Code:
$ hashcat.exe -m 6213 -a 3 -w 3 --increment --increment-min 6 -o cracked.txt --truecrypt-keyfiles=kf.xyz sdb1_dump.dd -1 ?l?u ?a?1?1?1?1?1?a?a?a?a?a?a?a?a?a?aI did some test runs on a created volume (no hidden, with partition, non-systen) and this seems (?!) to work. I took the first 512 bytes using dd.
I know the password in minimum 6 chars long, maximum 16 chars.
The first char can be anything, but the next 5 chars are for sure letters (upper- or lowercase).
The rest can be anything again.
Are the parameters I used correct?
Besides that, I was surprised to see that:
1. if -o isn't used, the cracked result is neither stored anywhere, nor displayed.
2. the mask needs to be at the end, otherwise "... Invalid argument" is shown.
Did I miss something?