12-31-2024, 11:46 PM
(12-31-2024, 07:30 PM)pw1 Wrote: Hello,
Short update:
- I was able to confirm in the lab that dd if=/dev/nvme0n1 of=/root/hash bs=1 count=512 skip=31744 works as expected.
- After extracting the data, I successfully cracked the password in my lab.
- I also confirmed that veracrypt2hash (without the --offset bootable flag) properly converts data to a hash. I was able to crack this hash in my lab as well.
However, I am unable to crack the proper hash on my disk:
1. I extracted the data exactly as above: dd if=/dev/nvme0n1 of=/root/hash bs=1 count=512 skip=31744.
2. I extracted the data using dd if=/dev/nvme0n1 of=/root/hash bs=512 count=5120 and then used veracrypt2hash, receiving the same hash as in point #1.
In both cases, I was unable to crack my password.
For hash im using -m 24921 and for raw data 13721
I generated passwords using my suspect words. I created a list of 5–10 different words and tried permutations several times without success.
Of course i double check my word list seems should be good.
After 7 days of trying, I’m starting to lose faith.
I would be grateful for ANY suggestions.
There should be an unencrypted partition with an EFI folder. In that folder there's a veracrypt sub folder. In that folder you will see a file called dcsprop. It's really a XML file. The xontent of that should tell you which algorithm was used for encryption.
Apart from that, there's not sure lot you can do other than what you already described. Except if you use a non us-keyboard. Whatever password you chose is interpreted as if it was written with a us keyboard. So you could have some layout issue there. If that's the case, have a look at
--keyboard-layout-mapping in hashcat help.