09-01-2022, 06:48 AM
(08-31-2022, 04:30 PM)b8vr Wrote:(08-31-2022, 04:21 PM)guiasc Wrote:(08-31-2022, 10:44 AM)Banaanhangwagen Wrote: In order to crack the password of a Veracrypt-container, you have two possibilities:
- recover the first 512 bytes of the container and use it as a "hash"; next, select the correct Veracrypt-'legacy' mode and run your job
- or, use the provided veracrypt2hashcat script on your container; this will give a "$veracrypt$..." formatted hash; next, select the correct Veracrypt-mode and run your job
Double-check that you selected the correct mode! (depending on legacy or not, and what encryption/hashing algorithm you choose during set-up)
If I selected the wrong mode, and even the wordlist contains the password, hashcat will not crack the password, right?
That's correct, although modes ending in 294x3 can also crack modes 294x1 and 294x2. Also, be aware that PEM or keyfiles could have been used during encryption. See hashcat --help for parameters regarding this.
Also, looking at your original post, I guess you tried loading the hash in modes 137xx? This is only possible if you created a binary file of the 512 bytes. The hash extraction tool, which is very new, should be used with modes 294xx.
Are you 100% sure that it is actually veracrypt?
I don't know anything about PEM or keyfiles, I'll look into that.
Yes, I tested through 137xx modes using the 512 byte file. I tried using veracrypt2hashcat, but I was in doubt, so I went with the 512 byte file.
I currently have two laptops to break the container.
I did the following steps:
1) dd if=container of=new.tc bs=1 count=512 (generating the file)
2) hashcat.exe -a 0 -m xxxx -D 2 new.tc rockyou (I'm using this command to try to crack)
I'm not sure if it's a veracrypt or truecrypt container. Is there any way to be sure?
For this reason I am using two laptops being:
Laptop 1: Focused on Truecrypt
1) dd if=container of=new.tc bs=1 count=512 (generating the file)
2) hashcat.exe -a 0 -m xxxx -D 2 new.tc rockyou (I'm using this command to try to crack)
I will use 6213, 6243, 6223 and 6233.
Laptop 2: Focused on Veracrypt
1) dd if=container of=new.vc bs=1 count=512 (generating the file)
2) hashcat.exe -a 0 -m xxxx -D 2 new.vc rockyou (I'm using this command to try to crack)
I will use 13713, 13743, 13753, 13763, 13723, 13773, 13783 and 13733.