
RE: Cracking a Truecrypt Container - by Cherubsamuel - 01-28-2019, 11:01 AM