02-21-2024, 02:42 PM
there is a wiki entry on true/veracrypt
https://hashcat.net/wiki/doku.php?id=fre...pt_volumes
the problem is you need direkt access to the disk, is the account you are into an admin account? if yes you could use some hex editor like hxd to extract the needed binary data and then use the veracrypt2hashcat.py located under tools to extract all hashes for an attack (i your case i would extract the first 5 mb from each physical disk and then run the script with all possible offsets (normal, boot, boot+hidden) this ways you should obtain some empty hashes but also the real ones
BUT: if the brother used a PIM other than the standard you will never crack the pass
https://hashcat.net/wiki/doku.php?id=fre...pt_volumes
the problem is you need direkt access to the disk, is the account you are into an admin account? if yes you could use some hex editor like hxd to extract the needed binary data and then use the veracrypt2hashcat.py located under tools to extract all hashes for an attack (i your case i would extract the first 5 mb from each physical disk and then run the script with all possible offsets (normal, boot, boot+hidden) this ways you should obtain some empty hashes but also the real ones
BUT: if the brother used a PIM other than the standard you will never crack the pass