(08-31-2022, 04:21 PM)guiasc Wrote:(08-31-2022, 10:44 AM)Banaanhangwagen Wrote: In order to crack the password of a Veracrypt-container, you have two possibilities:
- recover the first 512 bytes of the container and use it as a "hash"; next, select the correct Veracrypt-'legacy' mode and run your job
- or, use the provided veracrypt2hashcat script on your container; this will give a "$veracrypt$..." formatted hash; next, select the correct Veracrypt-mode and run your job
Double-check that you selected the correct mode! (depending on legacy or not, and what encryption/hashing algorithm you choose during set-up)
If I selected the wrong mode, and even the wordlist contains the password, hashcat will not crack the password, right?
That's correct, although modes ending in 294x3 can also crack modes 294x1 and 294x2. Also, be aware that PEM or keyfiles could have been used during encryption. See hashcat --help for parameters regarding this.
Also, looking at your original post, I guess you tried loading the hash in modes 137xx? This is only possible if you created a binary file of the 512 bytes. The hash extraction tool, which is very new, should be used with modes 294xx.
Are you 100% sure that it is actually veracrypt?