hashcat Forum Support hashcat v
Get VeraCrypt SHA512 + XTS 1536 bit hash string?

Linear Mode
Get VeraCrypt SHA512 + XTS 1536 bit hash string?
matt99 Offline
Junior Member
**
Posts: 33
Threads: 16
Joined: Dec 2016
#5
07-22-2022, 04:34 PM (This post was last modified: 07-22-2022, 05:42 PM by matt99.)
(07-22-2022, 03:37 PM)Banaanhangwagen Wrote: This got recently implemented. See https://github.com/hashcat/hashcat/pull/3302 for more details.
In the tools-folder, you'll find the script veracrypt2hashcat.

Thanks, this scirpt is exactly what i was looking for. I tested it with a veracrypt test volume and it works like a charm.
After that i tried to test it on y veracrypt full disk encryption.

I've got only .E01 fiiles from this device so i mounted them like
Code:
ewfmount ./image.E01 ./mountpoint

Inside mountpoint is now a ewf1 file. I checked it with "hexdump -C ewf1 | less" and it looks pretty good (readably ascii character, etc). So now i tried the veracrypt2hashcat script again:

Code:
python3 /path/to/hashcat/tools/veracrypt2hashcat.py ewf1

and this time the output is bad:
Code:
$veracrypt$00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000$00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000xxxxxxxxxxxxxxxxxxxxxxxxxxxxx1000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000055aa
(ignore all those X characters, they are from me just in case). Many zeros, and it ends with a 55aa magic byte.

I re-checked the ewf1 file and recognized something:
Code:
00000000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000001b0  00 00 00 00 00 00 00 00  xx x xx xx xx xx xx xx  |...........Q....|
000001c0  xx xx xx xx xx xx x1 00  00 00 ff ff ff ff 00 00  |................|
000001d0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000001f0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 55 aa  |..............U.|

There we are. What am i doing wrong? Do I need to add an offset as a parameter? If yes what offset is necessary? 31744?
Find
Reply


Messages In This Thread
RE: Get VeraCrypt SHA512 + XTS 1536 bit hash string? - by matt99 - 07-22-2022, 04:34 PM