yeah, in the help output:
you will see all the TrueCrypt hash types (several variants depending on bit length and hash used + variants for boot volumes)
BTW: the 1536 bit can be used to crack 512 bit, 1024 bit and 1536 bit encryption... Therefore it's kind of a "catch-all" for a specific hashing variant, if you do not know the bit length (this reduces the possibilities to boot volumes, RIPEMD160 hashing, SHA512 hashing or to the WHIRLPOOL hashing algorithm (3 variants + boot volume, and it's easy to see if an encrypted disk is showing the TrueCrypt boot loader normally... so normally either 1 or 3 possibilites... if you know the hashing algo for sure, it's even easier to chose).
Instead of only dictionary attack (without rules) or mask attack ("brute-force") which (the latter) is very difficult to do with slow hash types like TrueCrypt, I would recommend rule based attacks:
https://hashcat.net/wiki/doku.php?id=rule_based_attack
a medium set of good password candidates (just a few thousands or tens/hundred of thousands) with some very well working (efficient in terms of cracking ratio) rules:
BTW: if you are unsure how to extract my_tc_dump, just have a look here:
https://hashcat.net/wiki/doku.php?id=fre...pt_volumes
It will explain how to extract the bytes needed from the volume/container/file/disk (dd.exe also exists for windows, on linux/macOS dd is either already installed or can be installed via package managers apt/brew)
... and the best advice at the end: always try to make backups and save your data before messing around... but then also try to make a test disk similar to your other/old disk with a known password and try to test everything (including extraction of the needed bytes, the cracking with rules etc) with this new example TrueCrypt volume
Code:
hashcat --help
you will see all the TrueCrypt hash types (several variants depending on bit length and hash used + variants for boot volumes)
BTW: the 1536 bit can be used to crack 512 bit, 1024 bit and 1536 bit encryption... Therefore it's kind of a "catch-all" for a specific hashing variant, if you do not know the bit length (this reduces the possibilities to boot volumes, RIPEMD160 hashing, SHA512 hashing or to the WHIRLPOOL hashing algorithm (3 variants + boot volume, and it's easy to see if an encrypted disk is showing the TrueCrypt boot loader normally... so normally either 1 or 3 possibilites... if you know the hashing algo for sure, it's even easier to chose).
Instead of only dictionary attack (without rules) or mask attack ("brute-force") which (the latter) is very difficult to do with slow hash types like TrueCrypt, I would recommend rule based attacks:
https://hashcat.net/wiki/doku.php?id=rule_based_attack
a medium set of good password candidates (just a few thousands or tens/hundred of thousands) with some very well working (efficient in terms of cracking ratio) rules:
Code:
hashcat -m 6213 -a 0 -w 3 -r my_custom.rules my_tc.dump my_custom.dict
BTW: if you are unsure how to extract my_tc_dump, just have a look here:
https://hashcat.net/wiki/doku.php?id=fre...pt_volumes
It will explain how to extract the bytes needed from the volume/container/file/disk (dd.exe also exists for windows, on linux/macOS dd is either already installed or can be installed via package managers apt/brew)
... and the best advice at the end: always try to make backups and save your data before messing around... but then also try to make a test disk similar to your other/old disk with a known password and try to test everything (including extraction of the needed bytes, the cracking with rules etc) with this new example TrueCrypt volume