there could be many problems here.
maybe you do not test the correct password / dictionary file, please try with a wordlist ONLY containing the password.
Did you test with that dcfldd windows binary ? are the e.g. sha256 checksums of the 512 bytes the same ? (compare the output of the dcfldd tool with your extracted data that you've tested already)
You also need to know that dcfldd if=/dev/sdb1 .... means that the offset is from the partition, not the "/dev/sdb" drive itself. That means that the guy over there copied the first 512 bytes of the partition, not the first 512 bytes of the hard disk (there is probably a partition table, mbr/gpt at the start of the volume/disk)....
There can be many small errors like this that can lead to a false negative.
You could also try to make a further example with a very easy password again, just to make sure that you did enter the password correctly (and performed also all other steps correctly) when creating the tests.
It's actually very good that you are trying to crack an example for which you know the password, otherwise you would waste a lot of time/resource on a non-crackable "hash".... now you just need to figure out what exactly you did wrong... my guess is that it's the dd command that still has the wrong offset (partition vs volume etc) or the password/command is wrong
maybe you do not test the correct password / dictionary file, please try with a wordlist ONLY containing the password.
Did you test with that dcfldd windows binary ? are the e.g. sha256 checksums of the 512 bytes the same ? (compare the output of the dcfldd tool with your extracted data that you've tested already)
You also need to know that dcfldd if=/dev/sdb1 .... means that the offset is from the partition, not the "/dev/sdb" drive itself. That means that the guy over there copied the first 512 bytes of the partition, not the first 512 bytes of the hard disk (there is probably a partition table, mbr/gpt at the start of the volume/disk)....
There can be many small errors like this that can lead to a false negative.
You could also try to make a further example with a very easy password again, just to make sure that you did enter the password correctly (and performed also all other steps correctly) when creating the tests.
It's actually very good that you are trying to crack an example for which you know the password, otherwise you would waste a lot of time/resource on a non-crackable "hash".... now you just need to figure out what exactly you did wrong... my guess is that it's the dd command that still has the wrong offset (partition vs volume etc) or the password/command is wrong